Multi-Environment Support

flipboxfactory / saml-sp

SAML Service Provider (SP) Plugin for Craft CMS

https://saml-sp.flipboxfactory.com/

Other

19 stars 5 forks source link

Multi-Environment Support #136

Open dsmrt opened 2 years ago

dsmrt commented 2 years ago

There isn't really any multi-environment support for the plugin. It's all manual and difficult. Here's a list of things that'd be nice to add to better support multi-environment configurations:

[ ] ability to duplicate providers with a simple entityID and site url override. This way you could create multiple providers on one environment.
[ ] Environment retention when copying the production database down to low environments (while keeping things secure)

camelskyscraper commented 2 years ago

This seems like a natural extension of config/saml-sp.php setting entityId like this: https://saml-sp.flipboxfactory.com/configure/settings.html#plugin-settings

dsmrt commented 2 years ago

@camelskyscraper so I think what you are saying is having one provider that inherits the environmental variables of the environment, instead of creating a new provider per environment. So the details of the metadata would change like the entity id changes when using an environment variable to manage that property. This also works nicely with the site urls, naturally.

This would change this enhancement a bit but I like the idea. Let me think this through a little bit.

camelskyscraper commented 2 years ago

I think we're saying the same thing. The use case to illustrate is I am working in a local dev environment and want to go ahead and set up my staging and production Service Providers so I can push the site as-is to a new environment and only have to update the .env file.

uandco commented 1 year ago

+1 for this. For now, you can create extra SPs and force the entity ID to the staging/prod domain, but there's no option to only show specific IDPs on the admin login page. It's either "show them all" via the enableCpLoginButtons option, or show none. Which means if you have 4 IDPs because there's 4 environments, it will show 4 buttons.

What I would like to have is another config option to set an array of IDP UIDs to show on the login page. That way we can use env variables to set the correct one(s) per environment.

dsmrt commented 1 year ago

@uandco I like the feed back. I’ll add this into this issue.

uandco commented 1 year ago

In saying that, I figured the SAML config is not saved to yaml files and only stored in the DB, which means I didn't actually have to create the extra IDPs per environment, as they would only be in my DEV DB. It helps solving my issue with multiple buttons as I can just create one IDP per env (each env has its own DB and there's no plan to dump/deploy the DB across envs as that would be destructive).

On the other hand, it forces to manually configure the IDP/change the SP SSO/Identity in the IDP when creating new envs and/or wiping the DB.