search

flipboxfactory / saml-sp

SAML Service Provider (SP) Plugin for Craft CMS
https://saml-sp.flipboxfactory.com/
Other
19 stars 5 forks source link

migration #131

Closed lamboap closed 2 years ago

lamboap commented 3 years ago

Hi,

We plan on creating migrations between our dev/staging/prod environments and periodically backfilling our content from prod back to dev. This will be done by importing the prod db back down to dev. My question is: what is the level of effort needed to disable, remove sso from these migrations. What tables should we exclude or remove the settings for? Or should we just remove it from the admin panel after every backfill?

dsmrt commented 3 years ago

You can possibly do nothing here and it will automatically be disabled on the staging and dev.

Each environment is configured separately. SAML SSO is based heavily on the URL with the 2 trusted entities (Service Provider as your craft instance and Identity Provider being Okta). So Okta knows the prod SP is at www.example.com but doesn't know about dev.example.com, unless you configure it to know.

Take a look at FAQs too. Entity ID is important to understand at a high level and configuring it in the plugin correctly will make the SAML experience easier: https://saml-sp.flipboxfactory.com/faqs.html

If you want to exclude the tables from the dumps anyways, exclude tables that contain saml_sp and keychain in them.

dsmrt commented 2 years ago

I think I answered the question but let me know if you need anything else! (we can open it back up if needed)

hiasl commented 2 years ago

Additional question: We have the same requirement, we plan to clone DBs back from PROD to DEV (and in rare cases even from QS to PROD).

Since all provider information is stored in the database, I need to do all configurations on the production, right?

Would't it be better on the longterm to have providers in project config instead of the db to be able to deploy updates in the recommended way, or am I wrong here? Or what about having an option in the settings of SAMP-SP to ignore the plugins tables when dumping (this way you could enable / disable it).

dsmrt commented 2 years ago

Yes you need to configure the settings on the specific environments due to the nature of Craft multi environment setup. I have added an issue to look into this recently to see if i could improve this but it’s not something that’ll come quickly.

I would like to lean on the project config more and maybe that’d be something we could add down the road but again, it would take some time to implement. I also need to factor in any security issues with save the key and cert in the project config vs the DB.