Alter how Auth SAML pairs idp metadata to an institution
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Robert Lyon | ||
16.10 |
Fix Released
|
High
|
Unassigned | ||
17.04 |
Fix Released
|
High
|
Robert Lyon |
Bug Description
Currently when we store idp metadata it saves to dataroot with name of the institution it was saved in.
If other institutions want to use the same idp metadata they simply leave that field blank.
Problems with this:
1) If we delete the institution that first added the metadata the dataroot [institutionA].xml file is NOT deleted but if we add the same metadata to another institution's saml
instance a new file is created so we have 2 versions of the same info
in the dataroot: [institutionA].xml and [institutionB].xml
2) We only record the info against one saml instance so we don't know
what metadata the other saml instances are using as we leave the field blank in database
What would be more useful is if we pair all saml instances needing the idp metadata together by having institutionidpe
Then instead of naming the dataroot's metadata file to
match the institution shortname we name it to match the institutionidpe
instead.
So when we delete an institution or that institution stops using saml we can check to see if others are using the metadata and if not can safely delete the metadata.
3) We can extend the idea in (2) and we could add metadata to saml
instances by either pasting in the metadata or by specifying the idpentity
value. via dropdown, of the installed idp metadata.
Changed in mahara: | |
milestone: | none → 17.04.0 |
assignee: | nobody → Robert Lyon (robertl-9) |
tags: | added: usermanualupdate |
Patch for "master" branch: https:/ /reviews. mahara. org/7350