Overview
Federation Manager v3.12.1 - Bug fixes and general feature release.
- Primary Feature: Use new to_saml methods in the "Metadata To Publish" view
Phase I
Currently the metadata is constructed through class methods on the Idp/Sp and then completed in a new Entity. This does not allow for previewing metadata until the is is submitted for approval.
To add this functionality, a to_saml method should be added to each model that represents a piece of the metadata. This method will puts the ownership of metadata construction on the model that represents that part of the metadata. Models will also collect the metadata nodes from their nested models (key_info will nest the cert, idp_sso will nest the key_info, etc.)
The following modules with need to be build in a models/concerns/saml/ directory:
- artifact_resolution_service assertion_consumer_service attribute_authority_descriptor attribute_consuming_service attribute_service certificate contact_person discovery_response entity_attribute idp idp_sso_descriptor key_info organization requested_attribute single_logout_service single_sign_on_service sp sp_sso_descriptor ui_info
- Each module will supply an insert_saml_nodes! method that can inject the model’s metadata nodes into an xml tree that is passed down through the models. They will share a common method that also allows .to_saml to be called on each model directly, to inspect that portion of the metadata.
- Each module will have an accompanying spec file that tests that portion of metadata creation. The Idp and Sp files will have additional tests to verify complete metadata creation.
Once complete, these methods will need to be compared against the current method of metadata creation. This will require:
- A rake task that compares published metadata against the results of calling to_saml on an Idp/Sp
- An (temporary) RA route that shows the diff between any IdP/Sp metadata generated vs. that on the current entity
- Documentation on any historical changes that we encounter that we won’t fix
- Iterative fixes to the metadata construction until we are satisfied with the result
- All of the above is complete / 12/7/2018 per JG
Phase II / This is being kept for Historical Reasons (Technical Debt Epcs created / see below)
Once we are satisfied with the methods, integration can be accomplished in parallel with other features, and the pacing of the roll out can remain flexible. This would include but not be limited to:
- Done: Using the new method within the “Metadata to Publish” section to shows changes while an Idp/Sp is in editing status.
- Done: Any other UI changes that allow SAs or RAs to take advantage of a more accurate metadata picture during editing
- Part of Metadata Approval: Using the metadata diff to assist with determining if metadata can be auto-approved
Moved to Technical Debt Epic - Entity Model Refactor / Added to Jira by JH 12/07/18
- Better error reporting on IdP Validations
- Detect changes to fields requiring RA approval
- Fixed all entities in an 'unpublished' state that were actually published
Release Notes
Bug
- [IFMC-1175] - Show Diff in Metadata Review Whenever There is a Previous Version
- [IFMC-1200] - Fixed problem with approving registrations
- [IFMC-1203] - Creating a site admin with a new email address does not show the 'SEND' button in the RA role management interface
- [IFMC-1046] - Fixed the inability to edit an 'unpublished' entity.