demarches-normaliennes/config/initializers/saml_idp.rb
2022-10-03 13:41:58 +02:00

35 lines
1.2 KiB
Ruby

# The certificate and secret key are not fetched from secrets.yml because there is a problem to set a secret key from a multiline env var"
# So we fetch env var directly here
if ENV['SAML_IDP_ENABLED'] == 'enabled'
SamlIdp.configure do |config|
config.base_saml_location = "https://#{ENV['APP_HOST']}/saml/metadata"
config.x509_certificate = ENV.fetch("SAML_IDP_CERTIFICATE")
config.secret_key = ENV.fetch("SAML_IDP_SECRET_KEY")
config.single_service_post_location = "https://#{ENV['APP_HOST']}/saml/auth"
config.single_service_redirect_location = "https://#{ENV['APP_HOST']}/saml/auth"
config.name_id.formats = {
"1.1" => {
email_address: -> (principal) { principal.email }
},
"2.0" => {
transient: -> (principal) { principal.email },
persistent: -> (p) { p.id }
}
}
service_providers = {}
if ENV['SAML_DOLIST_HOST'].present?
service_providers["https://#{ENV.fetch('SAML_DOLIST_HOST')}"] =
{
response_hosts: [ENV.fetch('SAML_DOLIST_HOST')],
cert: ENV.fetch("SAML_DOLIST_CERTIFICATE")
}
end
config.service_provider.finder = -> (entity_id) do
service_providers[entity_id]
end
end
end