0
我正在尝试配置SAML和Devise,以允许用户在其他平台上已有数据的平台上注册。为此,我试图使用宝石DeviseSamlAuthenticatable。 https://github.com/onemedical/devise_saml_authenticatable配置DeviseSamlAuthenticatable rails后无法运行迁移gem
当我尝试运行迁移,控制台说:
...宝石/ ActionPack的-4.1.0/lib目录/ action_dispatch /路由/ route_set.rb:428:在add_route': Invalid route name, already in use: 'new_user_session' (ArgumentError) You may have defined two routes with the same name using the:为option, or you may be overriding a route already defined by a resource with the same naming. For the latter, you can restrict the routes created with资源`这里解释:
按照宝石的指示,我做了以下。
在User.rb模型加入:
:saml_authenticatable, :trackable
然后看起来像这样:
devise :registerable, :confirmable, :recoverable,
:rememberable, :trackable, :validatable, :database_authenticatable,
:saml_authenticatable, :trackable
在配置/初始化/ devise.rb加入(样品指令代码)
Devise.setup do |config|
...
# ==> Configuration for :saml_authenticatable
# Create user if the user does not exist. (Default is false)
config.saml_create_user = true
# Update the attributes of the user after a successful login. (Default is false)
config.saml_update_user = true
# Set the default user key. The user will be looked up by this key. Make
# sure that the Authentication Response includes the attribute.
config.saml_default_user_key = :email
# Optional. This stores the session index defined by the IDP during login. If provided it will be used as a salt
# for the user's session to facilitate an IDP initiated logout request.
config.saml_session_index_key = :session_index
# You can set this value to use Subject or SAML assertation as info to which email will be compared
# If you don't set it then email will be extracted from SAML assertation attributes
config.saml_use_subject = true
# You can support multiple IdPs by setting this value to a class that implements a #settings method which takes
# an IdP entity id as an argument and returns a hash of idp settings for the corresponding IdP.
config.idp_settings_adapter = nil
# You provide you own method to find the idp_entity_id in a SAML message in the case of multiple IdPs
# by setting this to a custom reader class, or use the default.
# config.idp_entity_id_reader = DeviseSamlAuthenticatable::DefaultIdpEntityIdReader
# You can set a handler object that takes the response for a failed SAML request and the strategy,
# and implements a #handle method. This method can then redirect the user, return error messages, etc.
# config.saml_failed_callback = nil
# Configure with your SAML settings (see [ruby-saml][] for more information).
config.saml_configure do |settings|
settings.assertion_consumer_service_url = "http://localhost:3000/users/saml/auth"
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
settings.name_identifier_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
settings.issuer = "http://localhost:3000/saml/metadata"
settings.authn_context = ""
settings.idp_slo_target_url = "http://localhost/simplesaml/www/saml2/idp/SingleLogoutService.php"
settings.idp_sso_target_url = "http://localhost/simplesaml/www/saml2/idp/SSOService.php"
settings.idp_cert = <<-CERT.chomp
-----BEGIN CERTIFICATE-----
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111_______IDP_CERTIFICATE________111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111
111111111111111111
-----END CERTIFICATE-----
CERT
end
end
并在配置/属性map.yml添加(同一样品)
"urn:mace:dir:attribute-def:uid": "user_name"
"urn:mace:dir:attribute-def:email": "email"
"urn:mace:dir:attribute-def:name": "last_name"
"urn:mace:dir:attribute-def:givenName": "name"