Return-Path: 
 <dev-return-76145-apmail-cloudstack-dev-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-dev-archive@www.apache.org
Delivered-To: apmail-cloudstack-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id AD6E018D0B
	for <apmail-cloudstack-dev-archive@www.apache.org>;
 Mon, 29 Jun 2015 11:44:15 +0000 (UTC)
Received: (qmail 95468 invoked by uid 500); 29 Jun 2015 11:44:15 -0000
Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org
Received: (qmail 95415 invoked by uid 500); 29 Jun 2015 11:44:15 -0000
Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:dev@cloudstack.apache.org>
List-Id: <dev.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list dev@cloudstack.apache.org
Received: (qmail 95403 invoked by uid 99); 29 Jun 2015 11:44:15 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Jun 2015 11:44:15 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of terbolous@gmail.com designates
 209.85.212.172 as permitted sender)
Received: from [209.85.212.172] (HELO mail-wi0-f172.google.com)
 (209.85.212.172)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Jun 2015 11:42:00 +0000
Received: by wiwl6 with SMTP id l6so96888589wiw.0
        for <dev@cloudstack.apache.org>; Mon, 29 Jun 2015 04:43:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=y9IN9Ae9MPQR+NeT+5+PjMNUnsX8JIZKSLvg7QCM9yM=;
        b=h8G1InB2gbfkn8I8vJ599ujH9zpuSqAawNJeejgPzK1XpP76ShYrSXzOsGgL2/p7W/
         SAYsmdLttdm9F1Ikh/QKj5uZ/q6s2PzLltrHYfyntjx02T4JGwtGJGQFK5oyiSPTww7r
         AjYWBwumNXtqT2UuDvi/s1si3gSSIDAcBtdn0zq9eYiZaDbEhS9bZWiQ/vUdk2MDl8BD
         IMzjWxElYeDmyblxoeuZVGWib+opP3GBwraSk7cZHXsS29ACTACyedCb9RESiOC+h8Aj
         qpgntNGkYtL5/WlUT9JNRnLEMCkRuZ2Wzo4z6GuKBi5hUC67qiMZHv7vVgkisaqZY4fO
         cvRg==
MIME-Version: 1.0
X-Received: by 10.180.96.167 with SMTP id dt7mr20534997wib.80.1435578229111;
 Mon, 29 Jun 2015 04:43:49 -0700 (PDT)
Received: by 10.28.224.135 with HTTP; Mon, 29 Jun 2015 04:43:48 -0700 (PDT)
In-Reply-To: 
 <CAP997Udh81_QxU95wWKipzqw0cvf4MFk5BgcCsuX5Zy6bQXknA@mail.gmail.com>
References: <E809EFA8-D907-4727-80BB-32B5AA0D7890@shapeblue.com>
	<CAP997UduiEnmtthsJoicaMkVgtkSLiaDmAKij=hE5qyeXoTvOA@mail.gmail.com>
	<A37A42B0-664B-40D8-9F08-7372CFF50EA7@shapeblue.com>
	<CAP997Ue=FbaQCtf85XVHzhHUzRqSmZybKXOerMfxuexxoAgFVA@mail.gmail.com>
	<CAP997Udh81_QxU95wWKipzqw0cvf4MFk5BgcCsuX5Zy6bQXknA@mail.gmail.com>
Date: Mon, 29 Jun 2015 13:43:48 +0200
Message-ID: 
 <CAP997UfFrV+zMUZdXk08+r4Y71gg9x7x1jD9OrQ1sEPSkwUyVQ@mail.gmail.com>
Subject: Re: [RFC] SAML2 plugin improvements
From: Erik Weber <terbolous@gmail.com>
To: dev <dev@cloudstack.apache.org>
Content-Type: multipart/alternative; boundary=f46d043c070064c0f10519a69af4
X-Virus-Checked: Checked by ClamAV on apache.org

--f46d043c070064c0f10519a69af4
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Been testing the lastest SAML work, and it looks good.

- Fetching metadata now works
- Setting a different default sig alg works

Two things;

- Is it possible to give IdPs a friendly name?
- How do you add more than one?

--=20
Erik

On Wed, Jun 3, 2015 at 8:55 PM, Erik Weber <terbolous@gmail.com> wrote:

> On Wed, Jun 3, 2015 at 11:52 AM, Erik Weber <terbolous@gmail.com> wrote:
>
>>
>> On Wed, Jun 3, 2015 at 11:10 AM, Rohit Yadav <rohit.yadav@shapeblue.com>
>> wrote:
>>
>>> Hi Erik,
>>>
>>> > On 02-Jun-2015, at 11:04 pm, Erik Weber <terbolous@gmail.com> wrote:
>>> >
>>> > Possible improvement:
>>> >
>>> > If saml2.idp.id is blank, try getting it from the metadata. I don't
>>> know
>>> > about all other IdPs, but atleast with Microsoft ADFS the IdP id is
>>> part of
>>> > the <EntityDescriptor> tag.
>>> >
>>> > Example:
>>> > <EntityDescriptor ID=3D"_66183bea-76b8-4838-9579-6d17a2357d3d" entity=
ID=3D"
>>> > http://ppfs.infostorm.no/adfs/services/trust"
>>> > xmlns=3D"urn:oasis:names:tc:SAML:2.0:metadata">
>>> >
>>> > saml2.idp.id in this case is:
>>> http://ppfs.infostorm.no/adfs/services/trust
>>>
>>> Thanks, for suggesting will fix this and for all your help in testing
>>> ADFS with the auth plugin.
>>>
>>> In future, you=E2=80=99ll only need to give it the metadata URL.
>>>
>>> I=E2=80=99m working on something to support multiple IdP servers, say i=
n case of
>>> federated login systems where the metadata may have multiple IdP server=
s.
>>> In that case this setting will be useful to identify default IdP server
>>> (will change the config name)
>>
>>
>>
>> Sounds reasonable :-)
>>
>>
>
> By the way, let me know if you want assistance in troubleshooting the
> metadata download failing on https.
>
> --
> Erik
>

--f46d043c070064c0f10519a69af4--