Hi all, I would like to merge SAML2 SSO/SLO integration with CloudStack.
This auth mechanism is implemented as a plugin with special auth cmds that uses an auth framework (https://cwiki.apache.org/confluence/display/CLOUDSTACK/Authentication+Refactoring) to get the pluggability. The present implementation has addressed several open ended questions and was tested to work with feido’s public IdP whose params are also set as default config params. Future iterations will try to solve few leftover agenda as mentioned on the FS. Using John Burwell’s recommendation, I’ve not used Spring SAML extension but instead used the OpenSAML library and the inbuilt BountyCastle infra for auth/X509 stuff. The major limitation which is by design is that it will work on with HTTP redirections bindings (won’t support SOAP and other resolution protocols as per SAML2 spec) and x509 signature/usage needs to be improved using either CloudStack’s own JKS keystore or create keys in the keystore table when the plugin is configured. More more information please read the proposal, FS and feel free to ask questions. Branch: saml2 Proposal: http://markmail.org/message/4ba4ztmqpud3l4uo JIRA ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-7083 FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/SAML+2.0+Plugin Unit tests: Tests for each auth cmd class, SAMLUtils and SAMLAuthenticator, fixes unit test for ApiServlet Build status: clean build works with unit tests, testing using mvn3.0.5 and jdk 1.7 Compare/diff: https://github.com/apache/cloudstack/compare/master...saml2 As agreed per the branch expectations, I’ll go ahead with the merge after 72 hours, i.e. on/after Wednesday evening. Regards, Rohit Yadav Software Architect, ShapeBlue M. +41 779015219 | rohit.ya...@shapeblue.com Blog: bhaisaab.org | Twitter: @_bhaisaab Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
