Merge lp:~roadmr/canonical-identity-provider/metadata-with-custom-cert into lp:canonical-identity-provider/release
Status: | Merged |
---|---|
Approved by: | Daniel Manrique |
Approved revision: | no longer in the source branch. |
Merge reported by: | Otto Co-Pilot |
Merged at revision: | not available |
Proposed branch: | lp:~roadmr/canonical-identity-provider/metadata-with-custom-cert |
Merge into: | lp:canonical-identity-provider/release |
Prerequisite: | lp:~roadmr/canonical-identity-provider/pass-custom-cert-to-django-saml2-idp |
Diff against target: |
119 lines (+54/-3) 3 files modified
src/ubuntu_sso_saml/tests/test_views.py (+44/-1) src/ubuntu_sso_saml/urls.py (+1/-0) src/ubuntu_sso_saml/views.py (+9/-2) |
To merge this branch: | bzr merge lp:~roadmr/canonical-identity-provider/metadata-with-custom-cert |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ricardo Kirkner (community) | Approve | ||
Review via email: mp+334994@code.launchpad.net |
Commit message
Add SP-specific metadata view.
This allows URLs such as /+saml/metadata/4. If the SP with id 4 has a
custom certificate, it will be used in the metadata. If not, valid metadata
with the default global cert is shown. If no SP with the given primary key exists,
a 404 is raised.
This avoids having to tell SPs "use this metadata URL but this certificate
because the one in the metadata is bad".
The intended flow would be:
1- create the SPConfig, even if with partial config.
2- Add a custom cert
3- We can now give the SP's support people a metadata link with nice certificate.
Description of the change
Add SP-specific metadata view.
This allows URLs such as /+saml/metadata/4. If the SP with id 4 has a
custom certificate, it will be used in the metadata. If not, valid metadata
with the default global cert is shown. If no SP with the given primary key exists,
a 404 is raised.
This avoids having to tell SPs "use this metadata URL but this certificate
because the one in the metadata is bad".
The intended flow would be:
1- create the SPConfig, even if with partial config.
2- Add a custom cert
3- We can now give the SP's support people a metadata link with nice certificate.
Good idea and code lgtm, but what about using some other field (eg, acs_url) to identify the SP instead of exposing our internal PK?