Commit a1835ea6 authored by o@immerda.ch's avatar o@immerda.ch
Browse files

sign saml requests

parent 2506a76f
......@@ -42,6 +42,18 @@ class SamlController < SessionsController
settings.certificate = SamlConfig.cert
settings.private_key = SamlConfig.private_key
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
settings.security = {
:authn_requests_signed => true,
:logout_requests_signed => true,
:logout_responses_signed => true,
:want_assertions_signed => true,
:want_assertions_encrypted => true,
:want_name_id => true,
:metadata_signed => true,
:embed_sign => true,
:digest_method => XMLSecurity::Document::SHA256,
:signature_method => XMLSecurity::Document::RSA_SHA256
}
settings
end
end
......@@ -16,15 +16,13 @@ class SessionsController < ApplicationController
protected
def successful_auth(email, attributes)
if Admin::Enabled
if attributes[:is_admin] == "true"
update_session_expiry
update_session_expiry
session[:is_admin] = true
session[:user_id] = email
session[:api_token] = attributes[:api_token]
redirect_to '/'
return true
end
session[:is_admin] = true
session[:user_id] = email
session[:api_token] = attributes[:api_token]
redirect_to '/'
return true
else
begin
api_token = attributes[:api_token]
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment