Skip to content

remove dead eb.encrypted_assertions_require_outer_signature feature flag #2004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kayjoosten wants to merge 1 commit into
base: main
Choose a base branch
from
+1 −23
Open

remove dead eb.encrypted_assertions_require_outer_signature feature flag #2004

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion config/packages/engineblock_features.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ parameters:
api.deprovision: "%feature_api_deprovision%"
api.users_nameid_lookup: "%feature_api_users_nameid_lookup%"
eb.encrypted_assertions: "%feature_eb_encrypted_assertions%"
eb.encrypted_assertions_require_outer_signature: "%feature_eb_encrypted_assertions_require_outer_signature%"
eb.run_all_manipulations_prior_to_consent: "%feature_run_all_manipulations_prior_to_consent%"
eb.block_user_on_violation: "%feature_block_user_on_violation%"
eb.enable_sso_notification: "%feature_enable_sso_notification%"
Expand Down
1 change: 0 additions & 1 deletion config/packages/parameters.yml.dist
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,6 @@ parameters:
## FEATURE SETTINGS
##########################################################################################
feature_eb_encrypted_assertions: true
feature_eb_encrypted_assertions_require_outer_signature: true
feature_api_metadata_push: true
feature_api_consent_listing: true
feature_api_consent_remove: true
Expand Down
1 change: 0 additions & 1 deletion src/OpenConext/EngineBlockBundle/Configuration/TestFeatureConfiguration.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ public function __construct()
$this->setFeature(new Feature('eb.run_all_manipulations_prior_to_consent', false));
$this->setFeature(new Feature('eb.block_user_on_violation', true));
$this->setFeature(new Feature('eb.encrypted_assertions', true));
$this->setFeature(new Feature('eb.encrypted_assertions_require_outer_signature', true));
$this->setFeature(new Feature('eb.enable_sso_notification', false));
$this->setFeature(new Feature('eb.feature_enable_consent', true));
$this->setFeature(new Feature('eb.enable_sso_session_cookie', true));
Expand Down
21 changes: 1 addition & 20 deletions src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ Feature:
Scenario: EngineBlock rejects invalid RSA Encrypted Responses
Given the SP uses the HTTP POST Binding
And feature "eb.encrypted_assertions" is enabled
And feature "eb.encrypted_assertions_require_outer_signature" is enabled
And the IdP encrypts its assertions with the public key in "src/OpenConext/EngineBlockFunctionalTestingBundle/Resources/keys/rolled-over.crt"
When I log in at "Dummy SP"
And I pass through the SP
Expand Down Expand Up @@ -54,10 +53,9 @@ Feature:
Then the url should match "authentication/feedback/received-invalid-response"
And I should see "Invalid organisation SAML response"

Scenario: EngineBlock rejects encrypted responses without outer signature if the feature "eb.encrypted_assertions_require_outer_signatures" is enabled
Scenario: EngineBlock rejects encrypted responses without outer signature
Given the SP uses the HTTP POST Binding
And feature "eb.encrypted_assertions" is enabled
And feature "eb.encrypted_assertions_require_outer_signature" is enabled
And the IdP encrypts its assertions with the public key in "tests/resources/key/engineblock.crt"
And the IdP does not sign its responses
When I log in at "Dummy SP"
Expand All @@ -67,23 +65,6 @@ Feature:
Then the url should match "authentication/feedback/received-invalid-response"
And I should see "Invalid organisation SAML response"

# This scenario is currently not supported by EngineBlock,
# see https://www.pivotaltracker.com/story/show/155703943
@SKIP
Scenario: EngineBlock accepts encrypted responses without an outer signature if the feature "eb.encrypted_assertions_require_outer_signatures" is disabled
Given the SP uses the HTTP POST Binding
And feature "eb.encrypted_assertions" is enabled
And feature "eb.encrypted_assertions_require_outer_signature" is disabled
When I log in at "Dummy SP"
And the IdP encrypts its assertions with the public key in "tests/resources/key/engineblock.crt"
And the IdP does not sign its responses
And I pass through the SP
And I pass through EngineBlock
And I pass through the IdP
And I give my consent
And I pass through EngineBlock
Then the response should contain "urn:mace:terena.org:attribute-def:schacHomeOrganization"

Scenario: EngineBlock supports not signed responses
Given the SP uses the HTTP POST Binding
And SP "Dummy SP" does not require a signed response
Expand Down