I am using Devise with OmniAuth for Saml. Saml callbacks do not post csrf token back and hence I get this error:
ActionController::InvalidAuthenticityToken at /users/auth/saml/callback
So, to prevent CSRF check for my SAML call back, I added the :except
for saml
method. But that doesn't seem to work. What would be a way for me to prevent CSRF checks for SAML callbacks with Devise and OmniAuth?
Here is my OmniauthCallbacks
controller:
class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
protect_from_forgery :except => [:saml]
def saml
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
raise response.to_yaml
# if response.is_valid?
# redirect_to root_url
# end
end
end
我在一个代码库中通过在控制器顶部使用这个位来解决这个问题:
skip_before_filter :verify_authenticity_token
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.