我在Rails(3.2.1)中有一个路由问题。
我正在使用omniauth-saml进行身份验证(https://github.com/PracticallyGreen/omniauth-saml)。医生说:
"可以从http://example.com/auth/saml/metadata检索用于简化IdP中SAML SP配置的服务提供商元数据。将此URL发送给IdP的管理员。"
当我访问myserver.com/auth/saml/metadata时,出现路由错误(无路由匹配)。我在routes.rb中唯一相关的路由是/ auth /:provider / callback。我需要添加哪条路线才能访问元数据网址?
身份验证本身正在按预期工作。我只是遇到元数据问题。
非常感谢!
答案 0 :(得分:0)
您可以通过将以下匹配器添加到routes.rb *:
来生成元数据路由devise_scope :user do
match "/users/auth/:action/metadata",
constraints: { action: /saml/ },
to: "omniauth_callbacks",
as: :user_omniauth_metadata,
via: [:get, :post]
end
导致以下路线(sans"(。格式)"):
user_omniauth_metadata GET|POST /users/auth/:action/metadata omniauth_callbacks#(?-mix:saml)
这是标准的omniauth路线的补充:
user_omniauth_authorize GET|POST /users/auth/:provider omniauth_callbacks#passthru {:provider=>/saml/}
user_omniauth_callback GET|POST /users/auth/:action/callback omniauth_callbacks#(?-mix:saml)
由以下结果产生:
devise_for :users, controllers: { omniauth_callbacks: "omniauth_callbacks" }
注意:我在:用户范围内设计,但在范围之外,它看起来更像:
match( "/auth/:action/metadata",
constraints: { action: /saml/ },
to: "omniauth_callbacks",
as: :omniauth_metadata,
via: [:get, :post]
)
您还需要为" other_phase&#34 ;;定义回调。 例如在SAML策略中添加以下内容
module OmniAuth
module Strategies
class Saml
include OmniAuth::Strategy
def other_phase
if on_path?("#{request_path}/metadata")
# omniauth does not set the strategy on the "other_phase"
@env['omniauth.strategy'] ||= self
setup_phase
response = OneLogin::RubySaml::Metadata.new
settings = OneLogin::RubySaml::Settings.new # set whatever params you want on this guy
Rack::Response.new(response.generate(settings), 200,
{ "Content-Type" => "application/xml" }).finish
else
call_app!
end
end
end
end
end