demarches-normaliennes/app/controllers/saml_idp_controller.rb
2024-08-22 09:26:48 +02:00

40 lines
882 B
Ruby

# frozen_string_literal: true
class SamlIdpController < ActionController::Base
include SamlIdp::Controller
def new
if validate_saml_request
render template: 'saml_idp/new'
else
head :forbidden
end
end
def show
render xml: SamlIdp.metadata.signed
end
def create
if validate_saml_request
if super_admin_signed_in?
@saml_response = idp_make_saml_response(current_super_admin)
render template: 'saml_idp/saml_post', layout: false
else
redirect_to root_path, alert: t("errors.messages.saml_not_authorized")
end
else
head :forbidden
end
end
private
def idp_make_saml_response(super_admin)
encode_response super_admin, encryption: {
cert: saml_request.service_provider.cert,
block_encryption: 'aes256-cbc',
key_transport: 'rsa-oaep-mgf1p'
}
end
end