Latest OpenSSO Extension: SAML 2.0 on Ruby
By superpat on Mar 20, 2007
UPDATE 21 March 2007 - I missed a couple of steps, including, ironically, installing the SAML 2.0 Ruby code. All should be well now.
Hot on the heels of our launch of OpenSSO Extensions comes the latest extension, contributed by Todd Saxton from New Zealand: a SAML 2.0 relying party implementation in Ruby (already noticed by the sharp-eyed Tatsuo Kudo, here). Todd used the existing SAML 2.0 PHP relying party (formerly known as Lightbulb) as a starting point and ported it to Ruby, using Roland Schmitt's WSS4R to handle the XML Security chores. Note that both the Ruby and PHP SAML 2.0 relying party implementations are very much 'proofs of concept'. They successfully complete SAML 2.0 single sign-on and single logout, but are not to be considered production quality. In particular, Andreas Solberg has identified some bugs and shortcomings in the PHP implementation and kindly offered to contribute his fixes (nudge!).
I just downloaded the Ruby SAML 2.0 code and... it works! I made one minor fix to account for differences in my environment, but everything else was just configuration. Here is a checklist of what you'll need (I used this very useful HOWTO on Rails installation as a base):
- Install Ruby - I have version 1.8.4, installed into Ubuntu via apt-get.
- Install RubyGems - I have version 0.9.2.
- Install Rails - I have version 1.2.3, installed via gem.
- (Optional) Install Mongrel - I have version 1.0.1, installed via gem.
Install WSS4R - I downloaded the tarball and ran
Install LOG4R (needed by WSS4R) - I used
gem install log4r.
Checkout the SAML 2.0 Ruby source from opensso.dev.java.net (it's in
opensso/extensions/saml2ruby/source). Instructions for getting the code via CVS.
Patch the WSS4R library's
xmlcanonicalizer.rbaccording to the instructions in saml2ruby's INSTALL file.
RAILS_GEM_VERSIONto match what you have. There may be cleaner ways of doing this, but this is what worked for me.
saml2ruby/source/examples/rails/SimpleSAMLRP/app/controllers/account_controller.rband change the SP and IdP settings to match your environment.
Run the server - from
Now browse to
http://myserver.mydomain.com/3000/account/loginand you should be redirected to authenticate at the IdP. On successful authentication you should be sent back to the Ruby SP example app which will report a successful login.
So - if you're a Ruby-ist (Ruby-ite? Rubier?) and you need SAML 2.0, go grab saml2ruby!