I have an existing application which uses the Devise gem to allow people to login. I’ve installed the additional gem devise_saml_authenticatable and followed the setup instructions here. When authenticating through Okta it always responds with 401 Unauthorized, even though the user’s account(s) are definitely working and authorized.
I’ve added the following to my devise.rb initializer.
config.saml_configure do |settings|
url_base ||= "public url of my dev server"
settings.issuer = url_base + "/users/saml/metadata"
settings.assertion_consumer_service_url = url_base + "/users/saml/auth"
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
settings.assertion_consumer_logout_service_url = url_base + "/users/saml/idp_sign_out"
settings.authn_context = ""
settings.idp_slo_target_url = ""
settings.idp_cert_fingerprint_algorithm = 'http://www.w3.org/2000/09/xmldsig#sha256'
settings.idp_cert_fingerprint = "finger print in HEX"
settings.idp_entity_id = "http://www.okta.com/exkb0ibo50PdGUUv50h7"
settings.idp_sso_target_url = "https://caffenero.oktapreview.com/app/caffenero_hrportal_1/exkb0ibo50PdGUUv50h7/sso/saml"
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
end
I’ve created an attribute-map.yml in the config directory with the following items:
"urn:mace:dir:attribute-def:uid": "user_name"
"urn:mace:dir:attribute-def:email": "email"
Can anyone give any pointers? (I can’t add the SAML response, because I get an error on this forum saying New users can only add two links in a post…)