Merge lp://staging/~guitarmanvt/canonical-identity-provider/saml2app into lp://staging/canonical-identity-provider/release

Change looks good but...

1. Why do we need to change the pycompat files?
2. Why do we still need to list saml2idp in the installed_apps setting?
3. fab test fails
- identityprovider.views.ui was renamed to webui.views.ui
- test_canonical_email_is_preferred fails

Ideally all saml2idp usage should be encapsulated within the ubuntu_sso_saml app

Thanks for the review, Ricardo. Here are my answers:

Q1. Why do we need to change the pycompat files?
A1. I was curious about that, too. I don't actually recall removing them in the first place, so I restored them.

Q2. Why do we still need to list saml2idp in the installed_apps setting?
A2. The ubuntu_sso_saml views use templates defined in the saml2idp package. It has to be listed as an installed app in order for Django to find the templates.

Q3. fab test fails
A3. The tests are fixed in revision 549. Thank you for catching that; I verified that the tests pass now.

Looks better now, but I would try to see if there is not a way to get all saml2idp references to be completely encapsulated within the ubuntu_sso_saml app. That way, the identityprovider app has no knowledge at all of the saml feature and is completely decoupled from it.

As far as the new test goes (l. 1003) a more elegant solution (imo) would be to use a common function that is called from the test instead of calling super (as it's not a common practice to have parameterized tests this way).

Ricardo,
Just out of curiosity, are you planning to replace the current SAML implementation?
John

On Jan 3, 2013, at 1:07 PM, Ricardo Kirkner wrote:

> Looks better now, but I would try to see if there is not a way to get all saml2idp references to be completely encapsulated within the ubuntu_sso_saml app. That way, the identityprovider app has no knowledge at all of the saml feature and is completely decoupled from it.
>
> As far as the new test goes (l. 1003) a more elegant solution (imo) would be to use a common function that is called from the test instead of calling super (as it's not a common practice to have parameterized tests this way).
>
> --
> https://code.launchpad.net/~guitarmanvt/canonical-identity-provider/saml2app/+merge/137544
> You are the owner of lp:~guitarmanvt/canonical-identity-provider/saml2app.

On Thu 03 Jan 2013 03:10:30 PM ART, John Samuel Anderson wrote:
> Ricardo,
> Just out of curiosity, are you planning to replace the current SAML implementation?
> John
>

No, but this redesign was so that we could eventually deploy the saml
part of sso as a completely decoupled service from the rest of sso, so
having it tightly decoupled is essential.

I have completely removed any last vestiges of saml2 from the identityprovider app. The only remaining references are optional. I have tested it by removing the saml2idp and ubuntu_sso_saml apps from the config files and verifying that the identityprovider works without the SAML 2.0 feature set.

I have even moved the Saml2IdpConfig configglue definitions out of identityprovider and into the ubuntu_sso_saml app. Please look at identityprovider/schema.py and let me know if the try/except import clause meets with your approval.

I have run the automated tests; they always fail for me, even with a clean checkout, so I'm not sure whether any of them are actually broken. Please run the automated tests and let me know if any of them fail for you.

Thank you.