Skip to content

OmniAuth support for multiple providers of an authentication strategy

License

Notifications You must be signed in to change notification settings

enterprise-oss/omniauth-multi-provider

 
 

Repository files navigation

OmniAuth MultiProvider

This is a simple extension to omniauth for supporting multiple identity provider instances of a given type e.g. multiple SAML or OAuth2 identity providers. It is a generalization of the omniauth-multi-provider-saml.

Installation

Add this line to your application's Gemfile:

gem 'omniauth-multi-provider'

And then execute:

$ bundle

Or install it yourself as:

$ gem install omniauth-multi-provider

Setup

Getting your setup to work with a single identity provider before attempting to use this gem is highly recommended.

The setup process consists of the following steps:

  1. Create an OmniAuth callback controller for your identity provider like you normally would with OmniAuth.
  2. Configure your routes to handle routes for multiple identity provider instances.
  3. Configure omniauth-multi-provider to choose the appropriate identity provider instance.

Configure Routes

Add something like the following to your routes assuming you're using Rails and a SAML identity provider (your actual URL structure may vary):

MyApplication::Application.routes.draw do
  match '/auth/saml/:identity_provider_id/callback',
        via: [:get, :post],
        to: 'omniauth_callbacks#saml',
        as: 'user_omniauth_callback'

  match '/auth/saml/:identity_provider_id',
        via: [:get, :post],
        to: 'omniauth_callbacks#passthru',
        as: 'user_omniauth_authorize'
end

Configure OmniAuth

The basic configuration of OmniAuth looks something like this:

# config/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
  OmniAuth::MultiProvider.register(self,
                                   provider_name: :saml,
                                   identity_provider_id_regex: /\d+/,
                                   path_prefix: '/auth/saml',
                                   callback_suffix: 'callback',
                                   # Specify any additional provider specific options
                                   name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
                                   issuer: 'salsify.com',
                                   allowed_clock_drift: 5.seconds) do |identity_provider_id, rack_env|
    identity_provider = SAML::IdentityProvider.find(identity_provider_id)
    # Optionally store a reference to the identity provider in the Rack environment
    # so you can reference it in your OmniAuth callbacks controller
    rack_env['salsify.saml_identity_provider'] = identity_provider
    # Any dynamic options returned by this block will be merged in with any statically
    # configured options for the identity provider type e.g. issuer in this example.
    identity_provider.options
  end
  
  # This also works with multiple provider types
  OmniAuth::MultiProvider.register(self,
                                   provider_name: :oauth2,
                                   identity_provider_id_regex: /\d+/,
                                   path_prefix: '/auth/oauth2') do |identity_provider_id, rack_env|
    identity_provider = OAuth2::IdentityProvider.find(identity_provider_id)
    rack_env['salsify.oauth2_identity_provider'] = identity_provider
    identity_provider.options
  end
end

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install.

To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org .

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/salsify/omniauth-multi-provider.## License

The gem is available as open source under the terms of the MIT License.

About

OmniAuth support for multiple providers of an authentication strategy

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Ruby 99.3%
  • Shell 0.7%