[
https://issues.apache.org/jira/browse/CLOUDSTACK-8037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rohit Yadav resolved CLOUDSTACK-8037.
-------------------------------------
Resolution: Fixed
>From security perspective, I added some additional test cases for SAMLUtils.
>Tested with OneLogin (worked), Feido (worked), SSOCircle (Failed), Shibboleth
>(worked with some non-default settings).
> Survey security of using SAML plugin in production and test against standard
> IDPs
> ---------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-8037
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8037
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Priority: Critical
> Fix For: 4.5.0, 4.6.0
>
>
> Since SAML plugin will ship with 4.5, and while it's not enabled by default
> we need to do a lot of testing and make sure whatever we're shipping works
> generally in most cases. While the protocol does not dictate what different
> metadata an IDP should return other than NameID (like a UUID), it needs to
> work just based on that and provide other mechanisms to support additional
> metadata such as email, name, timezone etc.
> The other main aim is to test various possible loopholes it could have or
> exploits or bad conflicts with respect to transient vs non-transient/unique
> NameIDs and SAML token signature checking as well as HTTP-redirected
> authentication process. Final set of tests (possibly automated tests) or
> manual QA against known standard IDP implementations for example openidp,
> ssocircle, shibboleth etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
