[
https://issues.apache.org/jira/browse/CLOUDSTACK-8035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14273493#comment-14273493
]
ASF subversion and git services commented on CLOUDSTACK-8035:
-------------------------------------------------------------
Commit 43587143811b222ca131b0e1237f9e99cd94694d in cloudstack's branch
refs/heads/4.5 from [[email protected]]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=4358714 ]
CLOUDSTACK-8035: Generate and store X509Cert and reuse this for SAML
The fix generates X509Certificate if missing from DB and uses that for eternity.
SAML SP metadata remains same since it's using the same X509 certificate and
it remains same after restarts. The certificate is serialized, base64 encoded
and stored in the keystore table under a specific name. For reading, it's
retrieved, base64 decoded and deserialized.
Signed-off-by: Rohit Yadav <[email protected]>
> SAML SP metadata changes with every CloudStack restart
> ------------------------------------------------------
>
> Key: CLOUDSTACK-8035
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8035
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Priority: Critical
> Fix For: 4.5.0, 4.6.0
>
>
> the getSPMetadata API uses the private key to generate public keys every time
> cloudstack restarts, this is a non issue as saml tokens checked by previous
> public keys are still validated by the same private key but we need to store
> it in DB and not re-create them every time mgmt server restarts.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
