Setting up an SSO client

Assumptions

How it works

Trusted OAuth clients

Unstrusted OAuth clients

Also good to know

Setup (trusted client)

Add the gem to your Gemfile

# Gemfile
gem 'sso', require: 'sso/client'

Make sure you activated the Warden middleware provided by the warden gem

See the Warden wiki. However, one thing is special here, you must not store the entire object, but only a reference to the passport. If you store the entire object, that would be a major security risk and allow for cookie replay attacks.

class Warden::SessionSerializer
  def serialize(passport)
    Redis.set passport.id, passport.to_json
    passport.id
  end

  def deserialize(passport_id)
    json = Redis.get passport_id
    SSO::Client::Passport.new JSON.parse(json)
  end
end

Set the URL to the SSO Server

See also this piece of code.

OMNIAUTH_SSO_ENDPOINT="http://server.example.com"

Setup your login logic

Rails Example:

class SessionsController < ApplicationController
  delegate :logout, to: :warden

  def new
    redirect_to '/auth/sso'
  end

  def create
    warden.set_user auth_hash.info.to_hash
    redirect_to root_path
  end

  def destroy
    warden.logout
  end

  private

  def auth_hash
    request.env['omniauth.auth]
  end

  def warden
    request.env['warden']
  end

end
````

#### Activate the middleware

This is done by making use of [Warden callbacks](https://github.com/hassox/warden/wiki/Callbacks). See [this piece of code](https://github.com/halo/sso/blob/master/lib/sso/client/warden/hooks/after_fetch.rb#L18-L22).

ruby

e.g. config/initializers/warden.rb

The options are passed on to ::Warden::Manager.after_fetch

SSO::Client::Warden::Hooks::AfterFetch.activate scope: :vip “

Profit