← Back to team overview

mahara-contributors team mailing list archive

[Bug 1650995] [NEW] Alter how Auth SAML pairs idp metadata to an institution

 

Public bug reported:

Currently when we store idp metadata it saves to dataroot with name of
the institution it was saved in.

If other institutions want to use the same idp metadata they simply
leave that field blank.

Problems with this:

1) If we delete the institution that first added the metadata the dataroot [institutionA].xml file is NOT deleted but if we add the same metadata to another institution's saml
instance a new file is created so we have 2 versions of the same info
in the dataroot: [institutionA].xml and [institutionB].xml

2) We only record the info against one saml instance so we don't know
what metadata the other saml instances are using as we leave the field blank in database

What would be more useful is if we pair all saml instances needing the
idp metadata together by having institutionidpentityid set for all
institution's saml auth using it.

Then instead of naming the dataroot's metadata file to
match the institution shortname we name it to match the institutionidpentityid
instead.

So when we delete an institution or that institution stops using saml we
can check to see if others are using the metadata and if not can safely
delete the metadata.

3) We can extend the idea in (2) and we could add metadata to saml
instances by either pasting in the metadata or by specifying the idpentity
value. via dropdown, of the installed idp metadata.

** Affects: mahara
     Importance: High
     Assignee: Robert Lyon (robertl-9)
         Status: In Progress

** Affects: mahara/16.10
     Importance: High
         Status: In Progress

** Affects: mahara/17.04
     Importance: High
     Assignee: Robert Lyon (robertl-9)
         Status: In Progress

** Changed in: mahara
    Milestone: None => 17.04.0

** Changed in: mahara
     Assignee: (unassigned) => Robert Lyon (robertl-9)

** Also affects: mahara/16.10
   Importance: Undecided
       Status: New

** Changed in: mahara/16.10
    Milestone: None => 16.10.2

** Also affects: mahara/17.04
   Importance: High
     Assignee: Robert Lyon (robertl-9)
       Status: In Progress

** Changed in: mahara/16.10
   Importance: Undecided => High

** Changed in: mahara/16.10
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1650995

Title:
  Alter how Auth SAML pairs idp metadata to an institution

Status in Mahara:
  In Progress
Status in Mahara 16.10 series:
  In Progress
Status in Mahara 17.04 series:
  In Progress

Bug description:
  Currently when we store idp metadata it saves to dataroot with name of
  the institution it was saved in.

  If other institutions want to use the same idp metadata they simply
  leave that field blank.

  Problems with this:

  1) If we delete the institution that first added the metadata the dataroot [institutionA].xml file is NOT deleted but if we add the same metadata to another institution's saml
  instance a new file is created so we have 2 versions of the same info
  in the dataroot: [institutionA].xml and [institutionB].xml

  2) We only record the info against one saml instance so we don't know
  what metadata the other saml instances are using as we leave the field blank in database

  What would be more useful is if we pair all saml instances needing the
  idp metadata together by having institutionidpentityid set for all
  institution's saml auth using it.

  Then instead of naming the dataroot's metadata file to
  match the institution shortname we name it to match the institutionidpentityid
  instead.

  So when we delete an institution or that institution stops using saml
  we can check to see if others are using the metadata and if not can
  safely delete the metadata.

  3) We can extend the idea in (2) and we could add metadata to saml
  instances by either pasting in the metadata or by specifying the idpentity
  value. via dropdown, of the installed idp metadata.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1650995/+subscriptions


Follow ups