Been testing the lastest SAML work, and it looks good.
- Fetching metadata now works
- Setting a different default sig alg works
Two things;
- Is it possible to give IdPs a friendly name?
- How do you add more than one?
--
Erik
On Wed, Jun 3, 2015 at 8:55 PM, Erik Weber terbol...@gmail.com
Hi,
I’ve updated the docs:
http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.5/accounts.html#using-a-saml-2-0-identity-provider-for-user-authentication
You can add a metadata XML with multiple IdPs, you can now add a metadata xml
file in /etc/cloudstack/management (in
On Wed, Jun 3, 2015 at 11:10 AM, Rohit Yadav rohit.ya...@shapeblue.com
wrote:
Hi Erik,
On 02-Jun-2015, at 11:04 pm, Erik Weber terbol...@gmail.com wrote:
Possible improvement:
If saml2.idp.id is blank, try getting it from the metadata. I don't know
about all other IdPs, but atleast
Hi Erik,
On 02-Jun-2015, at 11:04 pm, Erik Weber terbol...@gmail.com wrote:
Possible improvement:
If saml2.idp.id is blank, try getting it from the metadata. I don't know
about all other IdPs, but atleast with Microsoft ADFS the IdP id is part of
the EntityDescriptor tag.
Example:
Possible improvement:
If saml2.idp.id is blank, try getting it from the metadata. I don't know
about all other IdPs, but atleast with Microsoft ADFS the IdP id is part of
the EntityDescriptor tag.
Example:
EntityDescriptor ID=_66183bea-76b8-4838-9579-6d17a2357d3d entityID=
Thanks. Will give it a try.
--
Erik
On Mon, Jun 1, 2015 at 12:17 PM, Rohit Yadav rohit.ya...@shapeblue.com
wrote:
Hi Erik,
I’ll send a pull request when I’ve addressed most of the improvements,
here’s the branch you can build from:
Thanks for the update Rohit.
Is this merged to master?
If you want I can setup one (or more) account(s) for you in our pre
production environment, so that you can test it with your development code.
Contact me offlist if that's something you'd want.
If it's merged to master I can do a test.
--
Hi Erik,
I’ll send a pull request when I’ve addressed most of the improvements, here’s
the branch you can build from:
https://github.com/apache/cloudstack/tree/saml-production-grade
This has same set of global settings, APIs and doc/usage, so no changes on the
outside so far. If you need any
Hi,
Just want to share that SAML plugin now supports HTTP-POST and HTTP-Redirect
bindings and in my local setup it seems to be working with Shibboleth and also
with SSOCircle, OpenFiede and TestShib:
https://github.com/apache/cloudstack/commits/saml-production-grade
Erik - the current SAML
Great news Rohit,
Would love to see it support Microsoft ADFS as IdP.
Erik
Den tirsdag 12. mai 2015 skrev Rohit Yadav rohit.ya...@shapeblue.com
følgende:
Hi all,
Based on the feedback several friends in the community on different
use-cases of using a federated login system based on SAML2
Hi all,
Based on the feedback several friends in the community on different use-cases
of using a federated login system based on SAML2 with CloudStack, I’m soon
planning to address them in the SAML plugin implement focusing on pain points
around interoperability, IdP support, security and ease
Hi Erik,
Thanks for your feedback, can you share more details about your use-case. I
remember we had a discussion where we tried to make it work, but don’t remember
why it failed for your environment. What SAML bindings do we need to support to
make it work with MS ADFS any other subtle
I don't actually remember the specifics, and I've scratched the lab.
But I think there was an issue with fetching the metadata (from the IdP)
atleast.
Plus, ADFS is claims based, I don't know if the current SAML 2.0
implementation in CloudStack is claims aware or not?
--
Erik
On Tue, May 12,
13 matches
Mail list logo
