search

plp050452 / simplesamlphp

Automatically exported from code.google.com/p/simplesamlphp
Other
0 stars 0 forks source link

Add Attribute Query support #503

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
I implemented some modules to let an administrator of an IdP to provisiong 
users in final applications protected by a simpleSAMLphp SP using the Attribute 
Request method.

Take a look on https://github.com/Yaco-Sistemas/asynchronous-provisioning

I think this functionality is interesting, maybe not include all modules at the 
simpleSAMLphp core but at least the Attribute Request modules and some changes 
needed in the core.

Original issue reported on code.google.com by pitb...@gmail.com on 27 Jun 2012 at 7:20

GoogleCodeExporter commented 8 years ago 
Hi, I agree that at least some of this code could be added to SSP core. We 
should at least include the patched required for the modules to work. Also, I 
think the attributequeryserver is generic enough to be used in any attribute 
query situation?

I am more hesitant about the other modules, since it looks like they aren't all 
designed to be used together?

Regarding the patches -- is the sp_patch.diff really needed? Doesn't it work if 
you add the IdP HTTPS-certificate to its metadata?

Original comment by olavmrk@gmail.com on 28 Jun 2012 at 9:12

GoogleCodeExporter commented 8 years ago 
Hi,

The problem is that the certificate is validated and self-signed are considered 
as invalid. Maybe a better solution is to handle this problem allowing 
self-signed certificate instead of no validate the certificate.

Original comment by pitb...@gmail.com on 28 Jun 2012 at 9:28

GoogleCodeExporter commented 8 years ago 
A self-signed certificate should work there. At least that's what I used when 
testing that code. (Just remember to add the https-certificate in addition to 
the IdP certificate to the IdP metadata.)

Original comment by olavmrk@gmail.com on 28 Jun 2012 at 9:34

GoogleCodeExporter commented 8 years ago 
Oh!, the 'https.certificate' attribute at the metadata/saml20-idp-hosted.php, I 
will check it asap.

Original comment by pitb...@gmail.com on 28 Jun 2012 at 9:57

GoogleCodeExporter commented 8 years ago 
With the default cert of simpleSAMLphp and the $ctxOpts['ssl']['verify_peer'] = 
TRUE;  the SOAP fail.

Original comment by pitb...@gmail.com on 11 Jul 2012 at 5:44

GoogleCodeExporter commented 8 years ago 
The certificate must be a valid https certificate. I.e. not expired, and it 
must be for the correct hostname. The server.crt included in simpleSAMLphp is 
neither :)

Original comment by olavmrk@gmail.com on 12 Jul 2012 at 10:43

GoogleCodeExporter commented 8 years ago

Original comment by jaim...@gmail.com on 26 Feb 2014 at 2:16

GoogleCodeExporter commented 8 years ago 
Nothing has happened here for a while, so closing the issue as WontFix. It can 
be reopened as a pull request on GitHub later if desired.

Original comment by olavmrk@gmail.com on 27 Feb 2014 at 9:54