diff --git a/lib/omniauth/strategies/saml.rb b/lib/omniauth/strategies/saml.rb index 3285eab..496958f 100644 --- a/lib/omniauth/strategies/saml.rb +++ b/lib/omniauth/strategies/saml.rb @@ -32,8 +32,6 @@ def self.inherited(subclass) option :idp_slo_session_destroy, proc { |_env, session| session.clear } def request_phase - options[:assertion_consumer_service_url] ||= callback_url - authn_request = OneLogin::RubySaml::Authrequest.new with_settings do |settings| @@ -212,6 +210,7 @@ def generate_logout_request(settings) end def with_settings + options[:assertion_consumer_service_url] ||= callback_url yield OneLogin::RubySaml::Settings.new(options) end diff --git a/spec/omniauth/strategies/saml_spec.rb b/spec/omniauth/strategies/saml_spec.rb index 8a0e441..9cd2248 100644 --- a/spec/omniauth/strategies/saml_spec.rb +++ b/spec/omniauth/strategies/saml_spec.rb @@ -157,6 +157,16 @@ def post_xml(xml=:example_response, opts = {}) end end + context "when the assertion_consumer_service_url is the default" do + before :each do + saml_options.delete(:assertion_consumer_service_url) + OmniAuth.config.full_host = 'http://localhost:9080' + post_xml + end + + it { is_expected.not_to fail_with(:invalid_ticket) } + end + context "when there is no SAMLResponse parameter" do before :each do post '/auth/saml/callback'