Thanks. Will give it a try. -- Erik
On Mon, Jun 1, 2015 at 12:17 PM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > Hi Erik, > > I’ll send a pull request when I’ve addressed most of the improvements, > here’s the branch you can build from: > https://github.com/apache/cloudstack/tree/saml-production-grade > > This has same set of global settings, APIs and doc/usage, so no changes on > the outside so far. If you need any help let me know here or offlist. > > > On 01-Jun-2015, at 12:08 pm, Erik Weber <terbol...@gmail.com> wrote: > > > > Thanks for the update Rohit. > > > > Is this merged to master? > > > > If you want I can setup one (or more) account(s) for you in our pre > > production environment, so that you can test it with your development > code. > > Contact me offlist if that's something you'd want. > > > > If it's merged to master I can do a test. > > > > -- > > Erik > > > > On Fri, May 29, 2015 at 6:49 PM, Rohit Yadav <rohit.ya...@shapeblue.com> > > wrote: > > > >> Hi, > >> > >> Just want to share that SAML plugin now supports HTTP-POST and > >> HTTP-Redirect bindings and in my local setup it seems to be working with > >> Shibboleth and also with SSOCircle, OpenFiede and TestShib: > >> https://github.com/apache/cloudstack/commits/saml-production-grade > >> > >> Erik - the current SAML implementation aims to support SAML v2.0 spec > and > >> qualify samlint.org compatibility guide. I’m not sure about ADFS and > how > >> compatible it is with SAML 2.0. In theory, you can also use Microsoft AD > >> with Shibboleth. If you plan on using it with ADFS, can you test this > >> branch and suggest errors you encounter? > >> > >> I’m testing with available opensource IdPs such as Shibboleth IdP and > >> public IdP servers such as SSOCircle, OpenFiede, OneLogin etc. In case > >> you're planning to use the SAML auth plugin in your environment, please > >> share your feedback and use-cases so the plugin implementation can be > more > >> general purpose and support a wide variety of IdP servers. Thanks. > >> > >>> On 12-May-2015, at 10:02 pm, Erik Weber <terbol...@gmail.com> wrote: > >>> > >>> I don't actually remember the specifics, and I've scratched the lab. > >>> > >>> But I think there was an issue with fetching the metadata (from the > IdP) > >>> atleast. > >>> > >>> Plus, ADFS is claims based, I don't know if the current SAML 2.0 > >>> implementation in CloudStack is claims aware or not? > >>> > >>> > >>> -- > >>> Erik > >>> > >>> On Tue, May 12, 2015 at 9:46 PM, Rohit Yadav < > rohit.ya...@shapeblue.com> > >>> wrote: > >>> > >>>> Hi Erik, > >>>> > >>>> Thanks for your feedback, can you share more details about your > >> use-case. > >>>> I remember we had a discussion where we tried to make it work, but > don’t > >>>> remember why it failed for your environment. What SAML bindings do we > >> need > >>>> to support to make it work with MS ADFS any other subtle details? > >>>> > >>>>> On 12-May-2015, at 6:33 pm, Erik Weber <terbol...@gmail.com> wrote: > >>>>> > >>>>> Great news Rohit, > >>>>> > >>>>> Would love to see it support Microsoft ADFS as IdP. > >>>>> > >>>>> > >>>>> Erik > >>>>> > >>>>> Den tirsdag 12. mai 2015 skrev Rohit Yadav < > rohit.ya...@shapeblue.com> > >>>>> følgende: > >>>>> > >>>>>> Hi all, > >>>>>> > >>>>>> Based on the feedback several friends in the community on different > >>>>>> use-cases of using a federated login system based on SAML2 with > >>>> CloudStack, > >>>>>> I’m soon planning to address them in the SAML plugin implement > >> focusing > >>>> on > >>>>>> pain points around interoperability, IdP support, security and ease > of > >>>> use. > >>>>>> > >>>>>> I’ve updated the specification to reflect some of those aspects I’ve > >>>>>> gathered in last few months: > >>>>>> > >>>>>> > >>>> > >> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/SAML+2.0+Plugin#SAML2.0Plugin-Version2:InProgress > >>>>>> > >>>>>> Please advise improvements you would like to see, or share pain > points > >>>>>> with the current implementation. Thanks. > >>>>>> > >>>>>> Regards, > >>>>>> Rohit Yadav > >>>>>> Software Architect, ShapeBlue > >>>>>> M. +91 88 262 30892 | rohit.ya...@shapeblue.com <javascript:;> > >>>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab > >>>>>> > >>>>>> > >>>>>> > >>>>>> Find out more about ShapeBlue and our range of CloudStack related > >>>> services > >>>>>> > >>>>>> IaaS Cloud Design & Build< > >>>>>> http://shapeblue.com/iaas-cloud-design-and-build//> > >>>>>> CSForge – rapid IaaS deployment framework< > >> http://shapeblue.com/csforge/ > >>>>> > >>>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > >>>>>> CloudStack Software Engineering< > >>>>>> http://shapeblue.com/cloudstack-software-engineering/> > >>>>>> CloudStack Infrastructure Support< > >>>>>> http://shapeblue.com/cloudstack-infrastructure-support/> > >>>>>> CloudStack Bootcamp Training Courses< > >>>>>> http://shapeblue.com/cloudstack-training/> > >>>>>> > >>>>>> This email and any attachments to it may be confidential and are > >>>> intended > >>>>>> solely for the use of the individual to whom it is addressed. Any > >> views > >>>> or > >>>>>> opinions expressed are solely those of the author and do not > >> necessarily > >>>>>> represent those of Shape Blue Ltd or related companies. If you are > not > >>>> the > >>>>>> intended recipient of this email, you must neither take any action > >> based > >>>>>> upon its contents, nor copy or show it to anyone. Please contact the > >>>> sender > >>>>>> if you believe you have received this email in error. Shape Blue Ltd > >> is > >>>> a > >>>>>> company incorporated in England & Wales. ShapeBlue Services India > LLP > >>>> is a > >>>>>> company incorporated in India and is operated under license from > Shape > >>>> Blue > >>>>>> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in > >>>> Brasil > >>>>>> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty > >> Ltd > >>>> is > >>>>>> a company registered by The Republic of South Africa and is traded > >> under > >>>>>> license from Shape Blue Ltd. ShapeBlue is a registered trademark. > >>>>>> > >>>> > >>>> Regards, > >>>> Rohit Yadav > >>>> Software Architect, ShapeBlue > >>>> M. +91 88 262 30892 | rohit.ya...@shapeblue.com > >>>> Blog: bhaisaab.org | Twitter: @_bhaisaab > >>>> > >>>> > >>>> > >>>> Find out more about ShapeBlue and our range of CloudStack related > >> services > >>>> > >>>> IaaS Cloud Design & Build< > >>>> http://shapeblue.com/iaas-cloud-design-and-build//> > >>>> CSForge – rapid IaaS deployment framework< > http://shapeblue.com/csforge/ > >>> > >>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > >>>> CloudStack Software Engineering< > >>>> http://shapeblue.com/cloudstack-software-engineering/> > >>>> CloudStack Infrastructure Support< > >>>> http://shapeblue.com/cloudstack-infrastructure-support/> > >>>> CloudStack Bootcamp Training Courses< > >>>> http://shapeblue.com/cloudstack-training/> > >>>> > >>>> This email and any attachments to it may be confidential and are > >> intended > >>>> solely for the use of the individual to whom it is addressed. Any > views > >> or > >>>> opinions expressed are solely those of the author and do not > necessarily > >>>> represent those of Shape Blue Ltd or related companies. If you are not > >> the > >>>> intended recipient of this email, you must neither take any action > based > >>>> upon its contents, nor copy or show it to anyone. Please contact the > >> sender > >>>> if you believe you have received this email in error. Shape Blue Ltd > is > >> a > >>>> company incorporated in England & Wales. ShapeBlue Services India LLP > >> is a > >>>> company incorporated in India and is operated under license from Shape > >> Blue > >>>> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in > >> Brasil > >>>> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty > Ltd > >> is > >>>> a company registered by The Republic of South Africa and is traded > under > >>>> license from Shape Blue Ltd. ShapeBlue is a registered trademark. > >>>> > >> > >> Regards, > >> Rohit Yadav > >> Software Architect, ShapeBlue > >> M. +91 88 262 30892 | rohit.ya...@shapeblue.com > >> Blog: bhaisaab.org | Twitter: @_bhaisaab > >> > >> > >> > >> Find out more about ShapeBlue and our range of CloudStack related > services > >> > >> IaaS Cloud Design & Build< > >> http://shapeblue.com/iaas-cloud-design-and-build//> > >> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/ > > > >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > >> CloudStack Software Engineering< > >> http://shapeblue.com/cloudstack-software-engineering/> > >> CloudStack Infrastructure Support< > >> http://shapeblue.com/cloudstack-infrastructure-support/> > >> CloudStack Bootcamp Training Courses< > >> http://shapeblue.com/cloudstack-training/> > >> > >> This email and any attachments to it may be confidential and are > intended > >> solely for the use of the individual to whom it is addressed. Any views > or > >> opinions expressed are solely those of the author and do not necessarily > >> represent those of Shape Blue Ltd or related companies. If you are not > the > >> intended recipient of this email, you must neither take any action based > >> upon its contents, nor copy or show it to anyone. Please contact the > sender > >> if you believe you have received this email in error. Shape Blue Ltd is > a > >> company incorporated in England & Wales. ShapeBlue Services India LLP > is a > >> company incorporated in India and is operated under license from Shape > Blue > >> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in > Brasil > >> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd > is > >> a company registered by The Republic of South Africa and is traded under > >> license from Shape Blue Ltd. ShapeBlue is a registered trademark. > >> > > Regards, > Rohit Yadav > Software Architect, ShapeBlue > M. +91 88 262 30892 | rohit.ya...@shapeblue.com > Blog: bhaisaab.org | Twitter: @_bhaisaab > > > > Find out more about ShapeBlue and our range of CloudStack related services > > IaaS Cloud Design & Build< > http://shapeblue.com/iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Software Engineering< > http://shapeblue.com/cloudstack-software-engineering/> > CloudStack Infrastructure Support< > http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training Courses< > http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is a > company incorporated in India and is operated under license from Shape Blue > Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil > and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is > a company registered by The Republic of South Africa and is traded under > license from Shape Blue Ltd. ShapeBlue is a registered trademark. >
