This is an automated email from the ASF dual-hosted git repository.
bstoyanov pushed a commit to branch 4.20
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.20 by this push:
new f73362ae48a Fix saml bug unable to login (#10868)
f73362ae48a is described below
commit f73362ae48aea35cab4e457c8364c6de3e978643
Author: Vitor Hugo Homem Marzarotto
<[email protected]>
AuthorDate: Tue Jan 27 04:13:21 2026 -0300
Fix saml bug unable to login (#10868)
* Fix check
* Adds configuration for behaviour, when SAML SSO is disabled for a user
* set default configuration value to false and rename it to
enable.login.with.disabled.saml
---------
Co-authored-by: Vitor Hugo Homem Marzarotto
<[email protected]>
Co-authored-by: erikbocks <[email protected]>
---
.../main/java/org/apache/cloudstack/saml/SAML2AuthManager.java | 3 +++
.../java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java | 9 +++++++--
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git
a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
index 523f694d80b..618536a71f6 100644
---
a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
+++
b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -82,6 +82,9 @@ public interface SAML2AuthManager extends
PluggableAPIAuthenticator, PluggableSe
ConfigKey<Boolean> SAMLRequirePasswordLogin = new
ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.require.password", "true",
"When enabled SAML2 will validate that the SAML login was performed with a
password. If disabled, other forms of authentication are allowed (two-factor,
certificate, etc) on the SAML Authentication Provider", true);
+ ConfigKey<Boolean> EnableLoginAfterSAMLDisable = new
ConfigKey<>("Advanced", Boolean.class, "enable.login.with.disabled.saml",
"false", "When enabled, if SAML SSO is disabled, enables user to login with
user and password, otherwise a user with SAML SSO disabled cannot login", true);
+
+
SAMLProviderMetadata getSPMetadata();
SAMLProviderMetadata getIdPMetadata(String entityId);
diff --git
a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index 93b7bc5be93..9f8101b867d 100644
---
a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++
b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -451,8 +451,13 @@ public class SAML2AuthManagerImpl extends AdapterBase
implements SAML2AuthManage
user.setExternalEntity(entityId);
user.setSource(User.Source.SAML2);
} else {
+ boolean enableLoginAfterSAMLDisable =
SAML2AuthManager.EnableLoginAfterSAMLDisable.value();
if (user.getSource().equals(User.Source.SAML2)) {
- user.setSource(User.Source.SAML2DISABLED);
+ if(enableLoginAfterSAMLDisable) {
+ user.setSource(User.Source.UNKNOWN);
+ } else {
+ user.setSource(User.Source.SAML2DISABLED);
+ }
} else {
return false;
}
@@ -541,6 +546,6 @@ public class SAML2AuthManagerImpl extends AdapterBase
implements SAML2AuthManage
SAMLCloudStackRedirectionUrl, SAMLUserAttributeName,
SAMLIdentityProviderMetadataURL, SAMLDefaultIdentityProviderId,
SAMLSignatureAlgorithm, SAMLAppendDomainSuffix, SAMLTimeout,
SAMLCheckSignature,
- SAMLForceAuthn, SAMLUserSessionKeyPathAttribute,
SAMLRequirePasswordLogin};
+ SAMLForceAuthn, SAMLUserSessionKeyPathAttribute,
SAMLRequirePasswordLogin, EnableLoginAfterSAMLDisable};
}
}
