The OmniAuth-WSFed authentication strategy can be used with the following technologies under scenarios requiring the WS-Federation protocol for authentication. These services are typically used for Identity Federation and Single Sign-On across large organizations or authentication domains.
Add this line to your application's Gemfile:
gem 'omniauth-wsfed'
And then execute:
$ bundle install
Or install it globally as:
$ gem install omniauth-wsfed
Use the WSFed strategy as a middleware in your application:
require 'omniauth'
use OmniAuth::Strategies::WSFed,
:issuer_name => "http://your-azure-acs-namespace.accesscontrol.windows.net",
:issuer => "https://your-azure-acs-namespace.accesscontrol.windows.net/v2/wsfederation",
:realm => "http://my.relyingparty/realm",
:reply => "http://localhost:3000/auth/wsfed/callback",
:id_claim => "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
:idp_cert_fingerprint => "FC96D2983…"
or in your Rails application:
in Gemfile
:
gem 'omniauth-wsfed'
and in config/initializers/omniauth.rb
:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :wsfed,
:issuer_name => "http://your-azure-acs-namespace.accesscontrol.windows.net",
:issuer => "https://your-azure-acs-namespace.accesscontrol.windows.net/v2/wsfederation",
:realm => "http://my.relyingparty/realm",
:reply => "http://localhost:3000/auth/wsfed/callback",
:id_claim => "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
:idp_cert_fingerprint => "FC96D2983…"
end
:issuer_name
- The URI name of your Identity Provider (IdP). Required
:issuer
- The IdP web endpoint (URL) to which the authentication request should be
sent. Required.
:idp_cert_fingerprint
- The SHA1 fingerprint of the IdP's signing certificate
(e.g. "90:CC:16:F0:8D:…"). This is provided by the IdP when setting up the trust
relationship. This option or :idp_cert
must be present.
:idp_cert
- The IdP's certificate in PEM format. This option or
:idp_cert_fingerprint
must be present.
:realm
- Your site's security realm. This is a URI defining the realm to which the
IdP must issue a secure token. Required
:reply
- The reply-to URL in your application for which a WSFed response should be
posted. Defaults to the OmniAuth callback URL. Optional
:id_claim
- Name of the authentication claim that you want to use as OmniAuth's
uid property.
:saml_version
- The version of SAML tokens. Defaults to 2.
Authored by Keith Beckman.
Special thanks to the developers of the following projects from which I borrowed from for omniauth-wsfed: