Open Jamedjo opened 5 years ago
@md5 @supernova32 Does this look ok?
Was this ever solved in a different way? I see no updates here, and I was trying to do SP-initiated only log-in by looking at the InResponseTo, but I don't think that is currently possible, is it?
Is there any recommendation to avoid CSFR otherwise?
How do you recommend to go about this?
What
Introduces a :store_request_uuid option for later comparison with InResponseTo
By default it saves the request uuid in the session as "saml_transaction_id", but also accepts a proc that will then be called with the uuid for custom storage.
Why
Needed for #172, although we may also want to pass the value to ruby-saml with
matches_request_id:
.