Skip to content

Adds default_aal to service_provider (LG-3825)#4605

Merged
solipet merged 4 commits intomasterfrom
dprice-lg-3825-default-aal
Jan 25, 2021
Merged

Adds default_aal to service_provider (LG-3825)#4605
solipet merged 4 commits intomasterfrom
dprice-lg-3825-default-aal

Conversation

@solipet
Copy link
Contributor

@solipet solipet commented Jan 25, 2021
edited
Loading

As an administrator of an application, i want to be able to set the default authn context (AAL), so that I am not hamstrung by middleware that does not allow me to assert it as part of the authentication request.

Previously, it was unclear if the aal level set on the SP was required or the default, we are now asserting that it is the default and will allow partners to set the default AAL in the dashboard.

This is the first of two PR's to migrate from the confusing aal field to the more explicit default_aal field - a following PR will remove the original aal field.

@solipet solipet marked this pull request as ready for review January 25, 2021 20:44
zachmargolis
zachmargolis approved these changes Jan 25, 2021
View reviewed changes
Copy link
Contributor

@zachmargolis zachmargolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

spec/support/saml_auth_helper.rb

def aal3_sp1_saml_settings
settings = saml_settings.dup
settings.authn_context = nil
Copy link
Contributor

@zachmargolis zachmargolis Jan 25, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be something that sets AAL3? Or does it come from the issuer?

Copy link
Contributor Author

@solipet solipet Jan 25, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is a case where the semantics have changed. The default settings request an AAL2 auth, and would have returned AAL3 given aal: 3. Now that request would return AAL2 since the request trumps the default. These settings are now used in a test of the default (spec/features/saml/aal3_required_spec), so we need to not make an AAL request at all.

zachmargolis
zachmargolis approved these changes Jan 25, 2021
View reviewed changes
Copy link
Contributor

@zachmargolis zachmargolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@solipet solipet merged commit f84c312 into master Jan 25, 2021
@solipet solipet deleted the dprice-lg-3825-default-aal branch January 25, 2021 21:57
@solipet solipet mentioned this pull request Jan 28, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmhooper jmhooper Awaiting requested review from jmhooper

@stevegsa stevegsa Awaiting requested review from stevegsa

@aduth aduth Awaiting requested review from aduth

@amathews-fs amathews-fs Awaiting requested review from amathews-fs

1 more reviewer

@zachmargolis zachmargolis zachmargolis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@solipet @zachmargolis