Skip to content

Commit

Permalink
fix: default assertion_consumer_service_url not set during callback
Browse files Browse the repository at this point in the history
Fix a bug where ruby-saml would fail SubjectConfirmation Recipient
validation when using the default assertion_consumer_service_url. The
url was not being set during the callback phase.

This closes omniauth#139
  • Loading branch information
justinhoward committed Jun 8, 2017
1 parent 3787dfb commit 4a2a5ef
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 2 deletions.
3 changes: 1 addition & 2 deletions lib/omniauth/strategies/saml.rb
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,6 @@ def self.inherited(subclass)
option :idp_slo_session_destroy, proc { |_env, session| session.clear }

def request_phase
options[:assertion_consumer_service_url] ||= callback_url

authn_request = OneLogin::RubySaml::Authrequest.new

with_settings do |settings|
Expand Down Expand Up @@ -212,6 +210,7 @@ def generate_logout_request(settings)
end

def with_settings
options[:assertion_consumer_service_url] ||= callback_url
yield OneLogin::RubySaml::Settings.new(options)
end

Expand Down
10 changes: 10 additions & 0 deletions spec/omniauth/strategies/saml_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,16 @@ def post_xml(xml=:example_response, opts = {})
end
end

context "when the assertion_consumer_service_url is the default" do
before :each do
saml_options.delete(:assertion_consumer_service_url)
OmniAuth.config.full_host = 'http://localhost:9080'
post_xml
end

it { is_expected.not_to fail_with(:invalid_ticket) }
end

context "when there is no SAMLResponse parameter" do
before :each do
post '/auth/saml/callback'
Expand Down

0 comments on commit 4a2a5ef

Please sign in to comment.