I'm designing a rails 5 app with two user models; user and admin_user (the default for active_admin). I am using devise for authentication. Originally I was using database-authenticatable, but now I need implement SSO through saml. I found and successfully set up the devise_saml_authenticatable gem for one model (users) but I am not sure where to start with setting it up with my other model (active_admin admin_users). I am using simpleSamlPhp as my identity provider locally.
Here is my config for devise in devise.rb
Devise.setup do |config| ...
config.saml_configure do |settings|
settings.assertion_consumer_service_url = "http://localhost:3000/users/saml/auth"
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
settings.name_identifier_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
settings.issuer = "http://localhost:3000/saml/metadata"
settings.authn_context = ""
settings.idp_slo_target_url = "http://simplesaml.dev/saml2/idp/SingleLogoutService.php"
settings.idp_sso_target_url = "http://simplesaml.dev/saml2/idp/SSOService.php"
settings.idp_cert = <<-CERT.chomp
-----BEGIN CERTIFICATE-----
My-Certificate-Here
-----END CERTIFICATE-----
CERT
end
end
The problem is that rails will direct the log in Url: localhost:3000/users/saml/sign_in to http://localhost:3000/users/saml/auth but direct the admin log in localhost:3000/users/saml/sign_in to the same url when signing in through the admin login page.
routes.rb
devise_for :admin_users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self)
devise_for :users
My models:
admin_user.rb
class AdminUser < ApplicationRecord
devise :saml_authenticatable
end
user.rb
class User < ApplicationRecord
devise :saml_authenticatable
end
