New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minimal SAML for metadata url #3500
Comments
If we go that route, what should the other SAML endpoints do? Return a status code? Which one? Render |
Each endpoint should only error if they don't have the configuration needed for that endpoint's functionality. I'm not immediately sure what that should be as far as a status code. For the moment I'm fine with a 500 error as we're currently doing it, but I'm looking to see if the SAML spec gives any guidance on the appropriate http response codes for these situations. |
I am by no means confident in my assessment of the spec, but I have not yet found any guidance in the SAML2 spec regarding the appropriate HTTP status codes when the server is misconfigured. It seems to delegate all of that entirely to the SAML messages and leave that undefined. If the other URLs are misconfigured, any generic error page should be acceptable. That seems like what |
When setting up a new SAML integration, it is helpful to create a
SocialApp
instance without the IDP data, so that they can have access to the/metadata/
url to help configure their IdP. However, in order to render the metadata URL, I have to have theidp
key in the settings set, and it must be populated with theentity_id
and either a validmetadata_url
or asso_url
andx509cert
that can be the empty string.It would be optimal if we could lift that restriction and permit the default empty settings dictionary be sufficient to let the metadata url work.
The text was updated successfully, but these errors were encountered: