cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: [RFC] SAML2 plugin improvements
Date Mon, 29 Jun 2015 11:43:48 GMT
Been testing the lastest SAML work, and it looks good.

- Fetching metadata now works
- Setting a different default sig alg works

Two things;

- Is it possible to give IdPs a friendly name?
- How do you add more than one?

-- 
Erik

On Wed, Jun 3, 2015 at 8:55 PM, Erik Weber <terbolous@gmail.com> wrote:

> On Wed, Jun 3, 2015 at 11:52 AM, Erik Weber <terbolous@gmail.com> wrote:
>
>>
>> On Wed, Jun 3, 2015 at 11:10 AM, Rohit Yadav <rohit.yadav@shapeblue.com>
>> wrote:
>>
>>> Hi Erik,
>>>
>>> > On 02-Jun-2015, at 11:04 pm, Erik Weber <terbolous@gmail.com> wrote:
>>> >
>>> > Possible improvement:
>>> >
>>> > If saml2.idp.id is blank, try getting it from the metadata. I don't
>>> know
>>> > about all other IdPs, but atleast with Microsoft ADFS the IdP id is
>>> part of
>>> > the <EntityDescriptor> tag.
>>> >
>>> > Example:
>>> > <EntityDescriptor ID="_66183bea-76b8-4838-9579-6d17a2357d3d" entityID="
>>> > http://ppfs.infostorm.no/adfs/services/trust"
>>> > xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
>>> >
>>> > saml2.idp.id in this case is:
>>> http://ppfs.infostorm.no/adfs/services/trust
>>>
>>> Thanks, for suggesting will fix this and for all your help in testing
>>> ADFS with the auth plugin.
>>>
>>> In future, you’ll only need to give it the metadata URL.
>>>
>>> I’m working on something to support multiple IdP servers, say in case of
>>> federated login systems where the metadata may have multiple IdP servers.
>>> In that case this setting will be useful to identify default IdP server
>>> (will change the config name)
>>
>>
>>
>> Sounds reasonable :-)
>>
>>
>
> By the way, let me know if you want assistance in troubleshooting the
> metadata download failing on https.
>
> --
> Erik
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message