cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: [RFC] SAML2 plugin improvements
Date Wed, 03 Jun 2015 09:52:27 GMT
On Wed, Jun 3, 2015 at 11:10 AM, Rohit Yadav <rohit.yadav@shapeblue.com>
wrote:

> Hi Erik,
>
> > On 02-Jun-2015, at 11:04 pm, Erik Weber <terbolous@gmail.com> wrote:
> >
> > Possible improvement:
> >
> > If saml2.idp.id is blank, try getting it from the metadata. I don't know
> > about all other IdPs, but atleast with Microsoft ADFS the IdP id is part
> of
> > the <EntityDescriptor> tag.
> >
> > Example:
> > <EntityDescriptor ID="_66183bea-76b8-4838-9579-6d17a2357d3d" entityID="
> > http://ppfs.infostorm.no/adfs/services/trust"
> > xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
> >
> > saml2.idp.id in this case is:
> http://ppfs.infostorm.no/adfs/services/trust
>
> Thanks, for suggesting will fix this and for all your help in testing ADFS
> with the auth plugin.
>
> In future, you’ll only need to give it the metadata URL.
>
> I’m working on something to support multiple IdP servers, say in case of
> federated login systems where the metadata may have multiple IdP servers.
> In that case this setting will be useful to identify default IdP server
> (will change the config name)



Sounds reasonable :-)

-- 
Erik

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message