Support SAML from Jasig CAS?

dlindahl / omniauth-cas

A CAS OmniAuth Strategy

MIT License

88 stars 79 forks source link

Support SAML from Jasig CAS? #22

Closed samrocketman closed 9 years ago

samrocketman commented 10 years ago

Currently SAML is supported in the Jasig version of CAS. Can you update the library to support that?

It looks like where you got the omniauth-cas originally there is some SAML implementation but I don't know enough ruby to make it work.

This would be greatly appreciated if you could. I can provide SAML auth samples if you like for test fixtures.

SAM

dlindahl commented 10 years ago

Yes, please provide some SAML example and I'll take a look

gdmalet commented 10 years ago

I've been looking at some of this with JASIG CAS, however am not at all experienced in Ruby, so am struggling a bit. However, to get the CAS `attributes' (e.g name, e-mail address etc.) you need to request SAML, which you do by doing a POST to /samlValidate, as opposed to a GET to /serviceValidate. That POST needs some details.

See serviceValidate at http://www.jasig.org/cas/protocol, as opposed to samlValidate at https://wiki.jasig.org/display/CASUM/SAML+1.1.

I can give more details & test results if you like. I'm currently trying gitlab 6-1-stable with omniauth-cas 1.0.4 right from the Gitlab repo (as the 1.0.4 gem in the repository does not have the latest dependency fix for Nokigiri).

Thanks, g

dlindahl commented 10 years ago

@gdmalet Do you still need this feature?

dlindahl commented 9 years ago

Closing this issue pending more information.

gdmalet commented 9 years ago

@dlindahl We have worked around the issue ourselves, so I'm a bit out of touch with what's going on here. I'm sure there are others that would like to use the attributes one could fetch through omniauth if it worked, but I can't help much at the moment. Thanks.

samrocketman commented 9 years ago

Same, I've since switched roles from when I reported this and at the time I too put in a workaround.

neo-inuit commented 9 years ago

It will be great to know which kind of workaround you have used guys, i m stuck to retreive the saml info attributes right now, my cas is also Jasig.

It s annoying that we have to use a soap post request not just a get like serviceValidate, docs of samlValidate here : https://github.com/Jasig/cas/blob/master/cas-server-protocol/3.0/cas_protocol_3_0.md#42-samlvalidate-cas-30

My issue can be that i m not using a ssl target in test (SAML attributes MUST NOT be released to a non-SSL site.), i will let you know my progress

lucasperin commented 9 years ago

+1 Can anyone share their workarounds for SAML validation with gitlab?