Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[IMPROVE] Change the SAML metadata order to conform to XSD specification #15488

Merged
merged 5 commits into from Apr 21, 2020
Merged

[IMPROVE] Change the SAML metadata order to conform to XSD specification #15488

merged 5 commits into from Apr 21, 2020

Conversation

fcrespo82
Copy link
Contributor

Move the order in which metadata is generated to conform to XSD specification and pass XSD schema validation.

Example metadata before the fix (contents changed and certificate truncated for security purposes):

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com/_saml/metadata/chat">
  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.com/_saml/logout/chat/" ResponseLocation="https://example.com/_saml/logout/chat/"/>
    <NameIDFormat>
      urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    </NameIDFormat>
    <AssertionConsumerService index="1" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/_saml/validate/chat"/>
    <KeyDescriptor>
      <ds:KeyInfo>
      <ds:X509Data>
      <ds:X509Certificate>
        MIIEXDCCAsQCCQDv1KKlp39FrDANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJC...
      </ds:X509Certificate>
      </ds:X509Data>
      </ds:KeyInfo>
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
    </KeyDescriptor>
  </SPSSODescriptor>
</EntityDescriptor>

Example metadata AFTER the fix (contents changed and certificate truncated for security purposes):

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com/_saml/metadata/chat">
  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <KeyDescriptor>
      <ds:KeyInfo>
      <ds:X509Data>
      <ds:X509Certificate>
        MIIEXDCCAsQCCQDv1KKlp39FrDANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJC...
      </ds:X509Certificate>
      </ds:X509Data>
      </ds:KeyInfo>
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
    </KeyDescriptor>
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.com/_saml/logout/chat/" ResponseLocation="https://example.com/_saml/logout/chat/"/>
    <NameIDFormat>
      urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    </NameIDFormat>
    <AssertionConsumerService index="1" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/_saml/validate/chat"/>
  </SPSSODescriptor>
</EntityDescriptor>

@CLAassistant
Copy link

CLAassistant commented Oct 2, 2019
edited

CLA assistant check
All committers have signed the CLA.

@fcrespo82
Copy link
Contributor Author

fcrespo82 commented Oct 2, 2019
edited

The license/cla check appears to be stuck.
Pinging @tassoevan @MarcosSpessatto @renatobecker @ggazzo

@fcrespo82
Copy link
Contributor Author

Pinging @engelgabriel @rodrigok @sampaiodiego @marceloschmidt

Can someone look at this, please?

@ggazzo ggazzo added this to the 3.2.0 milestone Apr 14, 2020
@rodrigok rodrigok changed the title [FIX] Change the order in which metadata is generated [IMPROVE] Change the SAML metadata order to conform to XSD specification Apr 21, 2020
@rodrigok rodrigok merged commit 9506e98 into RocketChat:develop Apr 21, 2020
gabriellsh added a commit that referenced this pull request Apr 22, 2020
@gabriellsh
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into adm/…
750b050 
…users_and_rooms

* 'develop' of github.com:RocketChat/Rocket.Chat: (29 commits)
  [FIX] 2FA not showing codes for Spanish translation (#17378)
  [NEW] [ENTERPRISE] Restrict the permissions configuration for guest users  (#17333)
  [NEW] Federation event for when users left rooms (#17091)
  [FIX] CSV Importer fails when there are no users to import (#16790)
  Import slack's mpims as direct rooms instead of private groups (#17206)
  [FIX] SAML Idp Initiated Logout Error (#17324)
  [NEW] Better Push and Email Notification logic (#17357)
  [NEW] Error page when browser is not supported (#17372)
  [NEW] [ENTERPRISE] Omnichannel queue priorities (#17141)
  [IMPROVE] Change the SAML metadata order to conform to XSD specification (#15488)
  [IMPROVE] Filter markdown in notifications (#9995)
  [IMPROVE] User gets UI feedback when message is pinned or unpinned (#16056)
  Remove set as alias setting (#16343)
  [IMPROVE] Add `file-title` and `file-desc` as new filter tag options on message search (#16858)
  [NEW]  Add ability to set tags in the Omnichannel room closing dialog (#17254)
  [FIX] Show active admin and user account menu item (#17047)
  [NEW] [ENTERPRISE] Allows to set a group of departments accepted for forwarding chats (#17335)
  [FIX] Prevent user from getting stuck on login, if there is some bad fname (#17331)
  [FIX] Remove properties from users.info response (#17238)
  Bump version to 3.1.1
  ...
@sampaiodiego sampaiodiego mentioned this pull request Apr 27, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pierre-lehnen-rc pierre-lehnen-rc pierre-lehnen-rc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.2.0
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@fcrespo82 @CLAassistant @pierre-lehnen-rc @rodrigok @ggazzo @sampaiodiego