Skip to content

OmniAuth support for multiple providers of an authentication strategy

License

Notifications You must be signed in to change notification settings

salsify/omniauth-multi-provider

Repository files navigation

OmniAuth MultiProvider

This is a simple extension to omniauth for supporting multiple identity provider instances of a given type e.g. multiple SAML or OAuth2 identity providers. It is a generalization of the omniauth-multi-provider-saml.

Installation

Add this line to your application's Gemfile:

gem 'omniauth-multi-provider'

And then execute:

$ bundle

Or install it yourself as:

$ gem install omniauth-multi-provider

Setup

Getting your setup to work with a single identity provider before attempting to use this gem is highly recommended.

The setup process consists of the following steps:

  1. Create an OmniAuth callback controller for your identity provider like you normally would with OmniAuth.
  2. Configure your routes to handle routes for multiple identity provider instances.
  3. Configure omniauth-multi-provider to choose the appropriate identity provider instance.

Configure Routes

Add something like the following to your routes assuming you're using Rails and a SAML identity provider (your actual URL structure may vary):

MyApplication::Application.routes.draw do
  match '/auth/saml/:identity_provider_id/callback',
        via: [:get, :post],
        to: 'omniauth_callbacks#saml',
        as: 'user_omniauth_callback'

  match '/auth/saml/:identity_provider_id',
        via: [:get, :post],
        to: 'omniauth_callbacks#passthru',
        as: 'user_omniauth_authorize'
end

Configure OmniAuth

The basic configuration of OmniAuth looks something like this:

# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
  OmniAuth::MultiProvider.register(self,
                                   provider_name: :saml,
                                   identity_provider_id_regex: /\d+/,
                                   path_prefix: '/auth/saml',
                                   callback_suffix: 'callback',
                                   # Specify any additional provider specific options
                                   name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
                                   issuer: 'salsify.com',
                                   allowed_clock_drift: 5.seconds) do |identity_provider_id, rack_env|
    identity_provider = SAML::IdentityProvider.find(identity_provider_id)
    # Optionally store a reference to the identity provider in the Rack environment
    # so you can reference it in your OmniAuth callbacks controller
    rack_env['salsify.saml_identity_provider'] = identity_provider
    # Any dynamic options returned by this block will be merged in with any statically
    # configured options for the identity provider type e.g. issuer in this example.
    identity_provider.options
  end
  
  # This also works with multiple provider types
  OmniAuth::MultiProvider.register(self,
                                   provider_name: :oauth2,
                                   identity_provider_id_regex: /\d+/,
                                   path_prefix: '/auth/oauth2') do |identity_provider_id, rack_env|
    identity_provider = OAuth2::IdentityProvider.find(identity_provider_id)
    rack_env['salsify.oauth2_identity_provider'] = identity_provider
    identity_provider.options
  end
end

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install.

To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org .

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/salsify/omniauth-multi-provider.## License

The gem is available as open source under the terms of the MIT License.