[
https://issues.apache.org/jira/browse/CLOUDSTACK-8035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14274969#comment-14274969
]
ASF subversion and git services commented on CLOUDSTACK-8035:
-------------------------------------------------------------
Commit aaf6a34c54a88e92b03696c91f4fcc1ddc472559 in cloudstack's branch
refs/heads/vmware-disk-controllers from [[email protected]]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=aaf6a34 ]
CLOUDSTACK-8035: Generate and store X509Cert and reuse this for SAML
The fix generates X509Certificate if missing from DB and uses that for eternity.
SAML SP metadata remains same since it's using the same X509 certificate and
it remains same after restarts. The certificate is serialized, base64 encoded
and stored in the keystore table under a specific name. For reading, it's
retrieved, base64 decoded and deserialized.
Signed-off-by: Rohit Yadav <[email protected]>
(cherry picked from commit 43587143811b222ca131b0e1237f9e99cd94694d)
Signed-off-by: Rohit Yadav <[email protected]>
> SAML SP metadata changes with every CloudStack restart
> ------------------------------------------------------
>
> Key: CLOUDSTACK-8035
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8035
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Priority: Critical
> Fix For: 4.5.0, 4.6.0
>
>
> the getSPMetadata API uses the private key to generate public keys every time
> cloudstack restarts, this is a non issue as saml tokens checked by previous
> public keys are still validated by the same private key but we need to store
> it in DB and not re-create them every time mgmt server restarts.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
