Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-19329

Capability to configure the Alfresco Share "prefix" for all SAML calls with property settings

    Details

    • Bug Priority:
      Category 2
    • ACT Numbers:

      00956196 Partner

      Description

      Description:

      Capability to configure the Alfresco Share "prefix" for all SAML calls with property settings

      Customer Explanation:

      Currently, the SAML utility attempts to set the Share sso/slo URLs as appended to the base share url (see here: https://docs.alfresco.com/saml/tasks/saml-config-props.html (see properties saml.share.spSloRequestURLSuffix, saml.share.spSloResponseURLSuffix, and saml.share.spSsoURLSuffix)).

      We need to be able to set that whole URL, not just the suffix. We're in a clustered environment behind a proxy, and each of the servers are expecting the host of the server they're on rather than the host of the proxy. Changing the host of the server to the same as the proxy is not an adequate solution, as we need it to be the same for other portions of the application.

      We need, for example, to be able to set the "prefix" of the calls in a ways like this:
      saml.share.spDomain=https://www.exampledomain.com/share

      Then, the SP metadata would then have these attributes:
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.exampledomain.com/share/page/saml-logoutrequest" ResponseLocation="https://www.exampledomain.com/share/page/saml-logoutresponse"/>
      <md:AssertionConsumerService isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.exampledomain.com/share/page/saml-authnresponse" index="0"/>

      Rather than:
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="${share.protocol}://${share.host}:${share.port}/share/page/saml-logoutrequest" ResponseLocation="${share.protocol}://${share.host}:${share.port}/share/page/saml-logoutresponse"/>
      <md:AssertionConsumerService isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="${share.protocol}://${share.host}:${share.port}/share/page/saml-authnresponse" index="0"/>

        Attachments

          Structure

            Activity

              People

              • Assignee:
                alee Alex Lee
                Reporter:
                rpierce Ron Pierce
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Structure Helper Panel