2010-08-10 16:04:19 -04:00
|
|
|
= OmniAuth::Enterprise
|
2010-07-04 15:42:09 -04:00
|
|
|
|
|
|
|
OmniAuth strategies for use in your intranet.
|
|
|
|
|
|
|
|
== Installation
|
|
|
|
|
2010-08-10 16:04:19 -04:00
|
|
|
To get just enterprise functionality:
|
2010-07-04 15:42:09 -04:00
|
|
|
|
2010-08-10 16:04:19 -04:00
|
|
|
gem install oa-enterprise
|
2010-07-04 15:42:09 -04:00
|
|
|
|
|
|
|
For the full auth suite:
|
|
|
|
|
|
|
|
gem install omniauth
|
2010-10-02 22:58:14 -04:00
|
|
|
|
2010-11-23 17:59:25 -05:00
|
|
|
== CAS
|
2010-07-04 15:42:09 -04:00
|
|
|
|
2010-11-23 17:59:25 -05:00
|
|
|
Use the CAS strategy as a middleware in your application:
|
2010-07-04 15:42:09 -04:00
|
|
|
|
2010-08-10 16:04:19 -04:00
|
|
|
require 'omniauth/enterprise'
|
2010-07-04 15:42:09 -04:00
|
|
|
|
|
|
|
use OmniAuth::Strategies::CAS, :server => 'http://cas.mycompany.com/cas'
|
|
|
|
|
|
|
|
Then simply direct users to '/auth/cas' to have them sign in via your company's CAS server.
|
|
|
|
See OmniAuth::Strategies::CAS::Configuration for more configuration options.
|
|
|
|
|
2010-11-23 17:59:25 -05:00
|
|
|
== LDAP
|
2010-07-04 15:42:09 -04:00
|
|
|
|
2011-01-24 22:08:38 -05:00
|
|
|
Use the LDAP strategy as a middleware in your application:
|
2010-11-23 17:59:25 -05:00
|
|
|
|
|
|
|
require 'omniauth/enterprise'
|
|
|
|
use OmniAuth::Strategies::LDAP,
|
2010-12-04 16:06:21 -05:00
|
|
|
:title => "My LDAP",
|
2010-11-23 17:59:25 -05:00
|
|
|
:host => '10.101.10.1',
|
|
|
|
:port => 389,
|
|
|
|
:method => :plain,
|
|
|
|
:base => 'dc=intridea, dc=com',
|
|
|
|
:uid => 'sAMAccountName',
|
2010-12-03 00:08:37 -05:00
|
|
|
:name_proc => Proc.new {|name| name.gsub(/@.*$/,'')}
|
2011-01-02 12:55:11 -05:00
|
|
|
:bind_dn => 'default_bind_dn'
|
|
|
|
:password => 'password'
|
2010-11-23 17:59:25 -05:00
|
|
|
|
2011-01-02 12:55:11 -05:00
|
|
|
All of the listed options are required, with the exception of :name_proc, :bind_dn, and :password
|
2010-11-23 17:59:25 -05:00
|
|
|
Allowed values of :method are: :plain, :ssl, :tls.
|
|
|
|
|
2011-01-02 12:55:11 -05:00
|
|
|
:bind_dn and :password are used to perform the initial binding if user lookup is
|
|
|
|
needed. If the user lookup returns result, the DN attribute from the result set is used
|
|
|
|
to perform the final binding. This is needed only when the LDAP server requires
|
|
|
|
DN to be used for binding and you may only want user to using email or username
|
|
|
|
in the login form.
|
|
|
|
|
2010-11-23 17:59:25 -05:00
|
|
|
:uid is the LDAP attribute name for the user name in the login form. typically
|
|
|
|
AD would be 'sAMAccountName' or 'UserPrincipalName', while OpenLDAP is 'uid'.
|
|
|
|
You can also use 'dn', if your user choose the put in the dn in the login form
|
|
|
|
(but usually is too long for user to remember or know).
|
|
|
|
|
|
|
|
:name_proc allows you to match the user name entered with the format of the
|
|
|
|
:uid attributes. For example, value of 'sAMAccountName' in AD contains only the
|
|
|
|
windows user name. If your user prefers use email to login, a name_proc as
|
|
|
|
above will trim the email string down to just the windows name. In summary,
|
|
|
|
:name_proc helps you to fill the gap between the authentication and user lookup
|
|
|
|
process.
|
|
|
|
|
|
|
|
:try_sasl and :sasl_mechanisms are optional. Use them to initialize a SASL
|
|
|
|
connection to server. Allowed values are 'DIGEST-MD5' and 'GSS-SPNEGO'. If you
|
|
|
|
are not familiar with these authentication methods, please just avoid them.
|
|
|
|
|
|
|
|
Direct users to '/auth/ldap' to have them authenticated via your
|
|
|
|
company's LDAP server.
|
|
|
|
|
|
|
|
== Multiple Strategies
|
|
|
|
|
|
|
|
If you're using multiple strategies together, use OmniAuth's Builder. That's
|
|
|
|
what it's there for:
|
2010-07-04 15:42:09 -04:00
|
|
|
|
2010-08-10 16:04:19 -04:00
|
|
|
require 'omniauth/enterprise'
|
2010-07-04 15:42:09 -04:00
|
|
|
require 'omniauth/oauth' # for Campfire
|
|
|
|
require 'openid/store/filesystem'
|
|
|
|
|
|
|
|
use OmniAuth::Builder do
|
|
|
|
provider :cas, :server => 'http://cas.mycompany.com/cas'
|
|
|
|
provider :campfire
|
|
|
|
end
|