场景模型>> omniauth-ucam-raven>> 返回
项目作者: CHTJonas

项目描述 :
OmniAuth strategy for Cambridge University's Raven SSO system
高级语言: Ruby
项目地址: git://github.com/CHTJonas/omniauth-ucam-raven.git
创建时间: 2018-11-04T18:22:26Z
项目社区:https://github.com/CHTJonas/omniauth-ucam-raven
开源协议:MIT License
下载


Warning
If you are viewing this README on the main branch then please note that this may contain as yet unreleased changes.
You probably want to checkout a tag using the GitHub interface and view documentation for that specific version.

Raven OmniAuth strategy

This Ruby gem provides an OmniAuth strategy for authenticating using the Raven SSO System, provided by the University of Cambridge.

Installation

Add the strategy to your Gemfile:

  1. gem 'omniauth-ucam-raven'

And then run bundle install.

You then need to download the Raven service RSA public key(s) in PEM format from ~the project pages here~ the mirror here and store it somewhere that is not writable by your web application. Tip: it’s the one without the .crt file extension.

Usage

The strategy expects a path to the directory where you store your Raven public key(s).
This allows multiple keys to be supported in order to facilitate rollover or multiple backend auth servers.

If you’re using Rails, you’ll want to add the following to an initialisers e.g. config/initializers/omniauth.rb and then restart your application server:

  1. Rails.application.config.middleware.use OmniAuth::Builder do
  2.   provider "ucam-raven", Rails.root.join("vendor", "ucam-raven-public-keys")
  3. end

For Sinatra and other Rack-based frameworks, you can integrate the strategy into your middleware e.g. in a config.ru:

  1. use OmniAuth::Builder do
  2.   provider "ucam-raven", '/path/to/keys/dir'
  3. end

Upon authentication, the user’s details will be available in the request.env['omniauth.auth'] object as show in the example below. Each field is well documented in the protocol specification.

  1. {
  2.   "provider"=>"ucam-raven",
  3.   "uid"=>"crsid",
  4.   "info"=>{"name"=>nil, "ptags"=>["current"]},
  5.   "credentials"=>{"auth"=>"", "sso"=>["pwd"]},
  6.   "extra"=>{"id"=>"dateandtime", "lifetime"=>"sessionlifetime", "parameters"=>"your params string returned to you"}
  7. }

When prototyping you application, you may find it helpful to add the following line of code, otherwise GET requests to the application authentication URL won’t work.

  1. OmniAuth.config.allowed_request_methods = [:post, :get]

Configuration

The Ucam-Raven strategy will work straight out of the box but you can apply custom configuration if you so desire by appending an options hash to the arguments when provider is called, for example:

  1. use OmniAuth::Builder do
  2.   keys_dir = Rails.root.join("vendor", "ucam-raven-public-keys")
  3.   options = { desc: 'my description', msg: 'my message', params: 'string to be returned after login', date: true }
  4.   provider "ucam-raven", keys_dir, opts
  5. end

If you are looking to use the strategy with the SRCF Goose authentication service rather than Raven then you can include the following configuration:

  1. use OmniAuth::Builder do
  2.   keys_dir = Rails.root.join("vendor", "ucam-raven-public-keys")
  3.   provider "ucam-raven", keys_dir, honk: true
  4. end

See the code for the example Sinatra app for a hands-on example of this and here for a full list of configurable options.
Each option is fully documented in the specification.

For additional information, please refer to the OmniAuth wiki.

License

omniauth-ucam-raven is released under the MIT License.
Copyright (c) 2018 Charlie Jonas.