Latest OpenSSO Extension: SAML 2.0 on Ruby
UPDATE 21 March 2007 - I missed a couple of steps, including, ironically, installing the SAML 2.0 Ruby code. All should be well now.
Hot on the heels of our launch of OpenSSO Extensions comes the latest extension, contributed by Todd Saxton from New Zealand: a SAML 2.0 relying party implementation in Ruby (already noticed by the sharp-eyed Tatsuo Kudo, here). Todd used the existing SAML 2.0 PHP relying party (formerly known as Lightbulb) as a starting point and ported it to Ruby, using Roland Schmitt’s WSS4R to handle the XML Security chores. Note that both the Ruby and PHP SAML 2.0 relying party implementations are very much ‘proofs of concept’. They successfully complete SAML 2.0 single sign-on and single logout, but are not to be considered production quality. In particular, Andreas Solberg has identified some bugs and shortcomings in the PHP implementation and kindly offered to contribute his fixes (nudge!).
I just downloaded the Ruby SAML 2.0 code and… it works! I made one minor fix to account for differences in my environment, but everything else was just configuration. Here is a checklist of what you’ll need (I used this very useful HOWTO on Rails installation as a base):
- Install Ruby - I have version 1.8.4, installed into Ubuntu via apt-get.
- Install RubyGems - I have version 0.9.2.
- Install Rails - I have version 1.2.3, installed via gem.
- (Optional) Install Mongrel - I have version 1.0.1, installed via gem.
- Install WSS4R - I downloaded the tarball and ran
ruby setup.rb.* Install [LOG4R](http://log4r.sourceforge.net/) (needed by WSS4R) - I usedgem install log4r.* Checkout the SAML 2.0 Ruby source from opensso.dev.java.net (it's inopensso/extensions/saml2ruby/source). [Instructions for getting the code via CVS](https://opensso.dev.java.net/servlets/ProjectSource).* Patch the WSS4R library'sxmlcanonicalizer.rbaccording to the instructions in saml2ruby's [INSTALL](https://opensso.dev.java.net/source/browse/opensso/extensions/saml2ruby/source/INSTALL?view=markup) file.* Editsaml2ruby/source/examples/rails/SimpleSAMLRP/config/environment.rband changeRAILS_GEM_VERSIONto match what you have. There may be cleaner ways of doing this, but this is what worked for me.* Editsaml2ruby/source/examples/rails/SimpleSAMLRP/app/controllers/account_controller.rband change the SP and IdP settings to match your environment.* Run the server - fromsaml2ruby/source/examples/rails/SimpleSAMLRPdomongrel_rails startorruby script/server.* Now browse tohttp://myserver.mydomain.com/3000/account/loginand you should be redirected to authenticate at the IdP. On successful authentication you should be sent back to the Ruby SP example app which will report a successful login.
`
So - if you’re a Ruby-ist (Ruby-ite? Rubier?) and you need SAML 2.0, go grab saml2ruby!`
Comments
Dennis Seah
Hi Pat, I always wanted to do the Ruby extension thingy. (I think I have hinted you about this :-)) I guess Tatsuo-san’s fast fingers has beaten me. Maybe I should extend from Tatsuo’s work huh? (an extension of an extension LOL) Great stuffs. it is unbelievable that people can get things done overnight!
Pat
Dennis - it was Todd who implemented this - Tatsuo just blogged about it first.
New and Updated OpenSSO Extensions – CAS, Information Cards and VALid « Superpatterns
[…] the wider community, that extend or interoperate with OpenSSO in interesting ways – from a Ruby SAML 2.0 service provider to authentication modules for Yubikey, Hitachi Finger Vein Biometric and […]
Leave a Comment
Your email address will not be published. Required fields are marked *