chiu
/
sso_login_box_for_ntu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix logout url bug.

This commit is contained in:
BoHung Chiu 2023-02-14 00:06:00 +08:00
parent 9131449314
commit 70850b1826
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/controllers/sso_login_box_controller.rb
View File

@ -2,6 +2,7 @@ class SsoLoginBoxController < SessionsController
require 'openssl' require 'openssl'
require 'onelogin/ruby-saml' require 'onelogin/ruby-saml'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
skip_before_action :verify_authenticity_token
def sso_auth_page def sso_auth_page
session[:referer_url] = params[:referer_url] session[:referer_url] = params[:referer_url]
# puts ["session", session, session.to_hash] # puts ["session", session, session.to_hash]
@ -43,8 +44,8 @@ class SsoLoginBoxController < SessionsController
session[:sso_token] = user.id session[:sso_token] = user.id
session[:user_id] = user.id session[:user_id] = user.id
session[:login_referer] = nil session[:login_referer] = nil
if params[:referer_url].present? if session[:referer_url].present?
redirect_to URI.parse(params[:referer_url]).path redirect_to URI.parse(session[:referer_url]).path
else else
redirect_to admin_dashboards_path redirect_to admin_dashboards_path
end end
@ -71,7 +72,8 @@ class SsoLoginBoxController < SessionsController
# Create a SP initiated SLO # Create a SP initiated SLO
def sp_logout_request def sp_logout_request
# LogoutRequest accepts plain browser requests w/o paramters # LogoutRequest accepts plain browser requests w/o paramters
settings = saml_settings logout_url = URI.join("https://#{request.host}", params[:referer_url].to_s) rescue "https://#{request.host}"
settings = saml_settings(logout_url)
if settings.idp_slo_service_url.nil? if settings.idp_slo_service_url.nil?
delete_session delete_session
@ -88,21 +90,21 @@ class SsoLoginBoxController < SessionsController
# Save the transaction_id to compare it with the response we get back # Save the transaction_id to compare it with the response we get back
session[:transaction_id] = logout_request.uuid session[:transaction_id] = logout_request.uuid
session[:logged_out_user] = logged_user session[:logged_out_user] = logged_user
relayState = "https://#{request.host}" relayState = "https://#{request.host}"
redirect_to(logout_request.create(settings, :RelayState => relayState)) redirect_to(logout_request.create(settings, :RelayState => relayState))
end end
end end
private private
def saml_settings def saml_settings(logout_url=nil)
settings = OneLogin::RubySaml::Settings.new settings = OneLogin::RubySaml::Settings.new
request_host = request.host request_host = request.host
logout_url ||= "https://#{request_host}"
settings.assertion_consumer_service_url = "https://#{request_host}/ntu_sso/response" settings.assertion_consumer_service_url = "https://#{request_host}/ntu_sso/response"
settings.issuer = request_host settings.issuer = request_host
settings.idp_sso_target_url = "https://adfs.ntu.edu.tw/adfs/ls/" settings.idp_sso_target_url = "https://adfs.ntu.edu.tw/adfs/ls/"
# settings.idp_sso_target_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect # settings.idp_sso_target_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect
settings.idp_slo_target_url = "https://adfs.ntu.edu.tw/adfs/ls/clearall.aspx?url=https://#{request_host}" settings.idp_slo_service_url = "https://adfs.ntu.edu.tw/adfs/ls/clearall.aspx?url=#{logout_url}"
# settings.idp_slo_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect # settings.idp_slo_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect
settings.idp_cert_fingerprint = (File.read('adfs_fingerprint.txt') rescue '') #"0A:27:FC:D5:CE:DC:D8:44:CC:A9:58:8A:42:D1:F4:DF:38:2E:4A:C3" settings.idp_cert_fingerprint = (File.read('adfs_fingerprint.txt') rescue '') #"0A:27:FC:D5:CE:DC:D8:44:CC:A9:58:8A:42:D1:F4:DF:38:2E:4A:C3"
settings.idp_cert_fingerprint_algorithm = "http://www.w3.org/2000/09/xmldsig#sha1" settings.idp_cert_fingerprint_algorithm = "http://www.w3.org/2000/09/xmldsig#sha1"