@John Kennedy Thanks for reaching out. From the description I understand that you wanted to create a Shared access signature from the query string. In the document that you're referring they are generating the SAS key using the variables by passing the named values with the storage account details and not from the headers.
I see for creating a signature it requires open ssl, we don't support open ssl please refer this document to see the supported libraries.
Below is the policy to fetch the signature from the query string,
<inbound>
<set-variable name="signature" value="@{
string querystring = context.Request.OriginalUrl.QueryString;
string[] tokens = querystring.Split('&');
return tokens[5];
}" />
</inbound>
I am not an expert in Ruby on rails, please provide the relevant code in c#, I will help you in writing a complete policy.
please let me know in case of further queries, I would be happy to assist you.