设计Omniauth-Saml：["omniauth.auth"]是零

Question

我正在开发一个Rails 4应用程序。Auth是反对ADFS的。

我在用..。

• https://github.com/plataformatec/devise
• https://github.com/omniauth/omniauth-saml

我的POC和杂多-saml(没有设计)工作得很好，但在现实中.

当ADFS发送回调(post)时，request.env["omniauth.auth"]为零

这是我的配置/初始化器/devise.rb(只包含部分)

config.omniauth :saml,
  issuer:                         "https://xxx.xxx.xxx",
  idp_sso_target_url:             "https://yyy.yyy.yyy/adfs/ls",
  assertion_consumer_service_url: "https://xxx.xxx.xxx/auth/saml/callback",
  name_identifier_format:         "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  idp_cert: "xxxxxxxxxx"

我的万能控制器

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController

  #skip_before_action :protect_from_forgery
  #protect_from_forgery with: :null_session
  #protect_from_forgery except: :sign_in
  skip_before_filter :verify_authenticity_token

  def saml
    auth = request.env["omniauth.auth"]
    #auth.uid # Gets the UID value of the user that has just signed in
    # Create a session, redirect etc
    Rails.logger.debug "========================================"
    Rails.logger.debug "AUTH " + auth.inspect
    Rails.logger.debug "========================================"
    redirect_to root_path, notice: "GOOD "

  end
end

我的路线(设计部分)

devise_for :users,
  :controllers => {
    :omniauth_callbacks => "users/omniauth_callbacks"
  },
  skip: :registrations

devise_scope :user do
  post "/auth/:provider/callback", to: "users/omniauth_callbacks#saml"
end

耙路..。

user_omniauth_authorize GET|POST /users/auth/:provider(.:format)                                            users/omniauth_callbacks#passthru {:provider=>/saml/}
user_omniauth_callback  GET|POST /users/auth/:action/callback(.:format)                                     users/omniauth_callbacks#(?-mix:saml)
                        POST     /auth/:provider/callback(.:format)                                         users/omniauth_callbacks#saml

Auth提供者将回调发送给https://xxx.xxx.xxx/auth/saml/callback，但杂多正在监听https://xxx.xxx.xxx/users/auth/:action/callback。我使用devise_scope将url映射到控制器。这可能是问题所在吗？

看到这个..。

user_omniauth_callback  GET|POST /users/auth/:action/callback(.:format) users/omniauth_callbacks#(?-mix:saml)

• 哪一个可能是Auth提供者调用的url？
• 哪种方法将在控制器内部调用？(?-mix:saml？)

Answer 1

在我的devise_for (和deleting devise _scope)中使用“路径”解决问题

devise_for :users,
  :path => '',
  :controllers => {
    :omniauth_callbacks => 'users/omniauth_callbacks'
  },
  skip: :registrations

这样，路线就会从..。

user_omniauth_authorize GET|POST /users/auth/:provider(.:format)                                            users/omniauth_callbacks#passthru {:provider=>/saml/}
user_omniauth_callback  GET|POST /users/auth/:action/callback(.:format)                                     users/omniauth_callbacks#(?-mix:saml)
                        POST     /auth/:provider/callback(.:format)

敬..。

user_omniauth_authorize GET|POST /auth/:provider(.:format) users/omniauth_callbacks#passthru {:provider=>/saml/}                                          
user_omniauth_callback GET|POST /auth/:action/callback(.:format)  users/omniauth_callbacks#(?-mix:saml)         

现在，user_omniauth_callback等于我的Auth调用的url。

结论:在Devise + Omniauth地图中，urls不起作用。