设计Omniauth-Saml：[＆＃34; omniauth.auth＆＃34;]是零

Question

我正在开发一个Rails 4应用程序。 Auth反对MS ADFS。

我正在使用..

• https://github.com/plataformatec/devise
• https://github.com/omniauth/omniauth-saml

我的POC与omniauth-saml（没有设计）工作正常，但实际上......

当ADFS发送回调（帖子）//Get site information Site site = srvman.Sites.First(s => s.Id == 3); if (!SiteExists(srvman, siteId)) throw new ApplicationException(); Application app = site.Applications.Add("/app_2", @"d:\mysite\other_content"); app.ApplicationPoolName = "MySite"; srvman.CommitChanges(); 为nil

时

这是我的config / initializers / devise.rb（只有omniauth部分）

request.env["omniauth.auth"]

我的omniauth控制器

config.omniauth :saml,
  issuer:                         "https://xxx.xxx.xxx",
  idp_sso_target_url:             "https://yyy.yyy.yyy/adfs/ls",
  assertion_consumer_service_url: "https://xxx.xxx.xxx/auth/saml/callback",
  name_identifier_format:         "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  idp_cert: "xxxxxxxxxx"

我的路线（设计部分）

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController

  #skip_before_action :protect_from_forgery
  #protect_from_forgery with: :null_session
  #protect_from_forgery except: :sign_in
  skip_before_filter :verify_authenticity_token

  def saml
    auth = request.env["omniauth.auth"]
    #auth.uid # Gets the UID value of the user that has just signed in
    # Create a session, redirect etc
    Rails.logger.debug "========================================"
    Rails.logger.debug "AUTH " + auth.inspect
    Rails.logger.debug "========================================"
    redirect_to root_path, notice: "GOOD "

  end
end

耙路......

devise_for :users,
  :controllers => {
    :omniauth_callbacks => "users/omniauth_callbacks"
  },
  skip: :registrations

devise_scope :user do
  post "/auth/:provider/callback", to: "users/omniauth_callbacks#saml"
end

Auth Provider将回调发送给https://xxx.xxx.xxx/auth/saml/callback，但omniauth正在监听https://xxx.xxx.xxx/users/auth/:action/callback。我使用user_omniauth_authorize GET|POST /users/auth/:provider(.:format) users/omniauth_callbacks#passthru {:provider=>/saml/} user_omniauth_callback GET|POST /users/auth/:action/callback(.:format) users/omniauth_callbacks#(?-mix:saml) POST /auth/:provider/callback(.:format) users/omniauth_callbacks#saml 将URL映射到控制器。这可能是问题吗？

看到这个......

devise_scope

• 哪个可能是Auth提供商调用的网址？
• 这将是控制器内部调用的方法？ （？-mix：saml ???）

Answer 1

解决使用＆＃34;路径＆＃34;在我的devise_for（和deleting devise _scope）

中

devise_for :users,
  :path => '',
  :controllers => {
    :omniauth_callbacks => 'users/omniauth_callbacks'
  },
  skip: :registrations

有了这个，路线从......变为

user_omniauth_authorize GET|POST /users/auth/:provider(.:format)                                            users/omniauth_callbacks#passthru {:provider=>/saml/}
user_omniauth_callback  GET|POST /users/auth/:action/callback(.:format)                                     users/omniauth_callbacks#(?-mix:saml)
                        POST     /auth/:provider/callback(.:format)

到...

user_omniauth_authorize GET|POST /auth/:provider(.:format) users/omniauth_callbacks#passthru {:provider=>/saml/}                                          
user_omniauth_callback GET|POST /auth/:action/callback(.:format)  users/omniauth_callbacks#(?-mix:saml)         

现在，user_omniauth_callback等于我的Auth提供商调用的网址。

结论：在Devise + Omniauth地图网址中无效。