rg9975 opened a new pull request, #10311: URL: https://github.com/apache/cloudstack/pull/10311
### Description Fix issues with SAML multi-account selector in UI and various SAML2 plugin limitations. * Reliable account switch when selecting a new account/domain combination from UI * New global property (saml2.require.password) to disable password authentication requirement (this enables delegation to the SAML IDP to allow other forms of authentication like 2FA, mobile device, security key, etc). Default to true to match previous hard-coded behavior. * New global property (user.allow.multiple.accounts) to allow the same username to exist on multiple accounts in the same domain. Defaults to false to match previous behavior. * Update to use value of saml2.user.sessionkey.path (when set) on all session identity cookies during SAML2 session setup to simplify use across a reverse proxy. ### Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [X] New feature (non-breaking change which adds functionality) - [X] Bug fix (non-breaking change which fixes an issue) - [ ] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) - [ ] build/CI - [ ] test (unit or integration test code) ### Feature/Enhancement Scale or Bug Severity #### Feature/Enhancement Scale - [ ] Major - [X] Minor #### Bug Severity - [ ] BLOCKER - [ ] Critical - [X] Major - [ ] Minor - [ ] Trivial ### Screenshots (if appropriate): ### How Has This Been Tested? Setup domain using SAML2 IDP (Azure Entra specifically) and performed validations of existing behaviors (single username only in a domain; password auth requirement), as well as tested ability to add multiple accounts for the same username in a domain and authentication with 2FA/device authentication. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
