demarches-normaliennes/config/initializers/saml_idp.rb

# The certificate and secret key are not fetched from secrets.yml because there is a problem to set a secret key from a multiline env var"
# So we fetch env var directly here

if ENV['SAML_IDP_ENABLED'] == 'enabled'
  SamlIdp.configure do |config|
    config.base_saml_location = "https://#{ENV['APP_HOST']}/saml/metadata"
    config.x509_certificate = ENV.fetch("SAML_IDP_CERTIFICATE")
    config.secret_key = ENV.fetch("SAML_IDP_SECRET_KEY")
    config.single_service_post_location = "https://#{ENV['APP_HOST']}/saml/auth"
    config.single_service_redirect_location = "https://#{ENV['APP_HOST']}/saml/auth"

    config.name_id.formats = {
      "1.1" => {
        email_address: -> (principal) { principal.email }
      },
      "2.0" => {
        transient: -> (principal) { principal.email },
        persistent: -> (p) { p.id }
      }
    }

    service_providers = {}
    if ENV['SAML_DOLIST_HOST'].present?
      service_providers["https://#{ENV.fetch('SAML_DOLIST_HOST')}"] =
        {
          response_hosts: [ENV.fetch('SAML_DOLIST_HOST')],
          cert: ENV.fetch("SAML_DOLIST_CERTIFICATE")
        }
    end

    config.service_provider.finder = -> (entity_id) do
      service_providers[entity_id]
    end
  end
end