...
The four testing scenarios are documented in the following table.
Scenario | Stripes has RTR | Stripes configuration | Binding | Configuration Required | Configuration | Mock IDP | Notes |
1 | True |
| POST | Yes | Yes configuration is needed for legacy: SamlConfigRequest.callback = "callback-with-expiry" | SSOCircle | Configuration on backend is required because it is not the default. Stripes requires configuration. |
2 | False |
| POST | No | No configuration |
needed | SSOCircle | No configuration on backend is required because this is the default for backend. Stripes requires configuration because its default is not to do RTR. |
2
False
3 | True |
| REDIRECT | Yes | Yes configuration is needed for legacy: SamlConfigRequest.callback = "callback-with-expiry" |
samltest.id | Configuration on backend is required because it is not the default. Stripes requires configuration. |
4 |
False |
| REDIRECT | No | No configuration |
needed | samltest.id | No configuration on backend is required because this is the default for backend. Stripes requires configuration because its default is not to do RTR |
4
False
REDIRECT
Yes
. |
samltest.id
Configuration is required on backend because it is not the default. Stripes requires configuration.
A successful test for each scenario means that the user is able to login via the IDP via stripes without error and successfully make requests to the FOLIO back-end via stripes.
Configuration for
...
RTR mode
...
When testing legacy RTR mode (meaning, when running without with RTR enabled), the callback endpoint needs to be configured by providing a SamlConfigRequest
via PUT
to the saml/configuration
endpoint of the module. See the callback property of the schema here. The callback has two forms: callback
and callback-with-expiry
. When the callback is configured as callback-with-expiry
the user will be provided a legacy non-an expiring token. When the callback is not configured, the callback will be callback-with-expiry
callbac
k and the user will be provided an non-expiring refresh token and access token pair as HttpOnly
cookiesaccess token.
Note, when
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Related articles
It may help to be familiar with the changes for refresh token rotation. Adding support for refresh token rotation has increased the scope of what needs to be tested.
...