Check metadata refresh and timings when switching from old to new file

Bug #1885958 reported by Kristina Hoeppner
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
Confirmed
Medium
Unassigned

Bug Description

The metadata refresh URL for SAML catches updates to the metadata. However, when an entirely new metadata file is put in place, the old file may not be kept long enough for the transition to take place.

This needs further investigation to see if we need to make any changes. Robert L has the info.

Tags: auth saml sso
Revision history for this message
Robert Lyon (robertl-9) wrote :

The metadata_refresh_hook() function in htdocs/auth/saml/lib.php does the following

1) sets a metarefresh-state.php file containing info about the idp metadata state

2) get a list of local $sets and finds the external metadata information about them and saves that down to dataroot/metadata/refresh/ directory

It should save files called shib13-idp-remote and saml20-idp-remote but if no info available it deletes the old file and not save any new ones

Revision history for this message
Robert Lyon (robertl-9) wrote :

What should happen is this:

1) The cron runs and the system checks if we should fetch new metadata as determined by the metarefresh-state.php file

2) Tries to fetch new info

3) Need to check that value of MetaLoader->stateFile makes sense - eg if it is blank for saml20-idp-remote info then something is wrong

4) If there is a problem have it send email to site admins to alert them of the issue - and not save the new state so that the existing files stay until we can sort out the issues

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.