Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-59199

There is no ability to "clear" the SAML IdP metadata URL or metadata XML content columns from the SAML database table "SamlSpIdpConnection".

    Details

    • Type: Feature Request
    • Status: Closed
    • Priority: Minor
    • Resolution: Discarded
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:

      Description

      Background Information

      The following code lines are from the SamlSpIdpConnectionLocalServiceImpl class of the package "com.liferay.saml.service.impl", and the code can be found in the source code of the SAML plugin:

        if ((metadataXmlInputStream == null) &&
         Validator.isNotNull(metadataUrl)) {
      
         samlSpIdpConnection.setMetadataUrl(metadataUrl);
      
         metadataXmlInputStream = MetadataUtil.getMetadata(metadataUrl);
        }
      
        String metadataXml = StringPool.BLANK;
      
        if (metadataXmlInputStream != null) {
         metadataXml = getMetadataXml(
          metadataXmlInputStream, samlIdpEntityId);
        }
      
        if (Validator.isNotNull(metadataXml)) {
         samlSpIdpConnection.setMetadataUpdatedDate(now);
         samlSpIdpConnection.setMetadataXml(metadataXml);
        }
      

      From the above code, we can see that the value entered in the "Metadata URL" field will only be modified in the database when there is one entered Metadata URL and there is no specified Metadata XML file (both conditions must be met at the same time). Otherwise, what the portal does is just keeping the same Metadata URL in the database.

      However, the customers are having concerns over this behavior since there is no ability to "clear" the SAML IdP metadata URL or metadata XML content columns from the SAML database table "SamlSpIdpConnection" and even the admin user currently requires database access to clear the columns.

      I have explained to the customer that we have designed the SAML plugin to preserve the originally entered URL on purpose to make sure there is always one Metadata URL saved in the database as long as the customers have specified one. That way, whenever the user has forgotten about the previously entered Metadata URL or its format, he/she can simply have a look at the displayed Metadata URL and then he/she can either choose to modify the displayed Metadata URL or overwrite the previously saved Metadata URL by specifying any Metadata XML file.

      The customer would like to hear from us about whether this behavior can be improved in later SAML plugin versions thus I have created this ticket to request the feature.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                support-lep@liferay.com SE Support
                Reporter:
                eric.cheng Eric Cheng (Inactive)
              • Votes:
                3 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package