Make the SAML(SSO) metadata file available through a public (Edge) URL in order to enable automatic configuration of the iDP

Description

Today you need to be logged in in order to obtain the metadata file that you will have to send to your iDP manager, usually the University's central IT department.

The file can only be obtained via Settings -> Tenant -> SSO settings -> Download Metadata.

From time to time the certs/signatures changes, and so also the metadata file.

In order to enable the IdP to auto update its settings with this new metadata file,the file could must be available via an "unauthenticated" url as well as via the user interface. This information does not have to be hidden behind login since it only contains public information.

Priority

Labels

circ_po_small

Fix versions

None

Development Team

None

Assignee

Jakub Skoczen

Solution Architect

None

Parent

UXPROD-778 Authentication and Authorization Beyond Basic and SAML (LDAP, OAUTH, Grouper)

Parent Field Value

None

Parent Status

None

Linked issues

is blocked by

MODLOGSAML-44

remove required permissions from /saml/regenerate endpoint

relates to

UIORG-165

Not able to regenerate Saml SP xml metadata file

Checklist

hide

TestRail: Results

Activity

Show:

Debra Howell October 2, 2020 at 3:00 PM

The upgrade to mod-login-saml 2.0.1 from 2.0.0 required us to have Cornell's Identity Management team upload new metadata when installed. But earlier versions didn’t require it. Ideally FOLIO wouldn’t make this a necessary manual step every time we upgrade.

Jakub Skoczen July 8, 2019 at 10:11 AM
Edited

Created MODLOGSAML-44 for this issue

Theodor Tolstoy (One-Group.se) June 20, 2019 at 1:27 AM

Ping @Jakub Skoczen!

Cate Boerema April 23, 2019 at 2:00 PM

Hi @Jakub Skoczen. Just wanted to check on this one, as it's targeted for Q2, needed by Chalmers to go live and I don't see any user stories or work items. This is on your radar, right?

Cate Boerema March 22, 2019 at 12:42 PM

Thanks for the estimat @Jakub Skoczen! I am tagging this as Q2 2019 so it is considered in the cap planning (no guarantees yet)

Details

Reporter

Theodor Tolstoy (One-Group.se)

Potential Workaround

HK: Right now, this can be done manually. Not ideal, but it works. CPT: Chalmers has this working manually. See description in this JIRA issue.

Estimation Notes and Assumptions

Assume the API to donwload the SAML MD file already exists and must be made publicly accessible.

Back End Estimate

Large < 10 days

Rank: 5Colleges (Full Jul 2021)

Rank: Cornell (Full Sum 2021)

Rank: Chalmers (Impl Aut 2019)

Rank: GBV (MVP Sum 2020)

Rank: Hungary (MVP End 2020)

Rank: TAMU (MVP Jan 2021)

Rank: Chicago (MVP Sum 2020)

Rank: MO State (MVP June 2020)

Rank: U of AL (MVP Oct 2020)

Rank: Lehigh (MVP Summer 2020)

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created June 25, 2018 at 11:48 AM

Updated October 26, 2023 at 8:51 PM

Configure

TestRail: Cases

TestRail: Runs

Make the SAML(SSO) metadata file available through a public (Edge) URL in order to enable automatic configuration of the iDP

Description

Priority

Labels

Fix versions

Development Team

Assignee

Solution Architect

Parent

Parent Field Value

Parent Status

Linked issues

is blocked by

relates to

Checklist

TestRail: Results

Activity

Debra Howell October 2, 2020 at 3:00 PM

Jakub Skoczen July 8, 2019 at 10:11 AMEdited

Theodor Tolstoy (One-Group.se) June 20, 2019 at 1:27 AM

Cate Boerema April 23, 2019 at 2:00 PM

Cate Boerema March 22, 2019 at 12:42 PM

Details

Reporter

Potential Workaround

Estimation Notes and Assumptions

Back End Estimate

Rank: 5Colleges (Full Jul 2021)

Rank: Cornell (Full Sum 2021)

Rank: Chalmers (Impl Aut 2019)

Rank: GBV (MVP Sum 2020)

Rank: Hungary (MVP End 2020)

Rank: TAMU (MVP Jan 2021)

Rank: Chicago (MVP Sum 2020)

Rank: MO State (MVP June 2020)

Rank: U of AL (MVP Oct 2020)

Rank: Lehigh (MVP Summer 2020)

TestRail: Cases

TestRail: Runs

Jakub Skoczen July 8, 2019 at 10:11 AM
Edited