instructure / ruby-saml2

SAML 2.0 Library for Ruby
MIT License
42 stars 20 forks source link

Roadmap & doc #4

Open keeguon opened 6 years ago

keeguon commented 6 years ago

Hey, I've been playing around with the gem to create and IdP alongside with https://github.com/onelogin/ruby-saml for the SP side to test things out.

It's definitely a great gem we have here. However, I feel like the ruby-saml gem could be rendered useless (especially the SP metadata generation) with few improvements especially with the SP class :

Is there any plans towards such goals?

Also, I feel it lacks a good documentation regarding the fact that you can basically build your entities with the gem but you have to get in the code to really get it.

I'm available to provide some help if needed.

ccutrer commented 6 years ago

I could definitely add those attributes. I'll keep this ticket open for those. As for assertion_consumer_services and attribute_consuming_services... there's no need for them to be directly writeable. They return a mutable array. https://github.com/instructure/canvas-lms is already using the saml2 as a complete replacement for the ruby-saml gem. Our SP metadata generation can be viewed at https://github.com/instructure/canvas-lms/blob/f9809e29b01a7f0706865f174c0af4ba5b3c8a31/app/models/authentication_provider/saml.rb#L262 and https://github.com/instructure/canvas-lms/blob/f9809e29b01a7f0706865f174c0af4ba5b3c8a31/app/models/authentication_provider/saml.rb#L327. Also notice that keys are embedded into the metadata.

keeguon commented 6 years ago

@ccutrer my bad for the mutable arrays, must be Monday. I'll do a pull request for the attributes mentioned as for the keys, I realized after posting that they were in the Role parent class so removed that line from my original comment afterwards.

jackiejohnston commented 5 years ago

@keeguon Is your IdP example available on GitHub somewhere? I would love to see an example of the SAML config file and your setup.

keeguon commented 5 years ago

@jackiejohnston nothing on GitHub but willing to provide help if needed ;)!

jackiejohnston commented 5 years ago

@keeguon Thank you so much for the kind offer. We ended up using a different gem instead though.