SAML 2.0 SSO for Ruby on Rails?
Solution 1
The best places to look are Ruby Toolbox and Rubygems.org - if it's not there, you may try Github, but your chances are slim now.
My rule is: estimate how long it would take you to build it yourself. If you have spend a reasonable amount of time (say, 10%) on finding an existing solution, but none is out there (or working), then code it yourself.
Solution 2
I played with this one once: https://github.com/onelogin/ruby-saml It might be what you're looking for.
Schleichermann
Updated on July 20, 2022Comments
-
Schleichermann almost 2 years
Where can I dig up a Ruby or Ruby on Rails library for SAML 2.0 SSO. I have a set of enterprise applications that are to be built but need to have federated login from a central authentication system. I have used SAML 1.1 and SAML 2.0 in a Microsoft .Net environment but have yet to see a library that handles both SAML Providers and Consumers for Ruby on Rails. Can someone point me in the right direction or tell me if I need to build the library myself?
-
Brian over 13 yearsOddly enough, I just came across this today as well. Seems like there are a few active forks and example application out there as well. Although, I am not certain that it supports SAML 1.1...
-
Peder almost 13 yearsit is not a full featured saml client yet, so it only supports some IdPs.
-
Michael K Madison over 11 yearsThis isn't really a useful answer.
-
Chloe about 11 yearsExcellent pro life tip. What is your rule for building it yourself vs. buying it?
-
spume over 10 yearsI'd argue that the Roll Your Own approach is less advisable when it comes to security: a naive implementation could easily introduce a security vulnerability.
-
Shyam Habarakada over 9 yearsThe official version of
ruby-saml
does not support encrypted responses as of yet. There are however a couple of forks and working branches that are trying to add it in. fyi, in case this is something you want right away. -
Raf about 9 yearsNot a useful answer. I believe that you omit many important things. Estimating the cost to build something is not enough. There is a maintenance cost as well: how often will you need to update your solution to keep up to date with the changes of the standards/APIs involved? Do you have enough knowledge about this particular subject to roll out your own solution? Gems exist for a reason: you delegate these issues to the gem and put your trust in the maintainers with the belief that they are doing things in the most appropriate way possible.
-
Charles Bandes over 8 yearsThis feels like an ad for a commercial product, the OP was looking for FOSS solutions.
-
smartin almost 8 yearsNowadays ruby-saml supports encrypted assertions
-
Mahesh Bablu over 4 yearsuneven answer for this question