Devise Omniauth-Saml: ["omniauth.auth"] is nil

0
votes

I'm developing an Rails 4 app. Auth is against an MS ADFS.

I'm using..

My POC with omniauth-saml (without devise) works fine but in real ...

When ADFS send the callback (post) request.env["omniauth.auth"] is nil

This is my config/initializers/devise.rb (Only omniauth part)

config.omniauth :saml,
  issuer:                         "https://xxx.xxx.xxx",
  idp_sso_target_url:             "https://yyy.yyy.yyy/adfs/ls",
  assertion_consumer_service_url: "https://xxx.xxx.xxx/auth/saml/callback",
  name_identifier_format:         "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  idp_cert: "xxxxxxxxxx"

My omniauth controller

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController

  #skip_before_action :protect_from_forgery
  #protect_from_forgery with: :null_session
  #protect_from_forgery except: :sign_in
  skip_before_filter :verify_authenticity_token

  def saml
    auth = request.env["omniauth.auth"]
    #auth.uid # Gets the UID value of the user that has just signed in
    # Create a session, redirect etc
    Rails.logger.debug "========================================"
    Rails.logger.debug "AUTH " + auth.inspect
    Rails.logger.debug "========================================"
    redirect_to root_path, notice: "GOOD "

  end
end

My routes (devise part)

devise_for :users,
  :controllers => {
    :omniauth_callbacks => "users/omniauth_callbacks"
  },
  skip: :registrations

devise_scope :user do
  post "/auth/:provider/callback", to: "users/omniauth_callbacks#saml"
end

Rake routes ...

user_omniauth_authorize GET|POST /users/auth/:provider(.:format)                                            users/omniauth_callbacks#passthru {:provider=>/saml/}
user_omniauth_callback  GET|POST /users/auth/:action/callback(.:format)                                     users/omniauth_callbacks#(?-mix:saml)
                        POST     /auth/:provider/callback(.:format)                                         users/omniauth_callbacks#saml

Auth Provider send the callback to https://xxx.xxx.xxx/auth/saml/callback but omniauth is listening on https://xxx.xxx.xxx/users/auth/:action/callback. I mapped the url to the controller using devise_scope. Could this be the problem?

Seeing this...

user_omniauth_callback  GET|POST /users/auth/:action/callback(.:format) users/omniauth_callbacks#(?-mix:saml)
  • Which could be the url called by the Auth provider?
  • Which will be the method called inside the controler? (?-mix:saml ???)
1
ruby-on-railsdeviseomniauthsaml

1 Answers

0
votes

Solved using "path" in my devise_for (and deleting devise _scope)

devise_for :users,
  :path => '',
  :controllers => {
    :omniauth_callbacks => 'users/omniauth_callbacks'
  },
  skip: :registrations

With this, routes change from...

user_omniauth_authorize GET|POST /users/auth/:provider(.:format)                                            users/omniauth_callbacks#passthru {:provider=>/saml/}
user_omniauth_callback  GET|POST /users/auth/:action/callback(.:format)                                     users/omniauth_callbacks#(?-mix:saml)
                        POST     /auth/:provider/callback(.:format)

to ...

user_omniauth_authorize GET|POST /auth/:provider(.:format) users/omniauth_callbacks#passthru {:provider=>/saml/}                                          
user_omniauth_callback GET|POST /auth/:action/callback(.:format)  users/omniauth_callbacks#(?-mix:saml)

Now, user_omniauth_callback is equal to the url called by my Auth provider.

Conclusion: in Devise + Omniauth map urls doesn't work.