Mahara

Allow saml auth to rotate SP certificate

Bug #1800058 reported by Robert Lyon on 2018-10-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Wishlist	Robert Lyon	Mahara 19.04.0

Bug Description

Need a system where we can create a new certificate without dropping the old certificate until all IdP's are up to date with new metadata

Tags:

Robert Lyon (robertl-9) on 2018-10-26

Changed in mahara:
status:	New → In Progress
importance:	Undecided → High
assignee:	nobody → Robert Lyon (robertl-9)
milestone:	none → 19.04.0

Kristina Hoeppner (kris-hoeppner) on 2018-10-28

Changed in mahara:
importance:	High → Wishlist

Revision history for this message

Robert Lyon (robertl-9) wrote on 2018-10-29:

The patch https://reviews.mahara.org/#/c/9254/7 allows one to have 2 certs in play at once and then to remove the older certificate via the Admin -> Extensions interface.

What it is lacking is to be able to create a self-signed cert that contains things like subjectAltName - due limitations in the PHP inbuilt openssl_* functions

What would also be good to have is the ability to paste in a cert.conf file details to use that to make the self signed cert (or at very least to copy local/commandline generated cert / pem files into place)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-11-12: A change has been merged

Reviewed: https://reviews.mahara.org/9254
Committed: https://git.mahara.org/mahara/mahara/commit/c9ec77b1cc41b0417ef282d6a1c630db97d21c5d
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit c9ec77b1cc41b0417ef282d6a1c630db97d21c5d
Author: Robert Lyon <email address hidden>
Date: Tue Oct 23 14:06:47 2018 +1300

Bug 1800058: Ability to generate new local saml cert without deleting old one

This patch:
1) adds a button to make new cert/pem without deleting old one on
plugin config page
2) have both certificates listed in metadata
3) allow the deletion of old certificate and moving new one into its
place

behatnotneeded

Change-Id: I12a0f65582a0198cbb5d8b55fcf77cc677088ba0
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2018-11-12

Changed in mahara:
status:	In Progress → Fix Committed

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2018-12-02:

Thank you to SWITCH for this new feature.

tags:

added: nominatedfeature

Cecilia Vela Gurovic (ceciliavg) on 2019-04-30

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.