[
https://issues.apache.org/jira/browse/SLING-9397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17118977#comment-17118977
]
Cris Rockwell edited comment on SLING-9397 at 11/16/20, 5:11 PM:
-----------------------------------------------------------------
Question about local testing using "docker or some sort of JUnit setup:" I
assume this means one step that installs and configures an external IDP
(running locally), installs the related configurations for SAML2 module in
Sling; perhaps a mvn profile, and runs integration JUnit tests. Let me know if
I misunderstood.
It could take me a while for that. My knowledge and experience using docker is
(shall we say) just now emerging. For example, I had Keycloak IDP running via
docker and a week later it wouldn't start at all. Since I'm novice at docker
and had this trouble, I had revised the instructions to download and install
Keycloak the old fashioned way.
Nevertheless, I can take another pass...
[X] Change signing and encryption to optional. This will simplify localhost
testing.
[X] One step process to launch a preconfigured localhost IDP external to Sling
[X] Maven profile to rollout OSGI SAML2 settings for localhost IDP above (moved
to example package)
Any kind of direct help or advice would be most appreciated. Otherwise, I'll
chip away this localhost testing.
was (Author: cris_rockwell):
Question about local testing using "docker or some sort of JUnit setup:" I
assume this means one step that installs and configures an external IDP
(running locally), installs the related configurations for SAML2 module in
Sling; perhaps a mvn profile, and runs integration JUnit tests. Let me know if
I misunderstood.
It could take me a while for that. My knowledge and experience using docker is
(shall we say) just now emerging. For example, I had Keycloak IDP running via
docker and a week later it wouldn't start at all. Since I'm novice at docker
and had this trouble, I had revised the instructions to download and install
Keycloak the old fashioned way.
Nevertheless, I can take another pass...
[ ] Change signing and encryption to optional. This will simplify localhost
testing.
[ ] One step process to launch a preconfigured localhost IDP external to Sling
[ ] Maven profile to rollout OSGI SAML2 settings for localhost IDP above
Any kind of direct help or advice would be most appreciated. Otherwise, I'll
chip away this localhost testing.
> SAML2 Authentication Handler [initial submission]
> -------------------------------------------------
>
> Key: SLING-9397
> URL: https://issues.apache.org/jira/browse/SLING-9397
> Project: Sling
> Issue Type: New Feature
> Components: Authentication
> Environment: localhost
> Reporter: Cris Rockwell
> Priority: Major
> Labels: SAML, authentification, security, user_management
> Original Estimate: 168h
> Time Spent: 1h 20m
> Remaining Estimate: 166h 40m
>
> Here is a pull request which adds an authentication handler for a SAML2
> Service Provider via the embedded OpenSAML V3 dependencies
> [https://github.com/apache/sling-whiteboard/pull/51]
>
> *TODO Before Initial*
> [X] Sync attributes released by the IDP
> [X] Confirm license and attribution
> "As the code is ASL2 and does not require a notice or anything else, we don't
> need to mention in. But I think its usually good style to do so and have a
> single sentence in our NOTICE that we include (modified) code from ... which
> has ASL2 as the license"
>
> *TODO After Initial*
> [X] Get confirmation the project builds and operates as expected
> [X] Ensure that the NOTICE file is the correct one
> [X] Testing setup ( documentation, local SAML provider, etc )
> [X] Clarify whether we can depend on artifacts not deployed on Maven Central
> [X] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects
> * [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf]
> [X] Decide whether to make signing and encryption optional. Currently it is
> required
> [X] Get feedback whether README instructions are too much, too little,
> unclear, etc
> [ ] Consider whether use of {{SAML2ConfigService}} and
> {{SAML2ConfigServiceImpl}} is a good design or not.
> [ ] Find and fix any bugs.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
