lp:~roadmr/canonical-identity-provider/bulk-caveat-id-macaroon-discharge

Created by Daniel Manrique on 2018-01-23 and last modified on 2018-01-26
Get this branch:
bzr branch lp:~roadmr/canonical-identity-provider/bulk-caveat-id-macaroon-discharge
Only Daniel Manrique can upload to this branch. If you are Daniel Manrique please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Daniel Manrique
Project:
Canonical SSO provider
Status:
Development

Recent revisions

1596. By Daniel Manrique on 2018-01-26

Ahh, so that's what simple_macaroon is for

1595. By Daniel Manrique on 2018-01-26

Documentation for the discharge endpoint explaining the single/multiple caveat_id flow.

Didn't document the old "root_macaroon(s)" API on purpose because it's deprecated and consumers
should NOT use it.

1594. By Daniel Manrique on 2018-01-25

Small simplification of test

1593. By Daniel Manrique on 2018-01-25

Test for mixed caveat_ids: a good one and a bogus, corrupty one

1592. By Daniel Manrique on 2018-01-23

Allow sending multiple caveat_ids to MacaroonDischargeHandler.

The semantics are similar to the old macaroons parameter (contrast with
macaroon). A new payload parameter caveat_ids is supported, should receive
a list of lists/tuples with numeric_id/caveat_id and should send back a
list of numeric_id/3rd_party_discharge (or a nice error) for each.

1591. By Daniel Manrique on 2018-01-23

Test for multiple 'good' caveat_id macaroon discharging

1590. By Daniel Manrique on 2018-01-10

Add SP-specific metadata view.

This allows URLs such as /+saml/metadata/4. If the SP with id 4 has a
custom certificate, it will be used in the metadata. If not, valid metadata
with the default global cert is shown. If no SP with the given primary key exists,
a 404 is raised.

This avoids having to tell SPs "use this metadata URL but this certificate
because the one in the metadata is bad".

The intended flow would be:

1- create the SPConfig, even if with partial config.
2- Add a custom cert
3- We can now give the SP's support people a metadata link with nice certificate.

Merged from https://code.launchpad.net/~roadmr/canonical-identity-provider/metadata-with-custom-cert/+merge/334994

1589. By Daniel Manrique on 2017-12-13

Use the SAML remote's configured certificate, if present.

This allows setting a custom certificate per RP. RPs for which this
field is empty fall back to the global certificate configured in settings.

All certificates must be generated from the global private key in settings,
which is a single setting for all RPs.

Merged from https://code.launchpad.net/~roadmr/canonical-identity-provider/pass-custom-cert-to-django-saml2-idp/+merge/334984

1588. By Daniel Manrique on 2017-12-11

Add "certificate" field to SAMLConfig model.

This allows setting a custom certificate per RP. RPs for which this
field is empty fall back to the global certificate configured in settings.

All certificates must be generated from the global private key in settings,
which is a single setting for all RPs.

Merged from https://code.launchpad.net/~roadmr/canonical-identity-provider/samlconfig-certificate-field/+merge/334784

1587. By Daniel Manrique on 2017-12-04

Revert r1586 because it broke non-Canonical logins to support.canonical.com

Mechanical revert by bzr merge -r 1586..1585 ./

Merged from https://code.launchpad.net/~roadmr/canonical-identity-provider/revert-r1586/+merge/334679

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:canonical-identity-provider/release
This branch contains Public information 
Everyone can see this information.

Subscribers