onelogin ruby-saml

Claudio Ramirez publist.cr at gmail.com
Fri Feb 24 08:59:51 EST 2017


2017-02-03 22:02 GMT+01:00 Karla Borecky <kborecky at smith.edu>:

> Has anyone else dealt with a vendor using this SAML SSO implementation?
> (The company is Poll Everywhere, in my case.) This guy is sending me some
> random error his code is throwing (and a link to the actual code!),
> apparently laboring under the misapprehension that just because his
> software is throwing an error, that means my assertion is bad. (It is NOT
> bad.)
>
> I got to the point where I sent him a sample SAML2 assertion and suggested
> he talk to the developers/user community for this software. Was I wrong to
> do this?
>
>
Hi Kara,

Our users authenticate themselves to the Poll Everywhere SP. Their SAML
implementation was pretty basic (they used Ruby's omniauth) and they had to
do several code changes to make it work. Sadly, it a non-encrypted/signed
setup.

Below you'll find our side of the puzzle (it's part of our public metada).

Regards,

Claudio Ramirez
KU Leuven - CCIS

    <EntityDescriptor entityID="https://www.polleverywhere.com/auth/kuleuven
">
        <SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
            <AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="
https://www.polleverywhere.com/auth/kuleuven/callback" isDefault="true"
index="0"></AssertionConsumerService>
            <AttributeConsumingService index="1">
                <ServiceName xml:lang="en">
https://www.polleverywhere.com/auth/kuleuven</ServiceName>
                <ServiceDescription xml:lang="en">Poll
Everywhere</ServiceDescription>
                <RequestedAttribute FriendlyName="eduPersonPrincipalName"
Name="urn:mace:dir:attribute-def:eduPersonPrincipalName"
NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"
isRequired="true"></RequestedAttribute>
                <RequestedAttribute FriendlyName="mail"
Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
isRequired="true"></RequestedAttribute>
                <RequestedAttribute FriendlyName="givenName"
Name="urn:oid:2.5.4.42"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
isRequired="true"></RequestedAttribute>
                <RequestedAttribute FriendlyName="surname"
Name="urn:oid:2.5.4.4"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
isRequired="true"></RequestedAttribute>
                <RequestedAttribute FriendlyName="cn"
Name="urn:mace:dir:attribute-def:cn"
NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"
isRequired="true"></RequestedAttribute>
            </AttributeConsumingService>
        </SPSSODescriptor>
        <ContactPerson contactType="technical">
            <GivenName>Brad Gessler</GivenName>
            <EmailAddress>brad at polleverywhere.com</EmailAddress>
        </ContactPerson>
    </EntityDescriptor>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170224/0c8e46d8/attachment-0001.html>


More information about the users mailing list