cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: [RFC] SAML2 plugin improvements
Date Mon, 01 Jun 2015 10:20:30 GMT
Thanks. Will give it a try.

-- 
Erik

On Mon, Jun 1, 2015 at 12:17 PM, Rohit Yadav <rohit.yadav@shapeblue.com>
wrote:

> Hi Erik,
>
> I’ll send a pull request when I’ve addressed most of the improvements,
> here’s the branch you can build from:
> https://github.com/apache/cloudstack/tree/saml-production-grade
>
> This has same set of global settings, APIs and doc/usage, so no changes on
> the outside so far. If you need any help let me know here or offlist.
>
> > On 01-Jun-2015, at 12:08 pm, Erik Weber <terbolous@gmail.com> wrote:
> >
> > Thanks for the update Rohit.
> >
> > Is this merged to master?
> >
> > If you want I can setup one (or more) account(s) for you in our pre
> > production environment, so that you can test it with your development
> code.
> > Contact me offlist if that's something you'd want.
> >
> > If it's merged to master I can do a test.
> >
> > --
> > Erik
> >
> > On Fri, May 29, 2015 at 6:49 PM, Rohit Yadav <rohit.yadav@shapeblue.com>
> > wrote:
> >
> >> Hi,
> >>
> >> Just want to share that SAML plugin now supports HTTP-POST and
> >> HTTP-Redirect bindings and in my local setup it seems to be working with
> >> Shibboleth and also with SSOCircle, OpenFiede and TestShib:
> >> https://github.com/apache/cloudstack/commits/saml-production-grade
> >>
> >> Erik - the current SAML implementation aims to support SAML v2.0 spec
> and
> >> qualify samlint.org compatibility guide. I’m not sure about ADFS and
> how
> >> compatible it is with SAML 2.0. In theory, you can also use Microsoft AD
> >> with Shibboleth. If you plan on using it with ADFS, can you test this
> >> branch and suggest errors you encounter?
> >>
> >> I’m testing with available opensource IdPs such as Shibboleth IdP and
> >> public IdP servers such as SSOCircle, OpenFiede, OneLogin etc. In case
> >> you're planning to use the SAML auth plugin in your environment, please
> >> share your feedback and use-cases so the plugin implementation can be
> more
> >> general purpose and support a wide variety of IdP servers. Thanks.
> >>
> >>> On 12-May-2015, at 10:02 pm, Erik Weber <terbolous@gmail.com> wrote:
> >>>
> >>> I don't actually remember the specifics, and I've scratched the lab.
> >>>
> >>> But I think there was an issue with fetching the metadata (from the
> IdP)
> >>> atleast.
> >>>
> >>> Plus, ADFS is claims based, I don't know if the current SAML 2.0
> >>> implementation in CloudStack is claims aware or not?
> >>>
> >>>
> >>> --
> >>> Erik
> >>>
> >>> On Tue, May 12, 2015 at 9:46 PM, Rohit Yadav <
> rohit.yadav@shapeblue.com>
> >>> wrote:
> >>>
> >>>> Hi Erik,
> >>>>
> >>>> Thanks for your feedback, can you share more details about your
> >> use-case.
> >>>> I remember we had a discussion where we tried to make it work, but
> don’t
> >>>> remember why it failed for your environment. What SAML bindings do we
> >> need
> >>>> to support to make it work with MS ADFS any other subtle details?
> >>>>
> >>>>> On 12-May-2015, at 6:33 pm, Erik Weber <terbolous@gmail.com>
wrote:
> >>>>>
> >>>>> Great news Rohit,
> >>>>>
> >>>>> Would love to see it support Microsoft ADFS as IdP.
> >>>>>
> >>>>>
> >>>>> Erik
> >>>>>
> >>>>> Den tirsdag 12. mai 2015 skrev Rohit Yadav <
> rohit.yadav@shapeblue.com>
> >>>>> følgende:
> >>>>>
> >>>>>> Hi all,
> >>>>>>
> >>>>>> Based on the feedback several friends in the community on different
> >>>>>> use-cases of using a federated login system based on SAML2 with
> >>>> CloudStack,
> >>>>>> I’m soon planning to address them in the SAML plugin implement
> >> focusing
> >>>> on
> >>>>>> pain points around interoperability, IdP support, security and
ease
> of
> >>>> use.
> >>>>>>
> >>>>>> I’ve updated the specification to reflect some of those aspects
I’ve
> >>>>>> gathered in last few months:
> >>>>>>
> >>>>>>
> >>>>
> >>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/SAML+2.0+Plugin#SAML2.0Plugin-Version2:InProgress
> >>>>>>
> >>>>>> Please advise improvements you would like to see, or share pain
> points
> >>>>>> with the current implementation. Thanks.
> >>>>>>
> >>>>>> Regards,
> >>>>>> Rohit Yadav
> >>>>>> Software Architect, ShapeBlue
> >>>>>> M. +91 88 262 30892 | rohit.yadav@shapeblue.com <javascript:;>
> >>>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Find out more about ShapeBlue and our range of CloudStack related
> >>>> services
> >>>>>>
> >>>>>> IaaS Cloud Design & Build<
> >>>>>> http://shapeblue.com/iaas-cloud-design-and-build//>
> >>>>>> CSForge – rapid IaaS deployment framework<
> >> http://shapeblue.com/csforge/
> >>>>>
> >>>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> >>>>>> CloudStack Software Engineering<
> >>>>>> http://shapeblue.com/cloudstack-software-engineering/>
> >>>>>> CloudStack Infrastructure Support<
> >>>>>> http://shapeblue.com/cloudstack-infrastructure-support/>
> >>>>>> CloudStack Bootcamp Training Courses<
> >>>>>> http://shapeblue.com/cloudstack-training/>
> >>>>>>
> >>>>>> This email and any attachments to it may be confidential and
are
> >>>> intended
> >>>>>> solely for the use of the individual to whom it is addressed.
Any
> >> views
> >>>> or
> >>>>>> opinions expressed are solely those of the author and do not
> >> necessarily
> >>>>>> represent those of Shape Blue Ltd or related companies. If you
are
> not
> >>>> the
> >>>>>> intended recipient of this email, you must neither take any
action
> >> based
> >>>>>> upon its contents, nor copy or show it to anyone. Please contact
the
> >>>> sender
> >>>>>> if you believe you have received this email in error. Shape
Blue Ltd
> >> is
> >>>> a
> >>>>>> company incorporated in England & Wales. ShapeBlue Services
India
> LLP
> >>>> is a
> >>>>>> company incorporated in India and is operated under license
from
> Shape
> >>>> Blue
> >>>>>> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated
in
> >>>> Brasil
> >>>>>> and is operated under license from Shape Blue Ltd. ShapeBlue
SA Pty
> >> Ltd
> >>>> is
> >>>>>> a company registered by The Republic of South Africa and is
traded
> >> under
> >>>>>> license from Shape Blue Ltd. ShapeBlue is a registered trademark.
> >>>>>>
> >>>>
> >>>> Regards,
> >>>> Rohit Yadav
> >>>> Software Architect, ShapeBlue
> >>>> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
> >>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
> >>>>
> >>>>
> >>>>
> >>>> Find out more about ShapeBlue and our range of CloudStack related
> >> services
> >>>>
> >>>> IaaS Cloud Design & Build<
> >>>> http://shapeblue.com/iaas-cloud-design-and-build//>
> >>>> CSForge – rapid IaaS deployment framework<
> http://shapeblue.com/csforge/
> >>>
> >>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> >>>> CloudStack Software Engineering<
> >>>> http://shapeblue.com/cloudstack-software-engineering/>
> >>>> CloudStack Infrastructure Support<
> >>>> http://shapeblue.com/cloudstack-infrastructure-support/>
> >>>> CloudStack Bootcamp Training Courses<
> >>>> http://shapeblue.com/cloudstack-training/>
> >>>>
> >>>> This email and any attachments to it may be confidential and are
> >> intended
> >>>> solely for the use of the individual to whom it is addressed. Any
> views
> >> or
> >>>> opinions expressed are solely those of the author and do not
> necessarily
> >>>> represent those of Shape Blue Ltd or related companies. If you are not
> >> the
> >>>> intended recipient of this email, you must neither take any action
> based
> >>>> upon its contents, nor copy or show it to anyone. Please contact the
> >> sender
> >>>> if you believe you have received this email in error. Shape Blue Ltd
> is
> >> a
> >>>> company incorporated in England & Wales. ShapeBlue Services India
LLP
> >> is a
> >>>> company incorporated in India and is operated under license from Shape
> >> Blue
> >>>> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in
> >> Brasil
> >>>> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty
> Ltd
> >> is
> >>>> a company registered by The Republic of South Africa and is traded
> under
> >>>> license from Shape Blue Ltd. ShapeBlue is a registered trademark.
> >>>>
> >>
> >> Regards,
> >> Rohit Yadav
> >> Software Architect, ShapeBlue
> >> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
> >> Blog: bhaisaab.org | Twitter: @_bhaisaab
> >>
> >>
> >>
> >> Find out more about ShapeBlue and our range of CloudStack related
> services
> >>
> >> IaaS Cloud Design & Build<
> >> http://shapeblue.com/iaas-cloud-design-and-build//>
> >> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/
> >
> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> >> CloudStack Software Engineering<
> >> http://shapeblue.com/cloudstack-software-engineering/>
> >> CloudStack Infrastructure Support<
> >> http://shapeblue.com/cloudstack-infrastructure-support/>
> >> CloudStack Bootcamp Training Courses<
> >> http://shapeblue.com/cloudstack-training/>
> >>
> >> This email and any attachments to it may be confidential and are
> intended
> >> solely for the use of the individual to whom it is addressed. Any views
> or
> >> opinions expressed are solely those of the author and do not necessarily
> >> represent those of Shape Blue Ltd or related companies. If you are not
> the
> >> intended recipient of this email, you must neither take any action based
> >> upon its contents, nor copy or show it to anyone. Please contact the
> sender
> >> if you believe you have received this email in error. Shape Blue Ltd is
> a
> >> company incorporated in England & Wales. ShapeBlue Services India LLP
> is a
> >> company incorporated in India and is operated under license from Shape
> Blue
> >> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in
> Brasil
> >> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd
> is
> >> a company registered by The Republic of South Africa and is traded under
> >> license from Shape Blue Ltd. ShapeBlue is a registered trademark.
> >>
>
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
> Find out more about ShapeBlue and our range of CloudStack related services
>
> IaaS Cloud Design & Build<
> http://shapeblue.com/iaas-cloud-design-and-build//>
> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> CloudStack Software Engineering<
> http://shapeblue.com/cloudstack-software-engineering/>
> CloudStack Infrastructure Support<
> http://shapeblue.com/cloudstack-infrastructure-support/>
> CloudStack Bootcamp Training Courses<
> http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is
> a company registered by The Republic of South Africa and is traded under
> license from Shape Blue Ltd. ShapeBlue is a registered trademark.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message