Skip to content

Instantly share code, notes, and snippets.

@oddlyfunctional

oddlyfunctional/setup-saml.md

Created May 17, 2019 10:41
Show Gist options
  • Save oddlyfunctional/ba9563f2523e21330cee2579f4c3aafb to your computer and use it in GitHub Desktop.
Save oddlyfunctional/ba9563f2523e21330cee2579f4c3aafb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
setup-saml.md

Setting up local environment to test SAML

You'll need to:

  1. clone this branch for api2
  2. clone this branch for ui
  3. run these migrations
  4. add this entry to your /etc/hosts: 127.0.0.1 coursebase.onelogin.com
  5. setup your .env in coursebase repo to use HTTP_SERVER_PORT=3000
  6. setup your .env in ui repo to use DEFAULT_API_V2_URL=http://coursebase.onelogin.com:3000/v2
  7. follow steps from https://github.com/coursebase/ui#develop-with-reasonreact to use the components defined in coursebase repo from inside the ui repo

Logging in with SAML

For now the SAML workflow is not yet integrated with the login workflow, so you won't be able to create a session. You can test that the SAML request is working though, you'll need to:

  1. Add an org to the org_saml table: INSERT INTO org_saml (org_id, issuer, required) VALUES ([desired org_id], "https://app.onelogin.com/saml/metadata/c7ad6f53-52e0-4ff1-996c-3222c0850812", [0 or 1]);
  2. Add an entry to the org_domain table: INSERT INTO org_domain (org_id, domain, created, updated) VALUES ([same org_id as above], "coursebase.onelogin.com:3000", NOW(), NOW());
  3. Add a user to the user_saml table: INSERT INTO user_saml (user_id, issuer, name_id) VALUES ([desired user_id], "https://app.onelogin.com/saml/metadata/c7ad6f53-52e0-4ff1-996c-3222c0850812", "[email protected]");
  4. Spawn all services
  5. Access http://coursebase.onelogin.com:9000/#/login (or the port of your ui server)
  6. Depending whether you set the required column from org_saml to 0 or 1, the original login form will show up or not. The button to login via SAML will show up as long as the URL matches the domain set to the org_domain table.
  7. Clicking on the SAML button you'll be redirected to login, use the email [email protected] and the password 123qweQWE
  8. You should get as the response a plain JSON with that user's data (similar to ["Bruce","Wayne","[email protected]",null,"7a6d90f850358fd36ca40d2b1b1b79a91981ba23",false,true,true,false,"2019-04-15T23:03:00.000Z","2019-05-17T01:08:55.000Z",null,"en",null,"Asia/Tokyo",0,0,null,24,"2019-04-15T23:03:00.000Z"])

There are several configurations that are still hardcoded at this point, it's possible that something won't work at first.

Change SAML idP configuration

Login into https://greyhound-dev.onelogin.com/apps/930729/edit/#configuration with email [email protected] and password 123qweQWE.

Use storybook

Run yarn run storybook from the coursebase repo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment