On Aug 25, 2014, at 11:34 AM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote:
> Hi all, > > I would like to merge SAML2 SSO/SLO integration with CloudStack. > > This auth mechanism is implemented as a plugin with special auth cmds that > uses an auth framework > (https://cwiki.apache.org/confluence/display/CLOUDSTACK/Authentication+Refactoring) > to get the pluggability. The present implementation has addressed several > open ended questions and was tested to work with feido’s public IdP whose > params are also set as default config params. Future iterations will try to > solve few leftover agenda as mentioned on the FS. > > Using John Burwell’s recommendation, I’ve not used Spring SAML extension but > instead used the OpenSAML library and the inbuilt BountyCastle infra for > auth/X509 stuff. > > The major limitation which is by design is that it will work on with HTTP > redirections bindings (won’t support SOAP and other resolution protocols as > per SAML2 spec) and x509 signature/usage needs to be improved using either > CloudStack’s own JKS keystore or create keys in the keystore table when the > plugin is configured. > > More more information please read the proposal, FS and feel free to ask > questions. > > Branch: saml2 > Proposal: http://markmail.org/message/4ba4ztmqpud3l4uo > JIRA ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-7083 > FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/SAML+2.0+Plugin > Unit tests: Tests for each auth cmd class, SAMLUtils and SAMLAuthenticator, > fixes unit test for ApiServlet What's the unit test coverage ? > Build status: clean build works with unit tests, testing using mvn3.0.5 and > jdk 1.7 > Can you add some Marvin/integration tests ? > Compare/diff: https://github.com/apache/cloudstack/compare/master...saml2 > > As agreed per the branch expectations, I’ll go ahead with the merge after 72 > hours, i.e. on/after Wednesday evening. > > Regards, > Rohit Yadav > Software Architect, ShapeBlue > M. +41 779015219 | rohit.ya...@shapeblue.com > Blog: bhaisaab.org | Twitter: @_bhaisaab > > > > Find out more about ShapeBlue and our range of CloudStack related services > > IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Infrastructure > Support<http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training > Courses<http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based upon > its contents, nor copy or show it to anyone. Please contact the sender if you > believe you have received this email in error. Shape Blue Ltd is a company > incorporated in England & Wales. ShapeBlue Services India LLP is a company > incorporated in India and is operated under license from Shape Blue Ltd. > Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is > operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company > registered by The Republic of South Africa and is traded under license from > Shape Blue Ltd. ShapeBlue is a registered trademark.
