cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: [RFC] SAML2 plugin improvements
Date Wed, 03 Jun 2015 18:55:49 GMT
On Wed, Jun 3, 2015 at 11:52 AM, Erik Weber <terbolous@gmail.com> wrote:

>
> On Wed, Jun 3, 2015 at 11:10 AM, Rohit Yadav <rohit.yadav@shapeblue.com>
> wrote:
>
>> Hi Erik,
>>
>> > On 02-Jun-2015, at 11:04 pm, Erik Weber <terbolous@gmail.com> wrote:
>> >
>> > Possible improvement:
>> >
>> > If saml2.idp.id is blank, try getting it from the metadata. I don't
>> know
>> > about all other IdPs, but atleast with Microsoft ADFS the IdP id is
>> part of
>> > the <EntityDescriptor> tag.
>> >
>> > Example:
>> > <EntityDescriptor ID="_66183bea-76b8-4838-9579-6d17a2357d3d" entityID="
>> > http://ppfs.infostorm.no/adfs/services/trust"
>> > xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
>> >
>> > saml2.idp.id in this case is:
>> http://ppfs.infostorm.no/adfs/services/trust
>>
>> Thanks, for suggesting will fix this and for all your help in testing
>> ADFS with the auth plugin.
>>
>> In future, you’ll only need to give it the metadata URL.
>>
>> I’m working on something to support multiple IdP servers, say in case of
>> federated login systems where the metadata may have multiple IdP servers.
>> In that case this setting will be useful to identify default IdP server
>> (will change the config name)
>
>
>
> Sounds reasonable :-)
>
>

By the way, let me know if you want assistance in troubleshooting the
metadata download failing on https.

-- 
Erik

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message