Open baszoetekouw opened 9 years ago
When updating an existing entry in Janus using the new REST API to insert a new metadata field, Janus also resets the ACL.
For example:
[bas@miranda]~> curl -s -u user:pass 'https://serviceregistry.surfconext.nl/janus/app.php/api/connections/1981'|python -mjson.tool
{ "allowAllEntities": false, "allowedConnections": [ { "id": 384, "name": "http://adfs.amolf.nl/adfs/services/trust" }, { "id": 994, "name": "http://sts.mumc.nl/adfs/services/trust" } ], "blockedConnections": [], "createdAtDate": "2015-03-04T14:22:14+0100", "disableConsentConnections": [], "id": 1981, "isActive": true, "metadata": { "AssertionConsumerService": [ { "Binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" } ], "NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "contacts": [ { "contactType": "technical", "emailAddress": "bas@surfnet.nl" }, { "contactType": "technical", "emailAddress": "bas@zoetekouw.net" }, { "contactType": "technical" } ], "logo": [ { "height": "60", "url": "https://.png", "width": "120" } ], "redirect": { "sign": false } }, "name": "bazo:test", "parentRevisionNr": 1, "revisionNote": "No revision note", "revisionNr": 2, "state": "testaccepted", "type": "saml20-sp", "updatedAtDate": "2015-07-23T14:12:50+0200", "updatedByUserName": "urn:collab:person:surfnet.nl:bas", "updatedFromIp": "145.97.21.122" }
Now, I try to change the redirect.sign setting:
redirect.sign
[bas@miranda]~> echo '{"metadata":{"redirect":{"sign":true}}}' | curl -s -u user:pass -X PUT -H "Content-type: application/json" 'https://serviceregistry.surfconext.nl/janus/app.php/api/connections/1981' | python -m json.tool
I expect this to only change the redirect.sign setting. However, it also clears out the allowedConnections as if I had specified "allowedConnections": [].
allowedConnections
"allowedConnections": []
This is the result of the above query:
{ "allowAllEntities": false, "allowedConnections": [], "blockedConnections": [], "createdAtDate": "2015-03-04T14:22:14+0100", "disableConsentConnections": [], "id": 1981, "isActive": true, "metadata": { "AssertionConsumerService": [ { "Binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" } ], "NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "contacts": [ { "contactType": "technical", "emailAddress": "bas@surfnet.nl" }, { "contactType": "technical", "emailAddress": "bas@zoetekouw.net" }, { "contactType": "technical" } ], "logo": [ { "height": "60", "url": "https://.png", "width": "120" } ], "redirect": { "sign": true } }, "name": "bazo:test", "parentRevisionNr": 3, "revisionNote": "No revision note", "revisionNr": 6, "state": "testaccepted", "type": "saml20-sp", "updatedAtDate": "2015-07-23T14:17:23+0200", "updatedByUserName": "engine", "updatedFromIp": "145.97.21.122" }
The same holds for ARPs.
Yes, the API has PUT semantics, meaning that you have to give the entire document back. I'll look into accepting PATCH too.
When updating an existing entry in Janus using the new REST API to insert a new metadata field, Janus also resets the ACL.
For example:
Now, I try to change the
redirect.sign
setting:I expect this to only change the redirect.sign setting. However, it also clears out the
allowedConnections
as if I had specified"allowedConnections": []
.This is the result of the above query: