This commit is contained in:
parent
b8535ad4df
commit
3084fe4959
@ -184,7 +184,10 @@ STREAMING_CLUSTER_NUM=1
|
|||||||
# SAML_PRIVATE_KEY=
|
# SAML_PRIVATE_KEY=
|
||||||
# SAML_SECURITY_WANT_ASSERTION_SIGNED=true
|
# SAML_SECURITY_WANT_ASSERTION_SIGNED=true
|
||||||
# SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true
|
# SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true
|
||||||
|
# SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
|
||||||
# SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
|
# SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
|
||||||
# SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
|
# SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
|
||||||
# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.5.4.42"
|
# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.5.4.42"
|
||||||
# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
|
# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
|
||||||
|
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
|
||||||
|
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
|
||||||
|
@ -53,8 +53,10 @@ module Omniauthable
|
|||||||
private
|
private
|
||||||
|
|
||||||
def user_params_from_auth(auth)
|
def user_params_from_auth(auth)
|
||||||
email_is_verified = auth.info.email && (auth.info.verified || auth.info.verified_email)
|
assume_verified = Devise.omniauth_configs[:saml].strategy.security.assume_email_is_verified
|
||||||
email = auth.info.email if email_is_verified && !User.exists?(email: auth.info.email)
|
email_is_verified = auth.info.verified || auth.info.verified_email || assume_verified
|
||||||
|
email = auth.info.verified_email || auth.info.email
|
||||||
|
email = email_is_verified && !User.exists?(email: auth.info.email) && email
|
||||||
|
|
||||||
{
|
{
|
||||||
email: email ? email : "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com",
|
email: email ? email : "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com",
|
||||||
|
@ -48,10 +48,13 @@ Devise.setup do |config|
|
|||||||
saml_options[:security] = {}
|
saml_options[:security] = {}
|
||||||
saml_options[:security][:want_assertions_signed] = ENV['SAML_SECURITY_WANT_ASSERTION_SIGNED'] == 'true'
|
saml_options[:security][:want_assertions_signed] = ENV['SAML_SECURITY_WANT_ASSERTION_SIGNED'] == 'true'
|
||||||
saml_options[:security][:want_assertions_encrypted] = ENV['SAML_SECURITY_WANT_ASSERTION_ENCRYPTED'] == 'true'
|
saml_options[:security][:want_assertions_encrypted] = ENV['SAML_SECURITY_WANT_ASSERTION_ENCRYPTED'] == 'true'
|
||||||
|
saml_options[:security][:assume_email_is_verified] = ENV['SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED'] == 'true'
|
||||||
saml_options[:attribute_statements] = {}
|
saml_options[:attribute_statements] = {}
|
||||||
saml_options[:attribute_statements][:uid] = [ENV['SAML_ATTRIBUTES_STATEMENTS_UID']] if ENV['SAML_ATTRIBUTES_STATEMENTS_UID']
|
saml_options[:attribute_statements][:uid] = [ENV['SAML_ATTRIBUTES_STATEMENTS_UID']] if ENV['SAML_ATTRIBUTES_STATEMENTS_UID']
|
||||||
saml_options[:attribute_statements][:email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL']
|
saml_options[:attribute_statements][:email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL']
|
||||||
saml_options[:attribute_statements][:full_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME']
|
saml_options[:attribute_statements][:full_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME']
|
||||||
|
saml_options[:attribute_statements][:verified] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']
|
||||||
|
saml_options[:attribute_statements][:verified_email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']
|
||||||
saml_options[:uid_attribute] = ENV['SAML_UID_ATTRIBUTE'] if ENV['SAML_UID_ATTRIBUTE']
|
saml_options[:uid_attribute] = ENV['SAML_UID_ATTRIBUTE'] if ENV['SAML_UID_ATTRIBUTE']
|
||||||
config.omniauth :saml, saml_options
|
config.omniauth :saml, saml_options
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user