Thank you for pointing this out Johann. Actually, the code doesn't do anything specific to the super tenant.
The issue is with method name 'updateSuperTenantIdpWithNewEPUrls' which is incorrect and misleading. It was my mistake :-( I just sent a PR [1] fixing the method name. @Darshana, could you review and merge it. Best Regards, Rushmin [1] - https://github.com/wso2/carbon-identity-framework/pull/1043 On Thu, Aug 31, 2017 at 6:09 PM, Johann Nallathamby <[email protected]> wrote: > IAM Folks, > > Can we do a better fix for this? I don't seem to agree with this fix. > > 1. We have written super tenant specific code. We shows that we treat > super tenant differently and can be error prone. > 2. The problem still remains for already created tenants. > > Another thing we need to address is that (not related to this issue), some > deployments require to have different DNS names for tenants. > > My suggestion: > Make this field a text box that is modifiable. > > Wdyt? Can we change this fix for IS 5.4.0? Do you see any problems in that? > > Regards, > Johann. > > ---------- Forwarded message ---------- > From: Farasath Ahamed (JIRA) <[email protected]> > Date: Thu, May 18, 2017 at 1:54 AM > Subject: [Carbon-jira] [jira] (IDENTITY-5948) Generated IdP metadata URLs > are always pointing to localhost:9443 > To: [email protected] > > > Farasath Ahamed > <https://wso2.org/jira/secure/ViewProfile.jspa?name=farasatha%40wso2.com> > *created* an issue > > WSO2 Identity Server <https://wso2.org/jira/browse/IDENTITY> / [image: > Improvement] <https://wso2.org/jira/browse/IDENTITY-5948> IDENTITY-5948 > <https://wso2.org/jira/browse/IDENTITY-5948> > Generated IdP metadata URLs are always pointing to localhost:9443 > <https://wso2.org/jira/browse/IDENTITY-5948> > Issue Type: [image: Improvement] Improvement > Affects Versions: 5.3.0-GA > Assignee: Thanuja Lakmal > <https://wso2.org/jira/secure/ViewProfile.jspa?name=thanuja%40wso2.com> > Components: saml2-sso > Created: 18/May/17 1:53 AM > Fix Versions: 5.3.1-GA > Priority: [image: High] High > Reporter: Farasath Ahamed > <https://wso2.org/jira/secure/ViewProfile.jspa?name=farasatha%40wso2.com> > > During the first startup if we do not change the hostname of the IS > server. > All endpoints related to SAML configs gets generated for localhost. > > Thereafter even if you change the hostname still they will remain as > hostname, > > <?xml version="1.0" encoding="UTF-8"?><EntityDescriptor > xmlns="urn:oasis:names:tc:SAML:2.0:metadata" > entityID="localhost"><IDPSSODescriptor > protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" > validUntil="2017-05-17T21:20:17.955Z"><KeyDescriptor use="signing"><KeyInfo > xmlns="http://www.w3.org/2000/09/xmldsig#";><X509Data><X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv > Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw > CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE > AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou > sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5 > HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID > AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i > QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR > O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</X509Certificate></X509Data></KeyInfo></KeyDescriptor><SingleLogoutService > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" > Location="https://localhost:9443/samlsso"; > ResponseLocation="https://localhost:9443/samlsso"/><NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat><SingleSignOnService > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > Location="https://localhost:9443/samlsso"/><SingleSignOnService > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" > Location="https://localhost:9443/samlsso"/></IDPSSODescriptor></EntityDescriptor> > > Any new tenants created after the hostname change will have the correct > URL with the hostname. But super tenant's metadata URL becomes unusable. > > Basically, the endpoint in SAML Metadata file is static values. > IMO we should generate them dynamically so that any change to an > environment parameter would be reflected correctly. > [image: Add Comment] > <https://wso2.org/jira/browse/IDENTITY-5948#add-comment> Add Comment > <https://wso2.org/jira/browse/IDENTITY-5948#add-comment> > > This message was sent by Atlassian JIRA (v7.2.2#72004-sha1:9d51328) > [image: Atlassian logo] > > _______________________________________________ > Carbon-jira mailing list > [email protected] > https://wso2.org/cgi-bin/mailman/listinfo/carbon-jira > > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Senior Lead Solutions Engineer > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- *Best Regards* *Rushmin Fernando* *Technical Lead* WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware mobile : +94775615183
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
