feat: allow request uuid to be stored

Introduces a :store_request_uuid option for later comparison with InResponseTo By default it saves the request uuid in the session as "saml_transaction_id", but also accepts a proc that will then be called with the uuid for custom storage.
omniauth · Mar 25, 2019 · 250c64b · 250c64b
1 parent a0eedd6
commit 250c64b
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/lib/omniauth/strategies/saml.rb b/lib/omniauth/strategies/saml.rb
@@ -30,15 +30,26 @@ def self.inherited(subclass)
       option :slo_default_relay_state
       option :uid_attribute
       option :idp_slo_session_destroy, proc { |_env, session| session.clear }
+      option :store_request_uuid
 
       def request_phase
         authn_request = OneLogin::RubySaml::Authrequest.new
 
+        store_request_uuid(authn_request.uuid)
+
         with_settings do |settings|
           redirect(authn_request.create(settings, additional_params_for_authn_request))
         end
       end
 
+      def store_request_uuid(uuid)
+        if options.store_request_uuid.respond_to?(:call)
+          options.store_request_uuid.call(uuid)
+        elsif options.store_request_uuid
+          session["saml_transaction_id"] = uuid
+        end
+      end
+
       def callback_phase
         raise OmniAuth::Strategies::SAML::ValidationError.new("SAML response missing") unless request.params["SAMLResponse"]