我正在嘗試將我們的ADFS登錄與我們將ActiveAdmin與Devise結合使用的應用程序集成在一起。爲此,我成功添加了omniauth-saml。應用程序現在重定向到ADFS,登錄成功,但在回調中失敗。我收到錯誤Invalid ticket
。Rails omniauth-saml + devise + ADFS問題
當我試圖尋找到在omniauth-SAML lib中的服務器,我可以看到它的迴應說:@document=<UNDEFINED> ... </>
和@decrypted_document=<UNDEFINED> ... </>
的initializers/devise.rb
寫着:
config.omniauth :saml,
assertion_consumer_service_url: 'https://my_server/admin/auth/saml/callback',
issuer: 'https://my_server/',
authn_context: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
idp_sso_target_url: 'https://my_adfs_server/adfs/ls/',
assertion_consumer_service_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
assertion_consumer_logout_service_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
idp_sso_target_url_runtime_params: {original_request_param: :mapped_idp_param},
name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
idp_cert: idp_certificate,
request_attributes: {},
attribute_statements: {email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],
name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],
first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'],
last_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname']},
private_key: sp_key,
certificate: sp_certificate,
security: {authn_requests_signed: true,
logout_requests_signed: true,
logout_responses_signed: true,
metadata_signed: true,
digest_method: XMLSecurity::Document::SHA1,
signature_method: XMLSecurity::Document::RSA_SHA1,
embed_sign: false}
我怎樣才能解決這個問題?
增加: 看來,REXML ::文件是無法解密的Cypher SAML響應的內部。它沒有錯誤地做到這一點。當我嘗試自己使用https://www.samltool.com/decrypt.php時,我看到它沒有問題。
我如何最終修復它可以在我的博客上找到:http://www.michaelsommer.nl/2016/06/implementing-single-sign-on-with-adfs.html –