Development #5540
Possibility to create saml service provider from its AssertionConsumerService endpoint
0%
Description
Dropbox doesn't distribute a saml metadata file, it just gives out its assertion consumer service endpoint (https://www.dropbox.com/saml_login); it would be useful to be able to create a service provider without having to forge a fake metadata file.
For refererence the simplesamlphp configuration amounts to:
$metadata['Dropbox'] = array ( 'AssertionConsumerService' => 'https://www.dropbox.com/saml_login', 'simplesaml.attributes' => true, 'simplesaml.nameidattribute' => 'mail', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', );
Related issues
History
Updated by Benjamin Dauvergne about 9 years ago
How does-it work without specifying the entity ID for dropbox ? Does ssp accept all AuthnRequest ? How does it find the ACS if the AuthnRequest does not containt its URL and it doesn't know the service entityID either ?
Updated by Benjamin Dauvergne about 9 years ago
- EntityID, required
- ACS URL & method (POST [default] / Artifact), required
- LogoutServiceURL URL & method (Redirect [default] / SOAP), optional
- Certificate, optional
Updated by Frédéric Péters about 9 years ago
https://www.dropbox.com/help/1921#custom is the dropbox documentation.
You'll find some screenshots about salesforce configuration on https://developer.salesforce.com/page/Configuring-SAML-SSO-to-Dropbox (searching for "dropbox configuration saml" yields results for various other providers).
Updated by Benjamin Dauvergne about 9 years ago
- Status changed from Nouveau to En cours
- Assignee set to Benjamin Dauvergne
- first add field to hold the metadata URL, to separate it from the entity ID
- remove special creation form for building from Metadata URL (the field will now be part of the model)
- make EntityID field editable, and required
- add new fields:
- ACS URL, URLField, nullable, optional
- ACS Method, CharField, choices, nullable, required if ACS URL is set
- Logout URL, URLField, nullable, optional, forbidden if ACS URL is not set
- Logout Method, CharField, choices, nullable, optional, required if Logout URL is set
- make the metadata field uneditable if ACS URL is not null, add text telling that to edit it all direct settings must be removed
- in LibertyProvider clean:
- if metadata URL is set and metadata content or manual configuration field have changed, raise ValidationError telling that a web refresh must be done or the URL be removed,
- if metadata and manual field have changed, raise ValidationError
- if metadata has changed or object is new (no
self.pk
), clear all "manual" configuration fields, extract entityID from metadata - if entityID has changed but no other manual configuration field is set, raise ValidationError
- if any manual configuration field has changed, clear metadata and generate new version from them
- for all cases generate new entityID SHA1 hash (it's already done)
Updated by Benjamin Dauvergne over 8 years ago
- Related to Development #5541: Add a page to manage providers added