Support clock drift in Omniauth SAML provider (#15511)

The setting is not well documented by the provider, but allows for clock skew between SP and IDP, see: https://github.com/omniauth/omniauth-saml/blob/master/spec/omniauth/strategies/saml_spec.rb Co-authored-by: kaiyou <dev@kaiyou.fr>
author: kaiyou <pierre@jaury.eu> 2021-01-08 07:07:08 +0100
committer: Claire <claire.github-309c@sitedethib.com> 2022-01-28 22:39:48 +0100
commit: 07042a0913bdb28da5d5ead3c7ecf310bb9c6acd (patch)
tree: 545b501afd7fe486385e9b42371960cf48d39a40
parent: 4978d387ee33062768910bfea70902b2778fa5fa (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index e8d7697a114..9e037f421fc 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -60,6 +60,7 @@ Devise.setup do |config|
     saml_options[:attribute_statements][:verified] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']
     saml_options[:attribute_statements][:verified_email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']
     saml_options[:uid_attribute] = ENV['SAML_UID_ATTRIBUTE'] if ENV['SAML_UID_ATTRIBUTE']
+    saml_options[:allowed_clock_drift] = ENV['SAML_ALLOWED_CLOCK_DRIFT'] if ENV['SAML_ALLOWED_CLOCK_DRIFT']
     config.omniauth :saml, saml_options
   end
 end
author	kaiyou <pierre@jaury.eu>	2021-01-08 07:07:08 +0100
committer	Claire <claire.github-309c@sitedethib.com>	2022-01-28 22:39:48 +0100
commit	07042a0913bdb28da5d5ead3c7ecf310bb9c6acd (patch)
tree	545b501afd7fe486385e9b42371960cf48d39a40
parent	4978d387ee33062768910bfea70902b2778fa5fa (diff)