Project

General

Profile

Development #5540

Possibility to create saml service provider from its AssertionConsumerService endpoint

Added by Frédéric Péters almost 5 years ago. Updated over 3 years ago.

Status:
Nouveau
Priority:
Normal
Category:
-
Target version:
Start date:
19 Sep 2014
Due date:
% Done:

0%

Patch proposed:
No
Planning:
No

Description

Dropbox doesn't distribute a saml metadata file, it just gives out its assertion consumer service endpoint (https://www.dropbox.com/saml_login); it would be useful to be able to create a service provider without having to forge a fake metadata file.

For refererence the simplesamlphp configuration amounts to:

$metadata['Dropbox'] = array (
        'AssertionConsumerService' => 'https://www.dropbox.com/saml_login',
        'simplesaml.attributes' => true,
        'simplesaml.nameidattribute' => 'mail',
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
);

Related issues

Related to Authentic 2 - Development #5541: Add a page to manage providers Nouveau 19 Sep 2014

History

#1 Updated by Benjamin Dauvergne almost 5 years ago

How does-it work without specifying the entity ID for dropbox ? Does ssp accept all AuthnRequest ? How does it find the ACS if the AuthnRequest does not containt its URL and it doesn't know the service entityID either ?

#2 Updated by Benjamin Dauvergne almost 5 years ago

I answer myself: I read the code for ssp and the dictionnary key is in fact the EntityID, so the configuration would be:
  • EntityID, required
  • ACS URL & method (POST [default] / Artifact), required
  • LogoutServiceURL URL & method (Redirect [default] / SOAP), optional
  • Certificate, optional

#3 Updated by Frédéric Péters almost 5 years ago

https://www.dropbox.com/help/1921#custom is the dropbox documentation.

You'll find some screenshots about salesforce configuration on https://developer.salesforce.com/page/Configuring-SAML-SSO-to-Dropbox (searching for "dropbox configuration saml" yields results for various other providers).

#4 Updated by Benjamin Dauvergne almost 5 years ago

  • Status changed from Nouveau to En cours
  • Assignee set to Benjamin Dauvergne
How I see it:
  • first add field to hold the metadata URL, to separate it from the entity ID
  • remove special creation form for building from Metadata URL (the field will now be part of the model)
  • make EntityID field editable, and required
  • add new fields:
    • ACS URL, URLField, nullable, optional
    • ACS Method, CharField, choices, nullable, required if ACS URL is set
    • Logout URL, URLField, nullable, optional, forbidden if ACS URL is not set
    • Logout Method, CharField, choices, nullable, optional, required if Logout URL is set
  • make the metadata field uneditable if ACS URL is not null, add text telling that to edit it all direct settings must be removed
  • in LibertyProvider clean:
    • if metadata URL is set and metadata content or manual configuration field have changed, raise ValidationError telling that a web refresh must be done or the URL be removed,
    • if metadata and manual field have changed, raise ValidationError
    • if metadata has changed or object is new (no self.pk), clear all "manual" configuration fields, extract entityID from metadata
    • if entityID has changed but no other manual configuration field is set, raise ValidationError
    • if any manual configuration field has changed, clear metadata and generate new version from them
    • for all cases generate new entityID SHA1 hash (it's already done)

#5 Updated by Benjamin Dauvergne over 4 years ago

  • Status changed from En cours to Nouveau

#6 Updated by Benjamin Dauvergne over 4 years ago

#7 Updated by Benjamin Dauvergne over 4 years ago

  • Priority changed from Normal to Haut

#8 Updated by Benjamin Dauvergne over 4 years ago

  • Target version set to future

#9 Updated by Benjamin Dauvergne over 4 years ago

  • Target version changed from future to 2.1.12

#10 Updated by Benjamin Dauvergne over 4 years ago

  • Target version changed from 2.1.12 to 2.1.13

#11 Updated by Benjamin Dauvergne over 4 years ago

  • Target version changed from 2.1.13 to 2.2.0

#12 Updated by Benjamin Dauvergne over 4 years ago

  • Priority changed from Haut to Normal

#13 Updated by Mikaël Ates over 3 years ago

  • Tracker changed from Bug to Development

Also available in: Atom PDF