cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8037) Survey security of using SAML plugin in production and test against standard IDPs
Date Mon, 12 Jan 2015 14:11:35 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14273622#comment-14273622
] 

ASF subversion and git services commented on CLOUDSTACK-8037:
-------------------------------------------------------------

Commit 1a7f76ac77b05eec796637f96b4ceca3f1c7af33 in cloudstack's branch refs/heads/master from
[~rohit.yadav@shapeblue.com]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=1a7f76a ]

CLOUDSTACK-8037: Fix attribute detection, tested to work with onelogin.com

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 23de431f96e1dad8a21055ac98926c428e83c775)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


> Survey security of using SAML plugin in production and test against standard IDPs
> ---------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8037
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8037
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Critical
>             Fix For: 4.5.0, 4.6.0
>
>
> Since SAML plugin will ship with 4.5, and while it's not enabled by default we need to
do a lot of testing and make sure whatever we're shipping works generally in most cases. While
the protocol does not dictate what different metadata an IDP should return other than NameID
(like a UUID), it needs to work just based on that and provide other mechanisms to support
additional metadata such as email, name, timezone etc.
> The other main aim is to test various possible loopholes it could have or exploits or
bad conflicts with respect to transient vs non-transient/unique NameIDs and SAML token signature
checking as well as HTTP-redirected authentication process. Final set of tests (possibly automated
tests) or manual QA against known standard IDP implementations for example openidp, ssocircle,
shibboleth etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message