Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Feature addition: Enable setting the STS Endpoint from the SAML Assertion #57

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Feature addition: Enable setting the STS Endpoint from the SAML Assertion #57

wants to merge 1 commit into from

Conversation

jmfuchs
Copy link

@jmfuchs jmfuchs commented Jun 10, 2022

Description

Added functionality in SamlCredentialsProvider.java to support setting the STS endpoint from a claim (StsEndpointUrl) in the SAML assertion.

Motivation and Context

In a scenario where a regional STS endpoint is having availability issues, this change allows a central administrator to modify the STS endpoint in a single place in the IdP configuration to accelerate the recovery of access to RedShift clusters. The regional endpoint can currently be changed using extended properties, but it requires every redshift user to modify their configuration. This will reduce the overhead on redshift users and accelerate recovery time. The change does allow the redshift user to overwrite the endpoint passed in the SAML assertion using extended properties if desired.

Testing

For testing, I rebuilt the driver with the updated code and manually ran through the following tests to ensure everything functioned as expected:

  • Passing in no claim
  • Passing in the StsEndpointUrl claim
  • Passing in the StsEndpointUrl claim with the StsEndpointUrl extended property set.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have read the README document
  • I have added tests to cover my changes
  • All new and existing tests passed
  • A short description of the change has been added to the CHANGELOG

License

  • By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@jmfuchs
Copy link
Author

jmfuchs commented Jul 13, 2022

Anyone able to take a look at this?

@iggarish
Copy link
Contributor

Hi Jesse, sorry for the late reply. Your changes looks good but as this affect the authentication, in AWS we have to go through the security review. I will discuss with my manager again, how to speed this up.

@bhvkshah
Copy link
Contributor

bhvkshah commented Dec 5, 2022

@jmfuchs Thanks for submitting this PR, we will review this and get back to you as soon as we have an update.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jmfuchs @iggarish @bhvkshah