Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how do I change callback route? #6

Open
altV opened this issue Apr 12, 2016 · 2 comments
Open

how do I change callback route? #6

altV opened this issue Apr 12, 2016 · 2 comments

Comments

@altV
Copy link

altV commented Apr 12, 2016

not sure what to change to support custom callback routes
@jrdoane
Copy link
Member

jrdoane commented Apr 14, 2016
edited
Loading

There should never be a "callback" to a route after the SAML handlers have done their magic because you need to run all the middleware that exists for the route that you want to go to. A little more information about what you're trying to do might help me explain what you should do. Depending on how you have your routes built up, you have different options on how and when to utilize the SAML information that came back.

For VLACS, our Clojure application that uses this library makes some helmsman routes out of the already created handlers in saml20-clj but, relies on a middleware to redirect unauthenticated users to the SAML route. Once SAML has returned authentication data, clj-saml20 should redirect you to the RelayState (where did you try going before SSO took place.) At this point, the saml20-clj libraries should have added information to the current session which the middleware that will run again to check auth, can use to confirm the user's identity.

The Middleware that is currently in Informer to require login looks something like this:

(defn require-login
  [handler]
  (fn require-login-middleware-fn
    [request]
    (if (get-in request [:session :informer/sis-user] nil)
      (handler request)
      (if-let [saml20 (get-in request [:session :saml20])]
        (if-let [sis-user (db.user/get-by-id
                            (:informer request)
                            (get-in
                              (first (:assertions saml20))
                              [:name-id :value]))]
          (handler
            (update-in
              request [:session]
              #(assoc % :informer/sis-user sis-user
                      :uid (:sis_user_id sis-user))))
          {:status 500
           :body "SAML assertion contains an unknown user."})
        {:status 303
         :headers {"Location"
                   (str
                     (helmsman.navigation/assemble-relative-uri
                       request :saml20-clj/endpoint)
                     "?continue="
                     (helmsman.uri/assemble
                       (helmsman.uri/relative-uri
                         (:path
                          (helmsman.navigation/get-route-by-id
                           request :saml20-clj/endpoint))
                         (get-in
                           request [:helmsman :current-route :path]))))}
         :body ""}))))

@akhudek
Copy link

akhudek commented May 18, 2016

I've noticed that the "/saml" get route doesn't actually do anything. I assume it's supposed to forward to the saml provider?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@altV @akhudek @jrdoane