I am attempting to create a JWT within the pre_session_create_pipeline
but, even after having logged out of the IDP (ADFS) to try and start a new session, it appears as though the pipeline isn’t being hit.
Should this be hit every time we come back from the IDP?
I have config like:
identity_providers: [
%{
id: "12345-12345-12345",
sp_id: "ffwefe-ewfew-fwf-ewfw-fewf-ew",
base_url: "https://my-website.com/sso",
metadata_file: "priv/idp/metadata.xml",
pre_session_create_pipeline: MyApp.PreSessionCreatePipeline,
use_redirect_for_req: true,
sign_requests: true,
sign_metadata: true,
signed_assertion_in_resp: true,
signed_envelopes_in_resp: false
}
]
Then the pipeline tries to create a JWT from the claims and throw it back as part of the URL. It looks like:
defmodule MyApp.PreSessionCreatePipeline do
import Plug.Conn
def init(opts), do: opts
def call(conn, _opts) do
IO.inspect "Hello, I'm in the plug..."
active_assertion = conn.private[:samly_assertion]
# User's GUID from AD
resource = %{id: Samly.get_attribute(active_assertion, "objectidentifier")}
claims = %{
displayname: Samly.get_attribute(active_assertion, "displayname"),
email: Samly.get_attribute(active_assertion, "name"),
role: Samly.get_attribute(active_assertion, "Role Name")
}
opts = [ttl: {30, :minutes}]
{:ok, token, _claims} = MyApp.Guardian.encode_and_sign(resource, claims, opts)
target_url =
"https://#{conn.host}/#{token}"
|> URI.decode_www_form()
conn
|> fetch_session()
|> put_session("target_url", target_url)
end
end
The text “Hello, I’m…” is never displayed…
Thanks in advance
Rich