IGovt authorization implementation is built on top of the omniauth gem (https://github.com/intridea/omniauth) which is a library that provides a standardized multi-provider authentication for web applications.
The current version of Omniauth is 1.x, but this implementation was created for version 0.3.2
Gemfile
gem "omniauth", :git => "[email protected]:gems/omniauth"Rails.root/config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :igovt,
:assertion_consumer_service_index => 1,
:issuer => "issuer_url",
:sp_pem => "path_to_sp_pem_file",
:idp_metadata => "path_to_idp_metadata_xml_file",
:idp_sso_target_url => "igovt_target_url",
:name_identifier_format => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
:mutual_ssl_sp_pem => "path_to_mutual_ssl_sp_pem",
:mutual_ssl_sp_cer => "path_to_mutual_ssl_sp_cer"
endOmniauth will intercept this route and start the authentication process by redirecting the user to the Igovt url.
Add the following to your routes.rb
match '/auth/:provider/callback' => 'controller#action'
match '/auth/failure' => "controller#action"You can substitute the 'controller' and 'action' placeholders for the controller and action specific to your application.
In the callback action, you then will have access to hash with information about the user. You can access this hash at the controller level via:
request.env['omniauth.auth']The hash has the following structure:
{
'uid' => "#{uid}",
'provider' => "igovt",
'user_info' => {
'login' => "#{user_login}",
},
'credentials' => {
'token' => "#{token}",
'secret' => "#{secret}"
}
}When the authentication fails the user will get redirected to the /auth/failure endpoint, where you can then inform the user the cause of the failure.