Skip to content

fix: Improve SAML configuration checks and update warning messages #37377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
robrap merged 26 commits into from
Oct 25, 2025
Merged

fix: Improve SAML configuration checks and update warning messages #37377

robrap merged 26 commits into from
Oct 25, 2025

Conversation

@ktyagiapphelix2u
Copy link
Contributor

@ktyagiapphelix2u ktyagiapphelix2u commented Sep 22, 2025
edited
Loading

Description

Improve SAML command to stop wrong warnings. Tests updated too.

Private Ticket

https://2u-internal.atlassian.net/jira/software/c/projects/BOMS/boards/3017?assignee=712020%3A61c35560-3472-4e12-b833-884e5c4bbff4&selectedIssue=BOMS-64

Related PR

#37330

Saml Configuration Report

SAML Configuration Check Report
==================================================

[WARNING] Provider (id=74, name=, slug=default-apphelix, site_id=1) has outdated SAML config (id=50) which should be updated to the current SAML config (id=77).
[INFO] Provider (id=74, name=, slug=default-apphelix, site_id=1) has SAML config (id=50, slug='default-mock') that does not match the provider's slug.
[WARNING] Provider (id=77, name=, slug=default-melody, site_id=1, enabled=False) has outdated SAML config (id=50) which should be updated to the current SAML config (id=77).
[INFO] Provider (id=77, name=, slug=default-melody, site_id=1, enabled=False) has SAML config (id=50, slug='default-mock') that does not match the provider's slug.
[WARNING] Provider (id=78, name=, slug=default-chintan, site_id=1, enabled=False) has outdated SAML config (id=50) which should be updated to the current SAML config (id=77).
[INFO] Provider (id=78, name=, slug=default-chintan, site_id=1, enabled=False) has SAML config (id=50, slug='default-mock') that does not match the provider's slug.
[INFO] Provider (id=88, name=, slug=vaibhav1, site_id=1) has SAML config (id=61, slug='apphelix1') that does not match the provider's slug.
[INFO] Provider (id=89, name=, slug=vaibhav2, site_id=1) has SAML config (id=61, slug='apphelix1') that does not match the provider's slug.
[WARNING] Provider (id=117, name=, slug=default-slug, site_id=6, enabled=False) has SAML config (id=73, enabled=False).
[WARNING] Provider (id=117, name=, slug=default-slug, site_id=6, enabled=False) SAML config (id=73, site_id=1) does not match the provider's site_id.
[INFO] Provider (id=117, name=, slug=default-slug, site_id=6, enabled=False) has SAML config (id=73, slug='slug', enabled=False) that does not match the provider's slug.
[WARNING] Provider (id=119, name=, slug=slug, site_id=1, enabled=False) has SAML config (id=76, enabled=False).
[WARNING] Provider (id=119, name=, slug=slug, site_id=1, enabled=False) SAML config (id=76, site_id=8) does not match the provider's site_id.
[WARNING] Provider (id=123, name=, slug=default-edx, site_id=1, enabled=False) has SAML config (id=79, enabled=False).
[INFO] Provider (id=129, name=, slug=defaultssss, site_id=1) has SAML config (id=82, slug='default-s') that does not match the provider's slug.
[INFO] Provider (id=132, name=, slug=diffrent-slug, site_id=4) has SAML config (id=84, slug='test-config') that does not match the provider's slug.
[INFO] Provider (id=137, name=, slug=default0ssd, site_id=1) has SAML config (id=90, slug='default-app') that does not match the provider's slug.
[WARNING] Provider (id=143, name=, slug=pip, site_id=9, enabled=False) has no direct SAML configuration and no matching default configuration was found.
[WARNING] Provider (id=144, name=Provider I, slug=myslug, site_id=10) has no direct SAML configuration and no matching default configuration was found.
[WARNING] Provider (id=145, name=Provider 2, slug=mysecondslug, site_id=10) has no direct SAML configuration and no matching default configuration was found.
[WARNING] Provider (id=146, name=Provider 3, slug=myslug2, site_id=11) has no direct SAML configuration and no matching default configuration was found.
CHECK SUMMARY:
  Providers checked: 22

Informational only:
  Slug mismatches: 9
  Missing configs: 4

Issues requiring attention:
  Outdated: 3
  Site mismatches: 2
  Disabled configs: 3
  Errors: 0

Total issues requiring attention: 8

@ktyagiapphelix2u
Copy link
Contributor Author

ktyagiapphelix2u commented Sep 24, 2025
edited
Loading

why i change get_config()

when use get_config(), it show many error, same error again again for missing metadata.
real config warning lost in many “No SAMLProviderData found” message.
this kind of Error: 2025-09-23 09:49:45,793 ERROR 339 [common.djangoapps.third_party_auth.models] [user None] [ip None] models.py:873 - No SAMLProviderData found for provider "" with entity id "" and IdP slug "test-config". Run "manage.py saml pull" to fix or debug.
It was counting metadata missing as error, but it not real config problem.
this was checking config and metadata both. But this command should only check config. Metadata is for --pull command. this was the mix thing which making me confused.

So I have improved it to new logic
I am doing same check, do same config check like get_config(), but no spam error message.
It check direct config and default config like get_config() do. It only say warning if both direct and default config missing.
First check direct, then default, Now config check and metadata check not getting mix

jcapphelix
jcapphelix reviewed Sep 24, 2025
View reviewed changes
@ktyagiapphelix2u ktyagiapphelix2u marked this pull request as ready for review September 26, 2025 15:14
robrap
robrap reviewed Sep 26, 2025
View reviewed changes
@ktyagiapphelix2u
Copy link
Contributor Author

ktyagiapphelix2u commented Sep 29, 2025

The Problem with get_config():

get_config() was mixing configuration validation with metadata validation. It was generating spam error messages about missing metadata ("No SAMLProviderData found"). It was checking both config AND metadata, but this command should only check config. Metadata checking belongs in the --pull command, not the config check command

@robrap
Copy link
Contributor

robrap commented Sep 29, 2025

Proposed summary output:

CHECK SUMMARY:
  Providers checked: 17

Informational only:
  Slug mismatches: 10
  Missing configs: 0

Issues requiring attention:
  Outdated: 3
  Site mismatches: 2
  Errors: 0

Total issues requiring attention: 5

@ktyagiapphelix2u
Copy link
Contributor Author

ktyagiapphelix2u commented Sep 29, 2025

@robrap I have updated the test cases and updated the saml config report for missing config one and kept it as warning only and added test case when it will give missing config


Create the provider
Add a new provider:
site: select lost.com
slug: enter my-slug
SAML configuration: leave blank (do not select anything)
Save.


Check SAML configurations

Filter by site lost.com.
Make sure there is NO SAMLConfiguration with [slug='default' for lost.com.
If one exists, either delete it or change its slug to something else (not default)

this will give missing config as [WARNING] Provider (id=146, name=Provider 3, slug=myslug2, site_id=11) has no direct SAML configuration and no matching default configuration was found. message.

robrap
robrap reviewed Oct 1, 2025
View reviewed changes
Copy link
Contributor

@robrap robrap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't go through tests yet. This is a start. Thank you.

robrap
robrap reviewed Oct 9, 2025
View reviewed changes
robrap
robrap reviewed Oct 15, 2025
View reviewed changes
Copy link
Contributor

@robrap robrap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even though there are a bunch of comments, I think this is close. Thanks. The tests don't seem overly dense and redundant any longer.

robrap
robrap reviewed Oct 22, 2025
View reviewed changes
Copy link
Contributor

@robrap robrap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Minor comments.

@robrap robrap enabled auto-merge (squash) October 25, 2025 00:26
@robrap robrap merged commit b86e203 into openedx:master Oct 25, 2025
48 checks passed
ktyagiapphelix2u added a commit to edx/edx-platform that referenced this pull request Oct 29, 2025
@ktyagiapphelix2u
fix: Improve SAML configuration checks and update warning messages (o…
add2aef 
…penedx#37377)

- Removes custom attributes for report. Uses report output only.
- Adds a count for disabled SAML configs.
- Displays disabled status of provider.
- Slug mismatch now informational only (rather than warning)
* Cleans up unit tests.
Akanshu-2u pushed a commit to edx/edx-platform that referenced this pull request Oct 29, 2025
@ktyagiapphelix2u
fix: Improve SAML configuration checks and update warning messages (o…
d618021 
…penedx#37377) (#18)

- Removes custom attributes for report. Uses report output only.
- Adds a count for disabled SAML configs.
- Displays disabled status of provider.
- Slug mismatch now informational only (rather than warning)
* Cleans up unit tests.
haftamuk pushed a commit to haftamuk/edx-platform that referenced this pull request Nov 3, 2025
@ktyagiapphelix2u @haftamuk
fix: Improve SAML configuration checks and update warning messages (o…
b071e8e 
…penedx#37377)

- Removes custom attributes for report. Uses report output only.
- Adds a count for disabled SAML configs.
- Displays disabled status of provider.
- Slug mismatch now informational only (rather than warning)
* Cleans up unit tests.
@ormsbee ormsbee mentioned this pull request Nov 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robrap robrap robrap approved these changes

+1 more reviewer

@jcapphelix jcapphelix jcapphelix approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ktyagiapphelix2u @robrap @jcapphelix