From ae9a3c60a8ee90c77088cbfef167398704d262ee Mon Sep 17 00:00:00 2001
From: Hiroto Yonetani <35982148+Sibakeny@users.noreply.github.com>
Date: Tue, 6 Jul 2021 09:28:23 +0900
Subject: [PATCH 1/2] release 1.0.1 (#37)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* add authors

* Change title

* Add generator descriptions

* Add routing descripiton

* Add controller templates info

* Add view templates info

* Add model and migration templates info

* Fix Style/WordArray

* Add logo

* Add h1

* Add br

* center

* Tweak

* Add gem ber

* Fix shields

* Add other sheilds

* Add license

* Remove pre sheilds

* Add br

* tweak

* Add setting relation

* tweak

* Add migrate description

* Fix path

* Add emoji

* Change headers

* Bump rails from 6.1.3.2 to 6.1.4

Bumps [rails](https://github.com/rails/rails) from 6.1.3.2 to 6.1.4.
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](https://github.com/rails/rails/compare/v6.1.3.2...v6.1.4)

---
updated-dependencies:
- dependency-name: rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* tweak

* Update readme

* アプリ導入の際に必要になった機能の追加 (#36)

* アプリ導入の際に必要になった機能の追加

* setupメソッドを複数回呼び出せる様にする

* 修正もれの対応

* saml_responseとsign_in時のユーザー検索で別カラムを別々に設定できる様に修正

* バグ修正

Co-authored-by: yonetani <hiroto_yonetani@metaps.com>

* Fix typo

Co-authored-by: yonetani <hiroto_yonetani@metaps.com>
Co-authored-by: psyashes <43512814+psyashes@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile                                       |   2 +-
 Gemfile.lock                                  | 126 +++++++++---------
 README.md                                     | 123 ++++++++++++++---
 .../saml/saml_settings_base_controller.rb     |  21 +--
 .../saml/saml_settings_controller.rb          |   6 +-
 .../saml/sessions_base_controller.rb          |   5 +-
 app/controllers/saml/ssos_base_controller.rb  |  19 +--
 .../sp-rails-saml/config_generator.rb         |  14 +-
 .../sp-rails-saml/install_generator.rb        |  14 +-
 .../controllers/saml_settings_controller.rb   |   7 +-
 lib/sp-rails-saml.rb                          |   6 +-
 lib/sp-rails-saml/authnrequest.rb             |   8 +-
 lib/sp-rails-saml/metadata.rb                 |   4 +-
 lib/sp-rails-saml/routes/routes_template.rb   |   6 +-
 lib/sp-rails-saml/saml_response.rb            |  16 ++-
 lib/sp-rails-saml/settings.rb                 |  28 ++--
 lib/sp-rails-saml/version.rb                  |   2 +-
 media/logo.png                                | Bin 0 -> 4482 bytes
 sp-rails-saml.gemspec                         |   2 +-
 .../controllers/saml_settings_controller.rb   |   7 +-
 spec/fixtures/initializers/sp-rails-saml.rb   |  14 +-
 spec/sp_rails_saml/authnrequest_spec.rb       |   4 +-
 spec/sp_rails_saml/metadata_spec.rb           |   6 +-
 spec/sp_rails_saml/saml_response_spec.rb      |  46 ++++---
 spec/sp_rails_saml/settings_spec.rb           |  25 ++--
 25 files changed, 316 insertions(+), 195 deletions(-)
 create mode 100644 media/logo.png

diff --git a/Gemfile b/Gemfile
index 47810e8..e2dcceb 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,5 +10,5 @@ gem 'ruby-saml'
 group :test do
   gem 'generator_spec'
   gem 'pry'
-  gem 'rails', '~> 6.1.0'
+  gem 'rails', '~> 6.1.4'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index ac436e2..9a6f4a5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,66 +1,66 @@
 PATH
   remote: .
   specs:
-    sp-rails-saml (1.0.0)
+    sp-rails-saml (1.0.1)
       ruby-saml
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.3.2)
-      actionpack (= 6.1.3.2)
-      activesupport (= 6.1.3.2)
+    actioncable (6.1.4)
+      actionpack (= 6.1.4)
+      activesupport (= 6.1.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.3.2)
-      actionpack (= 6.1.3.2)
-      activejob (= 6.1.3.2)
-      activerecord (= 6.1.3.2)
-      activestorage (= 6.1.3.2)
-      activesupport (= 6.1.3.2)
+    actionmailbox (6.1.4)
+      actionpack (= 6.1.4)
+      activejob (= 6.1.4)
+      activerecord (= 6.1.4)
+      activestorage (= 6.1.4)
+      activesupport (= 6.1.4)
       mail (>= 2.7.1)
-    actionmailer (6.1.3.2)
-      actionpack (= 6.1.3.2)
-      actionview (= 6.1.3.2)
-      activejob (= 6.1.3.2)
-      activesupport (= 6.1.3.2)
+    actionmailer (6.1.4)
+      actionpack (= 6.1.4)
+      actionview (= 6.1.4)
+      activejob (= 6.1.4)
+      activesupport (= 6.1.4)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.3.2)
-      actionview (= 6.1.3.2)
-      activesupport (= 6.1.3.2)
+    actionpack (6.1.4)
+      actionview (= 6.1.4)
+      activesupport (= 6.1.4)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.3.2)
-      actionpack (= 6.1.3.2)
-      activerecord (= 6.1.3.2)
-      activestorage (= 6.1.3.2)
-      activesupport (= 6.1.3.2)
+    actiontext (6.1.4)
+      actionpack (= 6.1.4)
+      activerecord (= 6.1.4)
+      activestorage (= 6.1.4)
+      activesupport (= 6.1.4)
       nokogiri (>= 1.8.5)
-    actionview (6.1.3.2)
-      activesupport (= 6.1.3.2)
+    actionview (6.1.4)
+      activesupport (= 6.1.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.3.2)
-      activesupport (= 6.1.3.2)
+    activejob (6.1.4)
+      activesupport (= 6.1.4)
       globalid (>= 0.3.6)
-    activemodel (6.1.3.2)
-      activesupport (= 6.1.3.2)
-    activerecord (6.1.3.2)
-      activemodel (= 6.1.3.2)
-      activesupport (= 6.1.3.2)
-    activestorage (6.1.3.2)
-      actionpack (= 6.1.3.2)
-      activejob (= 6.1.3.2)
-      activerecord (= 6.1.3.2)
-      activesupport (= 6.1.3.2)
+    activemodel (6.1.4)
+      activesupport (= 6.1.4)
+    activerecord (6.1.4)
+      activemodel (= 6.1.4)
+      activesupport (= 6.1.4)
+    activestorage (6.1.4)
+      actionpack (= 6.1.4)
+      activejob (= 6.1.4)
+      activerecord (= 6.1.4)
+      activesupport (= 6.1.4)
       marcel (~> 1.0.0)
-      mini_mime (~> 1.0.2)
-    activesupport (6.1.3.2)
+      mini_mime (>= 1.1.0)
+    activesupport (6.1.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -68,7 +68,7 @@ GEM
       zeitwerk (~> 2.3)
     builder (3.2.4)
     coderay (1.1.3)
-    concurrent-ruby (1.1.8)
+    concurrent-ruby (1.1.9)
     crass (1.0.6)
     diff-lcs (1.4.4)
     erubi (1.10.0)
@@ -79,18 +79,18 @@ GEM
       activesupport (>= 4.2.0)
     i18n (1.8.10)
       concurrent-ruby (~> 1.0)
-    loofah (2.9.1)
+    loofah (2.10.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     marcel (1.0.1)
     method_source (1.0.0)
-    mini_mime (1.0.3)
-    mini_portile2 (2.5.1)
+    mini_mime (1.1.0)
+    mini_portile2 (2.5.3)
     minitest (5.14.4)
     nio4r (2.5.7)
-    nokogiri (1.11.5)
+    nokogiri (1.11.7)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
     pry (0.14.1)
@@ -100,31 +100,31 @@ GEM
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.1.3.2)
-      actioncable (= 6.1.3.2)
-      actionmailbox (= 6.1.3.2)
-      actionmailer (= 6.1.3.2)
-      actionpack (= 6.1.3.2)
-      actiontext (= 6.1.3.2)
-      actionview (= 6.1.3.2)
-      activejob (= 6.1.3.2)
-      activemodel (= 6.1.3.2)
-      activerecord (= 6.1.3.2)
-      activestorage (= 6.1.3.2)
-      activesupport (= 6.1.3.2)
+    rails (6.1.4)
+      actioncable (= 6.1.4)
+      actionmailbox (= 6.1.4)
+      actionmailer (= 6.1.4)
+      actionpack (= 6.1.4)
+      actiontext (= 6.1.4)
+      actionview (= 6.1.4)
+      activejob (= 6.1.4)
+      activemodel (= 6.1.4)
+      activerecord (= 6.1.4)
+      activestorage (= 6.1.4)
+      activesupport (= 6.1.4)
       bundler (>= 1.15.0)
-      railties (= 6.1.3.2)
+      railties (= 6.1.4)
       sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.1.3.2)
-      actionpack (= 6.1.3.2)
-      activesupport (= 6.1.3.2)
+    railties (6.1.4)
+      actionpack (= 6.1.4)
+      activesupport (= 6.1.4)
       method_source
-      rake (>= 0.8.7)
+      rake (>= 0.13)
       thor (~> 1.0)
     rake (13.0.3)
     rexml (3.2.5)
@@ -154,7 +154,7 @@ GEM
     thor (1.1.0)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
-    websocket-driver (0.7.4)
+    websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     zeitwerk (2.4.2)
@@ -165,7 +165,7 @@ PLATFORMS
 DEPENDENCIES
   generator_spec
   pry
-  rails (~> 6.1.0)
+  rails (~> 6.1.4)
   rake (~> 13.0)
   rspec (~> 3.0)
   ruby-saml
diff --git a/README.md b/README.md
index 60e78b8..1895bef 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,24 @@
-# SpRailsSaml
+<h1 align="center">
+  <br>
+  <img width=60% src="https://github.com/metaps/sp-rails-saml/blob/feature/Update_readme/media/logo.png"></p>
+</h1>
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sp-rails-saml`. To experiment with that code, run `bin/console` for an interactive prompt.
+<p align="center">
+  <br>
+  <img alt="Gem version" src="https://img.shields.io/gem/v/sp-rails-saml">
+  <img alt="Dependencies" src="https://img.shields.io/badge/dependencies-up%20to%20date-brightgreen.svg">
+  <img alt="Contributions welcome" src="https://img.shields.io/badge/contributions-welcome-orange.svg">
+  <img alt="License" src="https://img.shields.io/badge/license-MIT-blue.svg">
+</p>
 
-TODO: Delete this and the text above, and describe your gem
+## :bulb: Introduction
 
-## Installation
+sp-rails-saml is to be make onelogin ruby-saml easier to use in Ruby on Rails.
 
-Add this line to your application's Gemfile:
+## :arrow_down: Installation
+
+sp-rails-saml works with Rails 6.1 onwards.
+Add the following line to your Gemfile:
 
 ```ruby
 gem 'sp-rails-saml'
@@ -14,32 +26,107 @@ gem 'sp-rails-saml'
 
 And then execute:
 
-    $ bundle install
+```
+$ bundle install
+```
 
 Or install it yourself as:
 
-    $ gem install sp-rails-saml
+```
+$ gem install sp-rails-saml
+```
 
-## Usage
+## :wrench: Getting started
 
-TODO: Write usage instructions here
 
-## Development
+### 1. Generate saml templates
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+You need to run the generator:
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+```
+$ rails g sp_rails_saml:install {reference_table_name}
+```
 
-## Contributing
+At this point, you need to write your account table name in `reference_table_name`.
+This will generate the saml templates for controller, view, model, initializer, etc.
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sp-rails-saml. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/sp-rails-saml/blob/master/CODE_OF_CONDUCT.md).
+**Controller**
+- [app/controllers/saml/sessions_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb)
+- [app/controllers/saml/ssos_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb)
+- [app/controllers/saml/saml_settings_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb)
 
+**View**
+- [app/views/saml/sessions/new.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/sessions/new.html.erb)
+- [app/views/saml/saml_settings/show.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/saml/show.html.erb)
+- [app/views/saml/saml_settings/edit.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/saml/edit.html.erb)
 
-## License
+**Model**
+- [app/models/saml_setting.rb](https://github.com/metaps/sp-rails-saml/blob/develop/spec/fixtures/models/saml_setting.rb)
 
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+**Migration**
+- [db/migrate/create_saml_settings](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/migrations/create_saml_settings.rb)
+
+### 2. Add routing
 
-## Code of Conduct
+To configure routings for above templates,  just add the following line to your `config/routes.rb`:
 
-Everyone interacting in the Sp::Rails::Saml project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/sp-rails-saml/blob/master/CODE_OF_CONDUCT.md).
+```ruby
+sp_rails_saml_routes
+```
+
+This routing method encompasses the following endpoints:
+
+```
+GET  /saml/metadata/:id
+POST /saml/sso/:id
+
+GET  /saml/sign_in
+POST /saml/sign_in
+
+GET   /saml/saml_settings
+GET   /saml/saml_settings/edit
+PATCH /saml/saml_settings
+```
+
+### 3. Setting model associations
+
+If you associate the reference table and the saml model, you need to add the follwing line to your reference model file:
+
+```ruby
+has_one :saml_setting, dependent: :destroy
+```
+
+### 4. Migrate
+
+You need to run migration command.
+
+```
+$ rails db:migrate
+```
+
+### 5. Add before action
+You need to add the following line to your `SsosController` and `SessionController`:
+
+```ruby
+skip_before_action :authenticate_user!
+```
+
+### 6. Add SSO method to ApplicationController
+
+You need to add the follwing line to your `ApplicationController`:
+
+```ruby
+def sign_in_with_saml(user)
+  sign_in(:user, user)
+  redirect_to root_path
+end
+```
+
+### 7. Edit your saml credentials
+
+Once the above process is complete, you can edit your saml credentials in `/saml/saml_settings/edit`.
+
+## :page_facing_up: License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
 
diff --git a/app/controllers/saml/saml_settings_base_controller.rb b/app/controllers/saml/saml_settings_base_controller.rb
index c5f9e67..c8d0802 100644
--- a/app/controllers/saml/saml_settings_base_controller.rb
+++ b/app/controllers/saml/saml_settings_base_controller.rb
@@ -1,22 +1,25 @@
 module Saml
   # Controller to register saml by SP
   class SamlSettingsBaseController < SamlBaseController
-    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
     def show
-      account = SpRailsSaml::Settings.account_class.find_by(id: params["#{SpRailsSaml::Settings.account_class.to_s.downcase}_id"])
-      @saml_setting = SamlSetting.find_or_initialize_by("#{SpRailsSaml::Settings.account_class.to_s.downcase}_id" => account.id)
+      setting = SpRailsSaml::Settings.instance
+      account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
+      @saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
     end
 
-    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings/edit
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
     def edit
-      account = SpRailsSaml::Settings.account_class.find_by(id: params["#{SpRailsSaml::Settings.account_class.to_s.downcase}_id"])
-      @saml_setting = SamlSetting.find_or_initialize_by("#{SpRailsSaml::Settings.account_class.to_s.downcase}_id" => account.id)
+      setting = SpRailsSaml::Settings.instance
+      account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
+      @saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
     end
 
-    # PATCH /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
     def update
-      account = SpRailsSaml::Settings.account_class.find_by(id: params["#{SpRailsSaml::Settings.account_class.to_s.downcase}_id"])
-      @saml_setting = SamlSetting.find_or_initialize_by("#{SpRailsSaml::Settings.account_class.to_s.downcase}_id" => account.id)
+      setting = SpRailsSaml::Settings.instance
+      account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
+      @saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
 
       @saml_setting.assign_attributes(saml_setting_params)
 
diff --git a/app/controllers/saml/saml_settings_controller.rb b/app/controllers/saml/saml_settings_controller.rb
index 28dcb62..6e98547 100644
--- a/app/controllers/saml/saml_settings_controller.rb
+++ b/app/controllers/saml/saml_settings_controller.rb
@@ -1,17 +1,17 @@
 module Saml
   # Controller to register saml by SP
   class SamlSettingsController < SamlSettingsBaseController
-    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
     # def show
     #   super
     # end
 
-    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings/edit
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
     # def edit
     #   super
     # end
 
-    # PATCH /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
     # def update
     #   super
     # end
diff --git a/app/controllers/saml/sessions_base_controller.rb b/app/controllers/saml/sessions_base_controller.rb
index 46e9b3e..45b934f 100644
--- a/app/controllers/saml/sessions_base_controller.rb
+++ b/app/controllers/saml/sessions_base_controller.rb
@@ -7,8 +7,9 @@ def new; end
 
     # POST /saml/sign_in
     def create
-      user = SpRailsSaml::Settings.user_class.find_by(email: params[:email])
-      account = user.send(SpRailsSaml::Settings.account_class.to_s.downcase.to_sym)
+      setting = SpRailsSaml::Settings.instance
+      user = setting.user_class.find_by!(setting.user_find_key => params[:email])
+      account = user.send(setting.account_class.to_s.downcase.to_sym)
 
       raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
 
diff --git a/app/controllers/saml/ssos_base_controller.rb b/app/controllers/saml/ssos_base_controller.rb
index af2c22c..f712b17 100644
--- a/app/controllers/saml/ssos_base_controller.rb
+++ b/app/controllers/saml/ssos_base_controller.rb
@@ -6,26 +6,27 @@ class SsosBaseController < SamlBaseController
 
     # POST /saml/metadata/:id
     def consume
-      account = SpRailsSaml::Settings.account_class.find(params[:id])
+      setting = SpRailsSaml::Settings.instance
+      account = setting.account_class.find_by!(setting.account_find_key => params[setting.account_find_key])
 
       raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
 
       saml_setting = account.saml_setting
       saml_response = SpRailsSaml::SamlResponse.new(params[:SAMLResponse], saml_setting)
 
-      if saml_response.valid?
-        user = SpRailsSaml::Settings.user_class.find_by(email: saml_response.name_id)
-        raise LoginUserNotFound if user.blank?
+      raise SpRailsSaml::SamlResponseInvalid, saml_response.errors unless saml_response.valid?
 
-        sign_in_with_saml(user)
-      else
-        redirect_to saml_sign_in_path, alert: 'failed to login'
-      end
+      user = setting.user_class.find_by(setting.saml_response_user_find_key => saml_response.name_id)
+
+      raise SpRailsSaml::LoginUserNotFound if user.blank?
+
+      sign_in_with_saml(user)
     end
 
     # GET /saml/metadata/:id
     def metadata
-      account = SpRailsSaml::Settings.account_class.find(params[:id])
+      setting = SpRailsSaml::Settings.instance
+      account = setting.account_class.find_by!(setting.account_find_key => params[setting.account_find_key])
       metadata = SpRailsSaml::Metadata.new(account: account)
       render xml: metadata.generate
     end
diff --git a/lib/generators/sp-rails-saml/config_generator.rb b/lib/generators/sp-rails-saml/config_generator.rb
index 69c34ed..9e0ad8d 100644
--- a/lib/generators/sp-rails-saml/config_generator.rb
+++ b/lib/generators/sp-rails-saml/config_generator.rb
@@ -14,12 +14,14 @@ def create_initializer_file
 
     def default_initializer
       <<~RUBY
-        SpRailsSaml::Settings.setup do |config|
-          config.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
-          config.authn_context                  = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'
-          config.authn_context_comparison       = 'exact'
-          config.user_class = User
-          config.account_class = Account
+        Rails.configuration.to_prepare do
+          SpRailsSaml::Settings.setup do |config|
+            config.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
+            config.authn_context                  = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
+            config.authn_context_comparison       = 'exact'
+            config.user_class                     = User
+            config.account_class                  = Account
+          end
         end
       RUBY
     end
diff --git a/lib/generators/sp-rails-saml/install_generator.rb b/lib/generators/sp-rails-saml/install_generator.rb
index cea5628..b904881 100644
--- a/lib/generators/sp-rails-saml/install_generator.rb
+++ b/lib/generators/sp-rails-saml/install_generator.rb
@@ -22,12 +22,14 @@ def install_all
 
     def default_initializer
       <<~RUBY
-        SpRailsSaml::Settings.setup do |config|
-          config.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
-          config.authn_context                  = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'
-          config.authn_context_comparison       = 'exact'
-          config.user_class = User
-          config.account_class = Account
+        Rails.configuration.to_prepare do
+          SpRailsSaml::Settings.setup do |config|
+            config.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
+            config.authn_context                  = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
+            config.authn_context_comparison       = 'exact'
+            config.user_class                     = User
+            config.account_class                  = Account
+          end
         end
       RUBY
     end
diff --git a/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb b/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb
index aad4fc1..6e98547 100644
--- a/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb
+++ b/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb
@@ -1,18 +1,17 @@
 module Saml
   # Controller to register saml by SP
-  #
   class SamlSettingsController < SamlSettingsBaseController
-    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
     # def show
     #   super
     # end
 
-    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings/edit
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
     # def edit
     #   super
     # end
 
-    # PATCH /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
     # def update
     #   super
     # end
diff --git a/lib/sp-rails-saml.rb b/lib/sp-rails-saml.rb
index 81b23ff..1812e1e 100644
--- a/lib/sp-rails-saml.rb
+++ b/lib/sp-rails-saml.rb
@@ -14,10 +14,12 @@ class Error < StandardError; end
 
   class SettingValidationError < Error; end
 
-  class MultiSetupError < Error; end
-
   class SamlLoginForbidden < Error; end
 
+  class LoginUserNotFound < Error; end
+
+  class SamlResponseInvalid < Error; end
+
   autoload :Authnrequest, File.expand_path('./sp-rails-saml/authnrequest', __dir__)
   autoload :SamlResponse, File.expand_path('./sp-rails-saml/saml_response', __dir__)
   autoload :Metadata, File.expand_path('./sp-rails-saml/metadata', __dir__)
diff --git a/lib/sp-rails-saml/authnrequest.rb b/lib/sp-rails-saml/authnrequest.rb
index 7df97ad..b97ca03 100644
--- a/lib/sp-rails-saml/authnrequest.rb
+++ b/lib/sp-rails-saml/authnrequest.rb
@@ -26,8 +26,12 @@ def ruby_saml_settings
 
       sp_rails_saml_setting = SpRailsSaml::Settings.instance
 
-      settings.assertion_consumer_service_url = saml_sso_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
-      settings.sp_entity_id                   = saml_metadata_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
+      settings.assertion_consumer_service_url = saml_sp_consume_url(
+        @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
+      )
+      settings.sp_entity_id = saml_sp_metadata_url(
+        @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
+      )
       settings.name_identifier_format         = sp_rails_saml_setting.name_identifier_format
       settings.authn_context                  = sp_rails_saml_setting.authn_context
       settings.authn_context_comparison       = sp_rails_saml_setting.authn_context_comparison
diff --git a/lib/sp-rails-saml/metadata.rb b/lib/sp-rails-saml/metadata.rb
index 1304655..0e61ea6 100644
--- a/lib/sp-rails-saml/metadata.rb
+++ b/lib/sp-rails-saml/metadata.rb
@@ -30,8 +30,8 @@ def ruby_saml_settings
 
       sp_rails_saml_setting = SpRailsSaml::Settings.instance
 
-      settings.assertion_consumer_service_url     = saml_sso_url(@account.id)
-      settings.sp_entity_id                       = saml_metadata_url(@account.id)
+      settings.assertion_consumer_service_url     = saml_sp_consume_url(@account.send(sp_rails_saml_setting.account_find_key))
+      settings.sp_entity_id                       = saml_sp_metadata_url(@account.send(sp_rails_saml_setting.account_find_key))
       settings.name_identifier_format             = sp_rails_saml_setting.name_identifier_format
       settings.security[:want_assertions_signed]  =
         SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
diff --git a/lib/sp-rails-saml/routes/routes_template.rb b/lib/sp-rails-saml/routes/routes_template.rb
index d3619ca..7308e79 100644
--- a/lib/sp-rails-saml/routes/routes_template.rb
+++ b/lib/sp-rails-saml/routes/routes_template.rb
@@ -5,12 +5,12 @@
 
   unless @sso_only
     # Saml settings for SP
-    resources SpRailsSaml::Settings.account_class.to_s.downcase.to_sym, only: [] do
+    resources SpRailsSaml::Settings.instance.account_class.to_s.downcase.to_sym, only: [], param: SpRailsSaml::Settings.instance.account_find_key do
       resource :saml_settings, only: %i[show edit update]
     end
   end
 
   # SSO
-  post 'sso/:id', to: 'ssos#consume', as: :sso
-  get 'metadata/:id', to: 'ssos#metadata', as: :metadata
+  post "sp/consume/:#{SpRailsSaml::Settings.instance.account_find_key}", to: 'ssos#consume', as: :sp_consume
+  get "sp/metadata/:#{SpRailsSaml::Settings.instance.account_find_key}", to: 'ssos#metadata', as: :sp_metadata
 end
diff --git a/lib/sp-rails-saml/saml_response.rb b/lib/sp-rails-saml/saml_response.rb
index 3156e65..1d0b389 100644
--- a/lib/sp-rails-saml/saml_response.rb
+++ b/lib/sp-rails-saml/saml_response.rb
@@ -22,7 +22,8 @@ def response
         @saml_response,
         settings: ruby_saml_settings,
         skip_subject_confirmation: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_subject_confirmation],
-        skip_conditions: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_conditions]
+        skip_conditions: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_conditions],
+        skip_destination: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_destination]
       )
     end
 
@@ -45,7 +46,8 @@ def errors
     private
 
     def required_value_is_set?
-      @saml_setting.idp_cert.present?
+      # ruby-samlの仕様上、idp_entity_idが空だとissuer = idp_entity_idの検証が行われないため、idp_entity_idがblankの検証は必須
+      @saml_setting.idp_cert.present? && @saml_setting.idp_entity_id.present?
     end
 
     def ruby_saml_settings
@@ -55,11 +57,17 @@ def ruby_saml_settings
 
       sp_rails_saml_setting = SpRailsSaml::Settings.instance
 
-      settings.assertion_consumer_service_url     = saml_sso_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
-      settings.sp_entity_id                       = saml_metadata_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
+      settings.assertion_consumer_service_url = saml_sp_consume_url(
+        @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
+      )
+      settings.sp_entity_id = saml_sp_metadata_url(
+        @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
+      )
       settings.idp_cert                           = @saml_setting.idp_cert
+      settings.idp_entity_id                      = @saml_setting.idp_entity_id
       settings.security[:want_assertions_signed]  =
         SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
+
       settings
     end
   end
diff --git a/lib/sp-rails-saml/settings.rb b/lib/sp-rails-saml/settings.rb
index c164049..94f47f9 100644
--- a/lib/sp-rails-saml/settings.rb
+++ b/lib/sp-rails-saml/settings.rb
@@ -1,6 +1,5 @@
 require 'singleton'
 
-# rubocop:disable Style/ClassVars
 module SpRailsSaml
   # SAML2 settings for initializer.
   #
@@ -11,27 +10,33 @@ class Settings
       compress_request: true,
       skip_subject_confirmation: true,
       skip_conditions: true,
-      want_assertions_signed: true
+      skip_destination: false,
+      want_assertions_signed: true,
+      account_find_key: :id,
+      user_find_key: :email,
+      saml_response_user_find_key: :email
     }.freeze
 
     attr_reader :name_identifier_format,
                 :authn_context,
                 :authn_context_comparison,
                 :user_class,
-                :account_class
-
-    @@setuped = false
+                :account_class,
+                :user_find_key,
+                :account_find_key,
+                :saml_response_user_find_key
 
     class << self
       attr_accessor :name_identifier_format,
                     :authn_context,
                     :authn_context_comparison,
                     :user_class,
-                    :account_class
+                    :account_class,
+                    :user_find_key,
+                    :account_find_key,
+                    :saml_response_user_find_key
 
       def setup
-        raise SpRailsSaml::MultiSetupError if @@setuped
-
         yield self
 
         setting = SpRailsSaml::Settings.instance
@@ -41,10 +46,11 @@ def setup
         setting.instance_variable_set(:@authn_context_comparison, SpRailsSaml::Settings.authn_context_comparison)
         setting.instance_variable_set(:@user_class, SpRailsSaml::Settings.user_class)
         setting.instance_variable_set(:@account_class, SpRailsSaml::Settings.account_class)
-
-        @@setuped = true
+        setting.instance_variable_set(:@user_find_key, SpRailsSaml::Settings.user_find_key || RUBY_SAML_DEFAULT_SETTINGS[:user_find_key])
+        setting.instance_variable_set(:@account_find_key, SpRailsSaml::Settings.account_find_key || RUBY_SAML_DEFAULT_SETTINGS[:account_find_key])
+        setting.instance_variable_set(:@saml_response_user_find_key,
+                                      SpRailsSaml::Settings.saml_response_user_find_key || RUBY_SAML_DEFAULT_SETTINGS[:saml_response_user_find_key])
       end
     end
   end
 end
-# rubocop:enable Style/ClassVars
diff --git a/lib/sp-rails-saml/version.rb b/lib/sp-rails-saml/version.rb
index 12a49b5..9d51252 100644
--- a/lib/sp-rails-saml/version.rb
+++ b/lib/sp-rails-saml/version.rb
@@ -1,3 +1,3 @@
 module SpRailsSaml
-  VERSION = '1.0.0'.freeze
+  VERSION = '1.0.1'.freeze
 end
diff --git a/media/logo.png b/media/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..ae02e09c18842aa0b6454e701e71e8980dca40c8
GIT binary patch
literal 4482
zcmai2cQjmmw;m<PFhmJPnJ{XI87(H-=tLKy_ufYvZFGq!BP56}B7%r0Lqv;2@6jcC
zOE7wb=;V^T@AuvN*FEQtv-f_U-!5mZeb#zTtd5on2*?Bk001D>yNbF10D;+seVdHr
zGLorx2@v?`s>lP%`dL;l936WjRR>K?0N;g81|TG$0T5kME^a`yGl2My4FGUoJOKcr
z7X<%BUl9I_5}3Up`qu{Bz9f<rC{AA_F?POhgf`ODkg)Y|hgsWs*x17Y+&wP|0I2|p
z3)9^mZOs<o?uPP_2#|*UVMtuqmti=R?GFX*Dh)N#)L~Qb@U~|Yg9*X}p-3Pb8=I83
zor8p~qVhk-FFa|e6B_L)0f+nh`@{T2U>@F%a3OJVak!u`Tv%A(f+64&h(cQj2%vm8
z{wDc1kD|Sgt+%r$+SvoecA3}O#={pa4TWA7`p@;ZPqeece=DJU{u%3HK=>sB7lH}G
z|C9UTsMKXtLfhNf{-W|_ex#7pALjpw{ZmH@ep&o~HS>4UKhcX(kw7W<e_k6B2)0-t
z1pugmR2Aj!2M}zU2R<=V0&j0+OmH=b1od$fFsQ!mqHZQ5?8%FCx~f}XlSe{f=g+e+
zOi2A(mQKA*QJ|of4hvNAL$DAMM)E>|nZ#{GPg@8H6l(3*yZbf#9Q~>$`abM`&6=1H
zxA+w3F)QTZaIDXDVi9H;Huv?@*E7u<mIoY)=0Jj|aCuqw7uR&ic!}u<{~tGkTP0j9
z@JN4$Rh~_H+?Tj$L$~-&4?_7kc^$Y~oQJQ@9wZ_k0d6Z~Y((w$PaI*aGwTh>0wMsG
zD)Pl&o}bv)^DY#3$=XE4!_=vI$oS0Jt*#O%&uQN|suZOv+9oOOT38Ic!nY-F{Cri%
z3gpzY&;!t2g+T|IU)rsSkN|~W)P3_zeqg?B%}FP$gUX=m8r=C&H&tWYZ}foT6hd=X
zdvoer##$e7;#;-t9~!y3-+_dmXHjMZ)%{Ux`<_t`R5caD<Zm9)^wh|l3&~d|&_8Pp
zvArt}$}=V7noHc{+48#|@t}p9yPk>*J>WwbCraOLLM+C#@?A4B?{Ld)zU4}Zie5(s
zUG*2T*M55Ii21NH&sXh+n2I1{jPNl@_9jAB9Pqm*AkJqT<07}EAVk+lPPu%rGnLQ!
z{?%;*he!Su=`@pHnFf`I9}H<D40f1GMBmJaemOyxh${7qRwF-z>m7@x{HiY)l-=qU
z0RMbQ(CDmcG(q8`7Mf-<w;Nk{rMdHp;buoCywkDpy11E|DI_xF<yYep*NH=&ff|>B
z=>rTnEWCW(eYY`3)8T~+LUX^xoer_>smENer3hbRWUgfCj?-VSPH(us;BxGwJY1?L
zGt4t~=b5cd*WnvQME|DV8y5sJL<o7?6*Z(`8wxI~j0Mf~lBr^9?k<g_aR{w*s$w*g
zi~N)4h)ui4ggJOe+VI6YurU<Vc22#~OYvy+t{vDKjx*DBL(z`cyVmASg!inA>XWMu
zYDZyU`!Ljc;wSsa8LC^P&zPP<;-1Ifi}<!ph4r&d!F_fojYq0$L!nzbm@AW!<WAgK
zsY0F*e9}<1#*G^Zdpe~{iY<r2FZIQBZBE_gCkpRcp2~2$`LOuYO86S9O@V&XUM;l5
zhN`4ZXhB<@lsVu}WSwkZc})3n+(T8Ha^%#D_E1NvA*`!fcI(lJG~}#X4Se`fzQNKb
zyLw<u#+@as`bhhIqRd3=kHb<9&)YYY=x1Gmd4Z12{cDVjXVn?O5>gfmRoca<_%XwL
z#$NT2O(a$vQ0B~ehM_wgoZ@ib8AFR_d`V^=6z;TX{solIyxW?%<Zv3Oqg<1P#95yY
zWj?YH<vEc9Q!uENq{P+Tj+BV#0-tsb@^cXFRFfo~PN6Ke+}TU@hW%}HxNV1Ty`O|c
z+{?bUx!2XyuZhW+cB#SC$B*nAkWiyy>v7yP>cIo)bF40Tt+z+RkNxFTZh2L)C#%}H
zyj}s1;;Az24jzKaIpX7Xty}~#2#byk`e#~;X;m{e5c7Rp^A%E|%n;)=qgF-H>?&$l
zz}g|(nUl(`a~qK6O}!kZH4Adbpg?eQDB&cj<pX7m!6VmB-%h`+cYKvYQ=lJBkJ#Q*
zZ!TlrWtE$@7m=J&$g~+Y&5DR9O1{tZcj<KK42t)Q-%+wq>u0>NbzTT}+sUPtPLB-K
zAU-^4f47r&l&b(A1v#1;wH3(qn62k9@V%J|QiCbq`WaV`%S}><OgZmy4RT%d6e8I3
zpu69fv3B12!>8n{EZtgu_POVZ&PovZ$Y=;8!eS3y-YqlsgBw@YkWBNrgf))GYVxK*
z>tbB2o@EWQ#!XP1_@0T4ohITe08`;uP%X7ztEqi+Tu(2%!Io{pGJCOshkiZ+Yo#wu
z@l=YGN-v<~#h%T;^)z0J>V6i8u2_+I%knr!VNRQ~(}RSo?|5HRPHK{W%R|zwn_!hn
zz>;6EZBF}Q<rJ?~slJx9Obk8f@O_(e`Z(LL&mTK$zu9|NW*G-km-=GpzxKoS^r?i%
z<jB*vs}Pv{!?KPiYv`gT#e7X$p`)8jR#}rL%I$tOmgYvUk>iFWM}6t327F@OQYN-l
zlm|v(>c`7bCnn-cWfPMidT?VXk6%d>(zXVzC^-Pu9=~qK9X7kLnC48VHHeQ3-@+5{
zdAeBAS*sXbnSFDGun1i?jce}$a4?BUxC_2a8}{UlXN*%*C=OS7Et=?&d$TUr2f6er
zq-jO8D|z4Mw$@oid+ji~<;Fd@^4s}H?_5ymY8QN@zTx%sISRoMbZ7PbD2&fmiGk^a
zz~!dFN8N_@lRHdetS(jzZ=j!A!xMPrFeLb44s!XtL8<&xt>K@P3|CHgLUWKCuRO^s
zQ!Cu|x!!u0QFJExn{=f)R!e;13LP^N<n^r$Y+go94!278yVWgCTybhkEt?)nO@Kib
zRCMAc5-ROt2GZ-4%kW0ePO;ak1mmV6NZ#BqRj)Q|IPS0zNLg9&QyAb0s<5s4G-%Oq
zK)b$jqgd!OF2S(CPZBx3>wfFyZ&?R~gnJ@-kEi_uZcpC)oHM3TmxSu74`rIGw$-y8
ze#jb3zx_p6z|Vbr;rlAu-~3$1XJF~RUKjgsWuO^sVb$mYP>ErIwAMh$TM=&iJsl@U
zTyI)?4H4wQn-wy(Q55nzaSGHUze5Bq3}tB$O_HuWX5~uAxK|VTld>iRGfPzbrC9V4
z`8YtQia-7HljyuNqT5wX2XW35X>7twjd9{1N8UoR1&%97rn+?^UBj_U{Iqs;<_>n`
zj;GTJAHUNIvwuV(5Wo6uOZBw7-O6E&K-m(#(I<63ef0NEpQ=g)H<K2a6;eVG81hqN
z4i}#xyell#5Urf5`xvDKQt?P~-`CmfXh#f&zucuXOc9WJ5<r*V#qVm~Z}ljMbxUs@
zn)M~oIW0HK0fko9dcOB6CObRp`Nl`BLiK89urOaET?90mKW0&fv|~Klv!O9%qQo)S
zv|}icr+mZDl#1R7vW8DA5hxUYf$QBMs1eFd)`qtQSBQ$4R%eO78qHyeIAuYxtHWS^
zbLKT@fqoJ~9yath-ZlgLPx@t%Fd1452S~idF6<uuabO+j^O3{J))x`x`iJ!73<;aT
z^jLX?bbXeJ^lCo8KGM1Hc&LWzf$pX<1N}3j@bEm^&!wYr?jDP|whUV2k`Vs+j}iiX
zxRyHhnB;XKw?<;Qy<ZhcOC*H48Bb?ocZW-dv?Hv;ZYKLYJjkFfn0yRQ$xQAXToB{o
z)KA0s3GwrDHi-aN?$9Q+2`bK0%w?<)v)_KDTk)|AR(8TRU(?KX)T)tg=H~J8@$Y2%
z-8kyI6Di3`;Ib;LkzS~_jjBuKih<X|SG~Zgw$x?(QMXXquYjAgx{b0q6xNFOdhc?>
zab9MI7mKSg)JbjQlYO6P1$XyWU|P!TG_e;1)eZ^5RIHO}fyL6(z3rlvCTSe!o3_EE
zC{l}!wmORD1)2BI{O4lG4QV>*kKS$}1E4!dZ*luOqz{t040=qP8Z4VbCIqsIl%A&h
z*ZR()3Uxe`0yQk_9#g%fEGYpJUu<Q+ANx=BAj_D%g!}B4_BUl^`@~zG#?H7O&~x^p
z(h7O%w_COH26`FqV}uBEN*2Qu;tmaeMTsw@R70{|5c&^h9)ihP%Dh%_u0@}5hvO8v
zj&Do7it+cRqeqs@>5BRdZ*dhAHOqaYg~#@MxE^&IqEN;VTKmeb!6=+{_@nop`_-9b
zyD^khL>($6-LE!=rM8Sq;T0~X8YaYaWB>8jPA>TvLArK2;`XmVK8rb}`7`pmT^c^&
zb)gudv4{Z^=}fuI)p~2TR{B`4bIuJ|YI8S#lZP`5#~fzwr~K~izOwPTjWb4DI1uyU
z`bh9BY9BX=5`8Hir>z7y>%BJGo{%K>Zfw`iVTD1-ldNrBn7e!gcetZ=T|!Bz;#m6)
zNo&ukR8C4a3Hx-a6zgt0JcFjWJ7<w2mgEBmiKraS_JoidAHGr^QrcvO65(p;?zfn7
z@Zb#V-8JlxgSvQluaxaWb1oKk<?%-3*t7nminyojNRYx?dP$g!wYF8Ve=XiUu*$Ww
zjd?-zNBUJUL*t6>c`)L7OuOI?wIp8f+c+4RRO_|){^+>K$g6%r({v{3@$8(;MpsAN
zk>%$1a_DyYc#moJz^6@a2IWHoT;p0d1tH2h&A*mF%{3%_?-u0<>sda006Dq=Ux}IY
zJfN|pSjq+#VF$bnKTHZLhGx#~ZdD$6^cNxw`Zg6vlxs^RqCF)|j|3FtRVUVhS>G{7
zQ<dZ5P0k$V+lGgpI{-8NYi-iv$0c02le47o)n@aB!O4{>lT)-ZBHgZ7&0ue{Z>OTk
z@;?YVyDMkIRKoZYsCyoB+aEp>@ZaCTjxo_Ca6#lkj)JO>1eQmHGvC*XCT>rG$jynf
ziqtm^2Dq=yk0jV$^e=yA$7~t_%oekblf0E8H7oRl5v@`iSRAt?H5PklSj8l1+a2xo
ze5-)_$k(=@75mLn;oM)N=Lg7CP{b#_Is@{t>~l&Kl01@>GRh*7y4w|_d{{T5c>LbI
zC`FCIYp*ANcprMr_}OfPfclx%;=S*l46wPUl*HrBc!9HCRjy^bA?8*rO;P$c-^cvL
zUfyQ4GDq32Oq`LDHr*w%$59W>gfgBh3Y&2IFfy*YAQ3g7eX?<L=LKyBq6M8Ff!z1D
zO6w{1X+`i4vuVLGzwdMRY;ST;-?-7g*|Iwyt@=neq;SA(e^DfN(VMv8;*-io?S*}9
zrm|R(Nq&u=Z&|SK*4lmSvgGT&L^2-I9Lwuk`6hB=KQ-C6$zvF6k<+Q;<szxPrZIWV
zvIS#k=Czf|M<=w73&lxQX*Qh5htcUXw1RM!-T9f%-~`F%_Rm-f_x8lcPo*j>iL<_b
z?}5+8uBr!<Q;oC6<nzM^eCgHb-)mqq?dcdjlyYjBaUZaPYxTaVY$xjnezcIgvvNjw
zK+9^5h`mS+ijBYQ8Cre2QbTa1!)tW<Ob<l;=ulnjV9%y=+5PpZsa5_vQ0jzbQaHZo
zxc1s^YE*%}%(bd7`9ohcjUC(#!mbknBbMc5*P1fPN%T$rDA9Q&Vb4N+B5wGvBz3r^
zLusf_{1>9WfH1`Gbo2kH)s$9!-@nQ=;9<CTErg(S^sj_n^3-SjD`z3>FIdV{WchFZ
l)wSYg`lNp~t_s=djbX-d-?BUXVwZn3RF$+8%jB&h{|BNZ80`Q6

literal 0
HcmV?d00001

diff --git a/sp-rails-saml.gemspec b/sp-rails-saml.gemspec
index ce53bf4..7965620 100644
--- a/sp-rails-saml.gemspec
+++ b/sp-rails-saml.gemspec
@@ -5,7 +5,7 @@ require 'sp-rails-saml/version'
 Gem::Specification.new do |spec|
   spec.name          = 'sp-rails-saml'
   spec.version       = SpRailsSaml::VERSION
-  spec.authors       = ['psyashes']
+  spec.authors       = %w[psyashes sibakeny]
   spec.email         = ['43512814+psyashes@users.noreply.github.com']
 
   spec.summary       = 'Simple sp saml for rails.'
diff --git a/spec/fixtures/controllers/saml_settings_controller.rb b/spec/fixtures/controllers/saml_settings_controller.rb
index aad4fc1..6e98547 100644
--- a/spec/fixtures/controllers/saml_settings_controller.rb
+++ b/spec/fixtures/controllers/saml_settings_controller.rb
@@ -1,18 +1,17 @@
 module Saml
   # Controller to register saml by SP
-  #
   class SamlSettingsController < SamlSettingsBaseController
-    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
     # def show
     #   super
     # end
 
-    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings/edit
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
     # def edit
     #   super
     # end
 
-    # PATCH /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
     # def update
     #   super
     # end
diff --git a/spec/fixtures/initializers/sp-rails-saml.rb b/spec/fixtures/initializers/sp-rails-saml.rb
index 278c2f3..e471329 100644
--- a/spec/fixtures/initializers/sp-rails-saml.rb
+++ b/spec/fixtures/initializers/sp-rails-saml.rb
@@ -1,7 +1,9 @@
-SpRailsSaml::Settings.setup do |config|
-  config.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
-  config.authn_context                  = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'
-  config.authn_context_comparison       = 'exact'
-  config.user_class = User
-  config.account_class = Account
+Rails.configuration.to_prepare do
+  SpRailsSaml::Settings.setup do |config|
+    config.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
+    config.authn_context                  = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
+    config.authn_context_comparison       = 'exact'
+    config.user_class                     = User
+    config.account_class                  = Account
+  end
 end
diff --git a/spec/sp_rails_saml/authnrequest_spec.rb b/spec/sp_rails_saml/authnrequest_spec.rb
index 58495d0..1a44a90 100644
--- a/spec/sp_rails_saml/authnrequest_spec.rb
+++ b/spec/sp_rails_saml/authnrequest_spec.rb
@@ -12,8 +12,8 @@
     before do
       SpRailsSaml::Settings.class_variable_set(:@@setuped, false)
 
-      allow(authnrequest).to receive(:saml_sso_url).and_return(assertion_consumer_service_url)
-      allow(authnrequest).to receive(:saml_metadata_url).and_return(sp_entity_id)
+      allow(authnrequest).to receive(:saml_sp_consume_url).and_return(assertion_consumer_service_url)
+      allow(authnrequest).to receive(:saml_sp_metadata_url).and_return(sp_entity_id)
 
       SpRailsSaml::Settings.setup do |config|
         config.name_identifier_format = name_identifier_format
diff --git a/spec/sp_rails_saml/metadata_spec.rb b/spec/sp_rails_saml/metadata_spec.rb
index c69050a..84e9cb9 100644
--- a/spec/sp_rails_saml/metadata_spec.rb
+++ b/spec/sp_rails_saml/metadata_spec.rb
@@ -1,4 +1,4 @@
-RSpec.describe SpRailsSaml::SamlResponse do
+RSpec.describe SpRailsSaml::Metadata do
   let(:saml_setting) { OpenStruct.new(idp_sso_url: 'https://example.com', idp_entity_id: 'https://example.com', account: OpenStruct.new(id: 1)) }
   let(:sp_entity_id) { 'https://example.com/sp' }
   let(:name_identifier_format) { 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' }
@@ -11,8 +11,8 @@
   before do
     SpRailsSaml::Settings.class_variable_set(:@@setuped, false)
 
-    allow(metadata).to receive(:saml_sso_url).and_return(assertion_consumer_service_url)
-    allow(metadata).to receive(:saml_metadata_url).and_return(sp_entity_id)
+    allow(metadata).to receive(:saml_sp_consume_url).and_return(assertion_consumer_service_url)
+    allow(metadata).to receive(:saml_sp_metadata_url).and_return(sp_entity_id)
 
     SpRailsSaml::Settings.setup do |config|
       config.name_identifier_format = name_identifier_format
diff --git a/spec/sp_rails_saml/saml_response_spec.rb b/spec/sp_rails_saml/saml_response_spec.rb
index fb1bf03..7f04770 100644
--- a/spec/sp_rails_saml/saml_response_spec.rb
+++ b/spec/sp_rails_saml/saml_response_spec.rb
@@ -30,8 +30,8 @@
 
     context 'when valid saml response' do
       before do
-        allow(saml_response).to receive(:saml_sso_url).and_return(assertion_consumer_service_url)
-        allow(saml_response).to receive(:saml_metadata_url).and_return(sp_entity_id)
+        allow(saml_response).to receive(:saml_sp_consume_url).and_return(assertion_consumer_service_url)
+        allow(saml_response).to receive(:saml_sp_metadata_url).and_return(sp_entity_id)
       end
 
       it 'should return true' do
@@ -41,8 +41,8 @@
 
     context 'when sp_entity_id is not equal issuer' do
       before do
-        allow(saml_response).to receive(:saml_sso_url).and_return(assertion_consumer_service_url)
-        allow(saml_response).to receive(:saml_metadata_url).and_return('dummy')
+        allow(saml_response).to receive(:saml_sp_consume_url).and_return(assertion_consumer_service_url)
+        allow(saml_response).to receive(:saml_sp_metadata_url).and_return('dummy')
       end
 
       it 'should return false' do
@@ -52,8 +52,8 @@
 
     context 'when certificate is not valid' do
       before do
-        allow(saml_response).to receive(:saml_sso_url).and_return(assertion_consumer_service_url)
-        allow(saml_response).to receive(:saml_metadata_url).and_return(sp_entity_id)
+        allow(saml_response).to receive(:saml_sp_consume_url).and_return(assertion_consumer_service_url)
+        allow(saml_response).to receive(:saml_sp_metadata_url).and_return(sp_entity_id)
         saml_setting.idp_cert = file_fixture('wrong_certificate')
       end
 
@@ -64,8 +64,8 @@
 
     context 'when assertion_consumer_service_url is not equal Destination' do
       before do
-        allow(saml_response).to receive(:saml_sso_url).and_return('dummy')
-        allow(saml_response).to receive(:saml_metadata_url).and_return(sp_entity_id)
+        allow(saml_response).to receive(:saml_sp_consume_url).and_return('dummy')
+        allow(saml_response).to receive(:saml_sp_metadata_url).and_return(sp_entity_id)
       end
 
       it 'should return false' do
@@ -73,10 +73,10 @@
       end
     end
 
-    context 'lack of setting value' do
+    context 'when idp_cert is blank' do
       before do
-        allow(saml_response).to receive(:saml_sso_url).and_return(assertion_consumer_service_url)
-        allow(saml_response).to receive(:saml_metadata_url).and_return(sp_entity_id)
+        allow(saml_response).to receive(:saml_sp_consume_url).and_return(assertion_consumer_service_url)
+        allow(saml_response).to receive(:saml_sp_metadata_url).and_return(sp_entity_id)
         saml_setting.idp_cert = nil
       end
 
@@ -84,6 +84,18 @@
         expect { saml_response.response }.to raise_error(SpRailsSaml::SettingValidationError)
       end
     end
+
+    context 'when idp_entity_id is blank' do
+      before do
+        allow(saml_response).to receive(:saml_sp_consume_url).and_return(assertion_consumer_service_url)
+        allow(saml_response).to receive(:saml_sp_metadata_url).and_return(sp_entity_id)
+        saml_setting.idp_entity_id = nil
+      end
+
+      it 'should return SettingValidationError' do
+        expect { saml_response.response }.to raise_error(SpRailsSaml::SettingValidationError)
+      end
+    end
   end
 
   describe '#name_id' do
@@ -98,8 +110,8 @@
     let(:saml_response) { SpRailsSaml::SamlResponse.new(saml_response_base64_str, saml_setting) }
 
     before do
-      allow(saml_response).to receive(:saml_sso_url).and_return(assertion_consumer_service_url)
-      allow(saml_response).to receive(:saml_metadata_url).and_return(sp_entity_id)
+      allow(saml_response).to receive(:saml_sp_consume_url).and_return(assertion_consumer_service_url)
+      allow(saml_response).to receive(:saml_sp_metadata_url).and_return(sp_entity_id)
     end
 
     it 'should return name_id' do
@@ -119,8 +131,8 @@
     let(:saml_response) { SpRailsSaml::SamlResponse.new(saml_response_base64_str, saml_setting) }
 
     before do
-      allow(saml_response).to receive(:saml_sso_url).and_return(assertion_consumer_service_url)
-      allow(saml_response).to receive(:saml_metadata_url).and_return(sp_entity_id)
+      allow(saml_response).to receive(:saml_sp_consume_url).and_return(assertion_consumer_service_url)
+      allow(saml_response).to receive(:saml_sp_metadata_url).and_return(sp_entity_id)
     end
 
     it 'should return name_identifier_format' do
@@ -141,8 +153,8 @@
 
     context 'when sp_entity_id is not equal issuer' do
       before do
-        allow(saml_response).to receive(:saml_sso_url).and_return(assertion_consumer_service_url)
-        allow(saml_response).to receive(:saml_metadata_url).and_return('dummy')
+        allow(saml_response).to receive(:saml_sp_consume_url).and_return(assertion_consumer_service_url)
+        allow(saml_response).to receive(:saml_sp_metadata_url).and_return('dummy')
       end
 
       # エラーに関してはruby-samlの内容をそのまま渡しているだけなので、エラーが返ってくることのみ検証して、それぞれの設定値に対するエラー内容の検証は行いません。
diff --git a/spec/sp_rails_saml/settings_spec.rb b/spec/sp_rails_saml/settings_spec.rb
index e24daf8..c4bc004 100644
--- a/spec/sp_rails_saml/settings_spec.rb
+++ b/spec/sp_rails_saml/settings_spec.rb
@@ -13,6 +13,9 @@ class Account; end
     let(:assertion_consumer_service_url) { 'assertion_consumer_service_url' }
     let(:user_class) { User }
     let(:account_class) { Account }
+    let(:user_find_key) { :label }
+    let(:account_find_key) { :label }
+    let(:saml_response_user_find_key) { :label }
 
     before do
       SpRailsSaml::Settings.class_variable_set(:@@setuped, false)
@@ -25,6 +28,9 @@ class Account; end
         config.authn_context_comparison = authn_context_comparison
         config.user_class = user_class
         config.account_class = account_class
+        config.user_find_key = user_find_key
+        config.account_find_key = account_find_key
+        config.saml_response_user_find_key = saml_response_user_find_key
       end
 
       sp_rails_saml_setting = SpRailsSaml::Settings.instance
@@ -34,22 +40,9 @@ class Account; end
       expect(sp_rails_saml_setting.authn_context_comparison).to eq authn_context_comparison
       expect(sp_rails_saml_setting.user_class).to eq user_class
       expect(sp_rails_saml_setting.account_class).to eq account_class
-    end
-
-    it 'raise if twice setup' do
-      SpRailsSaml::Settings.setup do |config|
-        config.name_identifier_format = name_identifier_format
-        config.authn_context = authn_context
-        config.authn_context_comparison = authn_context_comparison
-        config.user_class = user_class
-        config.account_class = account_class
-      end
-
-      expect {
-        SpRailsSaml::Settings.setup do |config|
-          config.name_identifier_format = name_identifier_format
-        end
-      }.to raise_error(SpRailsSaml::MultiSetupError)
+      expect(sp_rails_saml_setting.user_find_key).to eq user_find_key
+      expect(sp_rails_saml_setting.account_find_key).to eq account_find_key
+      expect(sp_rails_saml_setting.saml_response_user_find_key).to eq saml_response_user_find_key
     end
 
     it 'raise if set setting value' do

From 2edfcc921a80e192040cc765f463560e4b8a2efd Mon Sep 17 00:00:00 2001
From: Hiroto Yonetani <35982148+Sibakeny@users.noreply.github.com>
Date: Mon, 18 Oct 2021 16:55:23 +0900
Subject: [PATCH 2/2] gem version up (#47)

---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 9a6f4a5..9c8596c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    sp-rails-saml (1.0.1)
+    sp-rails-saml (1.0.2)
       ruby-saml
 
 GEM