I am having a struggle getting this to work so I've created a hell-world Rails app to try and get this to work.
Here's the repo with the code that is not working: https://github.com/pitosalas/shibtry
Here's what I've done starting from an empty Rails application:
I've added two gems to gem files:
gem 'omniauth-shibboleth' gem 'rack-saml'I got the shibboleth meta data from my university's web site and converted it using shib_conv.rb into the corresponding YAML: ./config.yml
I've updated routes adding
get '/auth/:provider/callback', to: 'sessions#create'I've put a breakpoint at
SessionController#createI've added initializers: omniauth.rb:
Rails.application.config.middleware.use OmniAuth::Builder do provider :shibboleth, { :shib_session_id_field => "Shib-Session-ID", :shib_application_id_field => "Shib-Application-ID", :debug => true, :extra_fields => [ :"unscoped-affiliation", :entitlement ] } endI've added rack_sam.rb initializer:
Rails.application.config.middleware.insert_after Rack::ETag, Rack::Saml, { :metadata => "#{Rails.root}/config/metadata.yml"}Now, run the server and go to
http://0.0.0.0:3000/auth/shibbolethand I get an error:undefined method `[]' for nil:NilClass'which is traced back to this line in rack-saml/misc/onelogin_setting.rb line 13 which is:
settings.idp_sso_target_url = @metadata['saml2_http_redirect']in other words, looking for the metadata hash for that key. It happens that in my metadata.yml file that key is present, but by the time I get to this onelogin_setting.rb line 13,
@metadatais nil (it should contain the contents of the file) and consequently that key doesn't exist.
And that's where, for now, the trail dries up.
Looks like you forgot to add your config file to the initializer:
And the saml_idp setting in the rack-saml.yml must match the key for the idp_lists entry in your metadata.yml