cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabrice Pollet <fabrice.pol...@etrs.terre.defense.gouv.fr>
Subject Shibboleth and CloudStack
Date Wed, 26 Apr 2017 12:01:46 GMT
Hello,

I'm trying to configure SAML2 SSO support to connect CloudStack 4.9.2.0
as a service provider (SP) to our own identity provider Shibboleth 2.4.4
(IdP - Authentication Service and Authorization based on XML).

I have completed the following CloudStack SAML2 settings:

saml2.append.idpdomain = false

saml2.default.idpid = néant

saml2.enabled = true

saml2.idp.metadata.url =
http://idp.etrs.terre.defense.gouv.fr:8080/idp/shibboleth
<http://idp.etrs.terre.defense.gouv.fr:8080/idp/shibboleth>

saml2.redirect.url = https://cloud.etrs.terre.defense.gouv.fr/client

saml2.sigalg = SHA256

saml2.sp.id = cloud.etrs.terre.defense.gouv.fr

saml2.sp.slo.url =
https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSlo
<https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSlo>

saml2.sp.sso.url =
https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSso

saml2.user.attribute = uid


But the URL SSO-SAML2
https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSso
returns me to the native authentication URL of our IdP
https://idp.etrs.terre.defense.gouv.fr/idp/Authn/UserPassword
instead of the SSO-CAS delegation URL
https://idp.etrs.terre.defense.gouv.fr/idp/Authn/RemoteUser.


The meta data of my SP are listed in my IdP (from the configuration file
relying-party.xml):

<!-- Metadonnées de ETRS CloudStack -->

<metadata:MetadataProvider id="cloud.etrs.terre.defense.gouv.fr"
xsi:type="metadata:FileBackedHTTPMetadataProvider"

metadataURL="http://cloud.etrs.terre.defense.gouv.fr:8080/client/api?command=getSPMetadata"

backingFile="/opt/shibboleth-idp/metadata/main-sps-etrs-cloudstack-metadata.xml">

</metadata:MetadataProvider>

Thank you for your help.


-- 
IEF MINDEF POLLET Fabrice

TERRE/COMSIC/ETRS/DGF/BAF/ING-NEF/PFI-PEDA
COMSIC BP18 35998 RENNES 9 France

821 354 34 82 / 02 99 84 34 82
fabrice.pollet@etrs.fr (Internet)
fabrice-c.pollet@intradef.gouv.fr (Intradef)


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message