chrodriguez · acosonic · Jan 27, 2017 · Jan 27, 2017 · Jan 27, 2017 · Jan 28, 2017
diff --git a/README.textile b/README.textile
@@ -1,3 +1,5 @@
+_this fork is onelogin modifications of:_
+
 h1. Redmine OmniAuth SAML plugin
 
 This plugins adds SAML authentication support for "Redmine":http://www.redmine.org thanks to the "OmniAuth authentication framework":https://github.com/intridea/omniauth and specially thanks to "Redmine Omniauth CAS Plugin":https:https://github.com/jbbarth/redmine_omniauth_cas. 

diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -6,3 +6,4 @@ en:
   text_full_logout_proposal: You may want to %{value} before trying an other username.
   text_logout_from_saml: close SSO session
   label_onthefly_creation: Create users automatically?
+  error_saml_invalid_ticket: Invalid SAML authentication ticket
diff --git a/config/routes.rb b/config/routes.rb
@@ -2,4 +2,7 @@
   match '/auth/failure'             => 'account#login_with_saml_failure',   via: [:get, :post]
   match '/auth/:provider/callback'  => 'account#login_with_saml_callback',  via: [:get, :post]
   match '/auth/:provider'           => 'account#login_with_saml_redirect',  as: :sign_in, via: [:get, :post]
+#  post '/auth/:provider/consume'           => redirect { |params, request| "/auth/saml/callback?#{request.params.to_query}"} 
+  post '/auth/:provider/consume'           => redirect { "/auth/saml" }
 end
+
diff --git a/config/routes.rb~ b/config/routes.rb~
@@ -0,0 +1,6 @@
+RedmineApp::Application.routes.draw do
+  match '/auth/failure'             => 'account#login_with_saml_failure',   via: [:get, :post]
+  match '/auth/:provider/callback'  => 'account#login_with_saml_callback',  via: [:get, :post]
+  match '/auth/:provider'           => 'account#login_with_saml_redirect',  as: :sign_in, via: [:get, :post]
+  match '/auth/:provider/consume'   => 'account#login_with_saml_redirect',  as: :sign_in, via: [:get, :post]
+end
diff --git a/lib/redmine_omniauth_saml/account_controller_patch.rb b/lib/redmine_omniauth_saml/account_controller_patch.rb
@@ -149,7 +149,9 @@ def sp_logout_request
         logout_request = OneLogin::RubySaml::Logoutrequest.new
         session[:transaction_id] = logout_request.uuid
         logger.info "New SP SLO for userid '#{User.current.login}' transactionid '#{session[:transaction_id]}'"
-
+
+        # perform the actual logout
+        saml_logout_user
         settings[:name_identifier_value] ||= name_identifier_value
 
         relay_state = home_url # url_for controller: 'saml', action: 'index'

diff --git a/lib/redmine_omniauth_saml/user_patch.rb b/lib/redmine_omniauth_saml/user_patch.rb
@@ -5,14 +5,18 @@ class User
 
   def self.find_or_create_from_omniauth(omniauth)
     user_attributes = Redmine::OmniAuthSAML.user_attributes_from_saml omniauth
+    Rails.logger.info "bobo" + user_attributes.inspect
     user = self.find_by_login(user_attributes[:login])
     unless user
       user = EmailAddress.find_by(address: user_attributes[:mail]).try(:user)
       if user.nil? && Redmine::OmniAuthSAML.onthefly_creation? 
-        user = new user_attributes
+	user = User.new(:status => 1, :language => Setting.default_language)
+#        user = new user_attributes
+	user.mail = user_attributes[:mail]
+	user.firstname = user_attributes[:firstname]
+	user.lastname = user_attributes[:lastname]
         user.created_by_omniauth_saml = true
-        user.login    = user_attributes[:login]
-        user.language = Setting.default_language
+        user.login    = omniauth.uid #this is onelogin specific probably
         user.activate
         user.save!
         user.reload

diff --git a/sample-onelogin-initializer.rb b/sample-onelogin-initializer.rb
@@ -0,0 +1,27 @@
+
+Redmine::OmniAuthSAML::Base.configure do |config|
+  config.saml = {
+#    :assertion_consumer_service_url => "http://yourcompany.redminegit.com/auth/saml/callback", # OmniAuth callback URL
+    :assertion_consumer_service_url => "http://yourcompany.redminegit.com/auth/saml/consume", # OmniAuth callback URL
+    :issuer                         => "https://app.onelogin.com/saml/metadata/123456",                    # The issuer name / entity ID. Must be an URI as per SAML 2.0 s$
+    :idp_sso_target_url             => "https://acosonic.onelogin.com/trust/saml2/http-post/sso/123456", # SSO login endpoint
+    :idp_cert_fingerprint           => "AA:AA:AA:AA:AA:E0:FB:E6:E0:38:BA:6A:6A:FA:DA:2D:03:05:2B:94", # SSO ssl certificate fingerprint
+    # Alternatively, specify the full certifiate:
+    #:idp_cert                       => "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
+    :name_identifier_format         => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+    :signout_url                    => "https://yourcomp.onelogin.com/trust/saml2/http-redirect/slo/123456", # Optional signout URL, not supported by all identity provide$
+    :idp_slo_target_url             => "https://yourcomp.onelogin.com/trust/saml2/http-redirect/slo/123456",
+    :name_identifier_value          => "mail", # Which redmine field is used as name_identifier_value for SAML logout
+    :attribute_mapping              => {
+    # How will we map attributes from SSO to redmine attributes
+      :login      => 'extra.raw_info.username',
+      :mail       => 'extra.raw_info.email',
+      :firstname  => 'extra.raw_info.firstname',
+      :lastname   => 'extra.raw_info.lastname'
+    }
+  }
+
+  config.on_login do |omniauth_hash, user|
+    # Implement any hook you want here
+  end
+end