Mahara

Alter how Auth SAML pairs idp metadata to an institution

Bug #1650995 reported by Robert Lyon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Robert Lyon
Mahara 17.04.0
16.10
Fix Released
High
Unassigned
Mahara 16.10.3
17.04
Fix Released
High
Robert Lyon
Mahara 17.04.0

Bug Description

Currently when we store idp metadata it saves to dataroot with name of the institution it was saved in.

If other institutions want to use the same idp metadata they simply leave that field blank.

Problems with this:

1) If we delete the institution that first added the metadata the dataroot [institutionA].xml file is NOT deleted but if we add the same metadata to another institution's saml
instance a new file is created so we have 2 versions of the same info
in the dataroot: [institutionA].xml and [institutionB].xml

2) We only record the info against one saml instance so we don't know
what metadata the other saml instances are using as we leave the field blank in database

What would be more useful is if we pair all saml instances needing the idp metadata together by having institutionidpentityid set for all institution's saml auth using it.

Then instead of naming the dataroot's metadata file to
match the institution shortname we name it to match the institutionidpentityid
instead.

So when we delete an institution or that institution stops using saml we can check to see if others are using the metadata and if not can safely delete the metadata.

3) We can extend the idea in (2) and we could add metadata to saml
instances by either pasting in the metadata or by specifying the idpentity
value. via dropdown, of the installed idp metadata.

Robert Lyon (robertl-9)
Changed in mahara:
milestone: none → 17.04.0
assignee: nobody → Robert Lyon (robertl-9)
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/7350

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/7357

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/7335
Committed: https://git.mahara.org/mahara/mahara/commit/8665b925f24c86fce1ae9a03e3d52d0a6dd1e905
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 8665b925f24c86fce1ae9a03e3d52d0a6dd1e905
Author: Robert Lyon <email address hidden>
Date: Wed Dec 14 21:02:25 2016 +1300

Bug 1650995: Auth saml idp metadata fix

This patch allows the dataroot/metadata/*.xml file to be named after
the idp rather than the Mahara institution.

Also added
- A select dropdown so that institution can pick existing auth to be
paired to
- Upgrade to rename the dataroot/metadata/*.xml file
- Check to stop being able to add blank metadata field
- An alert for user when updating metadata if other institutions are also being effected
- Delete the metadata if deleted institution is only one using it

behatnotneeded

Change-Id: Ie3f5cdc523404b1081352ede67aab591e79b6dbb
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/7350
Committed: https://git.mahara.org/mahara/mahara/commit/6f33d3c9304c84f586734723206b8ff3d34ca9dd
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 6f33d3c9304c84f586734723206b8ff3d34ca9dd
Author: Robert Lyon <email address hidden>
Date: Tue Dec 20 09:05:34 2016 +1300

Bug 1650995: Move get discovery list to it's own function

behatnotneeded

Change-Id: I353fe7390d6f8fd2bbebc9bec01188428edf786e
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/7357
Committed: https://git.mahara.org/mahara/mahara/commit/5f62ff6c44e0b4caef3f4191754824b734a17f87
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 5f62ff6c44e0b4caef3f4191754824b734a17f87
Author: Robert Lyon <email address hidden>
Date: Wed Dec 21 15:41:23 2016 +1300

Bug 1650995: Fixing IdP discovery page sort order

Sorting by 'Identity Provider entity' column

behatnotneeded

Change-Id: I8ef8d9a34d0f13f752377d01ef666fe170254d3f
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7561

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/7561
Committed: https://git.mahara.org/mahara/mahara/commit/9f266d8034781ab51b7585b93bf4b6c57fb31fa6
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 9f266d8034781ab51b7585b93bf4b6c57fb31fa6
Author: Robert Lyon <email address hidden>
Date: Wed Dec 21 15:41:23 2016 +1300

Bug 1650995: Fixing IdP discovery page sort order

Sorting by 'Identity Provider entity' column

behatnotneeded

Change-Id: I8ef8d9a34d0f13f752377d01ef666fe170254d3f
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 5f62ff6c44e0b4caef3f4191754824b734a17f87)

Kristina Hoeppner (kris-hoeppner)
tags: added: usermanualupdate
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7675

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7674

Revision history for this message
Robert Lyon (robertl-9) wrote :

Need to add in a couple of missing patches to 16.10.3

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/7674
Committed: https://git.mahara.org/mahara/mahara/commit/864fb0f9cb7d3c08933e11d3afb78b263f6e6317
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 864fb0f9cb7d3c08933e11d3afb78b263f6e6317
Author: Robert Lyon <email address hidden>
Date: Wed Dec 14 21:02:25 2016 +1300

Bug 1650995: Auth saml idp metadata fix

This patch allows the dataroot/metadata/*.xml file to be named after
the idp rather than the Mahara institution.

Also added
- A select dropdown so that institution can pick existing auth to be
paired to
- Upgrade to rename the dataroot/metadata/*.xml file
- Check to stop being able to add blank metadata field
- An alert for user when updating metadata if other institutions are also being effected
- Delete the metadata if deleted institution is only one using it

behatnotneeded

Change-Id: Ie3f5cdc523404b1081352ede67aab591e79b6dbb
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/7675
Committed: https://git.mahara.org/mahara/mahara/commit/febbfdb2b19596269817a2d27c614e2720fa4f5f
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit febbfdb2b19596269817a2d27c614e2720fa4f5f
Author: Robert Lyon <email address hidden>
Date: Tue Dec 20 09:05:34 2016 +1300

Bug 1650995: Move get discovery list to it's own function

behatnotneeded

Change-Id: I353fe7390d6f8fd2bbebc9bec01188428edf786e
Signed-off-by: Robert Lyon <email address hidden>

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.