what should be the configuration of service_providers in saml_config.rb about saml_idp HOT 4 CLOSED

Just ran into this myself today. In README.md, when you see:

service_providers = {
    "some-issuer-url.com/saml" => {
      fingerprint: "9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D",
      metadata_url: "http://some-issuer-url.com/saml/metadata"
    },
  }

You want to change that to:

service_providers = {
    "some-issuer-url.com/saml" => {
      cert: OpenSSL::X509::Certificate.new(File.read(Rails.root.join('config', 'saml_sp.pem')))
      fingerprint: "9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D",
      metadata_url: "http://some-issuer-url.com/saml/metadata"
    },
  }

.. replace that path with the path to the public cert for your Service Provider, as necessary. (If you really needed, It should also be possible to obtain the cert dynamically via this sourcery, in which case I'd loop through the service_providers after setting the hash to merge in that key.)

Note you have to prepend:

require 'openssl'

.. to the top of your initializer if you get the error that OpenSSL is not defined.

from saml_idp.

Er. Disregard what I just crossed out. That's a horrible idea, security-wise. I can't believe I just suggested it.

from saml_idp.

I'll just add in here that, if you're following the ruby-saml gem documentation (speaking specifically of the issuer setting), then the key for the service provider may need to specify the protocol. So, you may need http://some-issuer-url.com/saml, rather than just some-issuer-url.com/saml.

from saml_idp.

Cleaning up old issues. I'm assuming folks here figured out what they needed (or have moved on). If that's incorrect reopen this and we'll continue the discussion.

from saml_idp.