配置DeviseSamlAuthenticatable rails gem后无法运行迁移

时间:2017-02-22 15:18:17

标签: ruby-on-rails devise saml

我尝试使用Devise配置SAML,以允许用户在其他平台上已有数据的平台上注册。为此,我试图使用宝石DeviseSamlAuthenticatable。 https://github.com/onemedical/devise_saml_authenticatable

当我尝试运行迁移时,控制台会说:

... gems / actionpack-4.1.0 / lib / action_dispatch / routing / route_set.rb:428:in add_route': Invalid route name, already in use: 'new_user_session' (ArgumentError) You may have defined two routes with the same name using the:as option, or you may be overriding a route already defined by a resource with the same naming. For the latter, you can restrict the routes created with resources`,如下所述:

按照Gem的说明,我完成了以下操作。

User.rb模型上添加:

:saml_authenticatable, :trackable

然后看起来像这样:

devise :registerable, :confirmable, :recoverable,
         :rememberable, :trackable, :validatable, :database_authenticatable,
         :saml_authenticatable, :trackable

添加 config / initializers / devise.rb (示例说明代码)

Devise.setup do |config|
    ...
    # ==> Configuration for :saml_authenticatable

    # Create user if the user does not exist. (Default is false)
    config.saml_create_user = true

    # Update the attributes of the user after a successful login. (Default is false)
    config.saml_update_user = true

    # Set the default user key. The user will be looked up by this key. Make
    # sure that the Authentication Response includes the attribute.
    config.saml_default_user_key = :email

    # Optional. This stores the session index defined by the IDP during login.  If provided it will be used as a salt
    # for the user's session to facilitate an IDP initiated logout request.
    config.saml_session_index_key = :session_index

    # You can set this value to use Subject or SAML assertation as info to which email will be compared
    # If you don't set it then email will be extracted from SAML assertation attributes
    config.saml_use_subject = true

    # You can support multiple IdPs by setting this value to a class that implements a #settings method which takes
    # an IdP entity id as an argument and returns a hash of idp settings for the corresponding IdP.
    config.idp_settings_adapter = nil

    # You provide you own method to find the idp_entity_id in a SAML message in the case of multiple IdPs
    # by setting this to a custom reader class, or use the default.
    # config.idp_entity_id_reader = DeviseSamlAuthenticatable::DefaultIdpEntityIdReader

    # You can set a handler object that takes the response for a failed SAML request and the strategy,
    # and implements a #handle method. This method can then redirect the user, return error messages, etc.
    # config.saml_failed_callback = nil

    # Configure with your SAML settings (see [ruby-saml][] for more information).
    config.saml_configure do |settings|
      settings.assertion_consumer_service_url     = "http://localhost:3000/users/saml/auth"
      settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      settings.name_identifier_format             = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
      settings.issuer                             = "http://localhost:3000/saml/metadata"
      settings.authn_context                      = ""
      settings.idp_slo_target_url                 = "http://localhost/simplesaml/www/saml2/idp/SingleLogoutService.php"
      settings.idp_sso_target_url                 = "http://localhost/simplesaml/www/saml2/idp/SSOService.php"
      settings.idp_cert                           = <<-CERT.chomp
-----BEGIN CERTIFICATE-----
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111_______IDP_CERTIFICATE________111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
111111111111111111
-----END CERTIFICATE-----
      CERT
    end
  end

config / attribute-map.yml 上添加(相同样本)

  "urn:mace:dir:attribute-def:uid": "user_name"
  "urn:mace:dir:attribute-def:email": "email"
  "urn:mace:dir:attribute-def:name": "last_name"
  "urn:mace:dir:attribute-def:givenName": "name"

1 个答案:

答案 0 :(得分:1)

在存储库的问题中回答了这个问题:https://github.com/apokalipto/devise_saml_authenticatable/issues/83

由于此模型可通过数据库身份验证和SAML进行身份验证,因此您需要完全配置这两种策略,包括路由。这是设计的要求,并不是很明显。

查看我最近添加的维基页面,以便更清楚地记录详细信息:https://github.com/apokalipto/devise_saml_authenticatable/wiki/Supporting-multiple-authentication-strategies

相关问题
最新问题