Giter Site home page Giter Site logo

Comments (4)

benoist avatar benoist commented on August 22, 2024

Entity ID's are just string based identifiers, but the best practice is to use the endpoint where the metadata (EntityDescriptors) can be returned.

For example:

https://idp.example.com/saml/metadata.xml
and
https://sp.example.com/saml/metadata.xml

from libsaml.

benoist avatar benoist commented on August 22, 2024

current provider should contain the entity id.

In your Service provider application use the SP entity id
current_provider "https://sp.example.com/saml/metadata.xml"

In your Identity provider application use the IDP entity id
current_provider "https://idp.example.com/saml/metadata.xml"

NOTE: Make sure the metadata files also contain the correct entity ids, because that is used to do the lookup.

from libsaml.

nitanshu avatar nitanshu commented on August 22, 2024

So do we have to store metadata for both Idp and sp but in your README.md you just created service_provider.xml in config folder so it should be like this in "https://sp.example.co/config/metadata/service_provider.xml"

Service Provider

saml_controller.rb

  current_provider "http://1676db30.ngrok.io/"

  def index
  end

  def request_authentication
    provider = Saml.provider("http://1676db30.ngrok.io/")
    logger.info "-------------provider is #{provider.inspect}"
    destination = provider.single_sign_on_service_url(Saml::ProtocolBinding::HTTP_POST)
    logger.info "-------------destination is #{destination.inspect}"

    authn_request = Saml::AuthnRequest.new(:destination => destination)

    session[:authn_request_id] = authn_request._id

    @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)

    render text: @saml_attributes.to_yaml
  end

  def receive_response
    if params["SAMLart"]
      # provider should be of type Saml::Provider
      @response = Saml::Bindings::HTTPArtifact.resolve(request, provider.artifact_resolution_service_url)
    elsif params["SAMLResponse"]
      @response = Saml::Bindings::HTTPPost.receive_message(request, :response)
    else
      # handle invalid request
    end

    if @response && @response.success?
      if session[:authn_request_id] == @response.in_response_to
        @response.assertion.fetch_attribute('any_attribute')
      else
        # handle unrecognized response
      end
      reset_session # It's good practice to reset sessions after authenticating to mitigate session fixation attacks
    else
      # handle failure
    end
  end
end

service provider.xml is looks like this in Service Provider end

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor ID="_052c51476c9560a429e1171e8c9528b96b69fb57" entityID="http://1676db30.ngrok.io/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
  <md:SPSSODescriptor>
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo>
        <ds:X509Data>
          <ds:X509Certificate>-----BEGIN PUBLIC KEY-----
            MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyY1WRgrliIQC1faue0O
            9kCo1lqsyJ+8cIV2EvDdqX3QqlHkG+AQQjQ9t22x9axS1RPiuBFeLAs587zgKrjG
            7+GAzPaGDlhOusF01Ls+OUZj6NJzJATgKjxf5xlerPldRligOjgSiipd4UD22PoU
            vrl/rSlJ9GHx1WWcnNig9H++8A+wJPwg5u5FbL4GHaOZR0InRLcARIwGcWlPhFno
            LJ7HxSfbi5p1exVobXYntSpbFqNruIVXHWey/+am3vgiSwhRNs0YTJqMR4ajRy8i
            Ms4D67dgtrjHXRUewX5f46/LQrJKE+gpcGqjyiFYWr64SMX5GTuRJhITp5EgMrvp
            JwIDAQAB
            -----END PUBLIC KEY-----</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post" Location="http://localhost:3000/saml/receive_response" index="0" isDefault="true"/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>

Identity Provider end

Changed only in one file which is

saml_controller.rb and changed only one line

current_provider "http://1676db30.ngrok.io/"

Please help me @benoist

from libsaml.

benoist avatar benoist commented on August 22, 2024

Yes you have to store the metadata for the IDP and for SP and use the correct entity_id values from the corresponding metadata files.

def request_authentication
    provider = Saml.provider("http://1676db30.ngrok.io/")

This is wrong, it should contain the entity ID of the IDP not the SP.

from libsaml.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.