Rails SSO implemetation with Ping FederateA concise explanation of nil v. empty v. blank in Ruby on RailsUnderstanding the Rails Authenticity TokenHow can I rename a database column in a Ruby on Rails migration?How do I get the current absolute URL in Ruby on Rails?No route matches “/users/sign_out” devise rails 3include assertion consumer service URL in simplesamlphp request for sp-initated SSOIDP and SP authentication flow without redirecting to the IDPOneLogin ruby client how to identify the user's nameIDSAML account binding/linking (with Okta)Onelogin SAMLResponse api request
What was the nature of the known bugs in the Space Shuttle software?
My professor has told me he will be the corresponding author. Will it hurt my future career?
How do I talk to my wife about unrealistic expectations?
How was the website able to tell my credit card was wrong before it processed it?
How do I explain that I don't want to maintain old projects?
Taking my Ph.D. advisor out for dinner after graduation
Array or vector? Two dimensional array or matrix?
What are the consequences for a developed nation to not accept any refugee?
Does anyone have a method of differentiating informative comments from commented out code?
Why do Martians have to wear space helmets?
Ways to demonstrate ("show-off") contributions as an undergraduate in research
How did the Time Lords put a whole "Star" in a Tardis?
Is it ok for parents to kiss and romance with each other while their 2- to 8-year-old child watches?
Why do people prefer metropolitan areas, considering monsters and villains?
How to say "is going" in Russian in "this game is going to perish"
Why no parachutes in the Orion AA2 abort test?
Will Jimmy fall off his platform?
Was the 45.9°C temperature in France in June 2019 the highest ever recorded in France?
Custom Geolocation Fields not populating in test class
How do resistors generate different heat if we make the current fixed and changed the voltage and resistance? Notice the flow of charge is constant
How many Jimmys can fit?
What's the difference between a type and a kind?
Which is a better conductor, a very thick rubber wire or a very thin copper wire?
Those who speak do not know, those who know do not speak
Rails SSO implemetation with Ping Federate
A concise explanation of nil v. empty v. blank in Ruby on RailsUnderstanding the Rails Authenticity TokenHow can I rename a database column in a Ruby on Rails migration?How do I get the current absolute URL in Ruby on Rails?No route matches “/users/sign_out” devise rails 3include assertion consumer service URL in simplesamlphp request for sp-initated SSOIDP and SP authentication flow without redirecting to the IDPOneLogin ruby client how to identify the user's nameIDSAML account binding/linking (with Okta)Onelogin SAMLResponse api request
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
In my Ruby on Rails project I need to implement SAML SSO with Ping Identity as my IDP. The gem I'm using is devise_saml_authenticatable
In my config/initializers/devise.rb I have:
config.saml_route_helper_prefix = 'saml'
# ==> SAML
config.saml_create_user = true
config.saml_update_user = true
config.saml_default_user_key = :email
config.saml_session_index_key = :session_index
config.saml_use_subject = true
config.idp_entity_id_reader = DeviseSamlAuthenticatable::DefaultIdpEntityIdReader
config.idp_settings_adapter = nil
config.saml_configure do |settings|
settings.assertion_consumer_service_url = "#Settings.devise_callback/users/saml/auth"
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
settings.name_identifier_format = Settings.clientname.sso.name_identifier_format
settings.issuer = "#Settings.devise_callback/users/saml/meta_data"
settings.idp_entity_id = Settings.clientname.sso.idp_entity_id
settings.authn_context = ""
settings.idp_slo_target_url = Settings.clientname.sso.idp_slo_target_url
settings.idp_sso_target_url = Settings.clientname.sso.idp_sso_target_url
settings.idp_cert_fingerprint = Settings.clientname.sso.idp_cert_fingerprint
settings.idp_cert_fingerprint_algorithm = 'http://www.w3.org/2000/09/xmldsig#sha256'
end
In my app/models/user.rb I have
devise :database_authenticatable, :rememberable, :trackable, :validatable, :recoverable, :timeoutable, :session_limitable, :saml_authenticatable
Apart from using my client's IDP, I've set up IDPs using Onelogin and Okta and the above code work perfectly fine.
Unlike Onelogin and Okta, my client's IDP offered by Ping Identity does not first show you the page for entering your email, then another page for enetering your password. In otherwords, no IDP login page like Onelogin and Okta.
So the question is, right now I have the client's IDP's entity id, SSO target URL, SLO target URL, fingerprint. How to I authenticate to the IDP via a form and log user in?
So far I've tried
=form_tag(Settings.sso.idp_sso_target_url, html: role: 'form', method: :post) do |f|
.form-group
label for="email" Email
= email_field_tag :email
.form-group
label for="password" Password
= password_field_tag :password
button.btn.btn-info.btn-sm type="submit" Submit
|
where Settings.sso.idp_sso_target_url is the SSO target url that looks like https://auth2test.clientname.ca/idp/SSO.saml2
With Ping as IDP, I got this:
<S11:Envelope><S11:Body><S11:Fault><faultcode>soapenv:Client</faultcode><faultstring>Invalid Request</faultstring></S11:Fault></S11:Body></S11:Envelope>
Then I tested using Onelogin as IDP, it just redirected me to the page where I input my email.
I've also tried
= form_for(resource, as: resource_name, url: saml_user_session_path(resource_name), html: role: 'form') do |f|
.form-group
label for="email" Email
= f.email_field :email, autofocus: true, autocomplete: "email", class: 'form-control', placeholder: 'Email', id: 'email'
.form-group
label for="password" Password
= f.password_field :password, autocomplete: "off", placeholder: 'Password', class: 'form-control', id: 'password'
button.btn.btn-info.btn-sm type="submit" Submit
|
This one is giving error Invalid email or password (I'm sure that's correct).
I highly doubt that I'm on the right track. Please point me to the correct direction. Thank you very much!
ruby-on-rails devise single-sign-on saml onelogin
asked Mar 25 at 20:55
jl118jl118
578 bronze badges
add a comment |
In my Ruby on Rails project I need to implement SAML SSO with Ping Identity as my IDP. The gem I'm using is devise_saml_authenticatable
In my config/initializers/devise.rb I have:
config.saml_route_helper_prefix = 'saml'
# ==> SAML
config.saml_create_user = true
config.saml_update_user = true
config.saml_default_user_key = :email
config.saml_session_index_key = :session_index
config.saml_use_subject = true
config.idp_entity_id_reader = DeviseSamlAuthenticatable::DefaultIdpEntityIdReader
config.idp_settings_adapter = nil
config.saml_configure do |settings|
settings.assertion_consumer_service_url = "#Settings.devise_callback/users/saml/auth"
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
settings.name_identifier_format = Settings.clientname.sso.name_identifier_format
settings.issuer = "#Settings.devise_callback/users/saml/meta_data"
settings.idp_entity_id = Settings.clientname.sso.idp_entity_id
settings.authn_context = ""
settings.idp_slo_target_url = Settings.clientname.sso.idp_slo_target_url
settings.idp_sso_target_url = Settings.clientname.sso.idp_sso_target_url
settings.idp_cert_fingerprint = Settings.clientname.sso.idp_cert_fingerprint
settings.idp_cert_fingerprint_algorithm = 'http://www.w3.org/2000/09/xmldsig#sha256'
end
In my app/models/user.rb I have
devise :database_authenticatable, :rememberable, :trackable, :validatable, :recoverable, :timeoutable, :session_limitable, :saml_authenticatable
Apart from using my client's IDP, I've set up IDPs using Onelogin and Okta and the above code work perfectly fine.
Unlike Onelogin and Okta, my client's IDP offered by Ping Identity does not first show you the page for entering your email, then another page for enetering your password. In otherwords, no IDP login page like Onelogin and Okta.
So the question is, right now I have the client's IDP's entity id, SSO target URL, SLO target URL, fingerprint. How to I authenticate to the IDP via a form and log user in?
So far I've tried
=form_tag(Settings.sso.idp_sso_target_url, html: role: 'form', method: :post) do |f|
.form-group
label for="email" Email
= email_field_tag :email
.form-group
label for="password" Password
= password_field_tag :password
button.btn.btn-info.btn-sm type="submit" Submit
|
where Settings.sso.idp_sso_target_url is the SSO target url that looks like https://auth2test.clientname.ca/idp/SSO.saml2
With Ping as IDP, I got this:
<S11:Envelope><S11:Body><S11:Fault><faultcode>soapenv:Client</faultcode><faultstring>Invalid Request</faultstring></S11:Fault></S11:Body></S11:Envelope>
Then I tested using Onelogin as IDP, it just redirected me to the page where I input my email.
I've also tried
= form_for(resource, as: resource_name, url: saml_user_session_path(resource_name), html: role: 'form') do |f|
.form-group
label for="email" Email
= f.email_field :email, autofocus: true, autocomplete: "email", class: 'form-control', placeholder: 'Email', id: 'email'
.form-group
label for="password" Password
= f.password_field :password, autocomplete: "off", placeholder: 'Password', class: 'form-control', id: 'password'
button.btn.btn-info.btn-sm type="submit" Submit
|
This one is giving error Invalid email or password (I'm sure that's correct).
I highly doubt that I'm on the right track. Please point me to the correct direction. Thank you very much!
ruby-on-rails devise single-sign-on saml onelogin
asked Mar 25 at 20:55
jl118jl118
578 bronze badges
add a comment |
In my Ruby on Rails project I need to implement SAML SSO with Ping Identity as my IDP. The gem I'm using is devise_saml_authenticatable
In my config/initializers/devise.rb I have:
config.saml_route_helper_prefix = 'saml'
# ==> SAML
config.saml_create_user = true
config.saml_update_user = true
config.saml_default_user_key = :email
config.saml_session_index_key = :session_index
config.saml_use_subject = true
config.idp_entity_id_reader = DeviseSamlAuthenticatable::DefaultIdpEntityIdReader
config.idp_settings_adapter = nil
config.saml_configure do |settings|
settings.assertion_consumer_service_url = "#Settings.devise_callback/users/saml/auth"
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
settings.name_identifier_format = Settings.clientname.sso.name_identifier_format
settings.issuer = "#Settings.devise_callback/users/saml/meta_data"
settings.idp_entity_id = Settings.clientname.sso.idp_entity_id
settings.authn_context = ""
settings.idp_slo_target_url = Settings.clientname.sso.idp_slo_target_url
settings.idp_sso_target_url = Settings.clientname.sso.idp_sso_target_url
settings.idp_cert_fingerprint = Settings.clientname.sso.idp_cert_fingerprint
settings.idp_cert_fingerprint_algorithm = 'http://www.w3.org/2000/09/xmldsig#sha256'
end
In my app/models/user.rb I have
devise :database_authenticatable, :rememberable, :trackable, :validatable, :recoverable, :timeoutable, :session_limitable, :saml_authenticatable
Apart from using my client's IDP, I've set up IDPs using Onelogin and Okta and the above code work perfectly fine.
Unlike Onelogin and Okta, my client's IDP offered by Ping Identity does not first show you the page for entering your email, then another page for enetering your password. In otherwords, no IDP login page like Onelogin and Okta.
So the question is, right now I have the client's IDP's entity id, SSO target URL, SLO target URL, fingerprint. How to I authenticate to the IDP via a form and log user in?
So far I've tried
=form_tag(Settings.sso.idp_sso_target_url, html: role: 'form', method: :post) do |f|
.form-group
label for="email" Email
= email_field_tag :email
.form-group
label for="password" Password
= password_field_tag :password
button.btn.btn-info.btn-sm type="submit" Submit
|
where Settings.sso.idp_sso_target_url is the SSO target url that looks like https://auth2test.clientname.ca/idp/SSO.saml2
With Ping as IDP, I got this:
<S11:Envelope><S11:Body><S11:Fault><faultcode>soapenv:Client</faultcode><faultstring>Invalid Request</faultstring></S11:Fault></S11:Body></S11:Envelope>
Then I tested using Onelogin as IDP, it just redirected me to the page where I input my email.
I've also tried
= form_for(resource, as: resource_name, url: saml_user_session_path(resource_name), html: role: 'form') do |f|
.form-group
label for="email" Email
= f.email_field :email, autofocus: true, autocomplete: "email", class: 'form-control', placeholder: 'Email', id: 'email'
.form-group
label for="password" Password
= f.password_field :password, autocomplete: "off", placeholder: 'Password', class: 'form-control', id: 'password'
button.btn.btn-info.btn-sm type="submit" Submit
|
This one is giving error Invalid email or password (I'm sure that's correct).
I highly doubt that I'm on the right track. Please point me to the correct direction. Thank you very much!
ruby-on-rails devise single-sign-on saml onelogin
asked Mar 25 at 20:55
jl118jl118
578 bronze badges
In my Ruby on Rails project I need to implement SAML SSO with Ping Identity as my IDP. The gem I'm using is devise_saml_authenticatable
In my config/initializers/devise.rb I have:
config.saml_route_helper_prefix = 'saml'
# ==> SAML
config.saml_create_user = true
config.saml_update_user = true
config.saml_default_user_key = :email
config.saml_session_index_key = :session_index
config.saml_use_subject = true
config.idp_entity_id_reader = DeviseSamlAuthenticatable::DefaultIdpEntityIdReader
config.idp_settings_adapter = nil
config.saml_configure do |settings|
settings.assertion_consumer_service_url = "#Settings.devise_callback/users/saml/auth"
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
settings.name_identifier_format = Settings.clientname.sso.name_identifier_format
settings.issuer = "#Settings.devise_callback/users/saml/meta_data"
settings.idp_entity_id = Settings.clientname.sso.idp_entity_id
settings.authn_context = ""
settings.idp_slo_target_url = Settings.clientname.sso.idp_slo_target_url
settings.idp_sso_target_url = Settings.clientname.sso.idp_sso_target_url
settings.idp_cert_fingerprint = Settings.clientname.sso.idp_cert_fingerprint
settings.idp_cert_fingerprint_algorithm = 'http://www.w3.org/2000/09/xmldsig#sha256'
end
In my app/models/user.rb I have
devise :database_authenticatable, :rememberable, :trackable, :validatable, :recoverable, :timeoutable, :session_limitable, :saml_authenticatable
Apart from using my client's IDP, I've set up IDPs using Onelogin and Okta and the above code work perfectly fine.
Unlike Onelogin and Okta, my client's IDP offered by Ping Identity does not first show you the page for entering your email, then another page for enetering your password. In otherwords, no IDP login page like Onelogin and Okta.
So the question is, right now I have the client's IDP's entity id, SSO target URL, SLO target URL, fingerprint. How to I authenticate to the IDP via a form and log user in?
So far I've tried
=form_tag(Settings.sso.idp_sso_target_url, html: role: 'form', method: :post) do |f|
.form-group
label for="email" Email
= email_field_tag :email
.form-group
label for="password" Password
= password_field_tag :password
button.btn.btn-info.btn-sm type="submit" Submit
|
where Settings.sso.idp_sso_target_url is the SSO target url that looks like https://auth2test.clientname.ca/idp/SSO.saml2
With Ping as IDP, I got this:
<S11:Envelope><S11:Body><S11:Fault><faultcode>soapenv:Client</faultcode><faultstring>Invalid Request</faultstring></S11:Fault></S11:Body></S11:Envelope>
Then I tested using Onelogin as IDP, it just redirected me to the page where I input my email.
I've also tried
= form_for(resource, as: resource_name, url: saml_user_session_path(resource_name), html: role: 'form') do |f|
.form-group
label for="email" Email
= f.email_field :email, autofocus: true, autocomplete: "email", class: 'form-control', placeholder: 'Email', id: 'email'
.form-group
label for="password" Password
= f.password_field :password, autocomplete: "off", placeholder: 'Password', class: 'form-control', id: 'password'
button.btn.btn-info.btn-sm type="submit" Submit
|
This one is giving error Invalid email or password (I'm sure that's correct).
I highly doubt that I'm on the right track. Please point me to the correct direction. Thank you very much!
ruby-on-rails devise single-sign-on saml onelogin
ruby-on-rails devise single-sign-on saml onelogin
asked Mar 25 at 20:55
jl118jl118
578 bronze badges
asked Mar 25 at 20:55
jl118jl118
578 bronze badges
asked Mar 25 at 20:55
jl118jl118
578 bronze badges
asked Mar 25 at 20:55
jl118jl118
578 bronze badges
asked Mar 25 at 20:55
jl118jl118
578 bronze badges
578 bronze badges
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55346278%2frails-sso-implemetation-with-ping-federate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Is this question similar to what you get asked at work? Learn more about asking and sharing private information with your coworkers using Stack Overflow for Teams.
Is this question similar to what you get asked at work? Learn more about asking and sharing private information with your coworkers using Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55346278%2frails-sso-implemetation-with-ping-federate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
