SAML changes to the controller
This commit is contained in:
parent
fb65f18b5f
commit
e94db861c5
4 changed files with 37 additions and 31 deletions
|
@ -5,13 +5,11 @@ class DashboardController < ActionController::Base
|
||||||
around_action :switch_locale
|
around_action :switch_locale
|
||||||
before_action :ensure_installation_onboarding, only: [:index]
|
before_action :ensure_installation_onboarding, only: [:index]
|
||||||
before_action :redirect_to_custom_domain_page
|
before_action :redirect_to_custom_domain_page
|
||||||
|
before_action :redirect_to_saml_login
|
||||||
|
|
||||||
layout 'vueapp'
|
layout 'vueapp'
|
||||||
|
|
||||||
def index
|
def index; end
|
||||||
request = OneLogin::RubySaml::Authrequest.new
|
|
||||||
redirect_to(request.create(saml_settings))
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
@ -50,6 +48,13 @@ class DashboardController < ActionController::Base
|
||||||
redirect_to "/hc/#{portal.slug}"
|
redirect_to "/hc/#{portal.slug}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def redirect_to_saml_login
|
||||||
|
# request = OneLogin::RubySaml::Authrequest.new
|
||||||
|
# redirect_to(request.create(saml_settings))
|
||||||
|
# end
|
||||||
|
redirect_to '/saml' and return unless Current.user
|
||||||
|
end
|
||||||
|
|
||||||
def app_config
|
def app_config
|
||||||
{
|
{
|
||||||
APP_VERSION: Chatwoot.config[:version],
|
APP_VERSION: Chatwoot.config[:version],
|
||||||
|
@ -66,26 +71,25 @@ class DashboardController < ActionController::Base
|
||||||
|
|
||||||
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
|
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
|
||||||
settings.sp_entity_id = "http://#{request.host}/saml/metadata"
|
settings.sp_entity_id = "http://#{request.host}/saml/metadata"
|
||||||
settings.idp_entity_id = "https://app.onelogin.com/saml/metadata/1835014"
|
settings.idp_entity_id = 'https://app.onelogin.com/saml/metadata/1835014'
|
||||||
settings.idp_sso_target_url = "https://app.onelogin.com/trust/saml2/http-post/sso/1835014"
|
settings.idp_sso_target_url = 'https://app.onelogin.com/trust/saml2/http-post/sso/1835014'
|
||||||
settings.idp_slo_target_url = "https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014"
|
settings.idp_slo_target_url = 'https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014'
|
||||||
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
settings.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
|
||||||
|
|
||||||
# Optional for most SAML IdPs
|
# Optional for most SAML IdPs
|
||||||
settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
|
settings.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
|
||||||
# or as an array
|
# or as an array
|
||||||
settings.authn_context = [
|
settings.authn_context = [
|
||||||
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
|
'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
|
||||||
"urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
|
'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
|
||||||
]
|
]
|
||||||
|
|
||||||
# Optional bindings (defaults to Redirect for logout POST for ACS)
|
# Optional bindings (defaults to Redirect for logout POST for ACS)
|
||||||
settings.single_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect
|
settings.single_logout_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' # or :post, :redirect
|
||||||
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect
|
settings.assertion_consumer_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' # or :post, :redirect
|
||||||
|
|
||||||
settings
|
settings
|
||||||
end
|
end
|
||||||
|
|
||||||
def cosnume
|
def cosnume; end
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
0
app/controllers/saml_controller
Normal file
0
app/controllers/saml_controller
Normal file
|
@ -1,8 +1,9 @@
|
||||||
# This controller expects you to use the URLs /saml/init and /saml/consume in your OneLogin application.
|
# This controller expects you to use the URLs /saml/init and /saml/consume in your OneLogin application.
|
||||||
class SamlController < ApplicationController
|
class SamlController < ApplicationController
|
||||||
skip_before_action :verify_authenticity_token, :only => [:consume]
|
# skip_before_action :verify_authenticity_token, :only => [:consume]
|
||||||
|
layout 'vueapp'
|
||||||
|
|
||||||
def init
|
def index
|
||||||
request = OneLogin::RubySaml::Authrequest.new
|
request = OneLogin::RubySaml::Authrequest.new
|
||||||
redirect_to(request.create(saml_settings))
|
redirect_to(request.create(saml_settings))
|
||||||
end
|
end
|
||||||
|
@ -17,7 +18,8 @@ class SamlController < ApplicationController
|
||||||
session[:userid] = response.nameid
|
session[:userid] = response.nameid
|
||||||
session[:attributes] = response.attributes
|
session[:attributes] = response.attributes
|
||||||
else
|
else
|
||||||
authorize_failure # This method shows an error message
|
ChatwootExceptionTracker.new(response.errors, account: Account.first).capture_exception # This method shows an error message
|
||||||
|
|
||||||
# List of errors is available in response.errors array
|
# List of errors is available in response.errors array
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -29,22 +31,22 @@ class SamlController < ApplicationController
|
||||||
|
|
||||||
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
|
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
|
||||||
settings.sp_entity_id = "http://#{request.host}/saml/metadata"
|
settings.sp_entity_id = "http://#{request.host}/saml/metadata"
|
||||||
settings.idp_entity_id = "https://app.onelogin.com/saml/metadata/1835014"
|
settings.idp_entity_id = 'https://app.onelogin.com/saml/metadata/1835014'
|
||||||
settings.idp_sso_target_url = "https://app.onelogin.com/trust/saml2/http-post/sso/1835014"
|
settings.idp_sso_target_url = 'https://app.onelogin.com/trust/saml2/http-post/sso/1835014'
|
||||||
settings.idp_slo_target_url = "https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014"
|
settings.idp_slo_target_url = 'https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014'
|
||||||
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
settings.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
|
||||||
|
|
||||||
# Optional for most SAML IdPs
|
# Optional for most SAML IdPs
|
||||||
settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
|
settings.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
|
||||||
# or as an array
|
# or as an array
|
||||||
settings.authn_context = [
|
settings.authn_context = [
|
||||||
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
|
'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
|
||||||
"urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
|
'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
|
||||||
]
|
]
|
||||||
|
|
||||||
# Optional bindings (defaults to Redirect for logout POST for ACS)
|
# Optional bindings (defaults to Redirect for logout POST for ACS)
|
||||||
settings.single_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect
|
settings.single_logout_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' # or :post, :redirect
|
||||||
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect
|
settings.assertion_consumer_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' # or :post, :redirect
|
||||||
|
|
||||||
settings
|
settings
|
||||||
end
|
end
|
||||||
|
|
|
@ -81,7 +81,7 @@
|
||||||
</form>
|
</form>
|
||||||
<div class="column text-center sigin--footer">
|
<div class="column text-center sigin--footer">
|
||||||
<span>{{ $t('REGISTER.HAVE_AN_ACCOUNT') }}</span>
|
<span>{{ $t('REGISTER.HAVE_AN_ACCOUNT') }}</span>
|
||||||
<router-link to="/app/login">
|
<router-link to="/saml">
|
||||||
{{
|
{{
|
||||||
useInstallationName(
|
useInstallationName(
|
||||||
$t('LOGIN.TITLE'),
|
$t('LOGIN.TITLE'),
|
||||||
|
|
Loading…
Reference in a new issue