Authentication and Authorization Beyond Basic and SAML (LDAP, OAUTH, Grouper)
(UXPROD-778)
|
|
| Status: | Blocked |
| Project: | UX Product |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None | Parent: | Authentication and Authorization Beyond Basic and SAML (LDAP, OAUTH, Grouper) |
| Type: | New Feature | Priority: | P3 |
| Reporter: | Theodor Tolstoy (One-Group.se) | Assignee: | Jakub Skoczen |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | circ_po_small | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||||||||||
| Potential Workaround: | HK: Right now, this can be done manually. Not ideal, but it works.
CPT: Chalmers has this working manually. See description in this JIRA issue. |
||||||||||||||||
| Epic Link: | Authentication and Authorization Beyond Basic and SAML (LDAP, OAUTH, Grouper) | ||||||||||||||||
| Back End Estimate: | Large < 10 days | ||||||||||||||||
| Estimation Notes and Assumptions: | Assume the API to donwload the SAML MD file already exists and must be made publicly accessible. | ||||||||||||||||
| Kiwi Planning Points (DO NOT CHANGE): | 1 | ||||||||||||||||
| Rank: Chalmers (Impl Aut 2019): | R2 | ||||||||||||||||
| Rank: Chicago (MVP Sum 2020): | R4 | ||||||||||||||||
| Rank: Cornell (Full Sum 2021): | R2 | ||||||||||||||||
| Rank: Duke (Full Sum 2021): | R4 | ||||||||||||||||
| Rank: 5Colleges (Full Jul 2021): | R4 | ||||||||||||||||
| Rank: GBV (MVP Sum 2020): | R4 | ||||||||||||||||
| Rank: Hungary (MVP End 2020): | R4 | ||||||||||||||||
| Rank: Lehigh (MVP Summer 2020): | R2 | ||||||||||||||||
| Rank: MO State (MVP June 2020): | R4 | ||||||||||||||||
| Rank: TAMU (MVP Jan 2021): | R4 | ||||||||||||||||
| Rank: U of AL (MVP Oct 2020): | R4 | ||||||||||||||||
| Description |
|
Today you need to be logged in in order to obtain the metadata file that you will have to send to your iDP manager, usually the University's central IT department. The file can only be obtained via Settings -> Tenant -> SSO settings -> Download Metadata. From time to time the certs/signatures changes, and so also the metadata file. In order to enable the IdP to auto update its settings with this new metadata file,the file could must be available via an "unauthenticated" url as well as via the user interface. This information does not have to be hidden behind login since it only contains public information. |
| Comments |
| Comment by Theodor Tolstoy (One-Group.se) [ 21/Mar/19 ] |
|
Hi Cate Boerema, HkaplanianJakub Skoczen VBar I think we need some eyes on this one. To get some security around it, could we perhaps add this to the edge api:s? What are your thoughts? |
| Comment by Cate Boerema (Inactive) [ 21/Mar/19 ] |
|
I think this might have gotten lost in the FOLIO project. I've switched it to a UXPROD. Can you add the Chalmers ranking to this, Theodor Tolstoy (One-Group.se)? Is it needed for go live? |
| Comment by Theodor Tolstoy (One-Group.se) [ 21/Mar/19 ] |
|
I absolutely think this is needed given the expected cadence that new code will get into their tenant. But I might be missing something in how this is working. |
| Comment by Cate Boerema (Inactive) [ 21/Mar/19 ] |
|
Hi Marc Johnson looks like this might need to get done in Q2. Could you please provide a backend estimate and any comments you have on this? Is there any frontend work needed on this? |
| Comment by Marc Johnson [ 21/Mar/19 ] |
|
Cate Boerema Sorry, I have almost no context on the SAML login module and how it is integrated at present, so am unlikely to be able to offer much advice on this, apologies Maybe Jakub Skoczen can help direct this to someone with more context? |
| Comment by Theodor Tolstoy (One-Group.se) [ 22/Mar/19 ] |
|
So, as I understand it, the other way is also something to think of for the future. |
| Comment by Cate Boerema (Inactive) [ 22/Mar/19 ] |
|
Thanks for the estimat Jakub Skoczen! I am tagging this as Q2 2019 so it is considered in the cap planning (no guarantees yet) |
| Comment by Cate Boerema (Inactive) [ 23/Apr/19 ] |
|
Hi Jakub Skoczen. Just wanted to check on this one, as it's targeted for Q2, needed by Chalmers to go live and I don't see any user stories or work items. This is on your radar, right? |
| Comment by Theodor Tolstoy (One-Group.se) [ 20/Jun/19 ] |
|
Ping Jakub Skoczen! |
| Comment by Jakub Skoczen [ 08/Jul/19 ] |
|
Created
|
| Comment by Debra Howell [ 02/Oct/20 ] |
|
The upgrade to mod-login-saml 2.0.1 from 2.0.0 required us to have Cornell's Identity Management team upload new metadata when installed. But earlier versions didn’t require it. Ideally FOLIO wouldn’t make this a necessary manual step every time we upgrade. |