mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #40311
[Bug 1650995] [NEW] Alter how Auth SAML pairs idp metadata to an institution
Public bug reported:
Currently when we store idp metadata it saves to dataroot with name of
the institution it was saved in.
If other institutions want to use the same idp metadata they simply
leave that field blank.
Problems with this:
1) If we delete the institution that first added the metadata the dataroot [institutionA].xml file is NOT deleted but if we add the same metadata to another institution's saml
instance a new file is created so we have 2 versions of the same info
in the dataroot: [institutionA].xml and [institutionB].xml
2) We only record the info against one saml instance so we don't know
what metadata the other saml instances are using as we leave the field blank in database
What would be more useful is if we pair all saml instances needing the
idp metadata together by having institutionidpentityid set for all
institution's saml auth using it.
Then instead of naming the dataroot's metadata file to
match the institution shortname we name it to match the institutionidpentityid
instead.
So when we delete an institution or that institution stops using saml we
can check to see if others are using the metadata and if not can safely
delete the metadata.
3) We can extend the idea in (2) and we could add metadata to saml
instances by either pasting in the metadata or by specifying the idpentity
value. via dropdown, of the installed idp metadata.
** Affects: mahara
Importance: High
Assignee: Robert Lyon (robertl-9)
Status: In Progress
** Affects: mahara/16.10
Importance: High
Status: In Progress
** Affects: mahara/17.04
Importance: High
Assignee: Robert Lyon (robertl-9)
Status: In Progress
** Changed in: mahara
Milestone: None => 17.04.0
** Changed in: mahara
Assignee: (unassigned) => Robert Lyon (robertl-9)
** Also affects: mahara/16.10
Importance: Undecided
Status: New
** Changed in: mahara/16.10
Milestone: None => 16.10.2
** Also affects: mahara/17.04
Importance: High
Assignee: Robert Lyon (robertl-9)
Status: In Progress
** Changed in: mahara/16.10
Importance: Undecided => High
** Changed in: mahara/16.10
Status: New => In Progress
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1650995
Title:
Alter how Auth SAML pairs idp metadata to an institution
Status in Mahara:
In Progress
Status in Mahara 16.10 series:
In Progress
Status in Mahara 17.04 series:
In Progress
Bug description:
Currently when we store idp metadata it saves to dataroot with name of
the institution it was saved in.
If other institutions want to use the same idp metadata they simply
leave that field blank.
Problems with this:
1) If we delete the institution that first added the metadata the dataroot [institutionA].xml file is NOT deleted but if we add the same metadata to another institution's saml
instance a new file is created so we have 2 versions of the same info
in the dataroot: [institutionA].xml and [institutionB].xml
2) We only record the info against one saml instance so we don't know
what metadata the other saml instances are using as we leave the field blank in database
What would be more useful is if we pair all saml instances needing the
idp metadata together by having institutionidpentityid set for all
institution's saml auth using it.
Then instead of naming the dataroot's metadata file to
match the institution shortname we name it to match the institutionidpentityid
instead.
So when we delete an institution or that institution stops using saml
we can check to see if others are using the metadata and if not can
safely delete the metadata.
3) We can extend the idea in (2) and we could add metadata to saml
instances by either pasting in the metadata or by specifying the idpentity
value. via dropdown, of the installed idp metadata.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1650995/+subscriptions
Follow ups
-
[Bug 1650995] Re: Alter how Auth SAML pairs idp metadata to an institution
From: Robert Lyon, 2017-04-27
-
[Bug 1650995] Re: Alter how Auth SAML pairs idp metadata to an institution
From: Robert Lyon, 2017-04-26
-
[Bug 1650995] A change has been merged
From: Mahara Bot, 2017-04-23
-
[Bug 1650995] A change has been merged
From: Mahara Bot, 2017-04-23
-
[Bug 1650995] Re: Alter how Auth SAML pairs idp metadata to an institution
From: Robert Lyon, 2017-04-23
-
[Bug 1650995] A patch has been submitted for review
From: Mahara Bot, 2017-04-23
-
[Bug 1650995] A patch has been submitted for review
From: Mahara Bot, 2017-04-23
-
[Bug 1650995] Re: Alter how Auth SAML pairs idp metadata to an institution
From: Robert Lyon, 2017-04-23
-
[Bug 1650995] Re: Alter how Auth SAML pairs idp metadata to an institution
From: Kristina Hoeppner, 2017-03-23
-
[Bug 1650995] A change has been merged
From: Mahara Bot, 2017-03-23
-
[Bug 1650995] A patch has been submitted for review
From: Mahara Bot, 2017-03-23
-
[Bug 1650995] Re: Alter how Auth SAML pairs idp metadata to an institution
From: Robert Lyon, 2017-03-23
-
[Bug 1650995] A change has been merged
From: Mahara Bot, 2017-03-23
-
[Bug 1650995] Re: Alter how Auth SAML pairs idp metadata to an institution
From: Robert Lyon, 2017-03-23
-
[Bug 1650995] A change has been merged
From: Mahara Bot, 2017-02-15
-
[Bug 1650995] A change has been merged
From: Mahara Bot, 2017-02-14
-
[Bug 1650995] Re: Alter how Auth SAML pairs idp metadata to an institution
From: Robert Lyon, 2016-12-29
-
[Bug 1650995] A patch has been submitted for review
From: Mahara Bot, 2016-12-21
-
[Bug 1650995] A patch has been submitted for review
From: Mahara Bot, 2016-12-19