Open kwent opened 3 years ago
We pass in a OneLogin::RubySaml::Settings
instance that you can update, but unfortunately it looks like these are not on that class.
Here's where the response is constructed: https://github.com/apokalipto/devise_saml_authenticatable/blob/04659f2293b8a08e102afae7bf54d12e155a8036/lib/devise_saml_authenticatable/strategy.rb#L58. We could probably provide some configuration to add more options to that.
I ended up having to monkeypatch for skip_audience
, would be great to have it handled by some sort of configuration hash or lambda
Yeah, if you want to create a PR that would make sense to me!
@arcreative Can u elaborate on how did you implement the patch?
Where do u store it? What way of patching did u use? What has to be done for the patch to work outside of creating a file for it?
I will probably need to patch adevise_saml_authenticatable/lib/devise_saml_authenticatable/strategy.rb#response_options as @adamstegman mentioned but I can't make it work.
I don't know if this is the best, but it's working for me:
# lib/devise/extensions/saml_response_options.rb
require 'devise_saml_authenticatable/strategy'
module Devise
module Extensions
module SamlResponseOptions
def response_options
super.merge(skip_audience: true, skip_recipient_check: true)
end
end
end
end
# config/initializers/devise.rb
# Monkey Patch Devise::Strategies::SamlAuthenticatable to skip audience validation in test env
if Rails.env.test?
require 'devise/extensions/saml_response_options'
Devise::Strategies::SamlAuthenticatable.prepend Devise::Extensions::SamlResponseOptions
end
UPDATE: This actually wasn't working until I switched .include
to .prepend
. Also updated to extend/use super
instead of overwriting the whole method, which is more clear as to what modification is being made.
@jaredmoody Thanks! I was having the same problem and your solution worked perfectly for me.
In the doc: https://github.com/onelogin/ruby-saml
I'm not sure how to for example set
skip_subject_confirmation
throughdevise_saml_authenticatable
any guidance is welcome.Regards