uaa icon indicating copy to clipboard operation
uaa copied to clipboard

Published 20 hours ago verified publisher icon cloudfoundry

fix: /info docs test expectation

Open peterhaochen47 opened this issue 9 months ago • 1 comments

  • the value of "idpDefinitions.*" of /info response is in reality a String, not an array. Here is how it looks like:
 "idpDefinitions": {
    "testsaml-redirect-binding": "http://localhost:8080/uaa/saml/discovery?returnIDParam=idp&entityID=cloudfoundry-saml-login&idp=testsaml-redirect-binding&isPassive=true",
    "testsaml-post-binding": "http://localhost:8080/uaa/saml/discovery?returnIDParam=idp&entityID=cloudfoundry-saml-login&idp=testsaml-post-binding&isPassive=true"
  },

which is consistent with the description of "idpDefinitions" field: "A list of alias/url pairs of SAML IDP providers configured. Each url is the starting point to initiate the authentication process for the SAML identity provider."

  • previously, this test is passing only because the test uaa.yml used in this test contains no IDP configs; but once you input some valid IDP configs, this test would fail since the value is actually a String.

  • also clarify the description text

peterhaochen47 avatar May 10 '24 23:05 peterhaochen47

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/187587280

The labels on this github issue will be updated when the story is started.

cf-gitbot avatar May 10 '24 23:05 cf-gitbot

  • the value of "idpDefinitions.*" of /info response is in reality a String, not an array. Here is how it looks like:
 "idpDefinitions": {
    "testsaml-redirect-binding": "http://localhost:8080/uaa/saml/discovery?returnIDParam=idp&entityID=cloudfoundry-saml-login&idp=testsaml-redirect-binding&isPassive=true",
    "testsaml-post-binding": "http://localhost:8080/uaa/saml/discovery?returnIDParam=idp&entityID=cloudfoundry-saml-login&idp=testsaml-post-binding&isPassive=true"
  },

which is consistent with the description of "idpDefinitions" field: "A list of alias/url pairs of SAML IDP providers configured. Each url is the starting point to initiate the authentication process for the SAML identity provider."

  • previously, this test is passing only because the test uaa.yml used in this test contains no IDP configs; but once you input some valid IDP configs, this test would fail since the value is actually a String.
  • also clarify the description text

As always, if you have a deeper look into old UAA behavior. I find SAML links in "uaac info" (JSON output) , but on OAUTH.

After thinking, I would like to know if you have use /info in your products ? I think SAP never has used it really, but for us it was always a problem, therefore we introduced account chooser etc... (@torsten-sap , @tack-sap correct ?)

The point is, in /info I also see entityID, which is only for SAML. Why no OAUITH / OIDC issuer ? In general I would omit such info, because we want in future a UAA without SAML SP , e.g. https://github.com/cloudfoundry/uaa/issues/2741

strehle avatar May 14 '24 06:05 strehle