SAML plugin automatic refresh of metadata support
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| Mahara |
Wishlist
|
F Devine |
Bug Description
The SAML plugin currently supports the addition of multiple IDP providers and a one time upload of the XML for that IDP, however it would be useful to provide it with the link to the IDP providers metadata (in xml form) and have it automatically fetch the metadata for the site on a regular basis, so if the IDP changes it's metadata SSO will automatically repair itself on the next fetch.
We can do this by integrating the MetaData refresh plugin from the embedded simplesamlphp in the Mahara saml plugin and triggering it from the Mahara cron.
Changed in mahara: | |
assignee: | nobody → F Devine (catalystfd) |
Changed in mahara: | |
milestone: | none → 18.04.0 |
importance: | Undecided → High |
status: | New → In Progress |
Changed in mahara: | |
importance: | High → Wishlist |
tags: | removed: wishlist |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit eee3f965fc8ba9c
Author: Francis Devine <email address hidden>
Date: Tue Oct 10 14:59:46 2017 +1300
Bug 1722435: Add support for refreshing SAML metadata regularly
We utilise the simplesamlphp metarefresh plugin, and hook it into the
mahara cron for the auth plugin.
This adds a new field to each instance configuration form that allows
the user to specify a url that metadata should be fetched from.
This information is fed into the metarefresh plugin's config and a cron
hook is run every hour that triggers the plugin.
The simplesamlphp configuration is updated to read both the metarefresh
target location and the normal xml config file location, with the
metarefresh config files taking precedence.
NB: because of the way that the auth/saml plugin stores the idp entity
ids you are still required to present an XML file at least once, with
the metadata refresh config only taking over once it's fetched in the
next run.
This gives a smooth upgrade path for all existing mahara instances,
where they should continue to operate as normal, and then an
administrator can add the metadata refresh url at their leisure and have
it take precedence as soon as the metadata is available
behatnotneeded
Change-Id: Ib5733f7526a1c1
Changed in mahara: | |
status: | In Progress → Fix Committed |
tags: | added: nominatedfeature |
Patch for "master" branch: https:/
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 6f74c6b6c46d4d0
Author: Robert Lyon <email address hidden>
Date: Fri Mar 16 14:25:03 2018 +1300
Bug 1722435: Don't bother running the saml cron if not needed
behatnotneeded
Change-Id: I221b08af201571
Signed-off-by: Robert Lyon <email address hidden>
Patch for "18.04_STABLE" branch: https:/
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE
commit 874c012979c33e7
Author: Robert Lyon <email address hidden>
Date: Fri Mar 16 14:25:03 2018 +1300
Bug 1722435: Don't bother running the saml cron if not needed
behatnotneeded
Change-Id: I221b08af201571
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 6f74c6b6c46d4d0
Changed in mahara: | |
status: | Fix Committed → Fix Released |
Patch for "master" branch: https:/ /reviews. mahara. org/8122