Support clock drift in Omniauth SAML provider (#15511)

The setting is not well documented by the provider, but allows for clock skew between SP and IDP, see: https://github.com/omniauth/omniauth-saml/blob/master/spec/omniauth/strategies/saml_spec.rb Co-authored-by: kaiyou <dev@kaiyou.fr>
author: kaiyou <pierre@jaury.eu> 2021-01-08 07:07:08 +0100
committer: GitHub <noreply@github.com> 2021-01-08 07:07:08 +0100
commit: f47c177eb741a99fef5708175a0a3d4dfcc02639 (patch)
tree: 8367b8eb9de0c076065a8dea29e55c189f81102b /config
parent: efffdd3778fc960280c7677906ed43dae5a952b0 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index e8d7697a1..9e037f421 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -60,6 +60,7 @@ Devise.setup do |config|
     saml_options[:attribute_statements][:verified] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']
     saml_options[:attribute_statements][:verified_email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']
     saml_options[:uid_attribute] = ENV['SAML_UID_ATTRIBUTE'] if ENV['SAML_UID_ATTRIBUTE']
+    saml_options[:allowed_clock_drift] = ENV['SAML_ALLOWED_CLOCK_DRIFT'] if ENV['SAML_ALLOWED_CLOCK_DRIFT']
     config.omniauth :saml, saml_options
   end
 end
author	kaiyou <pierre@jaury.eu>	2021-01-08 07:07:08 +0100
committer	GitHub <noreply@github.com>	2021-01-08 07:07:08 +0100
commit	f47c177eb741a99fef5708175a0a3d4dfcc02639 (patch)
tree	8367b8eb9de0c076065a8dea29e55c189f81102b /config
parent	efffdd3778fc960280c7677906ed43dae5a952b0 (diff)