Skip to content

wrren/ueberauth_saml

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Überauth SAML

SAML 2.0 strategy for Überauth.

Currently Überauth SAML parses the IDP response and pulls a static set of attributes from the included Subject assertion:

  • User.FirstName -> auth.info.first_name
  • User.LastName -> auth.info.last_name
  • User.email -> auth.info.email

Future versions of this strategy will allow mappings from attribute keys to fields in the info struct, for now this version is tailored to work against OneLogin.

Installation

  1. Add :ueberauth_saml to your list of dependencies in mix.exs:

    def deps do
      [{:ueberauth_saml, "~> 0.1"}]
    end
  2. Add the strategy to your applications:

    def application do
      [applications: [:ueberauth_saml]]
    end
  3. Add SAML to your Überauth configuration:

    config :ueberauth, Ueberauth,
      providers: [
        saml: {Ueberauth.Strategy.SAML, [
          callback_methods:       ["POST"],
          idp_metadata_url:       "https://app.onelogin.com/saml/metadata/1",
          private_key:            "priv/saml/saml.pem",
          trusted_fingerprints:   ['ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab'],
          verify_recipient:       false,
          verify_audience:        false
        ]}
      ]
  4. Include the Überauth plug in your controller:

    defmodule MyApp.AuthController do
      use MyApp.Web, :controller
      plug Ueberauth
      ...
    end
  5. Create the request and callback routes if you haven't already:

    scope "/auth", MyApp do
      pipe_through :browser
    
      get "/:provider", AuthController, :request
      get "/:provider/callback", AuthController, :callback
    end
  6. Your controller needs to implement callbacks to deal with Ueberauth.Auth and Ueberauth.Failure responses.

For an example implementation see the Überauth Example application.

Calling

Depending on the configured url you can initiate the request through:

/auth/saml

License

Please see LICENSE for licensing details.