SAML 2.0 strategy for Überauth.
Currently Überauth SAML parses the IDP response and pulls a static set of attributes from the included Subject assertion:
- User.FirstName -> auth.info.first_name
- User.LastName -> auth.info.last_name
- User.email -> auth.info.email
Future versions of this strategy will allow mappings from attribute keys to fields in the info struct, for now this version is tailored to work against OneLogin.
-
Add
:ueberauth_samlto your list of dependencies inmix.exs:def deps do [{:ueberauth_saml, "~> 0.1"}] end
-
Add the strategy to your applications:
def application do [applications: [:ueberauth_saml]] end
-
Add SAML to your Überauth configuration:
config :ueberauth, Ueberauth, providers: [ saml: {Ueberauth.Strategy.SAML, [ callback_methods: ["POST"], idp_metadata_url: "https://app.onelogin.com/saml/metadata/1", private_key: "priv/saml/saml.pem", trusted_fingerprints: ['ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab:ab'], verify_recipient: false, verify_audience: false ]} ]
-
Include the Überauth plug in your controller:
defmodule MyApp.AuthController do use MyApp.Web, :controller plug Ueberauth ... end
-
Create the request and callback routes if you haven't already:
scope "/auth", MyApp do pipe_through :browser get "/:provider", AuthController, :request get "/:provider/callback", AuthController, :callback end
-
Your controller needs to implement callbacks to deal with
Ueberauth.AuthandUeberauth.Failureresponses.
For an example implementation see the Überauth Example application.
Depending on the configured url you can initiate the request through:
/auth/saml
Please see LICENSE for licensing details.