Alter how Auth SAML pairs idp metadata to an institution

Bug #1650995 reported by Robert Lyon on 2016-12-19
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Robert Lyon
16.10
High
Unassigned
17.04
High
Robert Lyon

Bug Description

Currently when we store idp metadata it saves to dataroot with name of the institution it was saved in.

If other institutions want to use the same idp metadata they simply leave that field blank.

Problems with this:

1) If we delete the institution that first added the metadata the dataroot [institutionA].xml file is NOT deleted but if we add the same metadata to another institution's saml
instance a new file is created so we have 2 versions of the same info
in the dataroot: [institutionA].xml and [institutionB].xml

2) We only record the info against one saml instance so we don't know
what metadata the other saml instances are using as we leave the field blank in database

What would be more useful is if we pair all saml instances needing the idp metadata together by having institutionidpentityid set for all institution's saml auth using it.

Then instead of naming the dataroot's metadata file to
match the institution shortname we name it to match the institutionidpentityid
instead.

So when we delete an institution or that institution stops using saml we can check to see if others are using the metadata and if not can safely delete the metadata.

3) We can extend the idea in (2) and we could add metadata to saml
instances by either pasting in the metadata or by specifying the idpentity
value. via dropdown, of the installed idp metadata.

Robert Lyon (robertl-9) on 2016-12-19
Changed in mahara:
milestone: none → 17.04.0
assignee: nobody → Robert Lyon (robertl-9)
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/7357

Reviewed: https://reviews.mahara.org/7335
Committed: https://git.mahara.org/mahara/mahara/commit/8665b925f24c86fce1ae9a03e3d52d0a6dd1e905
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 8665b925f24c86fce1ae9a03e3d52d0a6dd1e905
Author: Robert Lyon <email address hidden>
Date: Wed Dec 14 21:02:25 2016 +1300

Bug 1650995: Auth saml idp metadata fix

This patch allows the dataroot/metadata/*.xml file to be named after
the idp rather than the Mahara institution.

Also added
- A select dropdown so that institution can pick existing auth to be
paired to
- Upgrade to rename the dataroot/metadata/*.xml file
- Check to stop being able to add blank metadata field
- An alert for user when updating metadata if other institutions are also being effected
- Delete the metadata if deleted institution is only one using it

behatnotneeded

Change-Id: Ie3f5cdc523404b1081352ede67aab591e79b6dbb
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/7350
Committed: https://git.mahara.org/mahara/mahara/commit/6f33d3c9304c84f586734723206b8ff3d34ca9dd
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 6f33d3c9304c84f586734723206b8ff3d34ca9dd
Author: Robert Lyon <email address hidden>
Date: Tue Dec 20 09:05:34 2016 +1300

Bug 1650995: Move get discovery list to it's own function

behatnotneeded

Change-Id: I353fe7390d6f8fd2bbebc9bec01188428edf786e
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/7357
Committed: https://git.mahara.org/mahara/mahara/commit/5f62ff6c44e0b4caef3f4191754824b734a17f87
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 5f62ff6c44e0b4caef3f4191754824b734a17f87
Author: Robert Lyon <email address hidden>
Date: Wed Dec 21 15:41:23 2016 +1300

Bug 1650995: Fixing IdP discovery page sort order

Sorting by 'Identity Provider entity' column

behatnotneeded

Change-Id: I8ef8d9a34d0f13f752377d01ef666fe170254d3f
Signed-off-by: Robert Lyon <email address hidden>

Reviewed: https://reviews.mahara.org/7561
Committed: https://git.mahara.org/mahara/mahara/commit/9f266d8034781ab51b7585b93bf4b6c57fb31fa6
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 9f266d8034781ab51b7585b93bf4b6c57fb31fa6
Author: Robert Lyon <email address hidden>
Date: Wed Dec 21 15:41:23 2016 +1300

Bug 1650995: Fixing IdP discovery page sort order

Sorting by 'Identity Provider entity' column

behatnotneeded

Change-Id: I8ef8d9a34d0f13f752377d01ef666fe170254d3f
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 5f62ff6c44e0b4caef3f4191754824b734a17f87)

tags: added: usermanualupdate
Mahara Bot (dev-mahara) wrote :

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7674

Robert Lyon (robertl-9) wrote :

Need to add in a couple of missing patches to 16.10.3

Reviewed: https://reviews.mahara.org/7674
Committed: https://git.mahara.org/mahara/mahara/commit/864fb0f9cb7d3c08933e11d3afb78b263f6e6317
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 864fb0f9cb7d3c08933e11d3afb78b263f6e6317
Author: Robert Lyon <email address hidden>
Date: Wed Dec 14 21:02:25 2016 +1300

Bug 1650995: Auth saml idp metadata fix

This patch allows the dataroot/metadata/*.xml file to be named after
the idp rather than the Mahara institution.

Also added
- A select dropdown so that institution can pick existing auth to be
paired to
- Upgrade to rename the dataroot/metadata/*.xml file
- Check to stop being able to add blank metadata field
- An alert for user when updating metadata if other institutions are also being effected
- Delete the metadata if deleted institution is only one using it

behatnotneeded

Change-Id: Ie3f5cdc523404b1081352ede67aab591e79b6dbb
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/7675
Committed: https://git.mahara.org/mahara/mahara/commit/febbfdb2b19596269817a2d27c614e2720fa4f5f
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit febbfdb2b19596269817a2d27c614e2720fa4f5f
Author: Robert Lyon <email address hidden>
Date: Tue Dec 20 09:05:34 2016 +1300

Bug 1650995: Move get discovery list to it's own function

behatnotneeded

Change-Id: I353fe7390d6f8fd2bbebc9bec01188428edf786e
Signed-off-by: Robert Lyon <email address hidden>

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers