OW2con'23 June 14-15, 2023 - Paris-Châtillon | Program and free registration: https://www.ow2con.org/

Skip to content
GitLab
Closed
Issue created by Maxime Besson@maxbes🔧Maintainer

Handle SAML federations as a single configuration object

Summary

Currently we use the importMetadata script to parse federation metadata files (Renater, etc) and import a LLNG service provider for every SP/IDP found in the federation.

Renater is a large federation (1000+ SP), and Edugain is even larger (3000+ SP). As a result:

  • The manager becomes very cluttered: it's hard to spot out-of-federation SP/IDPs within all the federation ones
  • Configuration saves send a very large JSON object, which hits HTTP request limits, MySQL max_allowed_packet limits, etc
  • Memory goes through the roof: 500MB per portal process when EduGain+Renater is loaded in FastCGI
  • Configuration loading is slow, it can take 10 seconds even on recent hardware

Design proposition

We should handle federation as a single object:

  • In the manager, display a single "Renater" item, with configuration that can apply to all items within the federation
  • Overrides could be added, in case you want to customize the behavior of a single IDP/SP inside the federation
  • Metadata could be downloaded on the fly or from disk instead of being stored in the DB
  • We could use lazy loading to improve memory consumption and load time even more (lasso_profile_get_issuer)

Scheduling 2.0.15 because I would like this to happen in 2.0, but 2.0.16 might be more realistic

Edited by Maxime Besson