You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment the following (here relevant) SAML related fields are defined:
# Saml settings # [...] saml_metadata_idp:
type: text restriction_mode: A saml_metadata_sp:
type: text restriction_mode: A saml_private_key:
type: text restriction_mode: A
As far as I know these are set with a simple organization.update action issued by the client. This requires the end user to do much work which can be automated, which would make the SAML setup much more robust.
The following steps must be completed by the end user:
find the metadata of the IdP and copy-paste as xml
generate a x509 key pair
Manually write/generate a metadata xml definition for the SP (OpenSlides) and fiddle the public key from 2. and other redundant information (such as URL) into it
Paste the private key and and SP-metadata making sure no weird formatting or white space errors occur
IMO this should be vastly reduced to
Provide the metadata URL of the IdP (from where the xml can be downloaded)
Click a button to generate the x509 key pair, as well as the appropriate metadata containing the public key and all other relevant info
-> This should also be re doable in order to invalidate an existing key pair and use a newly generated one
Most of the work to realize this must be done in the backend - at least the way I see it right now.
However the client will also change the interface and the actions to call.
So this issue should be tackled once the steps OpenSlides/openslides-backend#1933 are clear / confirmed.
Then the TODOs for the client can probably also be defined more specifically.
The text was updated successfully, but these errors were encountered:
Also analogous to OpenSlides/openslides-backend#1933 (comment) these settings should be accessible to orga admins rather than just superadmin.
The view should be moved accordingly.
At the moment the following (here relevant) SAML related fields are defined:
As far as I know these are set with a simple
organization.update
action issued by the client. This requires the end user to do much work which can be automated, which would make the SAML setup much more robust.The following steps must be completed by the end user:
IMO this should be vastly reduced to
-> This should also be re doable in order to invalidate an existing key pair and use a newly generated one
Most of the work to realize this must be done in the backend - at least the way I see it right now.
However the client will also change the interface and the actions to call.
So this issue should be tackled once the steps OpenSlides/openslides-backend#1933 are clear / confirmed.
Then the TODOs for the client can probably also be defined more specifically.
The text was updated successfully, but these errors were encountered: