First Last Prev Next    This bug is not in your last search results.
Bug 52323 - Make SAML Assertion lifetime configurable
Make SAML Assertion lifetime configurable
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SAML
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-6-errata
Assigned To: Florian Best
Dirk Wiesenthal
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-11-06 17:39 CET by Florian Best
Modified: 2020-11-25 12:08 CET (History)
1 user (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2020-11-06 17:39:22 CET 
The default assertion lifetime is 300 seconds.
We should make this configurable either via an UCR variable or via an LDAP attribute.

If we raise the assertion lifetime, we don't need to renew the SAML assertion in the UMC so often for a session.
Comment 1 Florian Best univentionstaff 2020-11-13 13:47:57 CET 
Patch which makes it configurable via LDAP/UDM is in git:fbest/52323-saml-assertion-lifetime.
Please review.

It removes the temporary UCR variable 'saml/idp/assertion-lifetime' which we delivered in the pre-patch.
The new variable umc/saml/assertion-lifetime can be set before the initial joinscript execution to set it.
Comment 2 Florian Best univentionstaff 2020-11-19 14:57:45 CET 
The assertion lifetime is now configurable via the UCR variable "umc/saml/assertion-lifetime".

univention-saml.yaml
bc813198b61f | YAML Bug #52323

univention-saml (6.0.2-62)
c73ae1488ae7 | Bug #52323: make assertion.lifetime configurable

univention-management-console.yaml
bc813198b61f | YAML Bug #52323

univention-management-console (11.0.5-21)
3b9406e58c88 | Bug #52323: make assertion lifetime configurable
Comment 3 Dirk Wiesenthal univentionstaff 2020-11-24 17:46:48 CET 
OK: LDAP and UDM
OK: /usr/share/univention-management-console/saml/update_metadata
OK: UCR variables
OK: Actual results from session-info
OK: YAML
First Last Prev Next    This bug is not in your last search results.