cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-8035) SAML SP metadata changes with every CloudStack restart
Date Tue, 13 Jan 2015 09:35:34 GMT


ASF subversion and git services commented on CLOUDSTACK-8035:

Commit aaf6a34c54a88e92b03696c91f4fcc1ddc472559 in cloudstack's branch refs/heads/vmware-disk-controllers
from []
[;h=aaf6a34 ]

CLOUDSTACK-8035: Generate and store X509Cert and reuse this for SAML

The fix generates X509Certificate if missing from DB and uses that for eternity.
SAML SP metadata remains same since it's using the same X509 certificate and
it remains same after restarts. The certificate is serialized, base64 encoded
and stored in the keystore table under a specific name. For reading, it's
retrieved, base64 decoded and deserialized.

Signed-off-by: Rohit Yadav <>
(cherry picked from commit 43587143811b222ca131b0e1237f9e99cd94694d)
Signed-off-by: Rohit Yadav <>

> SAML SP metadata changes with every CloudStack restart
> ------------------------------------------------------
>                 Key: CLOUDSTACK-8035
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Critical
>             Fix For: 4.5.0, 4.6.0
> the getSPMetadata API uses the private key to generate public keys every time cloudstack
restarts, this is a non issue as saml tokens checked by previous public keys are still validated
by the same private key but we need to store it in DB and not re-create them every time mgmt
server restarts.

This message was sent by Atlassian JIRA

View raw message