Tuesday Mar 20, 2007

Latest OpenSSO Extension: SAML 2.0 on Ruby

UPDATE 21 March 2007 - I missed a couple of steps, including, ironically, installing the SAML 2.0 Ruby code. All should be well now.

Hot on the heels of our launch of OpenSSO Extensions comes the latest extension, contributed by Todd Saxton from New Zealand: a SAML 2.0 relying party implementation in Ruby (already noticed by the sharp-eyed Tatsuo Kudo, here). Todd used the existing SAML 2.0 PHP relying party (formerly known as Lightbulb) as a starting point and ported it to Ruby, using Roland Schmitt's WSS4R to handle the XML Security chores. Note that both the Ruby and PHP SAML 2.0 relying party implementations are very much 'proofs of concept'. They successfully complete SAML 2.0 single sign-on and single logout, but are not to be considered production quality. In particular, Andreas Solberg has identified some bugs and shortcomings in the PHP implementation and kindly offered to contribute his fixes (nudge!).

I just downloaded the Ruby SAML 2.0 code and... it works! I made one minor fix to account for differences in my environment, but everything else was just configuration. Here is a checklist of what you'll need (I used this very useful HOWTO on Rails installation as a base):

  • Install Ruby - I have version 1.8.4, installed into Ubuntu via apt-get.
  • Install RubyGems - I have version 0.9.2.
  • Install Rails - I have version 1.2.3, installed via gem.
  • (Optional) Install Mongrel - I have version 1.0.1, installed via gem.
  • Install WSS4R - I downloaded the tarball and ran ruby setup.rb.
  • Install LOG4R (needed by WSS4R) - I used gem install log4r.
  • Checkout the SAML 2.0 Ruby source from opensso.dev.java.net (it's in opensso/extensions/saml2ruby/source). Instructions for getting the code via CVS.
  • Patch the WSS4R library's xmlcanonicalizer.rb according to the instructions in saml2ruby's INSTALL file.
  • Edit saml2ruby/source/examples/rails/SimpleSAMLRP/config/environment.rb and change RAILS_GEM_VERSION to match what you have. There may be cleaner ways of doing this, but this is what worked for me.
  • Edit saml2ruby/source/examples/rails/SimpleSAMLRP/app/controllers/account_controller.rb and change the SP and IdP settings to match your environment.
  • Run the server - from saml2ruby/source/examples/rails/SimpleSAMLRP do mongrel_rails start or ruby script/server.
  • Now browse to http://myserver.mydomain.com/3000/account/login and you should be redirected to authenticate at the IdP. On successful authentication you should be sent back to the Ruby SP example app which will report a successful login.

So - if you're a Ruby-ist (Ruby-ite? Rubier?) and you need SAML 2.0, go grab saml2ruby!

About

superpat

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today