Auth0 - apokalipto/devise_saml_authenticatable GitHub Wiki

Setting up on Auth0

See official instructions here.

Once you turn on the SAML2 web app under Addon section of your Auth0 application, you can modify the SAML settings as such:

{
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

Click on the Usage section, and you can find your IDP login URL, as well as the certificate fingerprint.

Devise Config

# config/initializer/devise.rb snippet
# assuming your user model is User...

 config.saml_configure do |settings|
    settings.assertion_consumer_service_url     = "http://localhost:3000/users/saml/auth"
    settings.assertion_consumer_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
    settings.name_identifier_format             = 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress'
    settings.issuer                             = "http://localhost:3000/users/saml/metadata"
    settings.authn_context                      = ''
    # NOTE: set the idp_slo_target_url if you need to support Single Logout
    settings.idp_slo_target_url                 = ''
    settings.idp_sso_target_url                 = 'https://[your auth0 account].auth0.com/samlp/[your auth0 application client ID]'
    settings.idp_cert_fingerprint               = '[Certificate Fingerprint; see above]'
    settings.idp_cert_fingerprint_algorithm     = 'http://www.w3.org/2000/09/xmldsig#sha1'
  end