Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve SAML options in superadmin settings #2944

Open
peb-adr opened this issue Oct 24, 2023 · 1 comment
Open

Improve SAML options in superadmin settings #2944

peb-adr opened this issue Oct 24, 2023 · 1 comment
Labels
enhancement General enhancement which is neither bug nor feature
Milestone

Comments

@peb-adr
Copy link
Member

peb-adr commented Oct 24, 2023

At the moment the following (here relevant) SAML related fields are defined:

  # Saml settings 
  # [...]                                                         
  saml_metadata_idp:                                 
    type: text                                                      
    restriction_mode: A                                                          
  saml_metadata_sp:                       
    type: text                                                   
    restriction_mode: A                                                                                                                                                                                             
  saml_private_key:                                                                                                                                                                                                 
    type: text                                                                                                                                                                                                      
    restriction_mode: A           

As far as I know these are set with a simple organization.update action issued by the client. This requires the end user to do much work which can be automated, which would make the SAML setup much more robust.

The following steps must be completed by the end user:

  1. find the metadata of the IdP and copy-paste as xml
  2. generate a x509 key pair
  3. Manually write/generate a metadata xml definition for the SP (OpenSlides) and fiddle the public key from 2. and other redundant information (such as URL) into it
  4. Paste the private key and and SP-metadata making sure no weird formatting or white space errors occur

IMO this should be vastly reduced to

  1. Provide the metadata URL of the IdP (from where the xml can be downloaded)
  2. Click a button to generate the x509 key pair, as well as the appropriate metadata containing the public key and all other relevant info
    -> This should also be re doable in order to invalidate an existing key pair and use a newly generated one

Most of the work to realize this must be done in the backend - at least the way I see it right now.
However the client will also change the interface and the actions to call.

So this issue should be tackled once the steps OpenSlides/openslides-backend#1933 are clear / confirmed.
Then the TODOs for the client can probably also be defined more specifically.

@peb-adr peb-adr added the enhancement General enhancement which is neither bug nor feature label Oct 24, 2023
@peb-adr
Copy link
Member Author

peb-adr commented Oct 24, 2023

Also analogous to OpenSlides/openslides-backend#1933 (comment) these settings should be accessible to orga admins rather than just superadmin.
The view should be moved accordingly.

@Elblinator Elblinator added this to the 4.2 milestone Dec 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement General enhancement which is neither bug nor feature
Projects
None yet
Development

No branches or pull requests

2 participants