Skip to content

Generate SAML metadata for the Identity Provider #52415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 23 commits into from
Feb 28, 2020
Merged

Generate SAML metadata for the Identity Provider #52415

merged 23 commits into from
Feb 28, 2020

Conversation

@jkakavas
Copy link
Contributor

@jkakavas jkakavas commented Feb 17, 2020

This change adds an API for generating SAML metadata for the
configured Identity Provider. All parameters that can contribute
to the metadata, from signing keys to Organization and contact
details are all configured in node settings.
The caller of the API needs to define the SP that will consume this
metadata as the values included can potentially be different,
depending on the registered SP configuration and the IDP policy.

This doesn't actually really depend, but builds upon #52018 to reduce duplication of effort, so it should be reviewed once that is merged.

@jkakavas
Handle incoming AuthnRequests
f09d280 
- Expose an API that consumes (possibly signed) AuthnRequests as
defined by the HTTP-Redirect binding.
- Process AuthnRequests, validate and parse them into a minimum
set of information to be used for subsequent API calls to get a
SAML Response
@jkakavas
remove redundant schema files
68a13c7
@jkakavas
Merge branch 'feature-internal-idp' into idp-sp-init-handlers
5258399
@jkakavas
address feedbacl and add Transport action tests
9573ebd
@jkakavas
Merge branch 'feature-internal-idp' into idp-sp-init-handlers
f15cc9f
@jkakavas
Generate SAML metadata for the Identity Provider
54e1eaf 
This change adds an API for generating SAML metadata for the
configured Identity Provider. All parameters that can contribute
to the metadata, from signing keys to Organization and contact
details are all configured in node settings.
The caller of the API needs to define the SP that will consume this
metadata as the values included can potentially be different,
depending on the registered SP configuration and the IDP policy.
@jkakavas
Merge remote-tracking branch 'origin/feature-internal-idp' into idp-m…
5b1c410 
…etadata-api
@jkakavas jkakavas added the :Security/Security Security issues without another label label Feb 17, 2020
@jkakavas jkakavas requested a review from tvernum February 17, 2020 14:12
@elasticmachine
Copy link
Collaborator

elasticmachine commented Feb 17, 2020

Pinging @elastic/es-security (:Security/Security)

@jkakavas jkakavas mentioned this pull request Feb 20, 2020
Merged
tvernum
tvernum reviewed Feb 27, 2020
View reviewed changes
tvernum
tvernum approved these changes Feb 28, 2020
View reviewed changes
...y-provider/src/main/java/org/elasticsearch/xpack/idp/rest/RestSamlMetadataRequestAction.java Outdated

import static org.elasticsearch.rest.RestRequest.Method.GET;

public class RestSamlMetadataRequestAction extends BaseRestHandler {
Copy link
Contributor

@tvernum tvernum Feb 28, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would call this either

Suggested change
public class RestSamlMetadataRequestAction extends BaseRestHandler {
public class RestGetSamlMetadataAction extends BaseRestHandler {

or

Suggested change
public class RestSamlMetadataRequestAction extends BaseRestHandler {
public class RestSamlMetadataAction extends BaseRestHandler {

...y-provider/src/main/java/org/elasticsearch/xpack/idp/rest/RestSamlMetadataRequestAction.java Outdated

@Override
public String getName() {
return "saml_idp_generate_metadata";
Copy link
Contributor

@tvernum tvernum Feb 28, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd probably change this name, based on what you decide to call the class.

@tvernum
Copy link
Contributor

tvernum commented Feb 28, 2020

GitHub/Jenkins seems to have lost the CI results.

@elasticmachine test this please

tvernum
tvernum approved these changes Feb 28, 2020
View reviewed changes
...identity-provider/src/main/java/org/elasticsearch/xpack/idp/rest/RestSamlMetadataAction.java Outdated
@Override
public String getName() {
return "saml_idp_generate_metadata";
return "saml_metadata";
Copy link
Contributor

@tvernum tvernum Feb 28, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tiny nit, our names typically end in _action.
TBH I don't know why - it's already obvious it's an action.

@jkakavas
Copy link
Contributor Author

jkakavas commented Feb 28, 2020

@elasticmachine update branch

@jkakavas jkakavas merged commit 4bc8370 into elastic:feature-internal-idp Feb 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

Assignees

No one assigned

Labels

:Security/Security Security issues without another label v7.11.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jkakavas @elasticmachine @tvernum @jakelandis @BigPandaToo