It would be nide to have an option to add custom fields /text, hidden/ to the login form.
The gitlab added CSRF protection for omniauth providers, see my MR #23.

As I'm no ruby expert, is there any other way to push custom fields into the form or the code needed to be changed?

Hi,

I tried to setup the crowd provider for gitlab project. It will not pass the object construction, so the initialize method has wrong number of parameters. Is the 2.1.1 version compatible with the 1.1.4 of the omniauth?

root@source:/home/phudec# gem list | grep omni
gitlab_omniauth-ldap (1.0.3)
omniauth (1.1.4)
omniauth-github (1.1.1)
omniauth-google-oauth2 (0.2.0)
omniauth-oauth (1.0.1)
omniauth-oauth2 (1.1.1)
omniauth-twitter (1.0.0)
omniauth_crowd (2.1.1)

When comparing to twitter and facebook as OmniAuth providers, "omniauth_crowd" appears to be returning me to the incorrect url only when deploying the application to a sub-uri.

==Working Setup running application in stand-alone rails server==
When working on the application and starting the webbrick server on port 3000, the effective url for the application is http://server/auth/crowd to get the login prompt. After providing my credentials, I am returned to the correct callback_url, which is http://server/auth/crowd/callback.
Login URL: http://server/auth/crowd
Callback URL: http://server/auth/crowd/callback

==Failing Setup==
When deploying the application to our typical in-house setup of using a sub-uri, the effective url is http://server/subdirectory/auth/crowd to get the login prompt. After providing credentials, I am returned to the incorrect callback_url, which is: http://server/auth/crowd/callback.
Login URL: http://server/subdirectory/auth/crowd
Callback URL: http://server/auth/crowd/callback

==Working Setup using facebook provider==
Login URL: http://server/subdirectory/auth/facebook
Callback URL: http://server/subdirectory/auth/facebook/callback

==Working Setup using twitter provider==
Login URL: http://server/subdirectory/auth/twitter
Callback URL: http://server/subdirectory/auth/facebook/twitter

The issue is the failing setup drops the subdirectory/sub-uri. I found a similar problem fixed previously by omniauth. I have confirmed I am using the updated code with the fix
omniauth/omniauth#212

Thanks very much for your time and maintenance of this gem!

I could successfully login into crowd using this plugin, but if I will login in some other our crowd resource and
then will try to redirect on /auth/crowd/ in my application then I will have the 'login into crowd' screen again, while I expecting
already being logged (like using twitter provider for omniauth).

No matter logged I somewhere on not in crowd it everytimes asks me to login again from my app. Is this is a limitation of this plugin or I am doing something
wrong ?

This is the output I get when I run bundle install and bundle exec rake. Can you help fix them?

$ bundle install

Resolving dependencies...
Using rake 10.3.2
Using i18n 0.6.11
Using json 1.8.1
Using minitest 5.4.0
Using thread_safe 0.3.4
Using tzinfo 1.2.2
Using activesupport 4.1.4
Using addressable 2.3.6
Using bundler 1.10.6
Using safe_yaml 1.0.3
Using crack 0.4.2
Using diff-lcs 1.2.5
Using hashie 3.2.0
Using mini_portile 0.6.0
Using nokogiri 1.6.3.1
Using rack 1.5.2
Using omniauth 1.2.2
Using omniauth_crowd 2.2.3 from source at .
Using rack-test 0.6.2
Using rspec-support 3.0.3
Using rspec-core 3.0.3
Using rspec-expectations 3.0.3
Using rspec-mocks 3.0.3
Using rspec 3.0.0
Using webmock 1.18.0
Bundle complete! 7 Gemfile dependencies, 25 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

$ bundle exec rake

/usr/bin/ruby2.2 -I/var/lib/gems/2.2.0/gems/rspec-core-3.0.3/lib:/var/lib/gems/2.2.0/gems/rspec-support-3.0.3/lib -S /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/exe/rspec ./spec/omniauth/strategies/crowd_spec.rb
/var/lib/gems/2.2.0/gems/safe_yaml-1.0.3/lib/safe_yaml/load.rb:43:in `<module:SafeYAML>': undefined method `tagged_classes' for Psych:Module (NoMethodError)
    from /var/lib/gems/2.2.0/gems/safe_yaml-1.0.3/lib/safe_yaml/load.rb:26:in `<top (required)>'
    from /var/lib/gems/2.2.0/gems/crack-0.4.2/lib/crack/json.rb:6:in `require'
    from /var/lib/gems/2.2.0/gems/crack-0.4.2/lib/crack/json.rb:6:in `<top (required)>'
    from /var/lib/gems/2.2.0/gems/crack-0.4.2/lib/crack.rb:6:in `require'
    from /var/lib/gems/2.2.0/gems/crack-0.4.2/lib/crack.rb:6:in `<top (required)>'
    from /var/lib/gems/2.2.0/gems/webmock-1.18.0/lib/webmock.rb:5:in `require'
    from /var/lib/gems/2.2.0/gems/webmock-1.18.0/lib/webmock.rb:5:in `<top (required)>'
    from /home/balasankarc/packaging/trying/omniauth-crowd/source/omniauth_crowd/spec/spec_helper.rb:4:in `require'
    from /home/balasankarc/packaging/trying/omniauth-crowd/source/omniauth_crowd/spec/spec_helper.rb:4:in `<top (required)>'
    from /home/balasankarc/packaging/trying/omniauth-crowd/source/omniauth_crowd/spec/omniauth/strategies/crowd_spec.rb:1:in `require'
    from /home/balasankarc/packaging/trying/omniauth-crowd/source/omniauth_crowd/spec/omniauth/strategies/crowd_spec.rb:1:in `<top (required)>'
    from /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/lib/rspec/core/configuration.rb:1057:in `load'
    from /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/lib/rspec/core/configuration.rb:1057:in `block in load_spec_files'
    from /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/lib/rspec/core/configuration.rb:1057:in `each'
    from /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/lib/rspec/core/configuration.rb:1057:in `load_spec_files'
    from /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/lib/rspec/core/runner.rb:97:in `setup'
    from /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/lib/rspec/core/runner.rb:85:in `run'
    from /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/lib/rspec/core/runner.rb:70:in `run'
    from /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/lib/rspec/core/runner.rb:38:in `invoke'
    from /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/exe/rspec:4:in `<main>'
/usr/bin/ruby2.2 -I/var/lib/gems/2.2.0/gems/rspec-core-3.0.3/lib:/var/lib/gems/2.2.0/gems/rspec-support-3.0.3/lib -S /var/lib/gems/2.2.0/gems/rspec-core-3.0.3/exe/rspec ./spec/omniauth/strategies/crowd_spec.rb failed

I see this gem doesn't use the CrowdID OpenID provider; it uses the Crowd REST API. So therefore this needs to have its own login form, which I understand. It looks like it can't be customized, because it uses OmniAuth::Form, and the OmniAuth::Strategies::Crowd#get_credentials method from omniauth_crowd creates it. Am I missing something here? The default form, which I think is otherwise only used for the development strategy is ugly (not your fault 😄 )

details and full build log here https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867654

Hey there,

So on a former app I use the old crowd_rails gem by stefanwille. It keeps working.

However, using this gem as an auth strategy with the latest devise, no dice. The server URL, app name and app passwords have been duly checked, and all the FQDNs + IPs I use for the Rails app are greenlighted in my Crowd app config. Ah, and of course, the credentials I use to log in interactively work fine (including in the Crowd app authentication test, and in the other Rails app I use, based on crowd_rails).

Is there a way to make the gem log more details? Like, request/response streams with the Crowd server? Because I'm blind here!

Thanks

I attempted to address this problem with pull request #13 , but it appears that even with the fix applied the problem remains outstanding. I believe the issue is due to a special character ("<") in my password.

My fix attempt in pull request #13 included tests, but it appears that the tests did not fully describe the necessary behavior to avoid the problem. I can try to fix again, but I'll have to set up a full stack locally to do integration testing since I can't verify through simple unit tests. If someone else already has such a test environment and can take this issue that would be helpful, since I've already invested quite a bit of time into this issue and I have other more pressing concerns to attend to. Otherwise I will set up an integration testing environment and attempt to fix it, probably later this week.

Here is the logged output from an attempt to log in, using omniauth_crowd v2.1.2:

[ 2013-08-14 16:19:02.7204 23253/7f1a6010c700 Pool2/Implementation.cpp:1182 ]: [App 23374 stdout] I, [2013-08-14T16:19
:02.719136 #23374]  INFO -- omniauth: (crowd) Request phase initiated.                                                
[ 2013-08-14 16:19:02.7600 23253/7f1a6010c700 Pool2/Implementation.cpp:1182 ]: [App 23374 stdout] I, [2013-08-14T16:19
:02.759924 #23374]  INFO -- omniauth: (crowd) Callback phase initiated.                                               
[ 2013-08-14 16:19:03.9487 23253/7f1a6010c700 Pool2/Implementation.cpp:1182 ]: [App 23374 stdout] W, [2013-08-14T16:19
:03.948583 #23374]  WARN -- omniauth: (crowd) [retrieve_user_info!] response code: 400                                
[ 2013-08-14 16:19:03.9488 23253/7f1a6010c700 Pool2/Implementation.cpp:1182 ]: [App 23374 stdout] W, [2013-08-14T16:19
:03.948820 #23374]  WARN -- omniauth: (crowd) [retrieve_user_info!] response body: <?xml version="1.0" encoding="UTF-8
" standalone="yes"?><error><reason>INVALID_USER_AUTHENTICATION</reason><message>Account with name &lt;vplacsa&gt; fail
ed to authenticate: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, dat
a 52e, v1db1\u0000]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapEr
r: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1\u0000]</message></error>                      
[ 2013-08-14 16:19:03.9490 23253/7f1a6010c700 Pool2/Implementation.cpp:1182 ]: [App 23374 stdout] E, [2013-08-14T16:19
:03.948983 #23374] ERROR -- omniauth: (crowd) Authentication failure! invalid_credentials encountered.   

omniauth_crowd works as expected on my local machine, but when I deploy application to the Debian server it is missing the application_name.

From my crowd_access.log:

from local machine (where example_app is an application name)

example_app [06/Apr/2013:06:12:59 +0400] "POST /crowd/rest/usermanagement/latest/authentication?username=a.smolov HTTP/1.1" 200 653 "-" "Ruby"

from server (application name is missing)

- [06/Apr/2013:05:45:47 +0400] "POST /crowd/rest/usermanagement/latest/authentication?username=a.smolov HTTP/1.1" 401 45 "-" "Ruby"

I am now on Rails 3.1 and the Login-Form for OmniAuth-Crowd stopped looking fine. Obviously there is something wrong with the referrencing of the stylesheets and images. Sounds like a AssetPipeline problem to me.

I really don't know how the login form is rendered. I did not find any action or template that is handling this.

Can someone help me? I anyone using Crowd and Rails 3.1 with AssetPipeline?

Thanks in advance,
Torsten

Do you follow https://SemVer.org ? If yes, can you document it in README.

After putting in my credentials and clicking connect I get the following error:

NameError (uninitialized constant OmniAuth::Strategies::Crowd::CrowdValidator::Net)

I have made sure I have my source IP in Crowd and that the app name and password are correct. Any ideas?

Hello, maintainer of OmniAuth here.

I just wanted to make the maintainers of this gem aware of the discussion that I have opened regarding v2.0.0 of OmniAuth. I invite you to join in and voice any concerns you may have here: omniauth/omniauth#1017

Per discussion at https://meta.discourse.org/t/crowd-plugin-authentication/22068/4 , there is a reasonable request to have the ability to specify the SSL certificate to use to verify the requests. Currently, we have an option to disable_ssl_verification to do no verification, but it would be nice to pass the certificate.

OmniAuth 1.0 was just released.

So for now you have to change your Gemfile

`gem 'omniauth', '~> 0.3.2'``

Any plans on upgrading omniauth_crowd to work with the newer version?