Moon
Reputation: 35265
Devise + OmniAuth Saml: ActionController::InvalidAuthenticityToken
I am using Devise with OmniAuth for Saml. Saml callbacks do not post csrf token back and hence I get this error:
ActionController::InvalidAuthenticityToken at /users/auth/saml/callback
So, to prevent CSRF check for my SAML call back, I added the :except for saml method.
But that doesn't seem to work. What would be a way for me to prevent CSRF checks for SAML callbacks with Devise and OmniAuth?
Here is my OmniauthCallbacks controller:
class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
protect_from_forgery :except => [:saml]
def saml
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
raise response.to_yaml
# if response.is_valid?
# redirect_to root_url
# end
end
end
Upvotes: 3
Views: 1590
Answers (1)
Carl
Reputation: 1263
I'm in a codebase that gets around this by using this bit at the top of controller:
skip_before_filter :verify_authenticity_token
Upvotes: 3
Related Questions
- Devise: devise_saml_authenticatable - uninitialized constant SamlSessionsController
- Setting up SAML callback in Rails using Devise and OmniAuth-SAML
- configuration for devise with omniauth-saml
- Cannot getting devise omniauthable working
- Rails 4: devise and omniauthable error
- devise + omniauth auth/failure?message=invalid_credentials
- OmniAuth Invalid Response Error
- OmniAuth Single Sign On with Devise, invalid_credentials
- Help Using Devise with the built-in Omniauth Support
- Devise omniauth integration problem