Change SAML SSO to dynamically retrieve XML from IdP
Currently, Nexus SSO requires the user to manually go to the Identity Provider to retrieve the SAML XML metadata. Then, populate that in a value (sso.idp_data.idpMetadat
a). The chart runs an init job to setup SSO and could easily reach out to the entityDescriptor
for the IdP to retrieve the XML it needs. Convert the sso.idp_data.idpMetadata
field to sso.idpMetadataUrl
or sso.idpEntityDescriptorUrl
(entityDescriptor
is the standard name for the metadata in SAML).
The script would then use curl
to retrieve the XML from the url and add the value to the idpMetadata
field prior to configuring Nexus. In the Big Bang chart, the plan is to bring the SAML entityDescriptor URL to the global level, which can then be passed down to Nexus.
NOTE: If the retrieval of the metadata fails, the container should exit with a non-zero code to indicate a problem. This will provide an extra check that the IdP has been setup correctly and is reachable by the application.