Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Metadata Simplify filter signature in V3

Description

This is a proposal to pull a proposed IdP4 features back into the SP

  • For V4 IdP I believe that we discussed making the IdP fail to load a metadata provider unless a signature filter was in place (with overload attribute to turn it off).  I cannot find the case so maybe I dreamt it. 
    Proposal here would be have failOnNoSignatureFilter="bool" (or some such) with the default true for remote providers and false for local ones,

  • Given a simplification like that, is it worth considering just allowing the pem file to be specified inside the <MetadataProvider> so save the whole filter thing?  I was initially keen, less so now

Environment

None

Activity

Show:

Rod WiddowsonApril 5, 2018 at 4:09 PM

So I'm going off the idea of this.  It feels like a gratuitous change in a mature product with a mature configuration.

Someone bringing up an Application has enough to do that saving 20 seconds on configuring a safe filter is irrelevant.

 

I'll close in the next few days unless there is a public outcry

Scott CantorApril 5, 2018 at 2:32 PM

Valid point, though it could be I suppose left as a "must be instead of any Filters" kind of thing. Starts to seem like pointless effort though.

trscavo@ncsa.illinois.eduApril 5, 2018 at 2:29 PM
Edited

I assume filter order is important (as it is on the IdP side), in which case collapsing the signature filter makes it impossible to know when to verify the signature.

Rod WiddowsonApril 5, 2018 at 1:14 PM

I was going to add this  here but its easier to keep thinks in here.

 

The proposal boils down to

 

<MetadataProvider url="mumble" certFile="inCommon.pem" />

The issue here being that if we do not want to push the entirety of the config of the Signature Filter up to the MetadataProvider.  So we need to flip the default for {{verifyBackup}} to false.  

I have no opinion one way or another.  Anybody want to say one way or another?

 

Scott CantorMarch 21, 2018 at 8:40 PM

Unfortunately this would break upgrades, so once again...

We could warn, but I wouldn't be concerned about exposing a setting on that, people can live with warnings if they're doing stupid things.

I'm not opposed to the shortcut change, but I think that only makes sense to do if we toggle the verifyBackup default. That would be a non-breaking upgrade change. Otherwise I think the majority of cases you'd end up needing both settings and we don't want to inline the whole signature filter config.

Won't Do

Details

Assignee

Reporter

Components

Created November 11, 2017 at 10:55 AM
Updated June 22, 2021 at 8:42 PM
Resolved April 12, 2018 at 9:37 AM