search

omniauth / omniauth-saml

A generic SAML strategy for OmniAuth
https://github.com/omniauth/omniauth-saml
Other
331 stars 205 forks source link

Field 'attribute_statements' not working #182

Closed mattiamalonni closed 4 years ago

mattiamalonni commented 4 years ago

This is my config/initializers/omniauth.rb file

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :saml,
  issuer:                             ENV["SSO_ISSUER"],
  idp_sso_target_url:                 ENV["SSO_LOGIN_URL"],
  idp_slo_target_url:                 ENV["SSO_LOGOUT_URL"],
  idp_cert_fingerprint:               ENV["SSO_FINGERPRINT"],
  attribute_statements: {
    uid:                              ["http://schemas.microsoft.com/identity/claims/objectidentifier"],
    first_name:                       ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"],
    last_name:                        ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"],
    display_name:                     ["http://schemas.microsoft.com/identity/claims/displayname"],
    email:                            ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"],
    username:                         ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/username"]
  }
end

But the response I have is

{"provider" => "saml",
 "uid" => "...",
 "info" => { "name" => nil, "email" => nil, "first_name" => nil, "last_name" => nil },
 "extra"=>
  {"raw_info" => 
     @attributes = {
       "http://schemas.microsoft.com/identity/claims/tenantid" => ["..."],
       "http://schemas.microsoft.com/identity/claims/objectidentifier" => ["..."],
       "http://schemas.microsoft.com/identity/claims/displayname" => ["..."],
       "http://schemas.microsoft.com/identity/claims/identityprovider" => ["..."],
       "http://schemas.microsoft.com/claims/authnmethodsreferences" => ["..."],
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" => ["..."],
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" => ["..."],
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" => ["..."],
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" => ["..."],
       "http://schemas.microsoft.com/identity/claims/displayname/DisplayName" => ["..."],
       "fingerprint" => "..."
     }
  }
}
mattiamalonni commented 4 years ago

SOLVED: Problem was that I was using Devise and I've configured both config/initializers/omniauth.rb and config/initializers/devise.rb, so the response was elaborated twice.

Removing the omniauth initializer solved my problem.