New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No documentation on use of named ACLs #426

Open
Veraxus opened this Issue Jul 28, 2016 · 3 comments

Comments

Projects
None yet
4 participants
@Veraxus

Veraxus commented Jul 28, 2016

There is no documentation on use of named ACLs.

Source:
https://github.com/simplesamlphp/simplesamlphp/blob/master/config-templates/acl.php

This file mentions that named ACLs "can be reused in several places." but does not specify where or how. There are no other clues in the source code, either - not in config.php or authsources.php. Likewise, the only authz documentation on the website is this:

https://simplesamlphp.org/docs/stable/authorize:authorize

Which does not discuss the topic of named ACLs at all. I'm not sure how to implement this feature at all since there is no documentation, samples, comments, etc at all, anywhere. Likewise, the above is only useful in circumstances where a single SP is in use. It's not useful at all if you need to specify a named ACL for a specific SP in an environment with multiple SPs.

@thijskh

This comment has been minimized.

Member

thijskh commented Jul 29, 2016

It seems this functionality is currently only in use in modules/statistics/ as one of several options to grant access to the statistics web interface. That module grants access if you're the admin user, or if you're in a list of allowed userid's, or if you match a specific named acl from acl.php.

@thijskh

This comment has been minimized.

Member

thijskh commented Nov 14, 2016

So obviously we could document it, but given te observations by @Veraxus and myself above, maybe just remove this functionality?

  • No documentation, samples, comments
  • Only usable when there's a single SP
  • Only usable with statistics module which provides other authz options

@thijskh thijskh added the needsinfo label Nov 19, 2018

@tvdijen tvdijen added this to the 2.0 milestone Nov 21, 2018

@tvdijen

This comment has been minimized.

Member

tvdijen commented Nov 21, 2018

It was decided this should be removed for 2.0. There will be no replacement for this functionality

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment