Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Shibboleth authentication in Rails

Tags:

ruby

shibboleth

I am having a struggle getting this to work so I've created a hell-world Rails app to try and get this to work.

Here's the repo with the code that is not working: https://github.com/pitosalas/shibtry

Here's what I've done starting from an empty Rails application:

  1. I've added two gems to gem files:

    gem 'omniauth-shibboleth'
gem 'rack-saml'

  2. I got the shibboleth meta data from my university's web site and converted it using shib_conv.rb into the corresponding YAML: ./config.yml

  3. I've updated routes adding get '/auth/:provider/callback', to: 'sessions#create'

  4. I've put a breakpoint at SessionController#create

  5. I've added initializers: omniauth.rb:

    Rails.application.config.middleware.use OmniAuth::Builder do
  provider :shibboleth, {
    :shib_session_id_field     => "Shib-Session-ID",
    :shib_application_id_field => "Shib-Application-ID",
    :debug                     => true,
    :extra_fields => [
      :"unscoped-affiliation",
      :entitlement
    ]
  }
end

  6. I've added rack_sam.rb initializer:

    Rails.application.config.middleware.insert_after Rack::ETag, Rack::Saml,
  { :metadata => "#{Rails.root}/config/metadata.yml"}

  7. Now, run the server and go to http://0.0.0.0:3000/auth/shibboleth and I get an error: 

    undefined method `[]' for nil:NilClass'

    which is traced back to this line in rack-saml/misc/onelogin_setting.rb line 13 which is:

    settings.idp_sso_target_url = @metadata['saml2_http_redirect']

    in other words, looking for the metadata hash for that key. It happens that in my metadata.yml file that key is present, but by the time I get to this onelogin_setting.rb line 13, @metadata is nil (it should contain the contents of the file) and consequently that key doesn't exist.

And that's where, for now, the trail dries up.

like image 634
pitosalas Avatar asked Nov 24 '14 22:11

pitosalas

1 Answers

I bypassed Shibboleth totally. My goal was to allow login to my universities authentication system specifically to allow students to log in with their student login, which is fronted by google apps. So this was much easier: https://developers.google.com/identity/sign-in/web/

like image 73
pitosalas Avatar answered Oct 18 '22 20:10

pitosalas
Sign in to Comment

Related questions

Check browser console output on Ruby
How to continue when script fails(errors) and capture the output using Capistrano 3
In Rails, what is the inverse of update_attributes?
Segmentation faults when running rails on ruby 1.9.3
How to export a Confluence "Space" to PDF using remote API
Silencing Chrome driver console outputs when I run my tests
Stubbing a helper method from inside helper specs
Sharing an enumerator across threads
Ruby on Rails PostGIS - insert a polygon record into DB
Anyway to reload the modified gem files in the REPL
Rspec: DRY Shared Examples for Positive and Negative Cases
Using rbenv install throws an error
Is it possible to deploy a rails project from windows to linux server with postgres?
Any way to connect values (like enums) from frontend (js) to backend (php/ruby)?
Rails 4.1.2 - to_param escapes slashes (and breaks app)
Using thin for concurrent requests
Upload File parameter not coming through to controller
Active Admin Routing error uninitialized constant Admin::DashboardController
How can I more elegantly remove duplicate items across all elements of a Ruby Array?
FactoryGirl create_list with different values

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!