Merge pull request #7014 from opf/fix/bump-saml
Bump omniauth-saml in saml oauth [ci skip]pull/7011/head
commit
db707bcbde
@ -0,0 +1,64 @@ |
||||
# OpenProject OmniAuth SAML Single-Sign On |
||||
|
||||
![](https://github.com/finnlabs/openproject-auth_saml/blob/dev/app/assets/images/auth_provider-saml.png) |
||||
|
||||
This plugin provides the [OmniAuth SAML strategy](https://github.com/omniauth/omniauth-saml) into OpenProject. |
||||
|
||||
## Installation |
||||
|
||||
Add the following entries to your `Gemfile.plugins` in your OpenProject root directory: |
||||
|
||||
gem 'openproject-auth_plugins', git: 'https://github.com/finnlabs/openproject-auth_plugins', branch: 'stable' |
||||
gem "openproject-auth_saml", git: 'https://github.com/finnlabs/openproject-auth_saml', branch: 'stable' |
||||
|
||||
## Requirements |
||||
|
||||
* [omniauth-saml gem](https://github.com/omniauth/omniauth-saml) >= 1.4.0 |
||||
* [OpenProject](https://www.openproject.org) >= 5.0 |
||||
* [openproject-auth_plugins](https://github.com/opf/openproject-auth_plugins) |
||||
|
||||
## Configuration |
||||
|
||||
To add your own SAML strategy provider(s), create the following settings file (relative to your OpenProject root): |
||||
|
||||
config/plugins/auth_saml/settings.yml |
||||
|
||||
with the following contents: |
||||
|
||||
your-provider-name: |
||||
name: "your-provider-name" |
||||
display_name: "My SAML provider" |
||||
# Use the default SAML icon |
||||
icon: "auth_provider-saml.png" |
||||
# omniauth-saml config |
||||
assertion_consumer_service_url: "consumer_service_url" |
||||
issuer: "issuer" |
||||
idp_sso_target_url: "idp_sso_target_url" |
||||
idp_cert_fingerprint: "E7:91:B2:E1:..." |
||||
attribute_statements: |
||||
email: ['mailPrimaryAddress'] |
||||
name: ['gecos'] |
||||
first_name: ['givenName'] |
||||
last_name: ['sn'] |
||||
admin: ['openproject-isadmin'] |
||||
|
||||
The plugin simply passes all options to omniauth-saml. See [their configuration |
||||
documentation](https://github.com/omniauth/omniauth-saml#usage) for further |
||||
details. |
||||
|
||||
### Custom Provider Icon |
||||
|
||||
To add a custom icon to be rendered as your omniauth provider icon, add an |
||||
image asset to OpenProject and reference it in your `settings.yml`: |
||||
|
||||
icon: "my/asset/path/to/icon.png" |
||||
|
||||
## Copyrights & License |
||||
|
||||
OpenProject SAML Auth is completely free and open source and released under the |
||||
[MIT |
||||
License](https://github.com/finnlabs/openproject-auth_saml/blob/dev/LICENSE). |
||||
|
||||
Copyright (c) 2016 OpenProject GmbH |
||||
|
||||
The default provider icon is a combination of icons from [Font Awesome by Dave Gandy](http://fontawesome.io). |
After Width: | Height: | Size: 17 KiB |
@ -0,0 +1,5 @@ |
||||
module OpenProject |
||||
module AuthSaml |
||||
require 'open_project/auth_saml/engine' |
||||
end |
||||
end |
@ -0,0 +1,48 @@ |
||||
require 'omniauth-saml' |
||||
module OpenProject |
||||
module AuthSaml |
||||
class Engine < ::Rails::Engine |
||||
engine_name :openproject_auth_saml |
||||
|
||||
include OpenProject::Plugins::ActsAsOpEngine |
||||
extend OpenProject::Plugins::AuthPlugin |
||||
|
||||
register 'openproject-auth_saml', |
||||
author_url: 'https://github.com/finnlabs/openproject-auth_saml', |
||||
requires_openproject: '>= 5.0.0' |
||||
|
||||
assets %w( |
||||
auth_saml/** |
||||
auth_provider-saml.png |
||||
) |
||||
|
||||
config.after_initialize do |
||||
# Automatically update the openproject user whenever their info change in the upstream identity provider |
||||
OpenProject::OmniAuth::Authorization.after_login do |user, auth_hash, context| |
||||
# see https://github.com/opf/openproject/blob/caa07c5dd470f82e1a76d2bd72d3d55b9d2b0b83/app/controllers/concerns/omniauth_login.rb#L148 |
||||
user.update_attributes context.send(:omniauth_hash_to_user_attributes, auth_hash) |
||||
end |
||||
end |
||||
|
||||
register_auth_providers do |
||||
settings = Rails.root.join('config', 'plugins', 'auth_saml', 'settings.yml') |
||||
if settings.exist? |
||||
providers = YAML::load(File.open(settings)).symbolize_keys |
||||
strategy :saml do |
||||
providers.values.map do |h| |
||||
h[:openproject_attribute_map] = Proc.new do |auth| |
||||
{ |
||||
login: auth[:uid], |
||||
admin: (auth.info['admin'].to_s.downcase == "true") |
||||
} |
||||
end |
||||
h.symbolize_keys |
||||
end |
||||
end |
||||
else |
||||
Rails.logger.warn("[auth_saml] Missing settings from '#{settings}', skipping omniauth registration.") |
||||
end |
||||
end |
||||
end |
||||
end |
||||
end |
@ -0,0 +1,5 @@ |
||||
module OpenProject |
||||
module AuthSaml |
||||
VERSION = ::OpenProject::VERSION.to_semver |
||||
end |
||||
end |
@ -0,0 +1 @@ |
||||
require 'open_project/auth_saml' |
@ -0,0 +1,20 @@ |
||||
# encoding: UTF-8 |
||||
$:.push File.expand_path("../lib", __FILE__) |
||||
$:.push File.expand_path("../../lib", __dir__) |
||||
|
||||
require 'open_project/auth_saml/version' |
||||
# Describe your gem and declare its dependencies: |
||||
Gem::Specification.new do |s| |
||||
s.name = 'openproject-auth_saml' |
||||
s.version = OpenProject::AuthSaml::VERSION |
||||
s.authors = 'Cyril Rohr' |
||||
s.email = 'cyril.rohr@gmail.com' |
||||
s.homepage = 'https://github.com/finnlabs/openproject-auth_saml' |
||||
s.summary = 'OmniAuth SAML / Single-Sign On' |
||||
s.description = 'Adds the OmniAuth SAML provider to OpenProject' |
||||
s.license = 'MIT' |
||||
|
||||
s.files = Dir['{app,lib}/**/*'] + %w(README.md) |
||||
|
||||
s.add_dependency 'omniauth-saml', '~> 1.10.1' |
||||
end |
Loading…
Reference in new issue