saml: disable plugin by default and don't initiate if not enabled Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6eae9b85 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6eae9b85 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6eae9b85 Branch: refs/heads/master Commit: 6eae9b859692417182103d06f5215fff11289942 Parents: aa02e30 Author: Rohit Yadav <rohit.ya...@shapeblue.com> Authored: Thu Aug 28 18:47:08 2014 +0200 Committer: Rohit Yadav <rohit.ya...@shapeblue.com> Committed: Thu Aug 28 19:49:48 2014 +0200 ---------------------------------------------------------------------- .../cloudstack/saml/SAML2AuthManagerImpl.java | 17 +++++++++++++---- server/src/com/cloud/configuration/Config.java | 2 +- 2 files changed, 14 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6eae9b85/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java index 22d99cb..8480c0e 100644 --- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java +++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java @@ -69,12 +69,14 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage @Inject ConfigurationDao _configDao; - protected SAML2AuthManagerImpl() { - super(); - } - @Override public boolean start() { + return isSAMLPluginEnabled() && setup(); + } + + private boolean setup() { + // TODO: In future if need added logic to get SP X509 cert for Idps that need signed requests + this.serviceProviderId = _configDao.getValue(Config.SAMLServiceProviderID.key()); this.identityProviderId = _configDao.getValue(Config.SAMLIdentityProviderID.key()); @@ -145,6 +147,9 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage @Override public List<Class<?>> getAuthCommands() { + if (!isSAMLPluginEnabled()) { + return null; + } List<Class<?>> cmdList = new ArrayList<Class<?>>(); cmdList.add(SAML2LoginAPIAuthenticatorCmd.class); cmdList.add(SAML2LogoutAPIAuthenticatorCmd.class); @@ -183,4 +188,8 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage public X509Certificate getIdpEncryptionKey() { return idpEncryptionKey; } + + public Boolean isSAMLPluginEnabled() { + return Boolean.valueOf(_configDao.getValue(Config.SAMLIsPluginEnabled.key())); + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6eae9b85/server/src/com/cloud/configuration/Config.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 2c78f1b..8527738 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -1384,7 +1384,7 @@ public enum Config { ManagementServer.class, Boolean.class, "saml2.enabled", - "true", + "false", "Set it to true to enable SAML SSO plugin", null), SAMLUserAccountName(
