Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch

20Mar/072

Latest OpenSSO Extension: SAML 2.0 on Ruby

UPDATE 21 March 2007 - I missed a couple of steps, including, ironically, installing the SAML 2.0 Ruby code. All should be well now.

Hot on the heels of our launch of OpenSSO Extensions comes the latest extension, contributed by Todd Saxton from New Zealand: a SAML 2.0 relying party implementation in Ruby (already noticed by the sharp-eyed Tatsuo Kudo, here). Todd used the existing SAML 2.0 PHP relying party (formerly known as Lightbulb) as a starting point and ported it to Ruby, using Roland Schmitt's WSS4R to handle the XML Security chores. Note that both the Ruby and PHP SAML 2.0 relying party implementations are very much 'proofs of concept'. They successfully complete SAML 2.0 single sign-on and single logout, but are not to be considered production quality. In particular, Andreas Solberg has identified some bugs and shortcomings in the PHP implementation and kindly offered to contribute his fixes (nudge!).

I just downloaded the Ruby SAML 2.0 code and... it works! I made one minor fix to account for differences in my environment, but everything else was just configuration. Here is a checklist of what you'll need (I used this very useful HOWTO on Rails installation as a base):

  • Install Ruby - I have version 1.8.4, installed into Ubuntu via apt-get.
  • Install RubyGems - I have version 0.9.2.
  • Install Rails - I have version 1.2.3, installed via gem.
  • (Optional) Install Mongrel - I have version 1.0.1, installed via gem.
  • Install WSS4R - I downloaded the tarball and ran ruby setup.rb.
  • Install LOG4R (needed by WSS4R) - I used gem install log4r.
  • Checkout the SAML 2.0 Ruby source from opensso.dev.java.net (it's in opensso/extensions/saml2ruby/source). Instructions for getting the code via CVS.
  • Patch the WSS4R library's xmlcanonicalizer.rb according to the instructions in saml2ruby's INSTALL file.
  • Edit saml2ruby/source/examples/rails/SimpleSAMLRP/config/environment.rb and change RAILS_GEM_VERSION to match what you have. There may be cleaner ways of doing this, but this is what worked for me.
  • Edit saml2ruby/source/examples/rails/SimpleSAMLRP/app/controllers/account_controller.rb and change the SP and IdP settings to match your environment.
  • Run the server - from saml2ruby/source/examples/rails/SimpleSAMLRP do mongrel_rails start or ruby script/server.
  • Now browse to http://myserver.mydomain.com/3000/account/login and you should be redirected to authenticate at the IdP. On successful authentication you should be sent back to the Ruby SP example app which will report a successful login.

So - if you're a Ruby-ist (Ruby-ite? Rubier?) and you need SAML 2.0, go grab saml2ruby!

Filed under: OpenSSO Leave a comment
Comments (2) Trackbacks (1)
  1. Hi Pat,
    I always wanted to do the Ruby extension thingy.
    (I think I have hinted you about this :-))
    I guess Tatsuo-san’s fast fingers has beaten me.
    Maybe I should extend from Tatsuo’s work huh?
    (an extension of an extension LOL)
    Great stuffs. it is unbelievable that people can get things done overnight!

  2. Dennis – it was Todd who implemented this – Tatsuo just blogged about it first.


Leave a comment