[CL-3645] Update Vienna SAML IDP metadata #4968
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I just ran this command wget https://mein.wien.gv.at/stdportal-idp/extern.wien.gv.at -O back/engines/commercial/id_vienna_saml/config/saml/citizen/idp_metadata_production.xml
`wget --no-check-certificate https://idp-test.wien.gv.at/stdportal-idp/test.wien.gv.at -O back/engines/commercial/id_vienna_saml/config/saml/citizen/idp_metadata_test.xml`
|
|
Agreed with Koen to release it, test on production, and roll it back if it doesn't work. |
This was referenced May 29, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's done?
I just ran these commands
This ticket mentions that XML should be fixed manually, but I'm not sure how.
Testing
I'm not sure how to test it properly. On production, accessing this URL works https://mitgestalten.wien.gv.at/auth/vienna_citizen/ (the same as clicking the login button, after registering at https://mein.wien.gv.at/), but locally it fails with 500, the same as the login button.
I hoped it would work on this epic URL https://viennasaml.epic.citizenlab.co/en/ (it was tested here before), but it also fails with
Beim Verarbeiten des Requests ist ein Fehler aufgetretenwith bothproductionandtestenvironment configured in thevienna_citizen_loginfeature.I ran our tests in
engines/commercial/id_vienna_saml/spec/with production config and they all passed.So, the only option I see is to test it in production.
Can we make such changes easier and more reliable?
Probably, yes.
parse_remote_to_hashmethod by getting metadata right here https://mein.wien.gv.at/stdportal-idp/extern.wien.gv.at.ruby-saml(first, it wasn't supported, then it was implemented), but not byomniauth-saml.But taking into account very limited testing capabilities, it would be really hard to implement any of it.
Changelog
Changed