New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create module to bring back some of the functionality of the old frontpage #1593
Comments
I think the use case needs to be specified a bit more exactly to know what to do. As an admin you can already test the auth source (which includes remote IdP's if a SAML SP auth source is defined) from within the admin module. If the installation is an IdP, what would you need to be exposed to the public to be able to test what you want to test? For an SP the same question. |
@macmenco and me use it as an SP (one single SP authsource) where we send users if we have to debug something. It's basically the same as the Engineblock debug page. Let's start with exposing SP-authsources and take it from there. Those are safe to expose. |
So any authsource that is of type saml:SP? |
Yes, exactly! |
I'm also using simplesamlphp as a debugging tool in the very same scenario. In version 1.19.x we simply tell the federating party (IdP) to use this https://example.com/simplesaml/module.php/core/login which displays all saml:SP configured in authsources.php and let them choose a saml:SP and tell us the result. The beauty of this (in my opinion) is that all saml:SP are listed on one single page that does not require any authentication. |
@jockexa The problem is that in 1.1x it would show much more than just the |
@tvdijen OK, I get it. |
Is your feature request related to a problem? Please describe.
The old frontpage was very useful as a debug-tool, however it exposed individual authsources which imposed a security risk.
See #1554 and #1515 as a reference to what has changed.
Describe the solution you'd like
We could bring back some of the old functionality by exposing not the authsources but the hosted+remote IDPs. Because not everyone will use this, it makes sense to move this into a new module.
Describe alternatives you've considered
I don't really see any alternatives.. A good tool to debug IDP responses is a must-have. At least myself and @macmenco rely on this on a day-to-day basis
The text was updated successfully, but these errors were encountered: