Я предполагаю, что вы правильно настроили свой omniauth.rb, где:
Issuer Name: This should be in the format of the adfs sever domain followed by /adfs/services/trust
Issuer: This is where your login requests will be sent, normally it will be the path /adfs/ls on the ADFS server.
Realm: This should match the domain that you provide in your federation metadata document
Reply: This is where you want the response from ADFS to be returned to in your application. This is normally the path /auth/wsfed/callback when using Omniauth.
SAML Version: The version of SAML tokens. Defaults to 2
ID Claim: This is the name of the claim field that ADFS will return that should be used as the unique identifier.
IDP Cert Fingerprint: Your Windows Administrator should be able to tell you this, but if not a way to find it is to put in any string, do a test login to ADFS — this will fail when doing the callback as the certificate doesn’t match, however if you inspect the response in the Chrome Web Inspector you will be able to see the X509 Certificate in the response. You can then use OpenSSL tools, or this online tool to get the fingerprint of the certificate.
Также настройка маршрутов обратного вызова, как показано ниже
match '/auth/:provider/callback' => 'sessions#create', via: [:get, :post]
match '/auth/failure' => 'sessions#failure', via: [:get]
**controller#action** может отличаться в зависимости от структуры вашего приложения.
Вы можете обрабатывать обратный вызов так же, как и любой провайдер Omniauth.
def create
auth = request.env["omniauth.auth"]
auth.uid # Gets the UID value of the user that has just signed in
# Create a session, redirect etc
end
Вы можете обратиться к репо для дальнейшего использования.
https://blog.craig.io/using-microsoft-adfs-with-ruby-on-rails-and-omniauth-a26237c64f8d
https://github.com/kbeckman/omniauth-wsfed
Надеюсь, это поможет.