Devise + OmniAuth Saml: ActionController::InvalidAuthenticityToken
Question
I am using Devise with OmniAuth for Saml. Saml callbacks do not post csrf token back and hence I get this error:
ActionController::InvalidAuthenticityToken at /users/auth/saml/callback
So, to prevent CSRF check for my SAML call back, I added the :except for saml method. But that doesn't seem to work. What would be a way for me to prevent CSRF checks for SAML callbacks with Devise and OmniAuth?
Here is my OmniauthCallbacks controller:
class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
protect_from_forgery :except => [:saml]
def saml
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
raise response.to_yaml
# if response.is_valid?
# redirect_to root_url
# end
end
end
1 answers
solution1
3 2015-03-03 00:36:08
我在一个代码库中通过在控制器顶部使用这个位来解决这个问题:
skip_before_filter :verify_authenticity_token
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Devise error - ActionController::InvalidAuthenticityToken
Rails 5 + Devise: ActionController::InvalidAuthenticityToken
Getting ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken) error for devise sign in and sign up
Rails Devise - Logout error ActionController::InvalidAuthenticityToken
ActionController::InvalidAuthenticityToken in Devise::SessionsController#create error
Getting rid of ActionController::InvalidAuthenticityToken (Rails 3, webrick, devise)
ActionController::InvalidAuthenticityToken Rails 5 / Devise / Audited / PaperTrail gem
configuration for devise with omniauth-saml
ActionController::InvalidAuthenticityToken
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): Rails 5
Related Tags