Skip to content

Support biometric ACR values in SAML#11013

Merged
vrajmohan merged 1 commit intomainfrom
support-biometric-acr-in-saml
Aug 2, 2024
Merged

Support biometric ACR values in SAML#11013
vrajmohan merged 1 commit intomainfrom
support-biometric-acr-in-saml

Conversation

@vrajmohan
Copy link
Contributor

@vrajmohan vrajmohan commented Jul 31, 2024

changelog: Upcoming Features, IdV with Biometric Comparison, Supporting biometric acr in SAML

🎫 Ticket

https://gitlab.login.gov/lg-people/lg-people-appdev/Melba/backlog-fy24/-/issues/44

📜 Testing Plan

The testing plan should be similar to what was done for OIDC - https://docs.google.com/document/d/1_TJBdEiErT460qoJh-jiw9E3mlPCffguMn28--4LJK8/edit

vrajmohan
vrajmohan commented Jul 31, 2024
View reviewed changes
@vrajmohan vrajmohan requested review from Sgtpluck and lmgeorge July 31, 2024 20:43
zachmargolis
zachmargolis reviewed Jul 31, 2024
View reviewed changes
zachmargolis
zachmargolis reviewed Jul 31, 2024
View reviewed changes
spec/services/attribute_asserter_spec.rb Outdated
Copy link
Contributor

@zachmargolis zachmargolis Jul 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(nothing needed for this PR, mentioning)

ok so I can't believe I am figuring this out today, but I think it's a really weird pattern the way we assign the transient asserted_attributes to the user object like this, I would love to live in a world where we refactor how we pass the user attributes around, but that seems like not the right idea for this PR right this moment

Copy link
Contributor Author

@vrajmohan vrajmohan Jul 31, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, I am planning to dig into why we have this strange pattern if I have some time at the end.

zachmargolis
zachmargolis reviewed Aug 1, 2024
View reviewed changes
Sgtpluck
Sgtpluck reviewed Aug 1, 2024
View reviewed changes
Sgtpluck
Sgtpluck reviewed Aug 1, 2024
View reviewed changes
@vrajmohan vrajmohan force-pushed the support-biometric-acr-in-saml branch from 0bb24b8 to d0e342a Compare August 1, 2024 22:49
@vrajmohan vrajmohan marked this pull request as ready for review August 2, 2024 02:16
Sgtpluck
Sgtpluck approved these changes Aug 2, 2024
View reviewed changes
Copy link
Contributor

@Sgtpluck Sgtpluck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor suggestions and questions, but it looks good! i'll mark it as approved because i think you can move forward with these minor edits

app/presenters/openid_connect_user_info_presenter.rb Outdated
Copy link
Contributor

@Sgtpluck Sgtpluck Aug 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not a huge deal, but part of the reason for memoization is to make an application more efficient. the resolve method is doing the bulk of the work. did you consider memoizing resolved_authn_context_result along with authn_context_resolver as it's called multiple times?

Copy link
Contributor Author

@vrajmohan vrajmohan Aug 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I considered it. When vtr is not present, which is most of the time, it would be using acr_result which is memoized.

app/services/attribute_asserter.rb Outdated
Copy link
Contributor

@Sgtpluck Sgtpluck Aug 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same suggestion as noted above about memoizing this value

Copy link
Contributor Author

@vrajmohan vrajmohan Aug 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto

Sgtpluck
Sgtpluck reviewed Aug 2, 2024
View reviewed changes
@vrajmohan
Support biometric ACR values in SAML
294c49f 
changelog: Upcoming Features, IdV with Biometric Comparison, Supporting biometric acr in SAML

1. Updated AttributeAsserter to send correct ial
3. Renamed AuthnContextResolver#resolve to AuthnContextResolver#result
   and memoized it
3. Moved asserted_ial_value from OpenidConnectUserInfoPresenter to AuthnContextResolver
4. Used common asserted_ial_acr method from both AttributeAsserter and
   OpenidConnectUserInfoPresenter
@vrajmohan vrajmohan force-pushed the support-biometric-acr-in-saml branch from e8f1677 to 294c49f Compare August 2, 2024 19:19
@vrajmohan vrajmohan merged commit 8b736a2 into main Aug 2, 2024
@vrajmohan vrajmohan deleted the support-biometric-acr-in-saml branch August 2, 2024 19:48
@matthinz matthinz mentioned this pull request Aug 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sgtpluck Sgtpluck Sgtpluck approved these changes

@lmgeorge lmgeorge Awaiting requested review from lmgeorge

+2 more reviewers

@zachmargolis zachmargolis zachmargolis left review comments

@jmhooper jmhooper jmhooper left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vrajmohan @zachmargolis @jmhooper @Sgtpluck