[ https://issues.apache.org/jira/browse/CLOUDSTACK-8457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rohit Yadav closed CLOUDSTACK-8457. ----------------------------------- Resolution: Fixed Fixed on master and 4.5 branches. > Make SAML plugin production grade > --------------------------------- > > Key: CLOUDSTACK-8457 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8457 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SAML > Reporter: Rohit Yadav > Assignee: Rohit Yadav > Fix For: Future, 4.6.0, 4.5.2 > > > The current SAML plugin is not well tested with major IdPs used in production > such as Shibboleth. It is also limited to using HTTP-redirect only and does > not support HTTP-Post and other artifacts. Further, the security concerns are > not well addressed, for example both authorization, creation of > users/accounts (on first login) and authentication is done by the plugin > which needs to be tested wrt security, addressed and improved. -- This message was sent by Atlassian JIRA (v6.3.4#6332)