cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastien Goasguen <run...@gmail.com>
Subject Re: [MERGE] Merge saml2 branch to master
Date Tue, 26 Aug 2014 08:38:26 GMT

On Aug 25, 2014, at 11:34 AM, Rohit Yadav <rohit.yadav@shapeblue.com> wrote:

> Hi all,
> 
> I would like to merge SAML2 SSO/SLO integration with CloudStack.
> 
> This auth mechanism is implemented as a plugin with special auth cmds that uses an auth
framework (https://cwiki.apache.org/confluence/display/CLOUDSTACK/Authentication+Refactoring)
to get the pluggability. The present implementation has addressed several open ended questions
and was tested to work with feido’s public IdP whose params are also set as default config
params. Future iterations will try to solve few leftover agenda as mentioned on the FS.
> 
> Using John Burwell’s recommendation, I’ve not used Spring SAML extension but instead
used the OpenSAML library and the inbuilt BountyCastle infra for auth/X509 stuff.
> 
> The major limitation which is by design is that it will work on with HTTP redirections
bindings (won’t support SOAP and other resolution protocols as per SAML2 spec) and x509
signature/usage needs to be improved using either CloudStack’s own JKS keystore or create
keys in the keystore table when the plugin is configured.
> 
> More more information please read the proposal, FS and feel free to ask questions.
> 
> Branch: saml2
> Proposal: http://markmail.org/message/4ba4ztmqpud3l4uo
> JIRA ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-7083
> FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/SAML+2.0+Plugin
> Unit tests: Tests for each auth cmd class, SAMLUtils and SAMLAuthenticator, fixes unit
test for ApiServlet

What's the unit test coverage ?

> Build status: clean build works with unit tests, testing using mvn3.0.5 and jdk 1.7
> 

Can you add some Marvin/integration tests ?

> Compare/diff: https://github.com/apache/cloudstack/compare/master...saml2
> 
> As agreed per the branch expectations, I’ll go ahead with the merge after 72 hours,
i.e. on/after Wednesday evening.
> 
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +41 779015219 | rohit.yadav@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
> 
> 
> 
> Find out more about ShapeBlue and our range of CloudStack related services
> 
> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
> 
> This email and any attachments to it may be confidential and are intended solely for
the use of the individual to whom it is addressed. Any views or opinions expressed are solely
those of the author and do not necessarily represent those of Shape Blue Ltd or related companies.
If you are not the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender if you believe
you have received this email in error. Shape Blue Ltd is a company incorporated in England
& Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated
under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated
in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
registered by The Republic of South Africa and is traded under license from Shape Blue Ltd.
ShapeBlue is a registered trademark.


Mime
View raw message