First Last Prev Next    This bug is not in your last search results.
Bug 57060 - Make URI scheme configurable for SAML requests
Make URI scheme configurable for SAML requests
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-6-errata
Assigned To: Maximilian Janßen
Florian Best
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2024-02-14 16:29 CET by Maximilian Janßen
Modified: 2024-02-28 13:17 CET (History)
0 users

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Maximilian Janßen univentionstaff 2024-02-14 18:01:02 CET 
Currently SAML is hard coded to use HTTPS or HTTP for SAML requests.
It should be possible to configure (restrict) this using the UCR variable umc/saml/schemes.
Comment 3 Maximilian Janßen univentionstaff 2024-02-28 11:54:05 CET 
The URI scheme for the URLs of the SAML attribute consuming service and single logout endpoints of UMC are now configurable via the UCR variable umc/saml/schemes (still defaulting to "https, http").
The purpose is to make https disableable in testing environments or enforce only secure HTTPS requests in production environments.

9f298d28a3c2f5a1808e2b027d239cf734d1b8b0 | feat(umc): make SAML URI scheme configurable via `umc/saml/schemes`
Comment 4 Florian Best univentionstaff 2024-02-28 12:12:59 CET 
OK: URI schemes are now configurable - must be done before adding the metadata to the SAML IDP (e.g. before join)
OK: advisory
First Last Prev Next    This bug is not in your last search results.