This repository was archived by the owner on Apr 19, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
executable file
·186 lines (144 loc) · 7.22 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
InformationCardAuthentication
=============================
A plugin for integrating information card authentication into your Rails application.
Prerequisites
=============
Server
------
Web server with SSL For an application to accept Information Cards, an SSL channel is most likely required.
To configure a Ruby on Rails application to use SSL, an option is to use Apache with mod_ssl which proxies
requests to your mongrel server or cluster.
Client
------
* Internet Explorer 7 with Windows Vista or Windows XP with .NET 3.0 Framework
* Firefox with either the Identity Selector Extension or Identity Selector Plugin
* Safari with the InfoCard Selector plugin
* Another browser with an identity selector plugin
Assumptions
===========
Information Card authentication is intended to supplement a user authentication system.
It is assumed that you already have a Rails application with an existing authentication system already
installed and configured.
If you don't have one, an option is to use the acts_as_authenticated plugin.
To install acts_as_authenticated, run the following commands from a command line inside your Rails application.
script/plugin source http://svn.techno-weenie.net/projects/plugins
script/plugin install acts_as_authenticated
script/generate authenticated user account
rake db:migrate
Installation
============
Install the information_card gem from the remote repository.
gem install information_card
Install plugin from the remote repository.
script/plugin install svn://rubyforge.org/var/svn/informationcard/plugin/trunk/information_card_authentication
Run the generator scripts to incorporate Information Card authentication into your application
where <user model name> is replaced with your actual user model name (ie. User).
script/generate information_card_authentication <user model name>
The following files will be generated:
create db/migrate/002_create_<user model name>_information_cards.rb
create app/models/<user model name>_information_card.rb
create app/controllers/<user model name>_information_card_controller.rb
create app/helpers/<user model name>_information_card_helper.rb
create app/views/<user model name>_information_card
create test/unit/information_card_authentication_test.rb
create test/unit/<user model name>_information_card_test.rb
create test/functional/<user model name>_information_card_controller_test.rb
create test/fixtures/<user model name>_information_cards.yml
create lib/information_card_authentication
create lib/information_card_authentication.rb
Run the new database migration and tests to verify that everything worked correctly.
rake db:migrate
rake test
Configuration
=============
In your development.rb (and likely, test.rb and production.rb), add the following to configure Information Card
authentication, replacing the values with your own.
config.after_initialize do
# the path to your web server SSL certificate
InformationCard::Config.certificate_location = 'path/to/your/apache/ssl/directory'
# the subject of your SSL certificate
InformationCard::Config.certificate_subject = '/CN=http://yourwebsite.com'
# specifies audience restriction scope (:page level or :site level)
InformationCard::Config.audience_scope = :page
# specifies url(s) from which assertions can be processed
InformationCard::Config.audiences = ['https://yourwebsite.com/login']
# claims which will be required to be specified by the user
InformationCard::Config.required_claims = [:ppid, :given_name, :surname]
# claim which will uniquely identify the Information Card
InformationCard::Config.identity_claim = :ppid
end
SSL certificates must be named in the following format and placed in the same directory as configured above.
<certificate name>.key
<certificate name>.crt
Implementation
==============
Information Card authentication libraries are included automatically in <user model name>InformationCardController
and <user model name>InformationCardHelper, but if you need them globally throughout your application, you can
optionally include them in ApplicationController and ApplicationHelper.
application.rb
--------------
class ApplicationController < ActionController::Base
include InformationCardAuthentication::ControllerExtensions
application_helper.rb
---------------------
module ApplicationHelper
include InformationCardAuthentication::ViewExtensions
To create a form to launch the Information Card identity selector, include the following code in your view.
Note the call to information_card_claims, which adds the required HTML markup to launch and inform the
identity selector of the required claims (configured previously). Submitting this form will include
params[:encrypted_information_card] in the post to the server, which can be used in the subsequent controller
code to authenticate and create information cards.
<% form_tag do -%>
<%= information_card_claims %>
<%= submit_tag 'Log in with your Information Card' %>
<% end -%>
To authenticate a user's Information Card, include the following code in the login method of your controller.
authenticate_with_information_card(params[:encrypted_information_card]) do |status, information_card, errors|
case status
when :failed_validation
flash[:error] = "Could not login with Information Card"
# redirect back to login page
when :failed_authentication
flash[:error] = "Could not login with Information Card"
# redirect back to login page
when :successful
if User.find_by_id(information_card.user.id)
flash[:notice] = "Logged in successfully"
# redirect to signed in page
else
flash[:error] = "Login unsuccessful"
# redirect back to login page
end
end
end
To create a new Information Card, include the following code in the create method of your controller.
This can be used to associate an Information Card with either a new user wishing to create an account or an existing user.
Your code to handle the :successful case will need to be written accordingly.
create_information_card(params[:encrypted_information_card]) do |status, information_card, errors|
case status
when :failed
flash[:error] = "Could not create Information Card"
#redirect back to signup page
when :duplicate
flash[:error] = "Information card has already been used"
#redirect back to signup page
when :successful
flash[:notice] = "Information card successfully added"
# associate Information Card with user (ie. user.user_information_cards << information_card)
# save user (ie. user.save)
end
end
To remove an Information Card from the database and disassociate it from a user, add the following code to your controller.
UserInformationCard.find(params[:id]).destroy
Community
=========
Discussion regarding the Information Card Authentication plugin takes place on the RubyForge mailing lists.
http://rubyforge.org/mailman/listinfo/informationcard-users
Please join us to discuss, ask questions and report bugs.
Authors
=======
Joe Poon
Jason Sallis
Copyright and License
=====================
Copyright (c) 2007 ThoughtWorks, released under the BSD license.