https://dev.entrouvert.org/https://dev.entrouvert.org/favicon.ico?15861920342014-10-02T15:02:45ZRedmine Entr’ouvertAuthentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=208472014-10-02T15:02:45ZBenjamin Dauvergne
<ul><li><strong>Fichier</strong> <i>0001-Modify-federation-storage-so-that-we-can-store-feder.patch</i> ajouté</li><li><strong>Patch proposed</strong> changé de <i>Non</i> à <i>Oui</i></li></ul> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=208482014-10-02T15:02:52ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Nouveau</i> à <i>En cours</i></li></ul> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=219762014-11-03T09:17:04ZFrédéric Pétersfpeters@entrouvert.com
<ul></ul><p>Detail, could AUTHENTIC_SAME_ID_SENTINEL be urn:authentic:same-as-provider-entity-id, rather than an URL ? (I think it makes the usage clearer)</p>
<p>And would it be possible to use that AUTHENTIC_SAME_ID_SENTINEL constant in 0040_plug_sentinel_value_in_libertyfederation_qualifiers.py?</p>
<p>The migration calls raw_input(), I fear this won't fly with packages :/ there's no way to get the entity id from the database?</p> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=220132014-11-03T15:48:55ZBenjamin Dauvergne
<ul></ul><p>Frédéric Péters a écrit :</p>
<blockquote>
<p>Detail, could AUTHENTIC_SAME_ID_SENTINEL be urn:authentic:same-as-provider-entity-id, rather than an URL ? (I think it makes the usage clearer)</p>
</blockquote>
<p>Ok. I'm not fan of using URNs as to do it really formally we should obtain the namespace from IANA but that's just pedantery.</p>
<blockquote>
<p>And would it be possible to use that AUTHENTIC_SAME_ID_SENTINEL constant in 0040_plug_sentinel_value_in_libertyfederation_qualifiers.py?</p>
</blockquote>
<p>Of course.</p>
<blockquote>
<p>The migration calls raw_input(), I fear this won't fly with packages :/</p>
</blockquote>
<p>It will block automatic updates, but it should work if the update is attended. What do you think ?</p>
<blockquote>
<p>there's no way to get the entity id from the database?</p>
</blockquote>
<p>Not with 100% certainty; we do not use <code>django.contrib.sites</code> and it does not have the schema only the domain, it could be extracted from LibertyFederation if there are some but it does not make the update safe.</p> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=221132014-11-05T00:14:27ZBenjamin Dauvergne
<ul><li><strong>Fichier</strong> <a href="/attachments/5368">0001-Modify-federation-storage-so-that-we-can-store-feder.patch</a> <a class="icon-only icon-download" title="Télécharger" href="/attachments/download/5368/0001-Modify-federation-storage-so-that-we-can-store-feder.patch">0001-Modify-federation-storage-so-that-we-can-store-feder.patch</a> ajouté</li></ul><p>Updated patch. Sentinel changed to <code>urn:authentic.entrouvert.org:same-as-provider-entity-id</code> and SAME_ID constant re-used in migration.</p> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=221162014-11-05T07:43:58ZFrédéric Pétersfpeters@entrouvert.com
<ul></ul><blockquote>
<p>It will block automatic updates, but it should work if the update is attended. What do you think ?</p>
</blockquote>
<p>I still don't like it :/ Here's kind of a proposal: look for the value in the environment (let's say AUTHENTIC_IDP_ENTITY_ID_MIGRATION), and fallback on raw_input() if it's missing (or even abort) if it's missing (and there are existing LibertyFederation and LibertyProvider objects); and add this info in the "How to upgrade to a new version of authentic" section of the README file, along as the recommended way to get the value from a running instance (is it looking in the saml metadata, or is there a better way?).</p> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=221282014-11-05T09:00:19ZBenjamin Dauvergne
<ul></ul><p>Frédéric Péters a écrit :</p>
<blockquote>
<p>(is it looking in the saml metadata, or is there a better way?).</p>
</blockquote>
<p>The URL is generated from each HTTP request, there is really no automatic way to get it from a script :/ You can deduct it from the virtual host configuration.</p>
<blockquote><blockquote>
<p>It will block automatic updates, but it should work if the update is attended. What do you think ?</p>
</blockquote>
<p>I still don't like it :/ Here's kind of a proposal: look for the value in the environment (let's say AUTHENTIC_IDP_ENTITY_ID_MIGRATION), and fallback on raw_input() if it's missing (or even abort) if it's missing (and there are existing LibertyFederation and LibertyProvider objects); and add this info in the "How to upgrade to a new version of authentic" section of the README file, along as the recommended way to get the value from a running instance</p>
</blockquote>
<p>Ok.</p> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=221302014-11-05T09:03:13ZFrédéric Pétersfpeters@entrouvert.com
<ul></ul><p>Benjamin Dauvergne a écrit :</p>
<blockquote>
<p>Frédéric Péters a écrit :</p>
<blockquote>
<p>(is it looking in the saml metadata, or is there a better way?).</p>
</blockquote>
<p>The URL is generated from each HTTP request, there is really no automatic way to get it from a script :/ You can deduct it from the virtual host configuration.</p>
</blockquote>
<p>That's what I meant, so the instruction to get the value would be along the lines of "go to your site /idp/saml2/metadata, and take the entityId attribute", ok.</p> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=252462015-03-06T15:35:34ZBenjamin Dauvergne
<ul><li><strong>Version cible</strong> mis à <i>future</i></li></ul> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=253092015-03-09T09:57:31ZBenjamin Dauvergne
<ul><li><strong>Patch proposed</strong> changé de <i>Oui</i> à <i>Non</i></li></ul> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=253442015-03-09T11:54:50ZBenjamin Dauvergne
<ul><li><strong>Echéance</strong> mis à <i>13 mars 2015</i></li><li><strong>Patch proposed</strong> changé de <i>Non</i> à <i>Oui</i></li></ul> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=253452015-03-09T11:54:58ZBenjamin Dauvergne
<ul><li><strong>Patch proposed</strong> changé de <i>Oui</i> à <i>Non</i></li></ul> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=258922015-03-18T14:45:55ZBenjamin Dauvergne
<ul><li><strong>Fichier</strong> <del><i>0001-Modify-federation-storage-so-that-we-can-store-feder.patch</i></del> supprimé</li></ul> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=258932015-03-18T14:48:33ZBenjamin Dauvergne
<ul><li><strong>Fichier</strong> <a href="/attachments/6218">0001-Modify-federation-storage-so-that-we-can-store-feder.patch</a> <a class="icon-only icon-download" title="Télécharger" href="/attachments/download/6218/0001-Modify-federation-storage-so-that-we-can-store-feder.patch">0001-Modify-federation-storage-so-that-we-can-store-feder.patch</a> ajouté</li><li><strong>Patch proposed</strong> changé de <i>Non</i> à <i>Oui</i></li></ul><p>This new version contains a Django 1.7 migration, it does not ask anymore for the current IdP entity ID; we just logically imply that if name_id_qualifier is not empty then it must contain the current IdP entity id; if it's empty then it should stay so.</p>
<p>Federations as a service provider are completely ignored as authsaml2 is deprecated and new SAML 2.0 support as a service provider will be remade with django-mellon and will not use current SAML framework.</p> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=258942015-03-18T14:48:39ZBenjamin Dauvergne
<ul><li><strong>Version cible</strong> changé de <i>future</i> à <i>2.1.13</i></li></ul> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=260622015-03-23T15:40:57ZBenjamin Dauvergne
<ul><li><strong>Version cible</strong> changé de <i>2.1.13</i> à <i>2.2.0</i></li></ul> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=265002015-03-31T14:55:04ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>En cours</i> à <i>Résolu (à déployer)</i></li><li><strong>% réalisé</strong> changé de <i>0</i> à <i>100</i></li></ul><p>Appliqué par commit <a class="changeset" title="Modify federation storage so that we can store federation relative to the provider model (fixes #..." href="https://dev.entrouvert.org/projects/authentic/repository/authentic2/revisions/8d8edc9c9261da33ae7c87774d3f55985a87543d">8d8edc9c9261da33ae7c87774d3f55985a87543d</a>.</p> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=427332016-02-23T11:58:00ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Résolu (à déployer)</i> à <i>Solution déployée</i></li></ul> Authentic 2 - Development #5530: Faciliter la migration des fédérationshttps://dev.entrouvert.org/issues/5530?journal_id=928992017-12-06T14:28:17ZBenjamin Dauvergne
<ul><li><strong>Statut</strong> changé de <i>Solution déployée</i> à <i>Fermé</i></li></ul>