Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why does this middleware setup phase code work in rails 6 but not in rails 7? #231

Open
leesmith opened this issue Sep 21, 2024 · 1 comment
Open

Why does this middleware setup phase code work in rails 6 but not in rails 7? #231

leesmith opened this issue Sep 21, 2024 · 1 comment

Comments

@leesmith
Copy link

I've got a rails 6 app using the latest versions of devise and omniauth-saml. The app allows any number of identity providers (IDP) to communicate with so to do that I've essentially followed this blog post that outlines how to customize the setup phase to plugin the correct IDP at runtime.

This app is not using subdomains so the main difference in my implementation is that I set the id of the IDP on the session before the app calls out to the IDP (users submit their email address and the domain gets extracted for the IDP lookup). Once the SAML assertion comes back, it grabs that IDP id out of the session in the setup phase to continue on.

The following is the rack middleware that's used in the setup phase that works in rails 6 but not in rails 7 (the line where it accesses the session). Any idea why? I even tried downgrading Rack to 2.2.9 in the rails 7 app and it still didn't work...idp_id is always just nil. Or is there a better way to do this? Thanks for any help!

class OmniauthSamlSetup

  # Omniauth expects the class passed to setup to respond to the #call method.
  # env - Rack environment
  # This class is Rack middleware, we put it in the "lib/" directory
  def self.call(env)
    new(env).setup
  end

  def initialize(env)
    @env = env
  end

  def setup
    @env["omniauth.strategy"].options.merge!(saml_settings)
  end

  private

  def saml_settings
    # find your provider, given a subdomain or a query param
    # provider = Provider.find_by(foo: params[:bar])
    provider = Rack::Request.new(@env).session['idp_id']
    {
      idp_cert: "-----BEGIN CERTIFICATE-----\n#{provider.cert}\n-----END CERTIFICATE-----",
      idp_sso_target_url: provider.target_url
    }
  end
end
@leesmith
Copy link
Author

More logging info:

Rails.logger.info("::::::::::: RACK SESSION") { @env["rack.session"].inspect }

produces:

INFO -- ::::::::::: RACK SESSION: [0e97bc23-110b-48c5-8049-6591c7727feb] #<ActionDispatch::Request::Session:0x14938 not yet loaded>

@leesmith leesmith mentioned this issue Sep 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@leesmith