我正在努力设置Ruby on Rails,ActiveAdmin应用程序使用Devise进行身份验证。我正在使用Azure AD strategy进行omniauth策略。如何在Azure上使用SSO设置RoR应用程序
我已经加入omniauth策略config/initializers/devise.rb
:
config.omniauth :azure_activedirectory, 'app id', 'azure tenant id'
新增的Users::OmniauthCallbacksContoller
:
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def azure_activedirectory
@user = AdminUser.from_omniauth(request.env['omniauth.auth'])
if @user.persisted?
sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
set_flash_message(:notice, :success, :kind => 'azure_activedirectory') if is_navigational_format?
else
session['devise.azure_activedirectory_data'] = request.env['omniauth.auth']
redirect_to new_admin_user_registration_url
end
end
def failure
redirect_to root_path
end
end
,并添加回调路线routes.rb
:
Rails.application.routes.draw do
devise_config = ActiveAdmin::Devise.config
devise_config[:controllers][:omniauth_callbacks] = 'users/omniauth_callbacks'
devise_for :admin_users, devise_config
devise_scope :admin_user do
get 'sign_in', :to => 'devise/sign_in', as: :new_admin_user_session
get 'sign_out', :to => 'devise/sign_out', :as => :destroy_admin_user_session
end
ActiveAdmin.routes(self)
root to: redirect('/admin')
end
新增的from_omniauth
方法models/admin_user
:
class AdminUser < ActiveRecord::Base
devise :trackable, :omniauthable, omniauth_providers: [:azure_activedirectory]
def self.from_omniauth(auth)
where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
user.email = auth.info.email
user.password = Devise.friendly_token[0,20]
end
end
end
但这一切,当我运行该应用程序我得到的是错误:The action 'sign_in' could not be found for Users::OmniauthCallbacksController
我在结束了,我不知道还有什么我必须做的就是它的工作。 https://github.com/AzureAD/omniauth-azure-activedirectory和https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview对于我如何修复它不再显示任何线索。
任何人都可以帮我解决我做错的事吗?
感谢您尝试帮助。太糟糕了,虽然这解决了错误,但引入了一个新问题:我从'/'重定向到'/ admin',反之亦然。 –
@MichaelSommer我编辑了我的答案,试图解决你的问题,希望现在适合你。 –
当我删除'root to:'人们不会被重定向到'/ admin',我不希望我的用户自己知道。我的根有一个api的入口,它使用了守望者而不是设计。 –