#72 SAML Client installer should not copy idp metadata
Opened 4 years ago by simo. Modified 2 years ago

The current client installer works by copying the idp metadata to a static file.
Now that the metadata is regenerated on the fly and has expiration times the installer should stop copying it and instead configure mod_auth_mellon with the URL where the IdP metadata is exposed so that it can automatically refresh the metadata as required.


Fields changed

milestone: => 1.0 m3

I don't see any capability for mod_auth_mellon to use a URL for the metadata. The nearest thing I see is the MellonDiscoveryURL directive used for an IdP discovery service, but that is for selecting amongst multiple IdPs:

https://raw.githubusercontent.com/UNINETT/mod_auth_mellon/master/README

The consensus upstream is that this is best done by a cronjob. Details are in the mod_mellon mailing list thread here:

https://postlister.uninett.no/sympa/arc/modmellon/2015-03/msg00002.html

design_link: =>

Fields changed

milestone: 1.0 m3 => 1.0

Fields changed

milestone: 1.0 m4 => Backlog

Metadata Update from @nkinder:
- Issue set to the milestone: Backlog

2 years ago

Login to comment on this ticket.

Metadata