saml_idp icon indicating copy to clipboard operation
saml_idp copied to clipboard

Published 20 hours ago verified publisher icon saml-idp

Alternative to support multiple x509 Certificates via procs

Open pelted opened this issue 6 months ago • 5 comments

What this PR does

  • allows for looking up x509 certificates with a proc in the SamlIdp config
  • calls the proc or falls back to the original behavior where appropriate
  • adds short example in the REDME documentation

Why

This is an alternative approach to supporting multiple x509 certificates, secret keys, and password. This uses procs in the SamlIdp configuration as an alternative to #186 and #209.

I have been using this approach for some time now using a service object as a finder for the appropriate cert and secret key.

Some examples for looking these up:

config.x509_certificate = -> { File.read("cert.pem") }
config.secret_key = -> { SecretKeyFinder.key_for(id: 1) }
config.password = -> { Rails.application.credentials.dig(:saml_idp, :password ) }

pelted avatar Jul 31 '24 19:07 pelted