(wip) add saml provider

Gemfile

@@ -72,6 +72,7 @@ gem 'devise', '>= 4.9'
 gem 'omniauth', '~> 2.1'
 gem 'omniauth-oauth2'
 gem 'omniauth_openid_connect'
+gem 'omniauth-saml'
 gem 'omniauth-rails_csrf_protection', '~> 1.0'
 
 gem 'rolify'

Gemfile.lock

@@ -292,6 +292,9 @@ GEM
     omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
+    omniauth-saml (2.1.0)
+      omniauth (~> 2.0)
+      ruby-saml (~> 1.12)
     omniauth_openid_connect (0.6.1)
       omniauth (>= 1.9, < 3)
       openid_connect (~> 1.1)
@@ -422,6 +425,9 @@ GEM
       rubocop (>= 1.7.0, < 2.0)
     ruby-progressbar (1.10.1)
     ruby-rc4 (0.1.5)
+    ruby-saml (1.16.0)
+      nokogiri (>= 1.13.10)
+      rexml
     ruby-vips (2.1.4)
       ffi (~> 1.12)
     rubyXL (3.4.25)
@@ -579,6 +585,7 @@ DEPENDENCIES
   omniauth (~> 2.1)
   omniauth-oauth2
   omniauth-rails_csrf_protection (~> 1.0)
+  omniauth-saml
   omniauth_openid_connect
   openlab_ruby
   overcommit

app/controllers/sessions_controller.rb

@@ -7,6 +7,7 @@ class SessionsController < Devise::SessionsController
     if active_provider.providable_type == 'DatabaseProvider'
       super
     else
+      p active_provider
       redirect_post "/users/auth/#{active_provider.strategy_name}"
     end
   end

lib/omni_auth/strategies/sso_saml_provider.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'omniauth-saml'
+
+# Authentication strategy provided trough SAML
+class OmniAuth::Strategies::SsoSamlProvider < OmniAuth::Strategies::SAML
+  include OmniAuth::DataMapping::Mapper
+end

lib/tasks/fablab/auth.rake

@@ -5,21 +5,6 @@ namespace :fablab do
   namespace :auth do
     desc 'switch the active authentication provider'
     task :switch_provider, [:provider] => :environment do |_task, args|
-      providers = AuthProvider.all.inject('') { |str, item| "#{str}#{item[:name]}, " }
-      unless args.provider
-        puts "\e[0;31mERROR\e[0m: You must pass a provider name to activate. Available providers are: #{providers[0..-3]}"
-        next
-      end
-
-      if AuthProvider.find_by(name: args.provider).nil?
-        puts "\e[0;31mERROR\e[0m: the provider '#{args.provider}' does not exists. Available providers are: #{providers[0..-3]}"
-        next
-      end
-
-      if AuthProvider.active.name == args.provider
-        puts "\e[0;31mERROR\e[0m: the provider '#{args.provider}' is already enabled"
-        next
-      end
 
       # disable previous provider
       prev_prev = AuthProvider.previous
@@ -28,7 +13,7 @@ namespace :fablab do
       AuthProvider.active.update(status: 'previous') unless AuthProvider.active.name == 'DatabaseProvider::SimpleAuthProvider'
 
       # enable given provider
-      AuthProvider.find_by(name: args.provider).update(status: 'active')
+      AuthProvider.find_by(name: 'FabManager').update(status: 'active')
 
       # migrate the current users.
       if AuthProvider.active.providable_type == DatabaseProvider.name