Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

devise_ticketable

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

devise_ticketable

  • 0.0.1
  • Rubygems
  • Socket score
Version published
Maintainers
1
Created
Source

devise_ticketable

Adds support to devise for acting as a single sign on server using mod_auth_tkt for the Apache HTTP Server

Installation

Rails 2.3 - add the following to your list of gems

config.gem 'devise_ticketable'

Rails 3 - add the following to your Gemfile

gem 'devise_ticketable'

Configuration

devise_ticketable add a few configuration options to devise.

  1. The secret used to generate cookies. Set to empty string by default. Should be set to some long and random string comparable to the Rails cookie secret. This value needs to mach your webserver configuration!

    config.auth_tkt_domain = secret

  2. The domain for which the cookie is valid. Not set by default. Setting this to something like '.example.com' allows single sign on across multiple subdomains

    config.auth_tkt_domain = ''

  3. Optionally do a Base64 encode of the cookie data. Not enabled by default.

    config.auth_tkt_encode = false

  4. Ignore the remote ip address when generating or validating the ticket. Not enabled by default.

    config.auth_tkt_ignore_ip = false

Accessors / Model attributes

devise_ticketable makes use of a few optional but recommended accessors on your user model.

  1. :auth_tkt_user

    Define this so that it returns the username you might later use to grant access

  2. :auth_tkt_user_data

    Can be used to return payload data that mod_auth_tkt may use

  3. :auth_tkt_token_list

    Should return a list of comma separated tokens can be used for authentication purposes by mod_auth_tkt. Possible uses include returning group memberships or roles.

Limitations

Currently the cookie name is hardcoded to auth_tkt. As there is no documentation available for mod_auth_tkt that suggests that the cookie name is configurable this doesn't pose any serious problems.

Note on Patches/Pull Requests

  • Fork the project.
  • Make your feature addition or bug fix.
  • Add tests for it. This is important so I don't break it in a future version unintentionally.
  • Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
  • Send me a pull request. Bonus points for topic branches.

Copyright

Copyright (c) 2010 Morton Jonuschat. See LICENSE for details.

FAQs

Package last updated on 29 Jul 2010

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

Security News

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.

By Sarah Gooding  -  Nov 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc