Mahara

SAML plugin automatic refresh of metadata support

Bug #1722435 reported by F Devine on 2017-10-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Wishlist	F Devine	Mahara 18.04.0

Bug Description

The SAML plugin currently supports the addition of multiple IDP providers and a one time upload of the XML for that IDP, however it would be useful to provide it with the link to the IDP providers metadata (in xml form) and have it automatically fetch the metadata for the site on a regular basis, so if the IDP changes it's metadata SSO will automatically repair itself on the next fetch.

We can do this by integrating the MetaData refresh plugin from the embedded simplesamlphp in the Mahara saml plugin and triggering it from the Mahara cron.

Tags:

F Devine (catalystfd) on 2017-10-10

Changed in mahara:
assignee:	nobody → F Devine (catalystfd)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2017-10-10: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/8122

Robert Lyon (robertl-9) on 2017-10-11

Changed in mahara:
milestone:	none → 18.04.0
importance:	Undecided → High
status:	New → In Progress

Kristina Hoeppner (kris-hoeppner) on 2017-10-12

Changed in mahara:
importance:	High → Wishlist

Kristina Hoeppner (kris-hoeppner) on 2017-10-22

tags:

removed: wishlist

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-08: A change has been merged

Reviewed: https://reviews.mahara.org/8122
Committed: https://git.mahara.org/mahara/mahara/commit/eee3f965fc8ba9cd469c6e6c5afbe3cb91dc9e24
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit eee3f965fc8ba9cd469c6e6c5afbe3cb91dc9e24
Author: Francis Devine <email address hidden>
Date: Tue Oct 10 14:59:46 2017 +1300

Bug 1722435: Add support for refreshing SAML metadata regularly

We utilise the simplesamlphp metarefresh plugin, and hook it into the
mahara cron for the auth plugin.

This adds a new field to each instance configuration form that allows
the user to specify a url that metadata should be fetched from.

This information is fed into the metarefresh plugin's config and a cron
hook is run every hour that triggers the plugin.

The simplesamlphp configuration is updated to read both the metarefresh
target location and the normal xml config file location, with the
metarefresh config files taking precedence.

NB: because of the way that the auth/saml plugin stores the idp entity
ids you are still required to present an XML file at least once, with
the metadata refresh config only taking over once it's fetched in the
next run.

This gives a smooth upgrade path for all existing mahara instances,
where they should continue to operate as normal, and then an
administrator can add the metadata refresh url at their leisure and have
it take precedence as soon as the metadata is available

behatnotneeded

Change-Id: Ib5733f7526a1c19d3150b45d90c9b675d4dd7ad2

Robert Lyon (robertl-9) on 2018-03-08

Changed in mahara:
status:	In Progress → Fix Committed

Kristina Hoeppner (kris-hoeppner) on 2018-03-08

tags:

added: nominatedfeature

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-16: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/8639

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-17: A change has been merged

Reviewed: https://reviews.mahara.org/8639
Committed: https://git.mahara.org/mahara/mahara/commit/6f74c6b6c46d4d0658f127c0ca0ea698d462a63b
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 6f74c6b6c46d4d0658f127c0ca0ea698d462a63b
Author: Robert Lyon <email address hidden>
Date: Fri Mar 16 14:25:03 2018 +1300

Bug 1722435: Don't bother running the saml cron if not needed

behatnotneeded

Change-Id: I221b08af2015712163fcbfca6e0a3962e932615b
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-17: A patch has been submitted for review

Patch for "18.04_STABLE" branch: https://reviews.mahara.org/8641

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-17: A change has been merged

Reviewed: https://reviews.mahara.org/8641
Committed: https://git.mahara.org/mahara/mahara/commit/874c012979c33e7a77f2b6f0777b99df4255249e
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit 874c012979c33e7a77f2b6f0777b99df4255249e
Author: Robert Lyon <email address hidden>
Date: Fri Mar 16 14:25:03 2018 +1300

Bug 1722435: Don't bother running the saml cron if not needed

behatnotneeded

Change-Id: I221b08af2015712163fcbfca6e0a3962e932615b
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 6f74c6b6c46d4d0658f127c0ca0ea698d462a63b)

Robert Lyon (robertl-9) on 2018-04-05

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.