Rohit Yadav created CLOUDSTACK-8037: ---------------------------------------
Summary: Survey security of using SAML plugin in production and test against standard IDPs Key: CLOUDSTACK-8037 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8037 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Reporter: Rohit Yadav Assignee: Rohit Yadav Priority: Critical Fix For: 4.5.0, 4.6.0 Since SAML plugin will ship with 4.5, and while it's not enabled by default we need to do a lot of testing and make sure whatever we're shipping works generally in most cases. While the protocol does not dictate what different metadata an IDP should return other than NameID (like a UUID), it needs to work just based on that and provide other mechanisms to support additional metadata such as email, name, timezone etc. The other main aim is to test various possible loopholes it could have or exploits or bad conflicts with respect to transient vs non-transient/unique NameIDs and SAML token signature checking as well as HTTP-redirected authentication process. Final set of tests (possibly automated tests) or manual QA against known standard IDP implementations for example openidp, ssocircle, shibboleth etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)