Mahara

Check metadata refresh and timings when switching from old to new file

Bug #1885958 reported by Kristina Hoeppner on 2020-07-01

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Confirmed	Medium	Unassigned

Bug Description

The metadata refresh URL for SAML catches updates to the metadata. However, when an entirely new metadata file is put in place, the old file may not be kept long enough for the transition to take place.

This needs further investigation to see if we need to make any changes. Robert L has the info.

Tags:

Revision history for this message

Robert Lyon (robertl-9) wrote on 2020-07-01:

The metadata_refresh_hook() function in htdocs/auth/saml/lib.php does the following

1) sets a metarefresh-state.php file containing info about the idp metadata state

2) get a list of local $sets and finds the external metadata information about them and saves that down to dataroot/metadata/refresh/ directory

It should save files called shib13-idp-remote and saml20-idp-remote but if no info available it deletes the old file and not save any new ones

Revision history for this message

Robert Lyon (robertl-9) wrote on 2020-07-01:

What should happen is this:

1) The cron runs and the system checks if we should fetch new metadata as determined by the metarefresh-state.php file

2) Tries to fetch new info

3) Need to check that value of MetaLoader->stateFile makes sense - eg if it is blank for saml20-idp-remote info then something is wrong

4) If there is a problem have it send email to site admins to alert them of the issue - and not save the new state so that the existing files stay until we can sort out the issues

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.