cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject git commit: updated refs/heads/4.5 to 7d11c7b
Date Tue, 14 Jul 2015 04:50:15 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.5 12edad3e2 -> 7d11c7bc7


CLOUDSTACK-8457: SAML UI enhancements

Add option to authorize SAML SSO for user when adding user. Appends a domain to
user/account name if global setting is enabled, useful in case of multiple IDP
server. By default the setting is set to false (keep as it is).

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

This closes #575


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7d11c7bc
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7d11c7bc
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7d11c7bc

Branch: refs/heads/4.5
Commit: 7d11c7bc703be00c91ea267695a33756ebb14b57
Parents: 12edad3
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Fri Jul 10 02:26:51 2015 +0530
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Tue Jul 14 10:20:00 2015 +0530

----------------------------------------------------------------------
 .../cloudstack/saml/SAML2AuthManager.java       |  3 +
 .../cloudstack/saml/SAML2AuthManagerImpl.java   |  2 +-
 ui/scripts/accounts.js                          | 97 ++++++++++++++++++++
 ui/scripts/accountsWizard.js                    | 32 ++++++-
 ui/scripts/sharedFunctions.js                   |  1 +
 5 files changed, 132 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7d11c7bc/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
index fc9a6db..c65f8b3 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -64,6 +64,9 @@ public interface SAML2AuthManager extends PluggableAPIAuthenticator, PluggableSe
     public static final ConfigKey<String> SAMLSignatureAlgorithm = new ConfigKey<String>("Advanced",
String.class, "saml2.sigalg", "SHA1",
             "The algorithm to use to when signing a SAML request. Default is SHA1, allowed
algorithms: SHA1, SHA256, SHA384, SHA512", true);
 
+    public static final ConfigKey<Boolean> SAMLAppendDomainSuffix = new ConfigKey<Boolean>("Advanced",
Boolean.class, "saml2.append.idpdomain", "false",
+            "If enabled, create account/user dialog with SAML SSO enabled will append the
IdP domain to the user or account name in the UI dialog", true);
+
     public static final ConfigKey<Integer> SAMLTimeout = new ConfigKey<Integer>("Advanced",
Integer.class, "saml2.timeout", "1800",
             "SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300",
true);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7d11c7bc/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index 185955c..7232ac9 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -514,6 +514,6 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
                 SAMLServiceProviderSingleSignOnURL, SAMLServiceProviderSingleLogOutURL,
                 SAMLCloudStackRedirectionUrl, SAMLUserAttributeName,
                 SAMLIdentityProviderMetadataURL, SAMLDefaultIdentityProviderId,
-                SAMLSignatureAlgorithm, SAMLTimeout};
+                SAMLSignatureAlgorithm, SAMLAppendDomainSuffix, SAMLTimeout};
     }
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7d11c7bc/ui/scripts/accounts.js
----------------------------------------------------------------------
diff --git a/ui/scripts/accounts.js b/ui/scripts/accounts.js
index ad8ee61..365528c 100644
--- a/ui/scripts/accounts.js
+++ b/ui/scripts/accounts.js
@@ -148,6 +148,23 @@
                                 });
                             }
                         });
+
+                        // SAML: Check Append Domain Setting
+                        if (g_idpList) {
+                            $.ajax({
+                                type: 'GET',
+                                url: createURL('listConfigurations&name=saml2.append.idpdomain'),
+                                dataType: 'json',
+                                async: false,
+                                success: function(data, textStatus, xhr) {
+                                    if (data && data.listconfigurationsresponse &&
data.listconfigurationsresponse.configuration) {
+                                        g_appendIdpDomain = (data.listconfigurationsresponse.configuration[0].value
=== 'true');
+                                    }
+                                },
+                                error: function(xhr) {
+                                },
+                            });
+                        }
                     },
 
                     detailView: {
@@ -1061,6 +1078,68 @@
                                                 data: items
                                             });
                                         }
+                                    },
+                                    samlEnable: {
+                                        label: 'label.saml.enable',
+                                        docID: 'helpSamlEnable',
+                                        isBoolean: true,
+                                        validation: {
+                                            required: false
+                                        },
+                                        isHidden: function (args) {
+                                            if (g_idpList) return false;
+                                            return true;
+                                        }
+                                    },
+                                    samlEntity: {
+                                        label: 'label.saml.entity',
+                                        docID: 'helpSamlEntity',
+                                        validation: {
+                                            required: false
+                                        },
+                                        select: function(args) {
+                                            var samlChecked = false;
+                                            var idpUrl = "";
+                                            var appendDomainToUsername = function() {
+                                                if (!g_appendIdpDomain) {
+                                                    return;
+                                                }
+                                                var username = $('input[name=username]').val();
+                                                if (username) {
+                                                    username = username.split('@')[0];
+                                                }
+                                                if (samlChecked) {
+                                                    var link = document.createElement('a');
+                                                    link.setAttribute('href', idpUrl);
+                                                    $('input[name=username]').val(username
+ "@" + link.host.split('.').splice(-2).join('.'));
+                                                } else {
+                                                    $('input[name=username]').val(username);
+                                                }
+                                            };
+                                            args.$form.find('select[name=samlEntity]').change(function()
{
+                                                idpUrl = $(this).children(':selected').val();
+                                                appendDomainToUsername();
+                                            });
+                                            args.$form.find('input[name=samlEnable]').change(function()
{
+                                                samlChecked = $(this).context.checked;
+                                                appendDomainToUsername();
+                                            });
+
+                                            var items = [];
+                                            $(g_idpList).each(function() {
+                                                items.push({
+                                                    id: this.id,
+                                                    description: this.orgName
+                                                });
+                                            });
+                                            args.response.success({
+                                                data: items
+                                            });
+                                        },
+                                        isHidden: function (args) {
+                                            if (g_idpList) return false;
+                                            return true;
+                                        }
                                     }
                                 }
                             },
@@ -1098,12 +1177,30 @@
                                     accounttype: accountObj.accounttype
                                 });
 
+
+                                var authorizeUsersForSamlSSO = function (users, entity) {
+                                    for (var i = 0; i < users.length; i++) {
+                                        $.ajax({
+                                            url: createURL('authorizeSamlSso&enable=true&userid='
+ users[i].id + "&entityid=" + entity),
+                                            error: function(XMLHttpResponse) {
+                                                args.response.error(parseXMLHttpResponse(XMLHttpResponse));
+                                            }
+                                        });
+                                    }
+                                    return;
+                                };
+
                                 $.ajax({
                                     url: createURL('createUser'),
                                     type: "POST",
                                     data: data,
                                     success: function(json) {
                                         var item = json.createuserresponse.user;
+                                        if (args.data.samlEnable && args.data.samlEnable
=== 'on') {
+                                            var entity = args.data.samlEntity;
+                                            if (item && entity)
+                                                authorizeUsersForSamlSSO([item], entity);
+                                        }
                                         args.response.success({
                                             data: item
                                         });

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7d11c7bc/ui/scripts/accountsWizard.js
----------------------------------------------------------------------
diff --git a/ui/scripts/accountsWizard.js b/ui/scripts/accountsWizard.js
index 7ea5eaa..3efe6f9 100644
--- a/ui/scripts/accountsWizard.js
+++ b/ui/scripts/accountsWizard.js
@@ -16,8 +16,9 @@
 // under the License.
 
 (function(cloudStack, $) {
-	var rootDomainId;
-	
+    var rootDomainId;
+
+
     cloudStack.accountsWizard = {
 
         informationWithinLdap: {
@@ -178,6 +179,33 @@
                     required: false
                 },
                 select: function(args) {
+                    var samlChecked = false;
+                    var idpUrl = "";
+                    var appendDomainToUsername = function() {
+                        if (!g_appendIdpDomain) {
+                            return;
+                        }
+                        var username = $('input[name=username]').val();
+                        if (username) {
+                            username = username.split('@')[0];
+                        }
+                        if (samlChecked) {
+                            var link = document.createElement('a');
+                            link.setAttribute('href', idpUrl);
+                            $('input[name=username]').val(username + "@" + link.host.split('.').splice(-2).join('.'));
+                        } else {
+                            $('input[name=username]').val(username);
+                        }
+                    };
+                    args.$form.find('select[name=samlEntity]').change(function() {
+                        idpUrl = $(this).children(':selected').val();
+                        appendDomainToUsername();
+                    });
+                    args.$form.find('input[name=samlEnable]').change(function() {
+                        samlChecked = $(this).context.checked;
+                        appendDomainToUsername();
+                    });
+
                     var items = [];
                     $(g_idpList).each(function() {
                         items.push({

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7d11c7bc/ui/scripts/sharedFunctions.js
----------------------------------------------------------------------
diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js
index 11c87a0..31c67e3 100644
--- a/ui/scripts/sharedFunctions.js
+++ b/ui/scripts/sharedFunctions.js
@@ -33,6 +33,7 @@ var g_userPublicTemplateEnabled = "true";
 var g_cloudstackversion = null;
 var g_queryAsyncJobResultInterval = 3000;
 var g_idpList = null;
+var g_appendIdpDomain = false;
 
 //keyboard keycode
 var keycode_Enter = 13;


Mime
View raw message