build(deps): Replace SAML Library #2908
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Tallicia
added
in progress
DO NOT MERGE
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/187710947 The labels on this github issue will be updated when the story is started. |
Tallicia
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
...ava/org/cloudfoundry/identity/uaa/provider/saml/SamlLegacyAliasResponseForwardingFilter.java
Fixed
Show fixed
Hide fixed
duanemay
force-pushed
the
new-saml-0530
branch
5 times, most recently
from
65b0d64 to
e67a40a
Compare
duanemay
force-pushed
the
new-saml-0530
branch
9 times, most recently
from
a761b67 to
7de27a1
Compare
duanemay
force-pushed
the
new-saml-0530
branch
2 times, most recently
from
0d3a595 to
f199f50
Compare
peterhaochen47
force-pushed
the
new-saml-0530
branch
from
46248b9 to
290f89c
Compare
duanemay
force-pushed
the
new-saml-0530
branch
2 times, most recently
from
46248b9 to
b6cb65b
Compare
peterhaochen47
force-pushed
the
new-saml-0530
branch
2 times, most recently
from
a97457f to
745fff3
Compare
# Conflicts: # dependencies.gradle
strehle
added
accepted
strehle
approved these changes
Nov 20, 2024
Bumps commons-io:commons-io from 2.17.0 to 2.18.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Modified `cargo.local` to run with jacoco agent if a system property is set. - Added a task to generate coverage report from the recorded jacoco data.
…en the configured entityID is a URL) - maintain the existing behavior where a custom identity zone's saml entityID is defaulted to either 1) `zoneSubdomain.uaaWideSamlEntityID` if `uaaWideSamlEntityID` is not a URL, or 2) if `uaaWideSamlEntityID` is a URL, integration the zoneSubdomain into the URL (see tests for example). - similar logic for saml entity alias (which is used in various saml sp urls, such as `AssertionConsumerService`) except that the alias should not include url scheme (aka without `https://`), so that the resulting saml sp urls are valid urls (e.g.: `https://zone1.uaa.com/saml/SSO/alias/[saml entity alias]`, see tests for examples). - reference on develop branch (old saml code): - doc: https://github.com/cloudfoundry/uaa/blob/65952b1b53b8d01cf93e68493a3f6ac85ad8a825/docs/login/Okta-README.md?plain=1#L73-L75 - code: https://github.com/cloudfoundry/uaa/blob/cc5f76fba495e5d1b3fd755ac3a6ff137fc91878/server/src/main/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGenerator.java#L53-L54 - problem statement: without this commit, when * a custom zone is created without a `zone.config.samlConfig.entityID` specified * the default zone's `login.entityID` is configured to a URL, such as `https://uaa.com` * the default zone's `login.saml.entityIDAlias` is not set, aka default to `login.entityID` Then the resulting custom zone sp metadata has some discrepancies with the old saml code's metadata: For `AssertionConsumerService`: - old (correct) value is: https://test-zone-before.uaa.com/saml/SSO/alias/test-zone-before.uaa.com - new value is: https://test-zone.uaa.com/saml/SSO/alias/test-zone.http:/uaa.com For `entityID`: - old (correct) value is: http://test-zone-before.uaa.com - new value is: test-zone.http://uaa.com This results in the external SAML login for this zone not working.
…entityid-url-form fix: default values of custom zone's saml entityID and saml alias (wh…
|
@duanemay pipeline runs after resolving merge conflicts. |
duanemay
changed the title
# Conflicts: # dependencies.gradle
not needed anymore
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replacing the other feature branch #2862 for new SAML library replacement effort.
Sonar
https://sonarcloud.io/summary/new_code?id=cloudfoundry-identity-parent&pullRequest=2908