Ruby Rails 使用 Office 365 设计和 SAML
Ruby Rails Devise and SAML with Office 365
我已经使用 devise 和 devise_saml_authenticatable 设置了一个新的 Rails 应用程序来针对 Office 365 进行身份验证。
不幸的是,登录显示以下错误消息:
Sign in
Sorry, but we’re having trouble signing you in.
AADSTS7500522: XML element 'AuthnContextClassRef' in XML namespace 'urn:oasis:names:tc:SAML:2.0:assertion' in the SAML message must be a URI.
我的 config/decise.rb 文件如下所示:
config.saml_create_user = true
config.saml_update_user = true
config.saml_default_user_key = :email
config.saml_session_index_key = :session_index
config.saml_use_subject = true
config.idp_settings_adapter = nil
config.saml_configure do |settings|
settings.assertion_consumer_service_url = "https://localhost:3000/users/saml/auth"
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
settings.name_identifier_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
settings.issuer = "https://localhost:3000/saml/metadata"
settings.authn_context = ""
settings.idp_slo_target_url = "https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0"
settings.idp_sso_target_url = "https://login.microsoftonline.com/xxx/saml2"
settings.idp_cert_fingerprint = "E4:....."
settings.idp_cert_fingerprint_algorithm = "http://www.w3.org/2000/09/xmldsig#sha1"
end
并且Azure配置中的“Reply URL (Assertion Consumer Service URL)”设置为
https://localhost:3000/users/saml/auth
有什么解决办法吗?
终于弄明白了:所有的 Devise 例子都有
settings.authn_context = ""
设置。如果我将它设置为
settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
然后错误消失。
我已经使用 devise 和 devise_saml_authenticatable 设置了一个新的 Rails 应用程序来针对 Office 365 进行身份验证。
不幸的是,登录显示以下错误消息:
Sign in
Sorry, but we’re having trouble signing you in.
AADSTS7500522: XML element 'AuthnContextClassRef' in XML namespace 'urn:oasis:names:tc:SAML:2.0:assertion' in the SAML message must be a URI.
我的 config/decise.rb 文件如下所示:
config.saml_create_user = true
config.saml_update_user = true
config.saml_default_user_key = :email
config.saml_session_index_key = :session_index
config.saml_use_subject = true
config.idp_settings_adapter = nil
config.saml_configure do |settings|
settings.assertion_consumer_service_url = "https://localhost:3000/users/saml/auth"
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
settings.name_identifier_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
settings.issuer = "https://localhost:3000/saml/metadata"
settings.authn_context = ""
settings.idp_slo_target_url = "https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0"
settings.idp_sso_target_url = "https://login.microsoftonline.com/xxx/saml2"
settings.idp_cert_fingerprint = "E4:....."
settings.idp_cert_fingerprint_algorithm = "http://www.w3.org/2000/09/xmldsig#sha1"
end
并且Azure配置中的“Reply URL (Assertion Consumer Service URL)”设置为
https://localhost:3000/users/saml/auth
有什么解决办法吗?
终于弄明白了:所有的 Devise 例子都有
settings.authn_context = ""
设置。如果我将它设置为
settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
然后错误消失。