diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index ed8eea4..2d94237 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -18,17 +18,11 @@ module Strategies idp_cert: Rails.application.secrets.dig(:omniauth, :saml, :idp_cert), idp_sso_target_url: Rails.application.secrets.dig(:omniauth, :saml, :idp_sso_target_url), sp_entity_id: Rails.application.secrets.dig(:omniauth, :saml, :sp_entity_id), - strategy_class: ::OmniAuth::Strategies::SAML, - attribute_statements: { - email: ["mail"], - name: %w(givenName nom) - }, + strategy_class: Rails.application.secrets.dig(:omniauth, :saml, :strategy_class).constantize, + attribute_statements: Rails.application.secrets.dig(:omniauth, :saml, :attribute_statements), certificate: Rails.application.secrets.dig(:omniauth, :saml, :certificate), private_key: Rails.application.secrets.dig(:omniauth, :saml, :private_key), - security: { - authn_requests_signed: true, - signature_method: XMLSecurity::Document::RSA_SHA256 - } + security: Rails.application.secrets.dig(:omniauth, :saml, :security) end Devise::OmniauthCallbacksController.class_eval do diff --git a/config/secrets.yml b/config/secrets.yml index 123a87d..8bcea17 100644 --- a/config/secrets.yml +++ b/config/secrets.yml @@ -40,7 +40,7 @@ default: &default idp_cert: <%= ENV["SAML_IDP_CERT"] %> idp_sso_target_url: <%= ENV["SAML_IDP_SSO_TARGET_URL"] %> sp_entity_id: <%= ENV["SAML_SP_ENTITY_ID"] %> - strategy_class: <%= ::OmniAuth::Strategies::SAML %> + strategy_class: <%= ENV["SAML_STRATEGY_CLASS"] || OmniAuth::Strategies::SAML %> attribute_statements: email: - mail @@ -49,17 +49,17 @@ default: &default - nom certificate: <%= ENV["SAML_CERTIFICATE"] %> private_key: <%= ENV["SAML_PRIVATE_KEY"] %> - user_types: [ 'T1', 'T2', 'T3', 'T11' ] - cn: 'ACCES' + user_types: <%= ENV["SAML_USER_TYPES"] || %w[T1 T2 T3 T11] %> + cn: <%= ENV["SAML_CN"] || "ACCES" %> security: - authn_requests_signed: true - signature_method: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + authn_requests_signed: <%= ENV["SAML_SECURITY_AUTHN_REQUESTS_SIGNED"] || true %> + signature_method: <%= ENV["SAML_SECURITY_SIGNATURE_METHOD"] || XMLSecurity::Document::RSA_SHA256 %> maps: api_key: <%= ENV["MAPS_API_KEY"] %> development: <<: *default - secret_key_base: <%= ENV["SECRET_KEY_BASE"] || "b909b44627fbb3d4a30323d3bfce412ee5f4c69777276e041da0ab00d68431d6177905e7c1bf337daeee51fb528fb0cc47fc20e3c0a7957237a3c5d6710d79ce"%> + secret_key_base: <%= ENV["SECRET_KEY_BASE"] || "b909b44627fbb3d4a30323d3bfce412ee5f4c69777276e041da0ab00d68431d6177905e7c1bf337daeee51fb528fb0cc47fc20e3c0a7957237a3c5d6710d79ce" %> omniauth: imipre: enabled: false diff --git a/config/settings.yml b/config/settings.yml deleted file mode 100644 index 9fa1f12..0000000 --- a/config/settings.yml +++ /dev/null @@ -1,40 +0,0 @@ -default: &default - smtp: - username: - password: - address: localhost - domain: example.com - port: 25 - - imipre: - domain: IMIPRE - scope: IMI_BASIC_PRE.Info - site: https://appspre.ajuntament.bcn - redirect_uri: https://aytobarcelona-decidim.dev.aspgems.com/users/auth/imipre/callback - - maps: - api_key: <%= ENV["MAPS_API_KEY"] %> - - saml: - idp_sso_target_url: <%= ENV['IDP_SSO_TARGET_URL'] %> - idp_cert: <%= ENV['IDP_CERT'] %> - certificate: <%= ENV['CERTIFICATE'] %> - private_key: <%= ENV['PRIVATE_KEY'] %> - sp_entity_id: <%= ENV['SP_ENTITY_ID'] %> - user_types: ['T1', 'T2', 'T3', 'T11'] - cn: 'ACCES' - -development: - <<: *default - secret_key_base: 4de720903a5d5f54094210f69423493dfdc56413a42907f7684766bff965695c0deec064fc03eff5c1e34fff618f70bdcac7127d853d6a0e5a4c48ccc267f2ad -test: - <<: *default - secret_key_base: 8d0e722712908c69c5005aefe275472ba3eae7fe30f982155dcd816896155f7e3848223af932c530de9baf0f22af45a9f15e64a7af315f99d0a5bb1e48c1e332 -production: - <<: *default - imipre: - domain: IMIPRE - scope: IMI_BASIC_PRE.Info - site: https://appspre.ajuntament.bcn - redirect_uri: https://aytobarcelona-decidim.dev.aspgems.com/users/auth/barcelona-rrhh/callback - info_url: https://appspre.ajuntament.bcn/oauth2/rest/token/info?access_token=