Project

General

Profile

Development #5540

Possibility to create saml service provider from its AssertionConsumerService endpoint

Added by Frédéric Péters about 9 years ago. Updated almost 2 years ago.

Status:
Nouveau
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
19 September 2014
Due date:
% Done:

0%

Estimated time:
Patch proposed:
No
Planning:

Description

Dropbox doesn't distribute a saml metadata file, it just gives out its assertion consumer service endpoint (https://www.dropbox.com/saml_login); it would be useful to be able to create a service provider without having to forge a fake metadata file.

For refererence the simplesamlphp configuration amounts to:

$metadata['Dropbox'] = array (
        'AssertionConsumerService' => 'https://www.dropbox.com/saml_login',
        'simplesaml.attributes' => true,
        'simplesaml.nameidattribute' => 'mail',
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
);

Related issues

Related to Authentic 2 - Development #5541: Add a page to manage providersFermé19 September 2014

Actions

History

#1

Updated by Benjamin Dauvergne about 9 years ago

How does-it work without specifying the entity ID for dropbox ? Does ssp accept all AuthnRequest ? How does it find the ACS if the AuthnRequest does not containt its URL and it doesn't know the service entityID either ?

#2

Updated by Benjamin Dauvergne about 9 years ago

I answer myself: I read the code for ssp and the dictionnary key is in fact the EntityID, so the configuration would be:
  • EntityID, required
  • ACS URL & method (POST [default] / Artifact), required
  • LogoutServiceURL URL & method (Redirect [default] / SOAP), optional
  • Certificate, optional
#3

Updated by Frédéric Péters about 9 years ago

https://www.dropbox.com/help/1921#custom is the dropbox documentation.

You'll find some screenshots about salesforce configuration on https://developer.salesforce.com/page/Configuring-SAML-SSO-to-Dropbox (searching for "dropbox configuration saml" yields results for various other providers).

#4

Updated by Benjamin Dauvergne about 9 years ago

  • Status changed from Nouveau to En cours
  • Assignee set to Benjamin Dauvergne
How I see it:
  • first add field to hold the metadata URL, to separate it from the entity ID
  • remove special creation form for building from Metadata URL (the field will now be part of the model)
  • make EntityID field editable, and required
  • add new fields:
    • ACS URL, URLField, nullable, optional
    • ACS Method, CharField, choices, nullable, required if ACS URL is set
    • Logout URL, URLField, nullable, optional, forbidden if ACS URL is not set
    • Logout Method, CharField, choices, nullable, optional, required if Logout URL is set
  • make the metadata field uneditable if ACS URL is not null, add text telling that to edit it all direct settings must be removed
  • in LibertyProvider clean:
    • if metadata URL is set and metadata content or manual configuration field have changed, raise ValidationError telling that a web refresh must be done or the URL be removed,
    • if metadata and manual field have changed, raise ValidationError
    • if metadata has changed or object is new (no self.pk), clear all "manual" configuration fields, extract entityID from metadata
    • if entityID has changed but no other manual configuration field is set, raise ValidationError
    • if any manual configuration field has changed, clear metadata and generate new version from them
    • for all cases generate new entityID SHA1 hash (it's already done)
#5

Updated by Benjamin Dauvergne about 9 years ago

  • Status changed from En cours to Nouveau
#6

Updated by Benjamin Dauvergne over 8 years ago

#7

Updated by Benjamin Dauvergne over 8 years ago

  • Priority changed from Normal to Haut
#8

Updated by Benjamin Dauvergne over 8 years ago

  • Target version set to future
#9

Updated by Benjamin Dauvergne over 8 years ago

  • Target version changed from future to 2.1.12
#10

Updated by Benjamin Dauvergne over 8 years ago

  • Target version changed from 2.1.12 to 2.1.13
#11

Updated by Benjamin Dauvergne over 8 years ago

  • Target version changed from 2.1.13 to 2.2.0
#12

Updated by Benjamin Dauvergne over 8 years ago

  • Priority changed from Haut to Normal
#13

Updated by Mikaël Ates over 7 years ago

  • Tracker changed from Bug to Development
#14

Updated by Benjamin Dauvergne almost 2 years ago

  • Assignee deleted (Benjamin Dauvergne)

Also available in: Atom PDF