fix: default assertion_consumer_service_url not set during callback

Fix a bug where ruby-saml would fail SubjectConfirmation Recipient validation when using the default assertion_consumer_service_url. The url was not being set during the callback phase. This closes omniauth#139
CoffeeAndCode · Jun 8, 2017 · 4a2a5ef · 4a2a5ef
1 parent 3787dfb
commit 4a2a5ef
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/lib/omniauth/strategies/saml.rb b/lib/omniauth/strategies/saml.rb
@@ -32,8 +32,6 @@ def self.inherited(subclass)
  option :idp_slo_session_destroy, proc { |_env, session| session.clear }
 
  def request_phase
- options[:assertion_consumer_service_url] ||= callback_url
-
  authn_request = OneLogin::RubySaml::Authrequest.new
 
  with_settings do |settings|
@@ -212,6 +210,7 @@ def generate_logout_request(settings)
  end
 
  def with_settings
+ options[:assertion_consumer_service_url] ||= callback_url
  yield OneLogin::RubySaml::Settings.new(options)
  end
 

diff --git a/spec/omniauth/strategies/saml_spec.rb b/spec/omniauth/strategies/saml_spec.rb
@@ -157,6 +157,16 @@ def post_xml(xml=:example_response, opts = {})
  end
  end
 
+ context "when the assertion_consumer_service_url is the default" do
+ before :each do
+ saml_options.delete(:assertion_consumer_service_url)
+ OmniAuth.config.full_host = 'http://localhost:9080'
+ post_xml
+ end
+
+ it { is_expected.not_to fail_with(:invalid_ticket) }
+ end
+
  context "when there is no SAMLResponse parameter" do
  before :each do
  post '/auth/saml/callback'