Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-59199

There is no ability to "clear" the SAML IdP metadata URL or metadata XML content columns from the SAML database table "SamlSpIdpConnection".

    XMLWordPrintable

Details

    • Feature Request
    • Status: Reviewed
    • Minor
    • Resolution: Not Aligned with the Roadmap
    • None
    • None
    • Application Security > SAML

    Description

      Background Information

      The following code lines are from the SamlSpIdpConnectionLocalServiceImpl class of the package "com.liferay.saml.service.impl", and the code can be found in the source code of the SAML plugin:

        if ((metadataXmlInputStream == null) &&
   Validator.isNotNull(metadataUrl)) {

   samlSpIdpConnection.setMetadataUrl(metadataUrl);

   metadataXmlInputStream = MetadataUtil.getMetadata(metadataUrl);
  }

  String metadataXml = StringPool.BLANK;

  if (metadataXmlInputStream != null) {
   metadataXml = getMetadataXml(
    metadataXmlInputStream, samlIdpEntityId);
  }

  if (Validator.isNotNull(metadataXml)) {
   samlSpIdpConnection.setMetadataUpdatedDate(now);
   samlSpIdpConnection.setMetadataXml(metadataXml);
  }

      From the above code, we can see that the value entered in the "Metadata URL" field will only be modified in the database when there is one entered Metadata URL and there is no specified Metadata XML file (both conditions must be met at the same time). Otherwise, what the portal does is just keeping the same Metadata URL in the database.

      However, the customers are having concerns over this behavior since there is no ability to "clear" the SAML IdP metadata URL or metadata XML content columns from the SAML database table "SamlSpIdpConnection" and even the admin user currently requires database access to clear the columns.

      I have explained to the customer that we have designed the SAML plugin to preserve the originally entered URL on purpose to make sure there is always one Metadata URL saved in the database as long as the customers have specified one. That way, whenever the user has forgotten about the previously entered Metadata URL or its format, he/she can simply have a look at the displayed Metadata URL and then he/she can either choose to modify the displayed Metadata URL or overwrite the previously saved Metadata URL by specifying any Metadata XML file.

      The customer would like to hear from us about whether this behavior can be improved in later SAML plugin versions thus I have created this ticket to request the feature.

      Attachments

        Issue Links

          is related to

          Feature Request - LPS-59200 Make it clear for the SAML Admins to know whether they are making use of Metadata URL or Metadata XML file.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Reviewed
          relates

          New Article - LRDOCS-1917 Documentation (Edit): Include detailed logic explanations on Metadata URL and Metadata XML file usage in the SAML Admin page.

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              eric.cheng Eric Cheng (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Packages

                  Version Package