From 4a2a5efacd2aafb73183d86245b18653edf6c1ae Mon Sep 17 00:00:00 2001 From: Justin Howard Date: Thu, 8 Jun 2017 10:03:23 -0700 Subject: [PATCH] fix: default assertion_consumer_service_url not set during callback Fix a bug where ruby-saml would fail SubjectConfirmation Recipient validation when using the default assertion_consumer_service_url. The url was not being set during the callback phase. This closes #139 --- lib/omniauth/strategies/saml.rb | 3 +-- spec/omniauth/strategies/saml_spec.rb | 10 ++++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/omniauth/strategies/saml.rb b/lib/omniauth/strategies/saml.rb index 3285eab..496958f 100644 --- a/lib/omniauth/strategies/saml.rb +++ b/lib/omniauth/strategies/saml.rb @@ -32,8 +32,6 @@ def self.inherited(subclass) option :idp_slo_session_destroy, proc { |_env, session| session.clear } def request_phase - options[:assertion_consumer_service_url] ||= callback_url - authn_request = OneLogin::RubySaml::Authrequest.new with_settings do |settings| @@ -212,6 +210,7 @@ def generate_logout_request(settings) end def with_settings + options[:assertion_consumer_service_url] ||= callback_url yield OneLogin::RubySaml::Settings.new(options) end diff --git a/spec/omniauth/strategies/saml_spec.rb b/spec/omniauth/strategies/saml_spec.rb index 8a0e441..9cd2248 100644 --- a/spec/omniauth/strategies/saml_spec.rb +++ b/spec/omniauth/strategies/saml_spec.rb @@ -157,6 +157,16 @@ def post_xml(xml=:example_response, opts = {}) end end + context "when the assertion_consumer_service_url is the default" do + before :each do + saml_options.delete(:assertion_consumer_service_url) + OmniAuth.config.full_host = 'http://localhost:9080' + post_xml + end + + it { is_expected.not_to fail_with(:invalid_ticket) } + end + context "when there is no SAMLResponse parameter" do before :each do post '/auth/saml/callback'