search

apokalipto / devise_saml_authenticatable

Devise SAML 2.0 authentication strategy
MIT License
297 stars 155 forks source link

Completed 401 Unauthorized in 119ms #86

Closed sachin-metacube closed 7 years ago

sachin-metacube commented 7 years ago

My devise.rb configurations are:

    config.saml_create_user = true
    config.saml_update_user = true
    config.saml_default_user_key = :email
    config.saml_session_index_key = :session_index
    config.saml_use_subject = true
    config.idp_settings_adapter = CidpSettingsAdapter

class CidpSettingsAdapter
  def self.settings(idp_entity_id)
        {
        issuer: 'https://devidentity.greenfence.com/users/saml/metadata',
        assertion_consumer_service_url: 'https://devidentity.greenfence.com/saml/consume',
        assertion_consumer_service_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
        #assertion_consumer_logout_service_url: 'https://devidentity.greenfence.com/users/saml/sign_out',
        idp_entity_id: 'https://cargill.identitynow.com',
        authn_context: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
        name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        idp_sso_target_url: 'https://prd02-useast1-sso.identitynow.com/sso/SSOPOST/metaAlias/cargill/idp',
        idp_slo_target_url: 'https://prd02-useast1-sso.identitynow.com/sso/IDPSloPOST/metaAlias/cargill/idp',
        security: {
          authn_requests_signed: false,
          logout_requests_signed: false,
          logout_responses_signed: false,
          metadata_signed: false,
          digest_method: XMLSecurity::Document::SHA1,
          signature_method: XMLSecurity::Document::RSA_SHA1
        },
        idp_cert:  <<-CERT.chomp
-----BEGIN CERTIFICATE-----
MIIDQDCCAiigAwIBAgIEIZbEtDANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEOMAwGA1U
CBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjESMBAGA1UEChMJU2FpbFBvaW50MR4wHAYDVQQDExVw
cmQwMi11c2Vhc3QxLWNhcmdpbGwwHhcNMTYwMTE5MDM0OTQwWhcNMjYwMTE2MDM0OTQwWjBiMQsw
CQYDVQQGEwJVUzEOMAwGA1UECBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjESMBAGA1UEChMJU2Fp
bFBvaW50MR4wHAYDVQQDExVwcmQwMi11c2Vhc3QxLWNhcmdpbGwwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRlr1CRIYLomUqTt9Igdrs9dwSW45lLS7lRDh+7WAgIbqIRxLjDH0fJgMi
T14i2gZD+bKyv43epVi6DG8pWrP2qjf8/U1VTr2hMnLrty5ycB9c8DSSh8YSARRIRjxUKrETp70i
BspeMtA3+ZMEnrrz38WlU5zuctzRSr6Q75Yf96tIk1wO+EqRASiNUy+oe/+/LClvPiJLnwdUEnNY
SXgidUvAGxgM639yD0C4cKs++zimwUBcTOgdvPbSJhpG1/CoQcrrdPt78a1RxC3MJJBVG9015SW1
ZkQ5u5sJjFWPzvqd9POgszzc/cj9SjLnh4Y6BFbxZOqkg5Ghn9b8vaElAgMBAAEwDQYJKoZIhvcN
AQELBQADggEBAAFjMJZ80SbJsFt80XuNB8Bn8YR8RcTGaykRjKyEO5ywclxOOmkVbr1CbEgj4gua
kQx4oAJLM4YNs7V+QAz19xEVZJoHn1G7eL3dU2JIOzRzvQU8VkOwxIusKK5CpnvKGROwAsuxUc05
roeFWfCE4zVKerYc5dLATDvKS1X+k88mJ2Y2p58sxqTSzIzayniRVpCGucl+qBAIvEeU70gA7ss+
wtoe9aM12lmH8Yro9nSpD4ESoZvCdMnKnBtRg7xytMKUGDBQZEiElW/2cflm/viHZk/JhLmtRTiP
1NMdln/oYj+0qwYz15I4Tb6dhCEYjWIXtBtw1xc/UqiisfJboA=
-----END CERTIFICATE-----
        CERT
      }
  end
end

My routes.rb

  devise_scope :user do
    get 'users/sign_out', to: 'devise/sessions#destroy'
    get 'users/submit_verification_code', to: 'aws_cognito#submit_verification_code'
    get 'users/request_verification_code', to: 'aws_cognito#request_verification_code'

    scope 'users', controller: 'saml_sessions' do
      get :new, path: 'saml/sign_in', as: :new_user_saml_session
      post :create, path: 'saml/auth', as: :user_saml_session
      get :destroy, path: 'saml/sign_out', as: :destroy_user_saml_session
      get :metadata, path: 'saml/metadata', as: :metadata_user_saml_session
      match :idp_sign_out, path: 'saml/idp_sign_out', via: [:get, :post]
      get :sso_dashboard
    end
    post '/saml/consume' => 'saml_sessions#create'
  end

There is something wrong with these settings which i can't figure out, @adamstegman please help to fix the issue.

sachin-metacube commented 7 years ago

Issue fixed i need to just provide correct issue name.