SAML plugin automatic refresh of metadata support

Bug #1722435 reported by F Devine on 2017-10-10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Wishlist
F Devine

Bug Description

The SAML plugin currently supports the addition of multiple IDP providers and a one time upload of the XML for that IDP, however it would be useful to provide it with the link to the IDP providers metadata (in xml form) and have it automatically fetch the metadata for the site on a regular basis, so if the IDP changes it's metadata SSO will automatically repair itself on the next fetch.

We can do this by integrating the MetaData refresh plugin from the embedded simplesamlphp in the Mahara saml plugin and triggering it from the Mahara cron.

F Devine (catalystfd) on 2017-10-10
Changed in mahara:
assignee: nobody → F Devine (catalystfd)
Robert Lyon (robertl-9) on 2017-10-11
Changed in mahara:
milestone: none → 18.04.0
importance: Undecided → High
status: New → In Progress
Changed in mahara:
importance: High → Wishlist
tags: removed: wishlist

Reviewed: https://reviews.mahara.org/8122
Committed: https://git.mahara.org/mahara/mahara/commit/eee3f965fc8ba9cd469c6e6c5afbe3cb91dc9e24
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit eee3f965fc8ba9cd469c6e6c5afbe3cb91dc9e24
Author: Francis Devine <email address hidden>
Date: Tue Oct 10 14:59:46 2017 +1300

Bug 1722435: Add support for refreshing SAML metadata regularly

We utilise the simplesamlphp metarefresh plugin, and hook it into the
mahara cron for the auth plugin.

This adds a new field to each instance configuration form that allows
the user to specify a url that metadata should be fetched from.

This information is fed into the metarefresh plugin's config and a cron
hook is run every hour that triggers the plugin.

The simplesamlphp configuration is updated to read both the metarefresh
target location and the normal xml config file location, with the
metarefresh config files taking precedence.

NB: because of the way that the auth/saml plugin stores the idp entity
ids you are still required to present an XML file at least once, with
the metadata refresh config only taking over once it's fetched in the
next run.

This gives a smooth upgrade path for all existing mahara instances,
where they should continue to operate as normal, and then an
administrator can add the metadata refresh url at their leisure and have
it take precedence as soon as the metadata is available

behatnotneeded

Change-Id: Ib5733f7526a1c19d3150b45d90c9b675d4dd7ad2

Robert Lyon (robertl-9) on 2018-03-08
Changed in mahara:
status: In Progress → Fix Committed
tags: added: nominatedfeature

Reviewed: https://reviews.mahara.org/8639
Committed: https://git.mahara.org/mahara/mahara/commit/6f74c6b6c46d4d0658f127c0ca0ea698d462a63b
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 6f74c6b6c46d4d0658f127c0ca0ea698d462a63b
Author: Robert Lyon <email address hidden>
Date: Fri Mar 16 14:25:03 2018 +1300

Bug 1722435: Don't bother running the saml cron if not needed

behatnotneeded

Change-Id: I221b08af2015712163fcbfca6e0a3962e932615b
Signed-off-by: Robert Lyon <email address hidden>

Reviewed: https://reviews.mahara.org/8641
Committed: https://git.mahara.org/mahara/mahara/commit/874c012979c33e7a77f2b6f0777b99df4255249e
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit 874c012979c33e7a77f2b6f0777b99df4255249e
Author: Robert Lyon <email address hidden>
Date: Fri Mar 16 14:25:03 2018 +1300

Bug 1722435: Don't bother running the saml cron if not needed

behatnotneeded

Change-Id: I221b08af2015712163fcbfca6e0a3962e932615b
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 6f74c6b6c46d4d0658f127c0ca0ea698d462a63b)

Robert Lyon (robertl-9) on 2018-04-05
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers