This is a proof of concept of a Ruby on Rails application with Shibboleth authentication, pure rails session and a working single sign off.
This application follows: SLOWebappAdaptation .
Short things first: it is not worth. There are easier ways to have Ruby on Rails and SAML2 auth to go hand in hand, with single logout included.
The hard part is not the Shibboleth one: you just need to add a Notify
The matter is this setup is completely against a few Rails' conventions:
- SOAP support has been dropped from Rails since version 1.2;
- you are not expect to tweak with arbitrary session objects which in turn means:
- you can't use the trusted cookie session store but you have to switch to the harder database-backed session store, which by the way you need to customize a bit to hold the Shib-Session-ID data;
- you need to fight against encrypted sessions, the default.
If nevertheless interested, have a look at source code on github.