Open SecurityInMind opened 6 years ago
@SecurityInMind ,I didnt see any configuration from other side or explanation what is wrong, but here some cookies from me
Here working example
/redmine/config/initializers/90-saml.rb
Redmine::OmniAuthSAML::Base.configure do |config|
config.saml = {
:assertion_consumer_service_url => "https://redmine.local/auth/saml/callback",
:issuer => "https://redmine.local/auth/saml/metadata",
:single_logout_service_url => "https://redmine.local/auth/saml/sls",
:idp_sso_target_url => "https://idp.somewhere/saml/saml2/idp/SSOService.php",
:idp_cert_fingerprint => "some-fingerprint",
:signout_url => "https://idp.somewhere/saml/saml2/idp/SingleLogoutService.php?ReturnTo=",
:idp_slo_target_url => "https://idp.somewhere/saml/saml2/idp/SingleLogoutService.php",
:name_identifier_format => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
:name_identifier_value => "login",
:attribute_mapping => {
:login => 'extra.raw_info.urn:mace:dir:attribute-def:eduPersonPrincipalName',
:mail => 'extra.raw_info.urn:mace:dir:attribute-def:mail',
:firstname => 'extra.raw_info.cn',
:lastname => 'extra.raw_info.sn'
}
}
config.on_login do |omniauth_hash, user|
end
end
On another side we using SimpleSAMLphp as IdP and here content of metadata of redmine ( which as SP )
$metadata['https://redmine.local/auth/saml/metadata'] = array (
'entityid' => 'https://redmine.local/auth/saml/metadata',
'contacts' =>
array (
),
'metadata-set' => 'saml20-sp-remote',
'AssertionConsumerService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://redmine.local/auth/saml/callback',
'index' => 0,
'isDefault' => true,
),
),
'SingleLogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://redmine.local/auth/saml/sls',
'ResponseLocation' => 'https://redmine.local/auth/saml/sls',
),
),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
'validate.authnrequest' => false,
'saml20.sign.assertion' => true,
'authproc' => array(
1 => array(
'class' => 'saml:AttributeNameID',
'attribute' => 'eduPersonPrincipalName',
'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
),
),
);
Because we using LDAP and ruEduORg scheme for eduGain, here we NOT mapping attributes on 'authproc' block but give attribute which can used as login Its easy =)
Also you can use debug on Redmine-side.
Hi,
We are experiencing some troubles with getting this plugin to work with our Redmine, below you can find related details:
Our saml.rb file
Here is the log:
We will be waiting for your reply.