Uploaded image for project: 'Shibboleth User Interface'
  1. Shibboleth User Interface
  2. SHIBUI-1743 EntityID or ACS domain validation by user or group
  3. SHIBUI-2089

Bug: Backend is restricting admins from creating Dynamic HTTP Metadata Providers with Metadata Query Protocol URLs that do not match the group's regex

    XMLWordPrintable

Details

    • Sub-task
    • Resolution: Done
    • Minor
    • None
    • None
    • None
    • 8/13/21 - 8/27/21, 8/27/21 - 9/10/21, 9/10/21 - 9/24/21, 9/24/21 - 10/8/21

    Description

      Steps to reproduce:

      1. Login as admin
      2. Change admin group's regex to: /^foo.*$/
      3. Attempt to create a Dynamic HTTP Metadata Resolver with the following payload: 

        {"@type":"DynamicHttpMetadataResolver","enabled":false,"metadataRequestURLConstructionScheme":{"@type":"MetadataQueryProtocol","content":"thiswontpass"},"name":"DHMR2","xmlId":"0912y3t"}

      Expected result: the provider should save and persist
      Actual result:

      {"errorCode":"400","errorMessage":"Metadata Query Protocol URL not acceptable for user's group"}

      Note that if the MQP URL does match the regex, the provider will save fine (the xmlId doesn't restrict it). Also, if the regex scheme is used instead, the provider will save.

      Attachments

        Activity

          People

            charles.hasegawa@at.internet2.edu Charles Hasegawa (unicon.net)
            bill.smith@at.internet2.edu Bill Smith (unicon.net)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: