-
Notifications
You must be signed in to change notification settings - Fork 824
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
backfill tests: SAML SP metadata #2794
backfill tests: SAML SP metadata #2794
Conversation
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/187289884 The labels on this github issue will be updated when the story is started. |
uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java
Fixed
Show fixed
Hide fixed
- in preparation for replacing the EOL spring saml extension lib with spring security core saml, adding more test coverage on the SAML SP metadata - tests that SAML SP metadata matches the UAA configs (in the context of this test, the UAA configs are from the local uaa.yml used to start a local server) - also explicitly declare some SAML-SP-related fields in the said local uaa.yml to make the inputs to the test clearer [#186986697]
5bee567
to
88ecdd8
Compare
- Replaced the code that was depending on the platform where the test was being executed. [#186986697] Co-authored-by: Danny Faught <danny.faught@broadcom.com>
Co-authored-by: Hongchol Sinn <hongchol.sinn@broadcom.com>
* Looks like we used the wrong metadata when we added this assertion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wouldn't it make sense to use default SHA256 also here
https://github.com/cloudfoundry/uaa/blob/develop/uaa/src/main/webapp/WEB-INF/spring/saml-providers.xml#L305
Right. It was mentioned and considered before in a different PR. In production though, for TAS at least, the property is always set to either 256 or 512, and we decided just to leave it like that as it is practically only used for dev build. |
even in DEV it is no 256 as default... but therefore I would not let in xml sha1 with a settings where is looks like this is the default, e.g. https://github.com/cloudfoundry/uaa/blob/develop/uaa/src/main/webapp/WEB-INF/spring/saml-providers.xml#L305 because the value is no not null thus default in XML is never used |
In cf-deployment (the OSS version of CF), this value is unset, hence UAA default will be used. |
I bet that even in cf-deployment now SHA256 is used... but I have no problem with it... only because of misleading XML default which is no default anymore.. See Then merge this PR and check again the signature of https://login.uaa-acceptance.cf-app.com |
Right, but the default has been always SHA1 there, as the property has been like that all the time. Do you think we should change the default value there for the OSS version of CF? Then we can make the change in another PR. |
ok |
- For the bean. - As suggested in review comments in #2794.
- For the bean. - As suggested in review comments in #2794.
[#186986697]