Adam ⚛ Stegman

This is a good idea! I'll need to do some research on how this could work.

To redirect to a landing page, I would use a devise failure app, as described in the devise wiki: https://github.com/plataformatec/devise/wiki/How-To:-Redirect-to-a-specific-page-when-the-user-can-not-be-authenticated I've never implemented a login flow using a popup window,...

Interesting. I would suspect the `before_action` is stepping in and redirecting, where there was nothing before. You could skip it or redefine it to have different behavior.

Hi @klouvas, thanks for the contribution! I don't think this requires a fix on our end—applications can update their version of ruby-saml without needing to update this gem.

If there's a security issue, definitely! But for anything else, it's not our responsibility, and in fact we'd be breaking compatibility with applications using older versions of ruby-saml.

Thanks for bringing this up! The `module` option is new to me. I can guess at what it does, but I don't see how it works in the devise code....

That would be a fine short-term fix, but I'd like to understand the `module` option better and fully support it.

In default operation, the new user is saved using the `saml_update_resource_hook`: https://github.com/apokalipto/devise_saml_authenticatable/blob/2d47b4fb948e76035da6d7c7df80d2167f35cba8/lib/devise_saml_authenticatable/model.rb#L68-L70. Can I see your devise SAML configuration from `config/initializers/devise.rb`, with any credentials or secrets removed?

You can merge master to fix this build, I removed Ruby 2.7 🙂

Great catch! We are using `current_user` in that method as of #149. We probably need to make the `current_user` method configurable. In the meantime, is SP-initiated logout working for you?...