IAM Folks, Can we do a better fix for this? I don't seem to agree with this fix.
1. We have written super tenant specific code. We shows that we treat super tenant differently and can be error prone. 2. The problem still remains for already created tenants. Another thing we need to address is that (not related to this issue), some deployments require to have different DNS names for tenants. My suggestion: Make this field a text box that is modifiable. Wdyt? Can we change this fix for IS 5.4.0? Do you see any problems in that? Regards, Johann. ---------- Forwarded message ---------- From: Farasath Ahamed (JIRA) <[email protected]> Date: Thu, May 18, 2017 at 1:54 AM Subject: [Carbon-jira] [jira] (IDENTITY-5948) Generated IdP metadata URLs are always pointing to localhost:9443 To: [email protected] Farasath Ahamed <https://wso2.org/jira/secure/ViewProfile.jspa?name=farasatha%40wso2.com> *created* an issue WSO2 Identity Server <https://wso2.org/jira/browse/IDENTITY> / [image: Improvement] <https://wso2.org/jira/browse/IDENTITY-5948> IDENTITY-5948 <https://wso2.org/jira/browse/IDENTITY-5948> Generated IdP metadata URLs are always pointing to localhost:9443 <https://wso2.org/jira/browse/IDENTITY-5948> Issue Type: [image: Improvement] Improvement Affects Versions: 5.3.0-GA Assignee: Thanuja Lakmal <https://wso2.org/jira/secure/ViewProfile.jspa?name=thanuja%40wso2.com> Components: saml2-sso Created: 18/May/17 1:53 AM Fix Versions: 5.3.1-GA Priority: [image: High] High Reporter: Farasath Ahamed <https://wso2.org/jira/secure/ViewProfile.jspa?name=farasatha%40wso2.com> During the first startup if we do not change the hostname of the IS server. All endpoints related to SAML configs gets generated for localhost. Thereafter even if you change the hostname still they will remain as hostname, <?xml version="1.0" encoding="UTF-8"?><EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="localhost"><IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" validUntil="2017-05-17T21:20:17.955Z"><KeyDescriptor use="signing"><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";><X509Data><X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5 HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</X509Certificate></X509Data></KeyInfo></KeyDescriptor><SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso"; ResponseLocation="https://localhost:9443/samlsso"/><NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:9443/samlsso"/><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso"/></IDPSSODescriptor></EntityDescriptor> Any new tenants created after the hostname change will have the correct URL with the hostname. But super tenant's metadata URL becomes unusable. Basically, the endpoint in SAML Metadata file is static values. IMO we should generate them dynamically so that any change to an environment parameter would be reflected correctly. [image: Add Comment] <https://wso2.org/jira/browse/IDENTITY-5948#add-comment> Add Comment <https://wso2.org/jira/browse/IDENTITY-5948#add-comment> This message was sent by Atlassian JIRA (v7.2.2#72004-sha1:9d51328) [image: Atlassian logo] _______________________________________________ Carbon-jira mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/carbon-jira -- Thanks & Regards, *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
