Hi,
I’ve updated the docs:
http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.5/accounts.html#using-a-saml-2-0-identity-provider-for-user-authentication
You can add a metadata XML with multiple IdPs, you can now add a metadata xml
file in /etc/cloudstack/management (in the
Been testing the lastest SAML work, and it looks good.
- Fetching metadata now works
- Setting a different default sig alg works
Two things;
- Is it possible to give IdPs a friendly name?
- How do you add more than one?
--
Erik
On Wed, Jun 3, 2015 at 8:55 PM, Erik Weber wrote:
> On Wed, Jun
On Wed, Jun 3, 2015 at 11:52 AM, Erik Weber wrote:
>
> On Wed, Jun 3, 2015 at 11:10 AM, Rohit Yadav
> wrote:
>
>> Hi Erik,
>>
>> > On 02-Jun-2015, at 11:04 pm, Erik Weber wrote:
>> >
>> > Possible improvement:
>> >
>> > If saml2.idp.id is blank, try getting it from the metadata. I don't
>> know
On Wed, Jun 3, 2015 at 11:10 AM, Rohit Yadav
wrote:
> Hi Erik,
>
> > On 02-Jun-2015, at 11:04 pm, Erik Weber wrote:
> >
> > Possible improvement:
> >
> > If saml2.idp.id is blank, try getting it from the metadata. I don't know
> > about all other IdPs, but atleast with Microsoft ADFS the IdP id
Hi Erik,
> On 02-Jun-2015, at 11:04 pm, Erik Weber wrote:
>
> Possible improvement:
>
> If saml2.idp.id is blank, try getting it from the metadata. I don't know
> about all other IdPs, but atleast with Microsoft ADFS the IdP id is part of
> the tag.
>
> Example:
> http://ppfs.infostorm.no/adfs/s
Possible improvement:
If saml2.idp.id is blank, try getting it from the metadata. I don't know
about all other IdPs, but atleast with Microsoft ADFS the IdP id is part of
the tag.
Example:
http://ppfs.infostorm.no/adfs/services/trust";
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
saml2.idp.id
Thanks. Will give it a try.
--
Erik
On Mon, Jun 1, 2015 at 12:17 PM, Rohit Yadav
wrote:
> Hi Erik,
>
> I’ll send a pull request when I’ve addressed most of the improvements,
> here’s the branch you can build from:
> https://github.com/apache/cloudstack/tree/saml-production-grade
>
> This has s
Hi Erik,
I’ll send a pull request when I’ve addressed most of the improvements, here’s
the branch you can build from:
https://github.com/apache/cloudstack/tree/saml-production-grade
This has same set of global settings, APIs and doc/usage, so no changes on the
outside so far. If you need any h
Thanks for the update Rohit.
Is this merged to master?
If you want I can setup one (or more) account(s) for you in our pre
production environment, so that you can test it with your development code.
Contact me offlist if that's something you'd want.
If it's merged to master I can do a test.
--
Hi,
Just want to share that SAML plugin now supports HTTP-POST and HTTP-Redirect
bindings and in my local setup it seems to be working with Shibboleth and also
with SSOCircle, OpenFiede and TestShib:
https://github.com/apache/cloudstack/commits/saml-production-grade
Erik - the current SAML imp
I don't actually remember the specifics, and I've scratched the lab.
But I think there was an issue with fetching the metadata (from the IdP)
atleast.
Plus, ADFS is claims based, I don't know if the current SAML 2.0
implementation in CloudStack is claims aware or not?
--
Erik
On Tue, May 12,
Hi Erik,
Thanks for your feedback, can you share more details about your use-case. I
remember we had a discussion where we tried to make it work, but don’t remember
why it failed for your environment. What SAML bindings do we need to support to
make it work with MS ADFS any other subtle details
Great news Rohit,
Would love to see it support Microsoft ADFS as IdP.
Erik
Den tirsdag 12. mai 2015 skrev Rohit Yadav
følgende:
> Hi all,
>
> Based on the feedback several friends in the community on different
> use-cases of using a federated login system based on SAML2 with CloudStack,
> I’m
Hi all,
Based on the feedback several friends in the community on different use-cases
of using a federated login system based on SAML2 with CloudStack, I’m soon
planning to address them in the SAML plugin implement focusing on pain points
around interoperability, IdP support, security and ease
14 matches
Mail list logo
