[ https://issues.apache.org/jira/browse/CLOUDSTACK-8457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14626327#comment-14626327 ]
ASF GitHub Bot commented on CLOUDSTACK-8457: -------------------------------------------- Github user wilderrodrigues commented on the pull request: https://github.com/apache/cloudstack/pull/583#issuecomment-121236324 LGTM :+1: Also talked to @bhaisaab on Slack about the 2 accountsWizard.js just to get some context. Cheers, Wilder > Make SAML plugin production grade > --------------------------------- > > Key: CLOUDSTACK-8457 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8457 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: SAML > Reporter: Rohit Yadav > Assignee: Rohit Yadav > Fix For: Future, 4.6.0, 4.5.2 > > > The current SAML plugin is not well tested with major IdPs used in production > such as Shibboleth. It is also limited to using HTTP-redirect only and does > not support HTTP-Post and other artifacts. Further, the security concerns are > not well addressed, for example both authorization, creation of > users/accounts (on first login) and authentication is done by the plugin > which needs to be tested wrt security, addressed and improved. -- This message was sent by Atlassian JIRA (v6.3.4#6332)