LINE WORKS Developers

コミュニティ

LINE WORKSのテクニカルエキスパート及び開発者と
コードのサンプル、リソース、Tip等を共有し問題解決への相談が可能です。

??dev_메인_타이틀_모바일_ja_JP??

SSO

Issue with Client Implementations to Register SP for SAML 2.0 Authentication

画像

シャーバビック

2018.01.27既読 165

Hi There,


We are trying to implement SAML based authentication for our customers through below link. 


https://developers.worksmobile.com/kr/document/1001006


We are able to send the SAML request and it opens Lines works login page too. However, when submitting the credentials it calls ACS url with GET method. I think as per your documentation it should be POST.


I have set ACS URL as below and same is set in devise gem with Ruby on Rails application for SAML authentication.

http://<my host name>/m_user_login/saml/auth


Can you please help.


Let me know in case more information is required.

コメント6

  • 画像

    LINE WORKS 公式アカウント

    We are still in discussion about your feedback.
    Please wait for a while.

    2018.01.30

    0
  • Can you please update us? We are planning to add this functionality and demonstrate it during our participation of an event scheduled on this Friday.

    2018.01.31

    0
  • 画像

    LINE WORKS 公式アカウント

    We apologize for our delayed contact.

    Could you set the "ProtocolBinding" parameter which is in your request as "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ?
    When you set that parameter as "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-GET",  
    ACS url has been called with GET method.

    If you already use "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-GET",
    please let us know that.

    2018.02.01

    0
  • Hi There,

    Thanks for the response.

    We have already tried that solution but devise has the auth url implemented as POST method (POST http://localhost:3000/users/saml/auth), so even if ACS called with GET we can't make it work with devise. After changing ProtocolBinding to GET its showing 404 not found. but the same url can be accessible with POST.

    Is there any work around you are aware of?

    Devise SAML which we are using with Line SAML : https://github.com/apokalipto/devise_saml_authenticatabl

    2018.02.01

    0
  • 画像

    LINE WORKS 公式アカウント

    Thank you for reporting us.
    We were very sorry.
    Currently, we supports only POST binding.

    Could you confirm whether your "ProtocolBinding" parameter exactly matches "urn: oasis: names: tc: SAML: 2.0: bindings: HTTP - POST" ?
    When the parameter does not exactly matche,  it doesn't work.

    2018.02.02

    0
  • Thanks, it is working with protocol binding.
    We need to change
    settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    to
    settings.protocol_binding  = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    to make it work.

    2018.02.03

    0