我对使用SAML的Keyclock&Redmine界面不熟悉。到目前为止,我的saml.rb正在尝试实施SSO。
Redmine::OmniAuthSAML::Base.configure do |config|
config.saml = {
:assertion_consumer_service_url => "http://<IP>/redmine/auth/saml/callback", # OmniAuth callback URL
:issuer => "redmine-saml", # The issuer name / entity ID. Must be an URI as per SAML 2.0 spec.
:single_logout_service_url => "http://<IP>/redmine/auth/saml", # The SLS (logout) callback URL
:idp_sso_target_url => "http://<Keyclock IP>:8080/auth/realms/master/protocol/saml", # SSO login endpoint
:idp_cert_fingerprint => "66:BC:3D:15:AD:FA:70:A6:33:20:21:4F:2E:FC:43:1B:79:EC:D7:12", # SSO ssl certificate fingerprint
# Alternatively, specify the full certifiate:
:idp_cert => "MIICpzCCAY8CBgFnOzydPTANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxyZWRtaW5lLXNhbWwwHhcNMTgxMTIyMTE0MzA3WhcNMjgxMTIyMTE0NDQ3WjAXMRUwEwYDVQQDDAxyZWRtaW5lLXNhbWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3si4Rn7JziRhuEqTiKoJnney3/9rS4srrd4F3YjaID0CcOCiNDlwCjfplZy+/YpQ7ma2/tut9Uypx+ntO9avoZHoldbFxiP/ngcT7mFMbE1TSt21jee3JEYYQ44mxK2bgWVvM7TmpJLUhQ/J63/tZIEhgXJI7NpkRwxsecKE7P7AVTFv1VpgDwudBGvxshbjJ4nEbdwTvkMO7vDxsR9ApbNciNTC9/GvTMs0XhHoId4Kny74F/GSblKJDAFaJ/4HFjAIgGv6oqnw4viookFU/E8ZGxRzaE1mRCIN8aY62vc65gc/8ywpbn1Sg6y46p5XRpD+oFKQlD16LqtMYNs9LAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAACM+lBx11zmfUBdR+d/OM2Am9ZlkGDiud5WcGR2p3WvLAaIS78EGIafyT7uNMhIFxcq+t7kTqbWVHWuZXGzOeec9thKtLRGUGLVDgm4zCuw2vslVQx1FJHWUwjAs9PmhcOMUr3uQ3yfjqSNAQZY/iCaGb0EyUgKjIoozHTr3EiQV/zPvQWEZKWTut/8BjD9Zmy25OO+0Tksdnhc0YglXNonjzyHuWcVNAzvaP+9grMrMjK6HWvfaMbiLprP39cpcfIsZUUx8/q0z/lNSn7oxJG4b1liO0kHZPULylr87C6WE0DPTl7oP1vIlHfFQW76pxmvCkPvSlqcBKJG4wTi/XU=",
:name_identifier_format => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
:signout_url => "http://<Keyclock IP:8080>/auth/realms/master/protocol/saml/clients/redmine-saml", # Optional signout URL, not supported by all identity providers
:idp_slo_target_url => "http://<Keyclock IP:8080>/auth/realms/master/protocol/saml/clients/redmine-saml",
:name_identifier_value => "login", # Which redmine field is used as name_identifier_value for SAML logout
:attribute_mapping => {
# How will we map attributes from SSO to redmine attributes
:login => 'extra.raw_info.username',
:mail => 'extra.raw_info.email',
:firstname => 'extra.raw_info.firstname',
:lastname => 'extra.raw_info.lastname'
}
}
config.on_login do |omniauth_hash, user|
# Implement any hook you want here
end
end
Redmine可以重定向到Keyclock门户,但是如果我输入密码,则会在Redmine门户上引发错误:
translation missing: en.error_saml_invalid_ticket
请让我知道我需要在哪里进行更改。