sync with samly v0.8.0

Author: handnot2

README.md

@@ -1,16 +1,34 @@
 # SamlyHowto
 
-A Phoenix application that demonstrates how it is turned into a
-SAML Service Provider using [`Samly`](https://github.com/handnot2/samly)
-Elixir library.
+`SamlyHowto` is a Phoenix application that shows how to use the
+[`Samly`](https://hex.pm/packages/samly) Elixir Plug library for
+SAML 2.0 authentication. The Phoenix application becomes a
+SAML Service Provider.
+
+This Web application shows the attributes in the SAML Assertion
+returned by the Identity Provider (IdP) upon successful user
+authentication.
+
+It is fairly easy to enable SAML 2.0 authentication using the
+`samly` library. Often times, the initial hickups are related to
+configuring your application with proper Identity Provider settings.
+
+Use this project as a test application to make sure that you are
+able to successfully authenticate with your IdP. Once confirmed,
+you can use those configuration settings with your own application.
+This help you in isolating and correcting any configuration issues.
+The changes required are confined to the `config/dev.exs` file.
 
 ```sh
 # add the following to your /etc/hosts file:
 # 127.0.0.1 samly.howto
+# 127.0.0.1 idp2.samly.howto
+# 127.0.0.1 idp3.samly.howto
 
 git clone https://github.com/handnot2/samly_howto
 cd samly_howto
 ./gencert.sh
+cd assets && npm install && cd ..
 mix deps.get
 mix compile
 ```
@@ -29,4 +47,4 @@ Start this application by running
 ```
 
 This application can now be accessed from the browser by visiting the
-URL: `http://samly.howto:4003`
+URL: `http://samly.howto:4003`.

config/dev.exs

@@ -50,14 +50,78 @@ config :logger, :console, format: "[$level] $message\n"
 config :phoenix, :stacktrace_depth, 20
 
 config :samly, Samly.Provider,
-  #base_url: "http://samly.howto:4003/sso",
-  #entity_id: "urn:myhost-name:my-id",
-  #use_redirect_for_idp_req: false,
-  #sign_requests: true,
-  #sign_metadata: true,
-  #signed_assertion_in_idp_resp: true,
-  #signed_envelopes_in_idp_resp: true,
-  pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline,
-  certfile: "samly.crt",
-  keyfile:  "samly.pem",
-  idp_metadata_file: "idp_metadata.xml"
+  idp_id_from: :path_segment,
+  #idp_id_from: :subdomain,
+  service_providers: [
+    %{
+      id: "sp1",
+      entity_id: "urn:samly.howto:sp1",
+      certfile: "samly.crt",
+      keyfile: "samly.pem",
+      contact_name: "Samly Howto SP1 Admin",
+      contact_email: "[email protected]",
+      org_name: "Samly Howto SP1",
+      org_displayname: "Samly Howto SP1 Displayname",
+      org_url: "http://samly.howto:4003"
+    },
+    %{
+      id: "sp2",
+      entity_id: "urn:idp2.samly.howto:sp2",
+      certfile: "samly.crt",
+      keyfile: "samly.pem",
+      #contact_name: "Samly Howto SP2 Admin",
+      #contact_email: "[email protected]",
+      #org_name: "Samly Howto SP2",
+      #org_displayname: "Samly Howto SP2 Displayname",
+      #org_url: "http://idp2.samly.howto:4003"
+    },
+    %{
+      id: "sp3",
+      entity_id: "urn:idp3.samly.howto:sp3",
+      certfile: "samly.crt",
+      keyfile: "samly.pem",
+      #contact_name: "Samly Howto SP3 Admin",
+      #contact_email: "[email protected]",
+      #org_name: "Samly Howto SP3",
+      #org_displayname: "Samly Howto SP3 Displayname",
+      #org_url: "http://idp3.samly.howto:4003"
+    }
+  ],
+  identity_providers: [
+    %{
+      id: "idp1",
+      sp_id: "sp1",
+      base_url: "http://samly.howto:4003/sso",
+      metadata_file: "idp_metadata.xml",
+      pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline,
+      #use_redirect_for_req: false,
+      #sign_requests: true,
+      #sign_metadata: true,
+      #signed_assertion_in_resp: true,
+      #signed_envelopes_in_resp: true
+    },
+    %{
+      id: "idp2",
+      sp_id: "sp2",
+      base_url: "http://idp2.samly.howto:4003/sso",
+      metadata_file: "idp_metadata.xml",
+      pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline,
+      #use_redirect_for_req: false,
+      #sign_requests: true,
+      #sign_metadata: true,
+      #signed_assertion_in_resp: true,
+      #signed_envelopes_in_resp: true
+    },
+    %{
+      id: "idp3",
+      sp_id: "sp3",
+      base_url: "http://idp3.samly.howto:4003/sso",
+      metadata_file: "idp_metadata.xml",
+      pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline,
+      #use_redirect_for_req: false,
+      #sign_requests: true,
+      #sign_metadata: true,
+      #signed_assertion_in_resp: true,
+      #signed_envelopes_in_resp: true
+    }
+  ]

lib/samly_howto_web/controllers/page_controller.ex

@@ -3,15 +3,41 @@ defmodule SamlyHowtoWeb.PageController do
 
   def index(conn, _params) do
     assertion = Samly.get_active_assertion(conn)
-    uid = Samly.get_attribute(assertion, :uid)
-    {attributes, computed} = if assertion do
-      {assertion.attributes, assertion.computed}
+    uid = Samly.get_attribute(assertion, "uid")
+    {idp_id, attributes, computed} = if assertion do
+      {assertion.idp_id, assertion.attributes, assertion.computed}
     else
-      {nil, nil}
+      {nil, nil, nil}
     end
 
     target_url = "/?a=value1&b=value two" |> URI.encode_www_form()
-    render conn, "index.html",
-      uid: uid, attributes: attributes, computed: computed, target_url: target_url
+    {metadata_uri, signin_uri, signout_uri} = get_samly_uris()
+    render conn, "index.html", [
+      idp_id: idp_id,
+      uid: uid,
+      attributes: attributes,
+      computed: computed,
+      target_url: target_url,
+      metadata_uri: metadata_uri,
+      signin_uri: signin_uri,
+      signout_uri: signout_uri
+    ]
+  end
+
+  defp get_samly_uris() do
+    opts = Application.get_env(:samly, Samly.Provider, [])
+    if opts[:idp_id_from] == :subdomain do
+      {
+        "/sso/sp/metadata",
+        "/sso/auth/signin",
+        "/sso/auth/signout"
+      }
+    else
+      {
+        "/sso/sp/metadata/idp1",
+        "/sso/auth/signin/idp1",
+        "/sso/auth/signout/idp1"
+      }
+    end
   end
 end

lib/samly_howto_web/plugs/samly_pipeline.ex

@@ -8,10 +8,10 @@ defmodule SamlyHowtoWeb.Plugs.SamlyPipeline do
   def compute_attributes(conn, _opts) do
     assertion = conn.private[:samly_assertion]
 
-    first_name = Map.get(assertion.attributes, :first_name)
-    last_name  = Map.get(assertion.attributes, :last_name)
+    first_name = Map.get(assertion.attributes, "first_name")
+    last_name  = Map.get(assertion.attributes, "last_name")
 
-    computed = %{full_name: "#{first_name} #{last_name}"}
+    computed = %{"full_name" => "#{first_name} #{last_name}"}
 
     assertion = %Assertion{assertion | computed: computed}
 

lib/samly_howto_web/templates/page/index.html.eex

@@ -7,27 +7,58 @@
       </a>
 
       <%= if @uid do %>
-        <p class="nav navbar-text">Signed in as <%= @uid %></p>
+        <p class="nav navbar-text"><kbd>Signed in as <%= @uid %></kbd></p>
       <% end %>
+
       <div class="nav navbar-nav navbar-right" style="padding: 0 15px;">
-        <a href="/sso/sp/metadata"
+        <!--
+        <a href="/sso/sp/metadata/idp1"
+           class="btn btn-sm btn-default navbar-btn"
+           role="button">
+           SAML SP Metadata
+        </a>
+        -->
+
+        <!-- uncomment this section for: idp_id_from: :subdomain -->
+        <a href="<%= @metadata_uri %>"
            class="btn btn-sm btn-default navbar-btn"
            role="button">
            SAML SP Metadata
-         </a>
+        </a>
+        <!-- -->
 
         <%= if @uid do %>
-          <a href="/sso/auth/signout?target_url=<%= @target_url %>"
+          <!--
+          <a href="/sso/auth/signout/idp1?target_url=<%= @target_url %>"
+            class="btn btn-sm btn-primary navbar-btn"
+            role="button">
+            Sign out
+          </a>
+          -->
+
+          <!-- uncomment this section for: idp_id_from: :subdomain -->
+          <a href="<%= @signout_uri %>?target_url=<%= @target_url %>"
             class="btn btn-sm btn-primary navbar-btn"
             role="button">
             Sign out
           </a>
+          <!-- -->
         <% else %>
-          <a href="/sso/auth/signin?target_url=<%= @target_url %>"
+          <!--
+          <a href="/sso/auth/signin/idp1?target_url=<%= @target_url %>"
+             class="btn btn-sm btn-primary navbar-btn"
+             role="button">
+             Sign in
+          </a>
+          -->
+
+          <!-- uncomment this section for: idp_id_from: :subdomain -->
+          <a href="<%= @signin_uri %>?target_url=<%= @target_url %>"
              class="btn btn-sm btn-primary navbar-btn"
              role="button">
              Sign in
-           </a>
+          </a>
+          <!-- -->
         <% end %>
       </div>
     </div>
@@ -37,7 +68,7 @@
     <div class="container-fluid">
       <table class="table table-striped">
         <thead>
-          <tr><th>Attributes from IdP Sent SAML Assertion</th></tr>
+          <tr><th>Attributes in IdP Sent SAML Assertion</th></tr>
           <tr><th>Attribute</th><th>Value</th></tr>
         </thead>
         <tbody>

mix.exs

@@ -4,7 +4,7 @@ defmodule SamlyHowto.Mixfile do
   def project do
     [
       app: :samly_howto,
-      version: "0.5.0",
+      version: "0.6.0",
       elixir: "~> 1.4",
       elixirc_paths: elixirc_paths(Mix.env),
       compilers: [:phoenix, :gettext] ++ Mix.compilers,
@@ -38,7 +38,7 @@ defmodule SamlyHowto.Mixfile do
       {:phoenix_live_reload, "~> 1.0", only: :dev},
       {:gettext, "~> 0.11"},
       {:cowboy, "~> 1.0"},
-      {:samly, "~> 0.7"},
+      {:samly, "~> 0.8"},
     ]
   end
 end

mix.lock

@@ -1,14 +1,14 @@
 %{"cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [], [{:cowlib, "~> 1.0.2", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm"},
   "cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [], [], "hexpm"},
   "esaml": {:hex, :esaml, "3.1.0", "76337f00b5953a6c249fa8c322905c7a069b7c20339ece3756072279e6dcb41c", [], [{:cowboy, "1.1.2", [hex: :cowboy, repo: "hexpm", optional: false]}], "hexpm"},
-  "file_system": {:hex, :file_system, "0.2.1", "c4bec8f187d2aabace4beb890f0d4e468f65ca051593db768e533a274d0df587", [], [], "hexpm"},
+  "file_system": {:hex, :file_system, "0.2.2", "7f1e9de4746f4eb8a4ca8f2fbab582d84a4e40fa394cce7bfcb068b988625b06", [], [], "hexpm"},
   "gettext": {:hex, :gettext, "0.13.1", "5e0daf4e7636d771c4c71ad5f3f53ba09a9ae5c250e1ab9c42ba9edccc476263", [], [], "hexpm"},
   "mime": {:hex, :mime, "1.1.0", "01c1d6f4083d8aa5c7b8c246ade95139620ef8effb009edde934e0ec3b28090a", [], [], "hexpm"},
   "phoenix": {:hex, :phoenix, "1.3.0", "1c01124caa1b4a7af46f2050ff11b267baa3edb441b45dbf243e979cd4c5891b", [], [{:cowboy, "~> 1.0", [hex: :cowboy, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 1.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"},
   "phoenix_html": {:hex, :phoenix_html, "2.10.4", "d4f99c32d5dc4918b531fdf163e1fd7cf20acdd7703f16f5d02d4db36de803b7", [], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
-  "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.1.2", "dfd31cc1eb091533b4419bbdb67bec9767bb26c9fe09602e6cca313fab5302d0", [], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.0 or ~> 1.2 or ~> 1.3", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm"},
+  "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.1.3", "1d178429fc8950b12457d09c6afec247bfe1fcb6f36209e18fbb0221bdfe4d41", [], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.0 or ~> 1.2 or ~> 1.3", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm"},
   "phoenix_pubsub": {:hex, :phoenix_pubsub, "1.0.2", "bfa7fd52788b5eaa09cb51ff9fcad1d9edfeb68251add458523f839392f034c1", [], [], "hexpm"},
   "plug": {:hex, :plug, "1.4.3", "236d77ce7bf3e3a2668dc0d32a9b6f1f9b1f05361019946aae49874904be4aed", [], [{:cowboy, "~> 1.0.1 or ~> 1.1", [hex: :cowboy, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}], "hexpm"},
   "poison": {:hex, :poison, "3.1.0", "d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665", [], [], "hexpm"},
   "ranch": {:hex, :ranch, "1.3.2", "e4965a144dc9fbe70e5c077c65e73c57165416a901bd02ea899cfd95aa890986", [], [], "hexpm"},
-  "samly": {:hex, :samly, "0.7.2", "7048c1a12c960b563bd0d9be6ecc4196cdcb2b6069c533218546ef80b7077e26", [], [{:esaml, "~> 3.1", [hex: :esaml, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}}
+  "samly": {:hex, :samly, "0.8.0", "c690b454b1d1e1d583961807824a84ff5a49b2c25ae5eb80e21dc31af5d335b7", [], [{:esaml, "~> 3.1", [hex: :esaml, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}}