Closed irstevenson closed 5 years ago
Yes, please remove that section.
A simple message to the log "No service provider metadata was configured in saml.metadata.providers" if the list is empty should be enough.
I can run the testsuite even with an empty plugin.yml. It's not neccessary but we could optionally migrate the unwanted settings to application.yml so that grails run-app will still work for manual testing.
Oh yes, looks like I got muddled there. These need to be removed from plugin.yml
not application.yml
. ;)
Note the main issue here is solved with #54
:+1:
Can close once merged.
This has been merged.
Plugin version 3.3.1-SNAPSHOT
I've found that when you provide your own explicit
saml.metadata.providers
it is merged with the defaults forsaml.metadata.providers
. So as we know, the default config has one providerping
with a metadata file atsecurity/idp-local.xml
. Now if I have a config like:I see some start-up logging which shows the default is still in play:
Looking at this I see a few things:
grails-app/conf/security/*
when packaged - that stuff should only be for testing. (Except forsecurity/springSecuritySamlBeans.xml
.)But to stay on track, a fix for this would simply be:
grails-app/conf/application.yml
; andSpringSecuritySamlGrailsPlugin
before theconf.saml.metadata.providers.each {}
do a check to see if there are any providers, and if not report an error with config guidance and throw an exception; as well as