git commit: updated refs/heads/master to 4c69609
Repository: cloudstack
Updated Branches:
refs/heads/master 3d5c217c8 -> 4c69609fa
CLOUDSTACK-2251: Automation - dedicated guest VLAN ranges feature
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/4c69609f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/4c69609f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/4c69609f
Branch: refs/heads/master
Commit: 4c69609fa11dd7ed1958755beae2c7d30f827826
Parents: 3d5c217
Author: Ashutosh K
Authored: Fri Aug 22 15:35:40 2014 +0530
Committer: sanjeev
Committed: Thu Aug 28 12:32:07 2014 +0530
--
.../test_dedicate_guest_vlan_ranges.py | 1241 ++
tools/marvin/marvin/lib/base.py |6 +-
tools/marvin/marvin/lib/common.py | 13 +
3 files changed, 1258 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4c69609f/test/integration/component/test_dedicate_guest_vlan_ranges.py
--
diff --git a/test/integration/component/test_dedicate_guest_vlan_ranges.py
b/test/integration/component/test_dedicate_guest_vlan_ranges.py
new file mode 100644
index 000..efba229
--- /dev/null
+++ b/test/integration/component/test_dedicate_guest_vlan_ranges.py
@@ -0,0 +1,1241 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+""" P1 tests for Dedicating guest VLAN ranges
+
+Test Plan:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resources+-+Public+IP+Addresses+and+VLANs+per+Tenant+Test+Plan
+
+Issue Link: https://issues.apache.org/jira/browse/CLOUDSTACK-2251
+
+Feature Specifications:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/FS-+Dedicate+Guest+VLANs+per+tenant
+"""
+#Import Local Modules
+from nose.plugins.attrib import attr
+from marvin.cloudstackTestCase import cloudstackTestCase, unittest
+from marvin.lib.utils import (validateList,
+ cleanup_resources,
+ random_gen,
+ xsplit)
+from marvin.lib.base import (Account,
+ Domain,
+ PhysicalNetwork,
+ NetworkOffering,
+ Network,
+ ServiceOffering,
+ Project)
+from marvin.lib.common import (get_domain,
+ get_zone,
+ get_template,
+ setNonContiguousVlanIds,
+ isNetworkDeleted)
+from marvin.codes import PASS
+
+def LimitVlanRange(self, vlanrange, range=2):
+"""Limits the length of vlan range"""
+vlan_endpoints = str(vlanrange).split("-")
+vlan_startid = int(vlan_endpoints[1])
+vlan_endid = vlan_startid + (range-1)
+return str(vlan_startid) + "-" + str(vlan_endid)
+
+class TestDedicateGuestVLANRange(cloudstackTestCase):
+
+@classmethod
+def setUpClass(cls):
+cls.testClient = super(TestDedicateGuestVLANRange,
cls).getClsTestClient()
+cls.apiclient = cls.testClient.getApiClient()
+cls.testdata = cls.testClient.getParsedTestDataConfig()
+# Get Zone, Domain
+cls.domain = get_domain(cls.apiclient)
+cls.zone = get_zone(cls.apiclient)
+cls.testdata["isolated_network"]["zoneid"] = cls.zone.id
+cls.testdata['mode'] = cls.zone.networktype
+template = get_template(
+cls.apiclient,
+cls.zone.id,
+cls.testdata["ostype"]
+)
+cls._cleanup = []
+
+try:
+cls.isolated_network_offering = NetworkOffering.create(
+ cls.apiclient,
+ cls.testdata["nw_off_isolated_persistent"])
+cls._cleanup.append(cls.isolated_network_offering)
+cls.isolated_network_offering.update(cls.apiclient,
state='Enabled')
+
+cls.testdata["nw_off_isolated_persistent"]["sp
git commit: updated refs/heads/master to fe6f0cf
Repository: cloudstack
Updated Branches:
refs/heads/master 4c69609fa -> fe6f0cf62
CLOUDSTACK-1466: Automation - Secondary Storage Test Cases
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/fe6f0cf6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/fe6f0cf6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/fe6f0cf6
Branch: refs/heads/master
Commit: fe6f0cf6268dc299984c1dfef6e9d807cdd8d796
Parents: 4c69609
Author: Ashutosh K
Authored: Tue Jun 17 01:07:35 2014 -0700
Committer: sanjeev
Committed: Thu Aug 28 12:39:41 2014 +0530
--
.../component/test_ss_domain_limits.py | 580 +++
test/integration/component/test_ss_limits.py| 377
.../integration/component/test_ss_max_limits.py | 279 +
.../component/test_ss_project_limits.py | 262 +
tools/marvin/marvin/config/test_data.py | 1 +
tools/marvin/marvin/lib/base.py | 8 +-
6 files changed, 1506 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fe6f0cf6/test/integration/component/test_ss_domain_limits.py
--
diff --git a/test/integration/component/test_ss_domain_limits.py
b/test/integration/component/test_ss_domain_limits.py
new file mode 100644
index 000..998bb8b
--- /dev/null
+++ b/test/integration/component/test_ss_domain_limits.py
@@ -0,0 +1,580 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+""" P1 tests for secondary storage domain limits
+
+Test Plan:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Limit+Resources+to+domain+or+accounts
+
+Issue Link: https://issues.apache.org/jira/browse/CLOUDSTACK-1466
+
+Feature Specifications:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Limit+Resources+to+domains+and+accounts
+"""
+# Import Local Modules
+from nose.plugins.attrib import attr
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.lib.base import (Account,
+ Resources,
+ Domain,
+ Template)
+from marvin.lib.common import (get_domain,
+ get_zone,
+ get_template,
+ get_builtin_template_info,
+ list_zones,
+ isDomainResourceCountEqualToExpectedCount)
+from marvin.lib.utils import (cleanup_resources, validateList)
+from marvin.codes import (PASS,
+ FAIL,
+ RESOURCE_SECONDARY_STORAGE)
+
+class TestMultipleChildDomain(cloudstackTestCase):
+
+@classmethod
+def setUpClass(cls):
+cloudstackTestClient = super(TestMultipleChildDomain,
+ cls).getClsTestClient()
+cls.api_client = cloudstackTestClient.getApiClient()
+# Fill services from the external config file
+cls.services = cloudstackTestClient.getParsedTestDataConfig()
+# Get Zone, Domain and templates
+cls.domain = get_domain(cls.api_client)
+cls.zone = get_zone(cls.api_client,
cloudstackTestClient.getZoneForTests())
+cls.services["mode"] = cls.zone.networktype
+
+cls.template = get_template(
+cls.api_client,
+cls.zone.id,
+cls.services["ostype"]
+)
+
+cls._cleanup = []
+return
+
+@classmethod
+def tearDownClass(cls):
+try:
+# Cleanup resources used
+cleanup_resources(cls.api_client, cls._cleanup)
+except Exception as e:
+raise Exception("Warning: Exception during cleanup : %s" % e)
+return
+
+def setUp(self):
+self.apiclient = self.testClient.getApiClient()
+self.dbclient = self.testClient.getDbConnection()
+self.cleanup = []
+return
+
+def tearDown(self):
+
svn commit: r920590 - /websites/production/cloudstack/content/
Author: bhaisaab Date: Thu Aug 28 07:30:16 2014 New Revision: 920590 Log: Update cloudmonkey 5.2.0 release on downloads page Added: websites/production/cloudstack/content/ - copied from r920589, websites/staging/cloudstack/trunk/content/
git commit: updated refs/heads/4.3 to 12efdd9
Repository: cloudstack Updated Branches: refs/heads/4.3 b3bfe21cf -> 12efdd92e Fix version number in pom Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/12efdd92 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/12efdd92 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/12efdd92 Branch: refs/heads/4.3 Commit: 12efdd92e6e7a56239b2d3be29a8846b11b0c64f Parents: b3bfe21 Author: Sebastien Goasguen Authored: Thu Aug 28 11:22:15 2014 +0200 Committer: Sebastien Goasguen Committed: Thu Aug 28 11:22:15 2014 +0200 -- deps/XenServerJava/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/12efdd92/deps/XenServerJava/pom.xml -- diff --git a/deps/XenServerJava/pom.xml b/deps/XenServerJava/pom.xml index 01a54c6..326ab74 100644 --- a/deps/XenServerJava/pom.xml +++ b/deps/XenServerJava/pom.xml @@ -21,7 +21,7 @@ org.apache.cloudstack cloudstack -4.3.0 +4.3.1-SNAPSHOT ../../pom.xml xapi
git commit: updated refs/heads/master to 490d499
Repository: cloudstack
Updated Branches:
refs/heads/master fe6f0cf62 -> 490d499b7
CLOUDSTACK-7453: Network rate field specified with negative value in service
offering results in db Exception
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/490d499b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/490d499b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/490d499b
Branch: refs/heads/master
Commit: 490d499b7fe0fa60dfeb37cfe76fff99fce41018
Parents: fe6f0cf
Author: Saksham Srivastava
Authored: Thu Aug 28 15:16:58 2014 +0530
Committer: Saksham Srivastava
Committed: Thu Aug 28 15:28:00 2014 +0530
--
.../com/cloud/configuration/ConfigurationManagerImpl.java | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/490d499b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
--
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index 3328b7c..893ee4e 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -2045,8 +2045,13 @@ public class ConfigurationManagerImpl extends
ManagerBase implements Configurati
allowNetworkRate = true;
}
-if (cmd.getNetworkRate() != null && !allowNetworkRate) {
-throw new InvalidParameterValueException("Network rate can be
specified only for non-System offering and system offerings having
\"domainrouter\" systemvmtype");
+if (cmd.getNetworkRate() != null) {
+if(!allowNetworkRate) {
+throw new InvalidParameterValueException("Network rate can be
specified only for non-System offering and system offerings having
\"domainrouter\" systemvmtype");
+}
+if(cmd.getNetworkRate().intValue() <= 1) {
+throw new InvalidParameterValueException("Failed to create
service offering " + name + ": specify the network rate value more than 0");
+}
}
if (cmd.getDeploymentPlanner() != null) {
git commit: updated refs/heads/master to d9531fb
Repository: cloudstack
Updated Branches:
refs/heads/master 490d499b7 -> d9531fb0d
CLOUDSTACK-7453: Network rate field specified with negative value in service
offering results in db Exception
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d9531fb0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d9531fb0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d9531fb0
Branch: refs/heads/master
Commit: d9531fb0de6e59bfbb0ec2082558e3879b6e1668
Parents: 490d499
Author: Saksham Srivastava
Authored: Thu Aug 28 16:01:11 2014 +0530
Committer: Saksham Srivastava
Committed: Thu Aug 28 16:01:11 2014 +0530
--
server/src/com/cloud/configuration/ConfigurationManagerImpl.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9531fb0/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
--
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index 893ee4e..ad81ccd 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -2049,7 +2049,7 @@ public class ConfigurationManagerImpl extends ManagerBase
implements Configurati
if(!allowNetworkRate) {
throw new InvalidParameterValueException("Network rate can be
specified only for non-System offering and system offerings having
\"domainrouter\" systemvmtype");
}
-if(cmd.getNetworkRate().intValue() <= 1) {
+if(cmd.getNetworkRate().intValue() < 1) {
throw new InvalidParameterValueException("Failed to create
service offering " + name + ": specify the network rate value more than 0");
}
}
git commit: updated refs/heads/4.3 to 93ab061
Repository: cloudstack Updated Branches: refs/heads/4.3 12efdd92e -> 93ab0611f Updating version number in Debian package changelog Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/93ab0611 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/93ab0611 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/93ab0611 Branch: refs/heads/4.3 Commit: 93ab0611fc7e4a81bae968bc2f2b701dbbd568fe Parents: 12efdd9 Author: Sebastien Goasguen Authored: Thu Aug 28 13:41:10 2014 + Committer: Sebastien Goasguen Committed: Thu Aug 28 13:41:10 2014 + -- debian/changelog | 6 ++ 1 file changed, 6 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/93ab0611/debian/changelog -- diff --git a/debian/changelog b/debian/changelog index 2d2b238..6ac7e7e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +cloudstack (4.3.1-SNAPSHOT) unstable; urgency=low + + * Update the version to 4.3.1-SNAPSHOT + + -- Sebastien Goasguen Thu, 28 Aug 2014 13:38:42 + + cloudstack (4.3.0) unstable; urgency=low * Update the version to 4.3.0
git commit: updated refs/heads/4.3 to a743937
Repository: cloudstack Updated Branches: refs/heads/4.3 93ab0611f -> a743937e4 Update debian changelog version Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a743937e Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a743937e Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a743937e Branch: refs/heads/4.3 Commit: a743937e4972aba3a5dd8d00419367ac9ade3a87 Parents: 93ab061 Author: Sebastien Goasguen Authored: Thu Aug 28 14:22:42 2014 + Committer: Sebastien Goasguen Committed: Thu Aug 28 14:22:42 2014 + -- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a743937e/debian/changelog -- diff --git a/debian/changelog b/debian/changelog index 6ac7e7e..f43ac50 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,6 @@ -cloudstack (4.3.1-SNAPSHOT) unstable; urgency=low +cloudstack (4.3.1-snapshot) unstable; urgency=low - * Update the version to 4.3.1-SNAPSHOT + * Update the version to 4.3.1.snapshot -- Sebastien Goasguen Thu, 28 Aug 2014 13:38:42 +
[40/50] git commit: updated refs/heads/master to 97ed5ff
SAMLUtils: add unit test for SAMLUtils and method to randomly generate X509
certs
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1ed532fb
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1ed532fb
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1ed532fb
Branch: refs/heads/master
Commit: 1ed532fb2011b2a6f203cfa000df5466d7924f25
Parents: 15fdc17
Author: Rohit Yadav
Authored: Mon Aug 25 17:31:01 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:26 2014 +0200
--
.../apache/cloudstack/utils/auth/SAMLUtils.java | 37 ++-
.../cloudstack/utils/auth/SAMLUtilsTest.java| 67
2 files changed, 103 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1ed532fb/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
--
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index 51cf507..a562d48 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -21,6 +21,8 @@ package org.apache.cloudstack.utils.auth;
import com.cloud.utils.HttpUtils;
import org.apache.log4j.Logger;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.x509.X509V1CertificateGenerator;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLVersion;
@@ -57,6 +59,7 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import javax.security.auth.x500.X500Principal;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
@@ -66,7 +69,17 @@ import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.net.URLEncoder;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
import java.security.SecureRandom;
+import java.security.Security;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.Date;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
@@ -88,7 +101,7 @@ public class SAMLUtils {
}
public static String generateSecureRandomId() {
-return new BigInteger(130, new SecureRandom()).toString(32);
+return new BigInteger(160, new SecureRandom()).toString(32);
}
public static AuthnRequest buildAuthnRequestObject(String spId, String
idpUrl, String consumerUrl) {
@@ -194,4 +207,26 @@ public class SAMLUtils {
return (Response) unmarshaller.unmarshall(element);
}
+public static X509Certificate generateRandomX509Certification() throws
NoSuchAlgorithmException, NoSuchProviderException,
CertificateEncodingException, SignatureException, InvalidKeyException {
+Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60
* 60 * 1000);
+Date validityEndDate = new Date(System.currentTimeMillis() + 2 * 365 *
24 * 60 * 60 * 1000);
+
+Security.addProvider(new BouncyCastleProvider());
+KeyPairGenerator keyPairGenerator =
KeyPairGenerator.getInstance("RSA", "BC");
+keyPairGenerator.initialize(1024, new SecureRandom());
+KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+X500Principal dnName = new X500Principal("CN=John Doe");
+X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
+
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
+certGen.setSubjectDN(dnName);
+certGen.setIssuerDN(dnName); // use the same
+certGen.setNotBefore(validityBeginDate);
+certGen.setNotAfter(validityEndDate);
+certGen.setPublicKey(keyPair.getPublic());
+certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
+
+return certGen.generate(keyPair.getPrivate(), "BC");
+}
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1ed532fb/utils/test/org/apache/cloudstack/utils/auth/SAMLUtilsTest.java
--
diff --git a/utils/test/org/apache/cloudstack/utils/auth/SAMLUtilsTest.java
b/utils/test/org/apache/cloudstack/utils/auth/SAMLUtilsTest.java
new file mode 100644
index 000..1d34ba1
--- /dev/null
+++ b/utils/test/org/apache/cloudstack/utils/auth/SAMLUtilsTest.java
@@ -
[02/50] git commit: updated refs/heads/master to 97ed5ff
SAML: WIP redirections work now
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b82207e0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b82207e0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b82207e0
Branch: refs/heads/master
Commit: b82207e081b79261a274058cdd0323aff9c3be46
Parents: 18ff47e
Author: Rohit Yadav
Authored: Sun Aug 17 19:12:00 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:20 2014 +0200
--
.../api/auth/SAML2LoginAPIAuthenticatorCmd.java | 241 ++-
1 file changed, 239 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b82207e0/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git a/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
index beba4f1..c6b0bb6 100644
--- a/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
+++ b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
@@ -26,11 +26,54 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.LoginCmdResponse;
import org.apache.log4j.Logger;
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
+import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
+import org.opensaml.saml2.core.impl.IssuerBuilder;
+import org.opensaml.saml2.core.impl.NameIDPolicyBuilder;
+import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.stream.FactoryConfigurationError;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.StringWriter;
+import java.math.BigInteger;
+import java.net.URLEncoder;
+import java.security.SecureRandom;
import java.util.Map;
+import java.util.zip.Deflater;
+import java.util.zip.DeflaterOutputStream;
@APICommand(name = "samlsso", description = "SP initiated SAML Single Sign
On", requestHasSensitiveInfo = true, responseObject = LoginCmdResponse.class,
entityType = {})
public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements
APIAuthenticator {
@@ -71,12 +114,206 @@ public class SAML2LoginAPIAuthenticatorCmd extends
BaseCmd implements APIAuthent
throw new ServerApiException(ApiErrorCode.METHOD_NOT_ALLOWED, "This is
an authentication api, cannot be used directly");
}
+public String buildAuthnRequestUrl(String resourceUrl) {
+String randomId = new BigInteger(130, new SecureRandom()).toString(32);
+// TODO: Add method to get this url from metadata
+String identityProviderUrl =
"https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/ssocircle";;
+String encodedAuthRequest = "";
+
+try {
+DefaultBootstrap.bootstrap();
+AuthnRequest authnRequest = this.buildAuthnRequestObject(randomId,
identityProviderUrl, resourceUrl); // SAML AuthRequest
+encodedAuthRequest = encodeAuthnRequest(authnRequest);
+} catch (ConfigurationException | FactoryConfigurationError |
MarshallingException | IOException e) {
+s_logger.error("SAML AuthnRequest message building error: " +
e.getMessage());
+}
+return identityProviderUrl + "?SAMLRequest=" + encodedAuthRequest; //
+ "&R
[07/50] git commit: updated refs/heads/master to 97ed5ff
ui: Unbox extra quotes from sessionKey cookie value
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9b1a6dac
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9b1a6dac
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9b1a6dac
Branch: refs/heads/master
Commit: 9b1a6dac4a4bb766ee050040356998776ddca190
Parents: 2694ad7
Author: Rohit Yadav
Authored: Mon Aug 18 04:20:03 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:21 2014 +0200
--
ui/scripts/cloudStack.js | 7 +++
1 file changed, 7 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9b1a6dac/ui/scripts/cloudStack.js
--
diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index b6dd559..420c137 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -131,6 +131,13 @@
*/
g_mySession = $.cookie('JSESSIONID');
g_sessionKey = $.cookie('sessionKey');
+// Unbox quotes from sessionKey cookie value
+if (g_sessionKey[0] === '"' &&
g_sessionKey[g_sessionKey.length-1] === '"') {
+g_sessionKey = g_sessionKey.slice(1,
g_sessionKey.length-1);
+$.cookie('sessionKey', g_sessionKey, {
+expires: 1
+});
+}
g_role = $.cookie('role');
g_username = $.cookie('username');
g_userid = $.cookie('userid');
[42/50] git commit: updated refs/heads/master to 97ed5ff
saml: Add unit tests for saml plugin
- Fixes signatures on plugin manager for ease of testing
- Fixes authenticator
- Adds unit testing for getType and authenticate methods for all cmd classes
- Adds SAMLAuthenticator test
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/de4e74b2
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/de4e74b2
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/de4e74b2
Branch: refs/heads/master
Commit: de4e74b2b462773cb2866aa976e349e3f7151e9d
Parents: 1ed532f
Author: Rohit Yadav
Authored: Mon Aug 25 17:32:13 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:26 2014 +0200
--
.../command/SAML2LoginAPIAuthenticatorCmd.java | 12 +-
.../command/SAML2LogoutAPIAuthenticatorCmd.java | 2 +-
.../cloudstack/saml/SAML2UserAuthenticator.java | 6 +-
.../cloudstack/SAML2UserAuthenticatorTest.java | 51 +-
.../GetServiceProviderMetaDataCmdTest.java | 94 ++
.../SAML2LoginAPIAuthenticatorCmdTest.java | 175 +++
.../SAML2LogoutAPIAuthenticatorCmdTest.java | 93 ++
7 files changed, 419 insertions(+), 14 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/de4e74b2/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index 6c46b04..07cfa39 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -89,7 +89,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
@Inject
ConfigurationDao _configDao;
@Inject
-private DomainManager _domainMgr;
+DomainManager _domainMgr;
SAML2AuthManager _samlAuthManager;
@@ -141,7 +141,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
return redirectUrl;
}
-private Response processSAMLResponse(String responseMessage) {
+public Response processSAMLResponse(String responseMessage) {
Response responseObject = null;
try {
DefaultBootstrap.bootstrap();
@@ -162,12 +162,12 @@ public class SAML2LoginAPIAuthenticatorCmd extends
BaseCmd implements APIAuthent
if (idps != null && idps.length > 0) {
idpUrl = idps[0];
}
-String redirectUrl = buildAuthnRequestUrl(idpUrl);
+String redirectUrl = this.buildAuthnRequestUrl(idpUrl);
resp.sendRedirect(redirectUrl);
return "";
} else {
final String samlResponse =
((String[])params.get(SAMLUtils.SAML_RESPONSE))[0];
-Response processedSAMLResponse =
processSAMLResponse(samlResponse);
+Response processedSAMLResponse =
this.processSAMLResponse(samlResponse);
String statusCode =
processedSAMLResponse.getStatus().getStatusCode().getValue();
if (!statusCode.equals(StatusCode.SUCCESS_URI)) {
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR,
_apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(),
@@ -209,7 +209,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
}
String username = null;
-String password = "";
+String password = SAMLUtils.generateSecureRandomId(); //
Random password
String firstName = "";
String lastName = "";
String timeZone = "";
@@ -229,8 +229,6 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
}
}
-String issuer = assertion.getIssuer().getValue();
-String audience =
assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).getAudienceURI();
AttributeStatement attributeStatement =
assertion.getAttributeStatements().get(0);
List attributes =
attributeStatement.getAttributes();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/de4e74b2/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
--
[24/50] git commit: updated refs/heads/master to 97ed5ff
saml2: Implement SAML2AuthServiceImpl which is a PluggableAPIAuthenticator
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/4422fdd9
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/4422fdd9
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/4422fdd9
Branch: refs/heads/master
Commit: 4422fdd9ad359f29848de304b92b5fd3b214cb28
Parents: 47c9050
Author: Rohit Yadav
Authored: Sun Aug 24 15:56:10 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:23 2014 +0200
--
.../cloudstack/saml/SAML2AuthServiceImpl.java | 51
1 file changed, 51 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4422fdd9/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthServiceImpl.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthServiceImpl.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthServiceImpl.java
new file mode 100644
index 000..44e29ca
--- /dev/null
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthServiceImpl.java
@@ -0,0 +1,51 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.saml;
+
+import com.cloud.utils.component.AdapterBase;
+import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
+import org.apache.cloudstack.api.command.SAML2LoginAPIAuthenticatorCmd;
+import org.apache.cloudstack.api.command.SAML2LogoutAPIAuthenticatorCmd;
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
+
+import javax.ejb.Local;
+import java.util.ArrayList;
+import java.util.List;
+
+@Component
+@Local(value = PluggableAPIAuthenticator.class)
+public class SAML2AuthServiceImpl extends AdapterBase implements
PluggableAPIAuthenticator {
+private static final Logger s_logger =
Logger.getLogger(SAML2AuthServiceImpl.class);
+
+protected SAML2AuthServiceImpl() {
+super();
+}
+
+@Override
+public boolean start() {
+return true;
+}
+
+@Override
+public List> getAuthCommands() {
+List> cmdList = new ArrayList>();
+cmdList.add(SAML2LoginAPIAuthenticatorCmd.class);
+cmdList.add(SAML2LogoutAPIAuthenticatorCmd.class);
+return cmdList;
+}
+}
[36/50] git commit: updated refs/heads/master to 97ed5ff
utils: fix SAMLUtils's authnrequest maker
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8fa9d2c2
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8fa9d2c2
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8fa9d2c2
Branch: refs/heads/master
Commit: 8fa9d2c276309eba231a5bce8b68e525f72787d4
Parents: 2a264cc
Author: Rohit Yadav
Authored: Mon Aug 25 00:15:41 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:25 2014 +0200
--
.../src/org/apache/cloudstack/utils/auth/SAMLUtils.java | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8fa9d2c2/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
--
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index fc0ca09..8a2f93b 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -64,7 +64,9 @@ import java.util.zip.DeflaterOutputStream;
public class SAMLUtils {
public static final Logger s_logger = Logger.getLogger(SAMLUtils.class);
-public static final String SAML_NS = "saml-";
+public static final String SAML_NS = "saml://";
+
+public static final String CERTIFICATE_NAME = "SAMLSP_CERTIFICATE";
public static String createSAMLId(String uid) {
return SAML_NS + uid;
@@ -108,15 +110,15 @@ public class SAMLUtils {
authnRequest.setID(authnId);
authnRequest.setDestination(idpUrl);
authnRequest.setVersion(SAMLVersion.VERSION_20);
-authnRequest.setForceAuthn(true);
+authnRequest.setForceAuthn(false);
authnRequest.setIsPassive(false);
authnRequest.setIssuer(issuer);
authnRequest.setIssueInstant(new DateTime());
-authnRequest.setProviderName(spId);
authnRequest.setProtocolBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
authnRequest.setAssertionConsumerServiceURL(consumerUrl);
-authnRequest.setNameIDPolicy(nameIdPolicy);
-authnRequest.setRequestedAuthnContext(requestedAuthnContext);
+//authnRequest.setProviderName(spId);
+//authnRequest.setNameIDPolicy(nameIdPolicy);
+//authnRequest.setRequestedAuthnContext(requestedAuthnContext);
return authnRequest;
}
[21/50] git commit: updated refs/heads/master to 97ed5ff
server: Add SAML related config params in Config
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5d94fd5b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5d94fd5b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5d94fd5b
Branch: refs/heads/master
Commit: 5d94fd5be51384e878e84af5618b51ac5b30a8f1
Parents: 37961eb
Author: Rohit Yadav
Authored: Sun Aug 24 17:33:20 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:23 2014 +0200
--
server/src/com/cloud/configuration/Config.java | 40 +
1 file changed, 40 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5d94fd5b/server/src/com/cloud/configuration/Config.java
--
diff --git a/server/src/com/cloud/configuration/Config.java
b/server/src/com/cloud/configuration/Config.java
index b499df5..3f42a52 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -1379,6 +1379,46 @@ public enum Config {
"30",
"The allowable clock difference in milliseconds between when an
SSO login request is made and when it is received.",
null),
+SAMLServiceProviderID(
+"Advanced",
+ManagementServer.class,
+String.class,
+"saml2.sp.id",
+"Apache CloudStack",
+"SAML2 Service Provider Identifier String",
+null),
+SAMLServiceProviderSingleSignOnURL(
+"Advanced",
+ManagementServer.class,
+String.class,
+"saml2.sp.sso.url",
+"http://localhost:8080/client/api?command=samlsso";,
+"SAML2 CloudStack Service Provider Single Sign On URL",
+null),
+SAMLServiceProviderSingleLogOutURL(
+"Advanced",
+ManagementServer.class,
+String.class,
+"saml2.sp.slo.url",
+"http://localhost:8080/client/api?command=samlslo";,
+"SAML2 CloudStack Service Provider Single Log Out URL",
+null),
+SAMLIdentityProviderMetadataURL(
+"Advanced",
+ManagementServer.class,
+String.class,
+"saml2.idp.metadata.url",
+"https://openidp.feide.no/simplesaml/saml2/idp/metadata.php";,
+"SAML2 Identity Provider Metadata XML Url",
+null),
+SAMLTimeout(
+"Advanced",
+ManagementServer.class,
+Long.class,
+"saml2.timeout",
+"3",
+"SAML2 IDP Metadata Downloading and parsing etc. activity timeout
in milliseconds",
+null),
//NetworkType("Hidden", ManagementServer.class, String.class,
"network.type", "vlan", "The type of network that this deployment will use.",
"vlan,direct"),
RouterRamSize("Hidden", NetworkOrchestrationService.class, Integer.class,
"router.ram.size", "128", "Default RAM for router VM (in MB).", null),
[45/50] git commit: updated refs/heads/master to 97ed5ff
SAML2LogoutAPIAuthenticatorCmd: check logout response and redirect to UI
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/15fdc174
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/15fdc174
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/15fdc174
Branch: refs/heads/master
Commit: 15fdc1744c42c0e70b3cde31ca4b163c7983bec2
Parents: 3bf387c
Author: Rohit Yadav
Authored: Mon Aug 25 02:41:26 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:26 2014 +0200
--
.../command/SAML2LogoutAPIAuthenticatorCmd.java | 40 +++-
1 file changed, 38 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/15fdc174/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
index 9910074..1c96f0b 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
@@ -17,6 +17,7 @@
package org.apache.cloudstack.api.command;
import com.cloud.api.response.ApiResponseSerializer;
+import com.cloud.configuration.Config;
import com.cloud.user.Account;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -27,18 +28,24 @@ import org.apache.cloudstack.api.auth.APIAuthenticationType;
import org.apache.cloudstack.api.auth.APIAuthenticator;
import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
import org.apache.cloudstack.api.response.LogoutCmdResponse;
+import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.saml.SAML2AuthManager;
import org.apache.cloudstack.utils.auth.SAMLUtils;
import org.apache.log4j.Logger;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.xml.sax.SAXException;
import javax.inject.Inject;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import javax.xml.parsers.ParserConfigurationException;
import javax.xml.stream.FactoryConfigurationError;
import java.io.IOException;
import java.util.List;
@@ -51,6 +58,8 @@ public class SAML2LogoutAPIAuthenticatorCmd extends BaseCmd
implements APIAuthen
@Inject
ApiServerService _apiServer;
+@Inject
+ConfigurationDao _configDao;
SAML2AuthManager _samlAuthManager;
/
@@ -79,6 +88,7 @@ public class SAML2LogoutAPIAuthenticatorCmd extends BaseCmd
implements APIAuthen
LogoutCmdResponse response = new LogoutCmdResponse();
response.setDescription("success");
response.setResponseName(getCommandName());
+String responseString =
ApiResponseSerializer.toSerializedString(response, responseType);
try {
DefaultBootstrap.bootstrap();
@@ -89,8 +99,35 @@ public class SAML2LogoutAPIAuthenticatorCmd extends BaseCmd
implements APIAuthen
params, responseType));
}
+if (params.containsKey("SAMLResponse")) {
+try {
+final String samlResponse =
((String[])params.get(SAMLUtils.SAML_RESPONSE))[0];
+Response processedSAMLResponse =
SAMLUtils.decodeSAMLResponse(samlResponse);
+String statusCode =
processedSAMLResponse.getStatus().getStatusCode().getValue();
+if (!statusCode.equals(StatusCode.SUCCESS_URI)) {
+throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR,
_apiServer.getSerializedApiError(ApiErrorCode.INTERNAL_ERROR.getHttpCode(),
+"SAML SLO LogoutResponse status is not Success",
+params, responseType));
+}
+} catch (ConfigurationException | FactoryConfigurationError |
ParserConfigurationException | SAXException | IOException |
UnmarshallingException e) {
+s_logger.error("SAMLResponse processing error: " +
e.getMessage());
+}
+try {
+
resp.sendRedirect(_configDao.getValue(C
[37/50] git commit: updated refs/heads/master to 97ed5ff
apidocs: add entry for getSPMetaData
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/2f6fa268
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/2f6fa268
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/2f6fa268
Branch: refs/heads/master
Commit: 2f6fa268f4fd97429224075f19e6314c3ded
Parents: 8fa9d2c
Author: Rohit Yadav
Authored: Mon Aug 25 01:02:09 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:25 2014 +0200
--
tools/apidoc/gen_toc.py | 1 +
1 file changed, 1 insertion(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2f6fa268/tools/apidoc/gen_toc.py
--
diff --git a/tools/apidoc/gen_toc.py b/tools/apidoc/gen_toc.py
index 2568704..95f06c8 100644
--- a/tools/apidoc/gen_toc.py
+++ b/tools/apidoc/gen_toc.py
@@ -114,6 +114,7 @@ known_categories = {
'login': 'Authentication',
'logout': 'Authentication',
'saml': 'Authentication',
+'getSPMetadata': 'Authentication',
'Capacity': 'System Capacity',
'NetworkDevice': 'Network Device',
'ExternalLoadBalancer': 'Ext Load Balancer',
[26/50] git commit: updated refs/heads/master to 97ed5ff
server: Add IDP entity ID config param
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0444bfb6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0444bfb6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0444bfb6
Branch: refs/heads/master
Commit: 0444bfb65350c71ddcdcd0c58968e4534ceb8a89
Parents: 06e9099
Author: Rohit Yadav
Authored: Sun Aug 24 18:28:06 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:24 2014 +0200
--
server/src/com/cloud/configuration/Config.java | 8
1 file changed, 8 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0444bfb6/server/src/com/cloud/configuration/Config.java
--
diff --git a/server/src/com/cloud/configuration/Config.java
b/server/src/com/cloud/configuration/Config.java
index 3f42a52..b2fb85f 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -1403,6 +1403,14 @@ public enum Config {
"http://localhost:8080/client/api?command=samlslo";,
"SAML2 CloudStack Service Provider Single Log Out URL",
null),
+SAMLIdentityProviderID(
+"Advanced",
+ManagementServer.class,
+String.class,
+"saml2.idp.id",
+"https://openidp.feide.no";,
+"SAML2 Identity Provider Identifier String",
+null),
SAMLIdentityProviderMetadataURL(
"Advanced",
ManagementServer.class,
[34/50] git commit: updated refs/heads/master to 97ed5ff
SAML2LogoutAPIAuthenticatorCmd: implement single log out
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7ee4176c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7ee4176c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7ee4176c
Branch: refs/heads/master
Commit: 7ee4176c7a8b3f552e48c00dbdb9858dc544c6b3
Parents: b1946e8
Author: Rohit Yadav
Authored: Mon Aug 25 01:52:05 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:25 2014 +0200
--
.../command/SAML2LogoutAPIAuthenticatorCmd.java | 50 +++-
1 file changed, 48 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7ee4176c/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
index 723209f..9910074 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
@@ -20,16 +20,27 @@ import com.cloud.api.response.ApiResponseSerializer;
import com.cloud.user.Account;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ApiServerService;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.auth.APIAuthenticationType;
import org.apache.cloudstack.api.auth.APIAuthenticator;
import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
import org.apache.cloudstack.api.response.LogoutCmdResponse;
+import org.apache.cloudstack.saml.SAML2AuthManager;
+import org.apache.cloudstack.utils.auth.SAMLUtils;
import org.apache.log4j.Logger;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.io.MarshallingException;
+import javax.inject.Inject;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import javax.xml.stream.FactoryConfigurationError;
+import java.io.IOException;
import java.util.List;
import java.util.Map;
@@ -38,6 +49,10 @@ public class SAML2LogoutAPIAuthenticatorCmd extends BaseCmd
implements APIAuthen
public static final Logger s_logger =
Logger.getLogger(SAML2LogoutAPIAuthenticatorCmd.class.getName());
private static final String s_name = "logoutresponse";
+@Inject
+ApiServerService _apiServer;
+SAML2AuthManager _samlAuthManager;
+
/
/// API Implementation///
/
@@ -60,11 +75,34 @@ public class SAML2LogoutAPIAuthenticatorCmd extends BaseCmd
implements APIAuthen
@Override
public String authenticate(String command, Map params,
HttpSession session, String remoteAddress, String responseType, StringBuilder
auditTrailSb, final HttpServletResponse resp) throws ServerApiException {
-auditTrailSb.append("=== Logging out ===");
-// TODO: check global config and do either local or global log out
+auditTrailSb.append("=== SAML SLO Logging out ===");
LogoutCmdResponse response = new LogoutCmdResponse();
response.setDescription("success");
response.setResponseName(getCommandName());
+
+try {
+DefaultBootstrap.bootstrap();
+} catch (ConfigurationException | FactoryConfigurationError e) {
+s_logger.error("OpenSAML Bootstrapping error: " + e.getMessage());
+throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR,
_apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(),
+"OpenSAML Bootstrapping error while creating SP MetaData",
+params, responseType));
+}
+
+NameID nameId = (NameID) session.getAttribute(SAMLUtils.SAML_NAMEID);
+String sessionIndex = (String)
session.getAttribute(SAMLUtils.SAML_SESSION);
+LogoutRequest logoutRequest =
SAMLUtils.buildLogoutRequest(_samlAuthManager.getIdpSingleLogOutUrl(),
_samlAuthManager.getServiceProviderId(), nameId, sessionIndex);
+
+try {
+String redirectUrl = _samlAuthManager.getIdpSingleLogOutUrl() +
"?SAMLRequest=" + SAMLUtils.encodeSAMLR
[16/50] git commit: updated refs/heads/master to 97ed5ff
Maven: add opensaml 2.6.1 version id in pom.xml Signed-off-by: Rohit Yadav Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c04b9ed6 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c04b9ed6 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c04b9ed6 Branch: refs/heads/master Commit: c04b9ed661f38ab47825e5bfdc12b0a59d97fc92 Parents: d6ea4ad Author: Rohit Yadav Authored: Sun Aug 24 15:50:40 2014 +0200 Committer: Rohit Yadav Committed: Thu Aug 28 19:45:22 2014 +0200 -- pom.xml | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c04b9ed6/pom.xml -- diff --git a/pom.xml b/pom.xml index 558aaba..09c76e6 100644 --- a/pom.xml +++ b/pom.xml @@ -94,6 +94,7 @@ 2.5 2.5.3 2.9.1 +2.6.1
[11/50] git commit: updated refs/heads/master to 97ed5ff
core: Add registry and beans in spring registry for PluggableAPIAuthenticator Signed-off-by: Rohit Yadav Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/47c90508 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/47c90508 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/47c90508 Branch: refs/heads/master Commit: 47c90508712e7bc6a9dfed7c53ebc0b0ccd27696 Parents: 7ff5049 Author: Rohit Yadav Authored: Sun Aug 24 15:54:55 2014 +0200 Committer: Rohit Yadav Committed: Thu Aug 28 19:45:22 2014 +0200 -- .../api/spring-core-lifecycle-api-context-inheritable.xml | 6 ++ .../cloudstack/core/spring-core-registry-core-context.xml | 9 - 2 files changed, 14 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/47c90508/core/resources/META-INF/cloudstack/api/spring-core-lifecycle-api-context-inheritable.xml -- diff --git a/core/resources/META-INF/cloudstack/api/spring-core-lifecycle-api-context-inheritable.xml b/core/resources/META-INF/cloudstack/api/spring-core-lifecycle-api-context-inheritable.xml index d4dcc80..f1566b1 100644 --- a/core/resources/META-INF/cloudstack/api/spring-core-lifecycle-api-context-inheritable.xml +++ b/core/resources/META-INF/cloudstack/api/spring-core-lifecycle-api-context-inheritable.xml @@ -36,6 +36,12 @@ + + + + + http://git-wip-us.apache.org/repos/asf/cloudstack/blob/47c90508/core/resources/META-INF/cloudstack/core/spring-core-registry-core-context.xml -- diff --git a/core/resources/META-INF/cloudstack/core/spring-core-registry-core-context.xml b/core/resources/META-INF/cloudstack/core/spring-core-registry-core-context.xml index 02034d6..3263e92 100644 --- a/core/resources/META-INF/cloudstack/core/spring-core-registry-core-context.xml +++ b/core/resources/META-INF/cloudstack/core/spring-core-registry-core-context.xml @@ -33,7 +33,14 @@ class="org.apache.cloudstack.spring.lifecycle.registry.ExtensionRegistry"> - + + + + + + +
[47/50] git commit: updated refs/heads/master to 97ed5ff
utils: fix static certificate value string in SAMLUtils
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5e7928bc
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5e7928bc
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5e7928bc
Branch: refs/heads/master
Commit: 5e7928bcb94be56fa3b9da68bc963d09bcace815
Parents: 0402f68
Author: Rohit Yadav
Authored: Thu Aug 28 18:39:28 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:27 2014 +0200
--
utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5e7928bc/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
--
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index a562d48..1f31dca 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -90,7 +90,7 @@ public class SAMLUtils {
public static final String SAML_NS = "saml://";
public static final String SAML_NAMEID = "SAML_NAMEID";
public static final String SAML_SESSION = "SAML_SESSION";
-public static final String CERTIFICATE_NAME = "SAMLSP_CERTIFICATE";
+public static final String CERTIFICATE_NAME = "SAMLSP_X509CERTIFICATE";
public static String createSAMLId(String uid) {
return SAML_NS + uid;
@@ -207,20 +207,20 @@ public class SAMLUtils {
return (Response) unmarshaller.unmarshall(element);
}
-public static X509Certificate generateRandomX509Certification() throws
NoSuchAlgorithmException, NoSuchProviderException,
CertificateEncodingException, SignatureException, InvalidKeyException {
+public static X509Certificate generateRandomX509Certificate() throws
NoSuchAlgorithmException, NoSuchProviderException,
CertificateEncodingException, SignatureException, InvalidKeyException {
Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60
* 60 * 1000);
-Date validityEndDate = new Date(System.currentTimeMillis() + 2 * 365 *
24 * 60 * 60 * 1000);
+Date validityEndDate = new Date(System.currentTimeMillis() + 365 * 24
* 60 * 60 * 1000);
Security.addProvider(new BouncyCastleProvider());
KeyPairGenerator keyPairGenerator =
KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
-X500Principal dnName = new X500Principal("CN=John Doe");
+X500Principal dnName = new X500Principal("CN=Apache CloudStack");
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setSubjectDN(dnName);
-certGen.setIssuerDN(dnName); // use the same
+certGen.setIssuerDN(dnName);
certGen.setNotBefore(validityBeginDate);
certGen.setNotAfter(validityEndDate);
certGen.setPublicKey(keyPair.getPublic());
[06/50] git commit: updated refs/heads/master to 97ed5ff
SAML2LoginAPIAuthenticatorCmd: Set all necessary cookies and redirect to UI
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/2464e02b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/2464e02b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/2464e02b
Branch: refs/heads/master
Commit: 2464e02bf45515c6b642b3a3a3fd62045d48ab74
Parents: 9b1a6da
Author: Rohit Yadav
Authored: Mon Aug 18 04:20:54 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:21 2014 +0200
--
server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2464e02b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git a/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
index 4e17d3d..1f88c1c 100644
--- a/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
+++ b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
@@ -324,7 +324,9 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
resp.addCookie(new Cookie("username",
URLEncoder.encode(loginResponse.getUsername(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("sessionKey",
URLEncoder.encode(loginResponse.getSessionKey(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("account",
URLEncoder.encode(loginResponse.getAccount(), HttpUtils.UTF_8)));
-
//resp.sendRedirect("http://localhost:8080/client";);
+resp.addCookie(new Cookie("timezone",
URLEncoder.encode(loginResponse.getTimeZone(), HttpUtils.UTF_8)));
+resp.addCookie(new Cookie("userfullname",
URLEncoder.encode(loginResponse.getFirstName() + " " +
loginResponse.getLastName(), HttpUtils.UTF_8)));
+resp.sendRedirect("http://localhost:8080/client";);
return
ApiResponseSerializer.toSerializedString(loginResponse, responseType);
}
[27/50] git commit: updated refs/heads/master to 97ed5ff
saml: Have the plugin use IDP metadata from URL, get values from Config
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/06e90992
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/06e90992
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/06e90992
Branch: refs/heads/master
Commit: 06e909923a604a348c9ff18380a868b96145c6e2
Parents: 1b0f81e
Author: Rohit Yadav
Authored: Sun Aug 24 17:34:20 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:24 2014 +0200
--
.../cloudstack/saml2/spring-saml2-context.xml | 2 +-
.../command/SAML2LoginAPIAuthenticatorCmd.java | 28 +++-
.../cloudstack/saml/SAML2AuthManagerImpl.java | 131 +++
.../cloudstack/saml/SAML2AuthServiceImpl.java | 51
4 files changed, 153 insertions(+), 59 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/06e90992/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml
--
diff --git
a/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml
b/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml
index 15e085d..92f89b8 100644
---
a/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml
+++
b/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml
@@ -29,7 +29,7 @@
-
+
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/06e90992/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index 463df7d..ec3a4d2 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -17,7 +17,6 @@
package org.apache.cloudstack.api.command;
-import org.apache.cloudstack.api.ApiServerService;
import com.cloud.api.response.ApiResponseSerializer;
import com.cloud.exception.CloudAuthenticationException;
import com.cloud.user.Account;
@@ -27,6 +26,7 @@ import com.cloud.utils.db.EntityManager;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ApiServerService;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
@@ -34,6 +34,7 @@ import org.apache.cloudstack.api.auth.APIAuthenticationType;
import org.apache.cloudstack.api.auth.APIAuthenticator;
import org.apache.cloudstack.api.response.LoginCmdResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.saml.SAML2AuthManager;
import org.apache.cloudstack.utils.auth.SAMLUtils;
import org.apache.log4j.Logger;
import org.opensaml.DefaultBootstrap;
@@ -79,6 +80,8 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
ApiServerService _apiServer;
@Inject
EntityManager _entityMgr;
+@Inject
+SAML2AuthManager _samlAuthManager;
/
/// Accessors ///
@@ -108,13 +111,20 @@ public class SAML2LoginAPIAuthenticatorCmd extends
BaseCmd implements APIAuthent
throw new ServerApiException(ApiErrorCode.METHOD_NOT_ALLOWED, "This is
an authentication api, cannot be used directly");
}
-public String buildAuthnRequestUrl(String consumerUrl, String
identityProviderUrl) {
-String randomId = new BigInteger(130, new SecureRandom()).toString(32);
-String spId = "org.apache.cloudstack";
+public String buildAuthnRequestUrl(String idpUrl) {
+String randomSecureId = new BigInteger(130, new
SecureRandom()).toString(32);
+String spId = _samlAuthManager.getServiceProviderId();
+String consumerUrl = _samlAuthManager.getSpSingleSignOnUrl();
+String identityProviderUrl = _samlAuthManager.getIdpSingleSignOnUrl();
+
+if (idpUrl != null) {
+identityProviderUrl = idpUrl;
+}
+
String redirectUrl = "";
try {
DefaultBootstrap.bootstrap();
-AuthnRequest authnRe
[20/50] git commit: updated refs/heads/master to 97ed5ff
saml2: Fix plugin after refactoring
- Use opensaml version from root pom
- Add utils and api as explicit dependency
- Add org.apache.cloudstack.saml.SAML2AuthServiceImpl bean
- Fix imports in all source files and resource xmls
- Use methods available from SAMLUtils to encode/decode SAML request/response
- SAML logout api is not the global logout api
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d45b3035
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d45b3035
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d45b3035
Branch: refs/heads/master
Commit: d45b303569af77c3c8c673bfb47ad6fdf21a8cbc
Parents: 591a686
Author: Rohit Yadav
Authored: Sun Aug 24 16:01:22 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:23 2014 +0200
--
plugins/user-authenticators/saml2/pom.xml | 12 +-
.../cloudstack/saml2/spring-saml2-context.xml | 6 +-
.../command/SAML2LoginAPIAuthenticatorCmd.java | 128 ++-
.../command/SAML2LogoutAPIAuthenticatorCmd.java | 2 +-
.../cloudstack/saml/SAML2UserAuthenticator.java | 3 +-
5 files changed, 27 insertions(+), 124 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d45b3035/plugins/user-authenticators/saml2/pom.xml
--
diff --git a/plugins/user-authenticators/saml2/pom.xml
b/plugins/user-authenticators/saml2/pom.xml
index a220dcf..df6aa45 100644
--- a/plugins/user-authenticators/saml2/pom.xml
+++ b/plugins/user-authenticators/saml2/pom.xml
@@ -35,7 +35,17 @@
org.opensaml
opensaml
- 2.6.1
+ ${cs.opensaml.version}
+
+
+ org.apache.cloudstack
+ cloud-utils
+ ${project.version}
+
+
+ org.apache.cloudstack
+ cloud-api
+ ${project.version}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d45b3035/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml
--
diff --git
a/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml
b/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml
index f244292..15e085d 100644
---
a/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml
+++
b/plugins/user-authenticators/saml2/resources/META-INF/cloudstack/saml2/spring-saml2-context.xml
@@ -25,8 +25,12 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd";>
-
+
+
+
+
+
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d45b3035/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index 611c69b..463df7d 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -34,63 +34,35 @@ import org.apache.cloudstack.api.auth.APIAuthenticationType;
import org.apache.cloudstack.api.auth.APIAuthenticator;
import org.apache.cloudstack.api.response.LoginCmdResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.utils.auth.SAMLUtils;
import org.apache.log4j.Logger;
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
-import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
[31/50] git commit: updated refs/heads/master to 97ed5ff
saml2: Add GetServiceProviderMetaDataCmd that returns SP metadata XML This adds GetServiceProviderMetaDataCmd which returns SP metadata XML, since this information should be public for IdPs to discover, we implement this as a login/cmd api so this does not require any kind of authentication to GET this Signed-off-by: Rohit Yadav Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a13da8f9 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a13da8f9 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a13da8f9 Branch: refs/heads/master Commit: a13da8f9e0b0a693ef996810606154181ecbd568 Parents: 7687b73 Author: Rohit Yadav Authored: Mon Aug 25 00:13:32 2014 +0200 Committer: Rohit Yadav Committed: Thu Aug 28 19:45:24 2014 +0200 -- .../command/GetServiceProviderMetaDataCmd.java | 202 +++ .../api/response/SAMLMetaDataResponse.java | 40 .../cloudstack/saml/SAML2AuthManagerImpl.java | 2 + 3 files changed, 244 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a13da8f9/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java -- diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java new file mode 100644 index 000..16ee088 --- /dev/null +++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java @@ -0,0 +1,202 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.cloudstack.api.command; + +import com.cloud.api.response.ApiResponseSerializer; +import com.cloud.user.Account; +import org.apache.cloudstack.api.APICommand; +import org.apache.cloudstack.api.ApiErrorCode; +import org.apache.cloudstack.api.ApiServerService; +import org.apache.cloudstack.api.BaseCmd; +import org.apache.cloudstack.api.ServerApiException; +import org.apache.cloudstack.api.auth.APIAuthenticationType; +import org.apache.cloudstack.api.auth.APIAuthenticator; +import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator; +import org.apache.cloudstack.api.response.SAMLMetaDataResponse; +import org.apache.cloudstack.saml.SAML2AuthManager; +import org.apache.log4j.Logger; +import org.opensaml.Configuration; +import org.opensaml.DefaultBootstrap; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleLogoutService; +import org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder; +import org.opensaml.saml2.metadata.impl.EntityDescriptorBuilder; +import org.opensaml.saml2.metadata.impl.KeyDescriptorBuilder; +import org.opensaml.saml2.metadata.impl.NameIDFormatBuilder; +import org.opensaml.saml2.metadata.impl.SPSSODescriptorBuilder; +import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder; +import org.opensaml.xml.ConfigurationException; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.w3c.dom.Document; + +import javax.inject.Inject; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.P
[43/50] git commit: updated refs/heads/master to 97ed5ff
saml: use SAML_RESPONSE from SAMLUtils
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8dc50927
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8dc50927
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8dc50927
Branch: refs/heads/master
Commit: 8dc50927f9cfe994e2c2a828aedf77826f2599d9
Parents: ad13d3d
Author: Rohit Yadav
Authored: Mon Aug 25 01:58:24 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:26 2014 +0200
--
.../api/command/SAML2LoginAPIAuthenticatorCmd.java | 8 +++-
utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java| 2 +-
2 files changed, 4 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8dc50927/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index 8456872..6c46b04 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -67,9 +67,7 @@ import javax.servlet.http.HttpSession;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.stream.FactoryConfigurationError;
import java.io.IOException;
-import java.math.BigInteger;
import java.net.URLEncoder;
-import java.security.SecureRandom;
import java.util.List;
import java.util.Map;
@@ -123,7 +121,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
throw new ServerApiException(ApiErrorCode.METHOD_NOT_ALLOWED, "This is
an authentication api, cannot be used directly");
}
-public String buildAuthnRequestUrl(String idpUrl) {
+private String buildAuthnRequestUrl(String idpUrl) {
String spId = _samlAuthManager.getServiceProviderId();
String consumerUrl = _samlAuthManager.getSpSingleSignOnUrl();
String identityProviderUrl = _samlAuthManager.getIdpSingleSignOnUrl();
@@ -143,7 +141,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
return redirectUrl;
}
-public Response processSAMLResponse(String responseMessage) {
+private Response processSAMLResponse(String responseMessage) {
Response responseObject = null;
try {
DefaultBootstrap.bootstrap();
@@ -168,7 +166,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
resp.sendRedirect(redirectUrl);
return "";
} else {
-final String samlResponse =
((String[])params.get("SAMLResponse"))[0];
+final String samlResponse =
((String[])params.get(SAMLUtils.SAML_RESPONSE))[0];
Response processedSAMLResponse =
processSAMLResponse(samlResponse);
String statusCode =
processedSAMLResponse.getStatus().getStatusCode().getValue();
if (!statusCode.equals(StatusCode.SUCCESS_URI)) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8dc50927/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
--
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index 9eafe55..a238c82 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -72,10 +72,10 @@ import java.util.zip.DeflaterOutputStream;
public class SAMLUtils {
public static final Logger s_logger = Logger.getLogger(SAMLUtils.class);
+public static final String SAML_RESPONSE = "SAMLResponse";
public static final String SAML_NS = "saml://";
public static final String SAML_NAMEID = "SAML_NAMEID";
public static final String SAML_SESSION = "SAML_SESSION";
-
public static final String CERTIFICATE_NAME = "SAMLSP_CERTIFICATE";
public static String createSAMLId(String uid) {
[17/50] git commit: updated refs/heads/master to 97ed5ff
utils: refactor and aggregate methods in SAMLUtils
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d6ea4ad7
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d6ea4ad7
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d6ea4ad7
Branch: refs/heads/master
Commit: d6ea4ad7e064eea23e584be44d10a8c4ee80b608
Parents: e6ec51e
Author: Rohit Yadav
Authored: Sun Aug 24 15:50:07 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:22 2014 +0200
--
utils/pom.xml | 5 +
.../apache/cloudstack/utils/auth/SAMLUtils.java | 162 +++
2 files changed, 167 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d6ea4ad7/utils/pom.xml
--
diff --git a/utils/pom.xml b/utils/pom.xml
index 273..7dafbba 100755
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -144,6 +144,11 @@
+ org.opensaml
+ opensaml
+ ${cs.opensaml.version}
+
+
commons-net
commons-net
3.3
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d6ea4ad7/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
--
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
new file mode 100644
index 000..bc39eaf
--- /dev/null
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -0,0 +1,162 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package org.apache.cloudstack.utils.auth;
+
+import org.apache.log4j.Logger;
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
+import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
+import org.opensaml.saml2.core.impl.IssuerBuilder;
+import org.opensaml.saml2.core.impl.NameIDPolicyBuilder;
+import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.stream.FactoryConfigurationError;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.net.URLEncoder;
+import java.util.zip.Deflater;
+import java.util.zip.DeflaterOutputStream;
+
+public class SAMLUtils {
+public static final Logger s_logger = Logger.getLogger(SAMLUtils.class);
+
+public static final String SAML_NS = "saml-";
+
+public static String createSAMLId(String uid) {
+return SAML_NS + uid;
+}
+
+public static Boolean checkSAMLUserId(String uuid) {
+return uuid.startsWith(SAML_NS);
+}
+
+public static AuthnRequest buildAuthnRequestObject(String authnId, String
spId, String idpUrl, String consumerUrl) {
+// Issuer o
[13/50] git commit: updated refs/heads/master to 97ed5ff
ui: refactor and use a unified unboxing helping method in cloudStack.js
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e6ec51e1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e6ec51e1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e6ec51e1
Branch: refs/heads/master
Commit: e6ec51e12a317a6594b9acdef8dc1ca990be1867
Parents: a364054
Author: Rohit Yadav
Authored: Mon Aug 18 04:56:54 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:22 2014 +0200
--
ui/scripts/cloudStack.js | 33 +
1 file changed, 17 insertions(+), 16 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e6ec51e1/ui/scripts/cloudStack.js
--
diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index edc7c21..38cf501 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -129,24 +129,25 @@
i.e. calling listCapabilities API with g_sessionKey from
$.cookie('sessionKey') will succeed,
then userValid will be set to true, then an user object (instead of
"false") will be returned, then login screen will be bypassed.
*/
+var unBoxCookieValue = function (cookieName) {
+var cookieValue = $.cookie(cookieName);
+if (cookieValue && cookieValue.length > 2 &&
cookieValue[0] === '"' && cookieValue[cookieValue.length-1] === '"') {
+cookieValue = cookieValue.slice(1,
cookieValue.length-1);
+$.cookie(cookieName, cookieValue, { expires: 1 });
+}
+return cookieValue;
+};
g_mySession = $.cookie('JSESSIONID');
-g_sessionKey = $.cookie('sessionKey');
-// Unbox quotes from sessionKey cookie value
-if (g_sessionKey && g_sessionKey[0] === '"' &&
g_sessionKey[g_sessionKey.length-1] === '"') {
-g_sessionKey = g_sessionKey.slice(1,
g_sessionKey.length-1);
-$.cookie('sessionKey', g_sessionKey, {
-expires: 1
-});
-}
-g_role = $.cookie('role');
-g_username = $.cookie('username');
-g_userid = $.cookie('userid');
-g_account = $.cookie('account');
-g_domainid = $.cookie('domainid');
-g_userfullname = $.cookie('userfullname');
-g_timezone = $.cookie('timezone');
+g_sessionKey = unBoxCookieValue('sessionKey');
+g_role = unBoxCookieValue('role');
+g_userid = unBoxCookieValue('userid');
+g_domainid = unBoxCookieValue('domainid');
+g_account = unBoxCookieValue('account');
+g_username = unBoxCookieValue('username');
+g_userfullname = unBoxCookieValue('userfullname');
+g_timezone = unBoxCookieValue('timezone');
if ($.cookie('timezoneoffset') != null)
-g_timezoneoffset = isNaN($.cookie('timezoneoffset')) ?
null : parseFloat($.cookie('timezoneoffset'));
+g_timezoneoffset =
isNaN(unBoxCookieValue('timezoneoffset')) ? null :
parseFloat(unBoxCookieValue('timezoneoffset'));
else
g_timezoneoffset = null;
} else { //single-sign-on (bypass login screen)
[39/50] git commit: updated refs/heads/master to 97ed5ff
SAML2LogoutAPIAuthenticatorCmd: if session is null, redirect to login page
If session is null, probably logout (local) happened removing the name id and
session index which is needed for global logout. The limitation by design is
that
local logout will void possibility of global logout. To globally logout, one
use the SLO api which would logout locally as well.
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0402f68b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0402f68b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0402f68b
Branch: refs/heads/master
Commit: 0402f68b127df1ae7bdb0b299e462711db8d8030
Parents: de4e74b
Author: Rohit Yadav
Authored: Tue Aug 26 23:06:17 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:26 2014 +0200
--
.../api/command/SAML2LogoutAPIAuthenticatorCmd.java | 8
1 file changed, 8 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0402f68b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
index 5b94766..4fa7fb3 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
@@ -90,6 +90,14 @@ public class SAML2LogoutAPIAuthenticatorCmd extends BaseCmd
implements APIAuthen
response.setResponseName(getCommandName());
String responseString =
ApiResponseSerializer.toSerializedString(response, responseType);
+if (session == null) {
+try {
+
resp.sendRedirect(_configDao.getValue(Config.SAMLCloudStackRedirectionUrl.key()));
+} catch (IOException ignored) {
+}
+return responseString;
+}
+
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException | FactoryConfigurationError e) {
[10/50] git commit: updated refs/heads/master to 97ed5ff
SAML2LoginAPIAuthenticatorCmd: Implement SAML SSO using HTTP Redirect binding - Creates SAMLRequest and uses HTTP redirect binding (uses GET/302) - Redirects to IdP for auth - On successful auth, check for assertion - Tries to get attributes based on standard LDAP attribute names - Next, gets user using EntityManager, if not found creates one with NameID as UUID - Finally tries to log in and redirect Signed-off-by: Rohit Yadav Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a1dc9e81 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a1dc9e81 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a1dc9e81 Branch: refs/heads/master Commit: a1dc9e8189ebdab3f7e8b849f1777f282a7a295b Parents: 9c7204d Author: Rohit Yadav Authored: Mon Aug 18 03:43:58 2014 +0200 Committer: Rohit Yadav Committed: Thu Aug 28 19:45:21 2014 +0200 -- .../api/auth/SAML2LoginAPIAuthenticatorCmd.java | 289 ++- 1 file changed, 153 insertions(+), 136 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a1dc9e81/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java -- diff --git a/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java index c6b0bb6..4e17d3d 100644 --- a/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java +++ b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java @@ -17,7 +17,13 @@ package com.cloud.api.auth; +import com.cloud.api.ApiServerService; +import com.cloud.api.response.ApiResponseSerializer; +import com.cloud.exception.CloudAuthenticationException; import com.cloud.user.Account; +import com.cloud.user.User; +import com.cloud.utils.HttpUtils; +import com.cloud.utils.db.EntityManager; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -25,18 +31,26 @@ import org.apache.cloudstack.api.BaseCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.LoginCmdResponse; +import org.apache.cloudstack.context.CallContext; import org.apache.log4j.Logger; import org.joda.time.DateTime; import org.opensaml.Configuration; import org.opensaml.DefaultBootstrap; import org.opensaml.common.SAMLVersion; import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder; import org.opensaml.saml2.core.impl.AuthnRequestBuilder; import org.opensaml.saml2.core.impl.IssuerBuilder; @@ -49,15 +63,15 @@ import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.io.Unmarshaller; import org.opensaml.xml.io.UnmarshallerFactory; import org.opensaml.xml.io.UnmarshallingException; +import org.opensaml.xml.signature.Signature; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.NamedNodeMap; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; import org.xml.sax.SAXException; +import javax.inject.Inject; +import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import javax.xml.parsers.DocumentBuilder; @@ -71,6 +85,7 @@ import java.io.StringWriter; import java.math.BigInteger; import java.net.URLEncoder; import java.security.SecureRandom; +import java.util.List; import java.util.Map; import java.util.zip.Deflater; import java.util.zip.DeflaterOutputStream; @@ -86,6 +101,11 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent @Parameter(name = ApiConstants.IDP_URL, type = CommandType.STRING, description = "Identity Provider SSO HTTP-Redirect binding URL", required = true) private String idpUrl; +@Inject +ApiServerService _apiServer; +@Inject +EntityManager _entityMgr; + / /// Accessors /// /
[38/50] git commit: updated refs/heads/master to 97ed5ff
Config: add config for saml user account, domain and redirected URL to ACS UI
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b0f3d66f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b0f3d66f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b0f3d66f
Branch: refs/heads/master
Commit: b0f3d66f9df597d4d96bd6966e6bfa533445f9ac
Parents: 2f6fa26
Author: Rohit Yadav
Authored: Mon Aug 25 01:02:32 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:25 2014 +0200
--
server/src/com/cloud/configuration/Config.java | 24 +
1 file changed, 24 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b0f3d66f/server/src/com/cloud/configuration/Config.java
--
diff --git a/server/src/com/cloud/configuration/Config.java
b/server/src/com/cloud/configuration/Config.java
index de4aaed..530303a 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -1379,6 +1379,30 @@ public enum Config {
"30",
"The allowable clock difference in milliseconds between when an
SSO login request is made and when it is received.",
null),
+SAMLUserAccountName(
+"Advanced",
+ManagementServer.class,
+String.class,
+"saml2.default.accountname",
+"admin",
+"The name of the default account to use when creating users from
SAML SSO",
+null),
+SAMLUserDomain(
+"Advanced",
+ManagementServer.class,
+String.class,
+"saml2.default.domainid",
+"1",
+"The default domain UUID to use when creating users from SAML SSO",
+null),
+SAMLCloudStackRedirectionUrl(
+"Advanced",
+ManagementServer.class,
+String.class,
+"saml2.redirect.url",
+"http://localhost:8080/client";,
+"The CloudStack UI url the SSO should redirected to when
successful",
+null),
SAMLServiceProviderID(
"Advanced",
ManagementServer.class,
[33/50] git commit: updated refs/heads/master to 97ed5ff
SAML2LoginAPIAuthenticatorCmd: store nameid and session index in user's session
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b1946e8c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b1946e8c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b1946e8c
Branch: refs/heads/master
Commit: b1946e8c13a04dbf262f0ee7cf94b55453b711cc
Parents: 230e970
Author: Rohit Yadav
Authored: Mon Aug 25 01:51:16 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:25 2014 +0200
--
.../cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1946e8c/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index e1d95ef..8456872 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -124,7 +124,6 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
}
public String buildAuthnRequestUrl(String idpUrl) {
-String randomSecureId = new BigInteger(130, new
SecureRandom()).toString(32);
String spId = _samlAuthManager.getServiceProviderId();
String consumerUrl = _samlAuthManager.getSpSingleSignOnUrl();
String identityProviderUrl = _samlAuthManager.getIdpSingleSignOnUrl();
@@ -136,7 +135,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
String redirectUrl = "";
try {
DefaultBootstrap.bootstrap();
-AuthnRequest authnRequest =
SAMLUtils.buildAuthnRequestObject(randomSecureId, spId, identityProviderUrl,
consumerUrl);
+AuthnRequest authnRequest =
SAMLUtils.buildAuthnRequestObject(spId, identityProviderUrl, consumerUrl);
redirectUrl = identityProviderUrl + "?SAMLRequest=" +
SAMLUtils.encodeSAMLRequest(authnRequest);
} catch (ConfigurationException | FactoryConfigurationError |
MarshallingException | IOException e) {
s_logger.error("SAML AuthnRequest message building error: " +
e.getMessage());
@@ -220,6 +219,9 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
Assertion assertion =
processedSAMLResponse.getAssertions().get(0);
NameID nameId = assertion.getSubject().getNameID();
+String sessionIndex =
assertion.getAuthnStatements().get(0).getSessionIndex();
+session.setAttribute(SAMLUtils.SAML_NAMEID, nameId);
+session.setAttribute(SAMLUtils.SAML_SESSION, sessionIndex);
if (nameId.getFormat().equals(NameIDType.PERSISTENT) ||
nameId.getFormat().equals(NameIDType.EMAIL)) {
username = nameId.getValue();
[01/50] git commit: updated refs/heads/master to 97ed5ff
Repository: cloudstack
Updated Branches:
refs/heads/master d9531fb0d -> 97ed5ff63
ApiServer: change loginUser method signature to return ResponseObject
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1a3813a3
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1a3813a3
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1a3813a3
Branch: refs/heads/master
Commit: 1a3813a342ebaf454387475585a9f427c4540d1f
Parents: b82207e
Author: Rohit Yadav
Authored: Mon Aug 18 03:35:11 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:20 2014 +0200
--
server/src/com/cloud/api/ApiServer.java| 53 -
server/src/com/cloud/api/ApiServerService.java | 13 +++--
server/src/com/cloud/api/ApiServlet.java | 3 ++
3 files changed, 60 insertions(+), 9 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1a3813a3/server/src/com/cloud/api/ApiServer.java
--
diff --git a/server/src/com/cloud/api/ApiServer.java
b/server/src/com/cloud/api/ApiServer.java
index 5d6c925..fc55026 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -32,6 +32,7 @@ import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
+import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -54,6 +55,7 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.cloud.utils.HttpUtils;
+import org.apache.cloudstack.api.response.LoginCmdResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.ConnectionClosedException;
import org.apache.http.HttpException;
@@ -932,8 +934,55 @@ public class ApiServer extends ManagerBase implements
HttpRequestHandler, ApiSer
return null;
}
+private ResponseObject createLoginResponse(HttpSession session) {
+LoginCmdResponse response = new LoginCmdResponse();
+response.setTimeout(session.getMaxInactiveInterval());
+
+final String user_UUID = (String)session.getAttribute("user_UUID");
+session.removeAttribute("user_UUID");
+response.setUserId(user_UUID);
+
+final String domain_UUID = (String)session.getAttribute("domain_UUID");
+session.removeAttribute("domain_UUID");
+response.setDomainId(domain_UUID);
+
+final Enumeration attrNames = session.getAttributeNames();
+if (attrNames != null) {
+while (attrNames.hasMoreElements()) {
+final String attrName = (String) attrNames.nextElement();
+final Object attrObj = session.getAttribute(attrName);
+if (ApiConstants.USERNAME.equalsIgnoreCase(attrName)) {
+response.setUsername(attrObj.toString());
+}
+if (ApiConstants.ACCOUNT.equalsIgnoreCase(attrName)) {
+response.setAccount(attrObj.toString());
+}
+if (ApiConstants.FIRSTNAME.equalsIgnoreCase(attrName)) {
+response.setFirstName(attrObj.toString());
+}
+if (ApiConstants.LASTNAME.equalsIgnoreCase(attrName)) {
+response.setLastName(attrObj.toString());
+}
+if (ApiConstants.TYPE.equalsIgnoreCase(attrName)) {
+response.setType((attrObj.toString()));
+}
+if (ApiConstants.TIMEZONE.equalsIgnoreCase(attrName)) {
+response.setTimeZone(attrObj.toString());
+}
+if (ApiConstants.REGISTERED.equalsIgnoreCase(attrName)) {
+response.setRegistered(attrObj.toString());
+}
+if (ApiConstants.SESSIONKEY.equalsIgnoreCase(attrName)) {
+response.setSessionKey(attrObj.toString());
+}
+}
+}
+response.setResponseName("loginresponse");
+return response;
+}
+
@Override
-public void loginUser(final HttpSession session, final String username,
final String password, Long domainId, final String domainPath, final String
loginIpAddress,
+public ResponseObject loginUser(final HttpSession session, final String
username, final String password, Long domainId, final String domainPath, final
String loginIpAddress,
final Map requestParameters) throws
CloudAuthenticationException {
// We will always use domainId first. If that does not exist, we will
use domain name. If THAT doesn't exist
// we will default to ROOT
@@ -100
[28/50] git commit: updated refs/heads/master to 97ed5ff
SAMLUtils: leave bootstrapping to upper layers
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8e6cb044
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8e6cb044
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8e6cb044
Branch: refs/heads/master
Commit: 8e6cb044801d151c5fd56eb03d8dbca22a976f39
Parents: 0444bfb
Author: Rohit Yadav
Authored: Sun Aug 24 20:46:20 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:24 2014 +0200
--
utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java | 7 ---
1 file changed, 7 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8e6cb044/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
--
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index 9c54053..fc0ca09 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -23,7 +23,6 @@ import com.cloud.utils.HttpUtils;
import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.AuthnContextClassRef;
@@ -54,7 +53,6 @@ import org.xml.sax.SAXException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.stream.FactoryConfigurationError;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -144,11 +142,6 @@ public class SAMLUtils {
public static Response decodeSAMLResponse(String responseMessage)
throws ConfigurationException, ParserConfigurationException,
SAXException, IOException, UnmarshallingException {
-try {
-DefaultBootstrap.bootstrap();
-} catch (ConfigurationException | FactoryConfigurationError e) {
-s_logger.error("SAML response message decoding error: " +
e.getMessage());
-}
DocumentBuilderFactory documentBuilderFactory =
DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
DocumentBuilder docBuilder =
documentBuilderFactory.newDocumentBuilder();
[15/50] git commit: updated refs/heads/master to 97ed5ff
saml: move refactor files from server to api module
- Move interfaces and classes from server to api module
- This can be then used for pluggable api authenticators
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/68e094eb
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/68e094eb
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/68e094eb
Branch: refs/heads/master
Commit: 68e094ebaf6ce0c3280c9b6c191f1c389758e8f9
Parents: c04b9ed
Author: Rohit Yadav
Authored: Sun Aug 24 15:51:29 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:22 2014 +0200
--
.../apache/cloudstack/api/ApiServerService.java | 45 +++
.../api/auth/APIAuthenticationManager.java | 24 ++
.../api/auth/APIAuthenticationType.java | 21 ++
.../cloudstack/api/auth/APIAuthenticator.java | 41 +++
.../cloudstack/SAML2UserAuthenticator.java | 65
.../command/SAML2LoginAPIAuthenticatorCmd.java | 352 +++
.../command/SAML2LogoutAPIAuthenticatorCmd.java | 73
.../cloudstack/saml/SAML2UserAuthenticator.java | 65
server/src/com/cloud/api/ApiServerService.java | 45 ---
.../api/auth/APIAuthenticationManager.java | 24 --
.../cloud/api/auth/APIAuthenticationType.java | 21 --
.../com/cloud/api/auth/APIAuthenticator.java| 41 ---
.../api/auth/SAML2LoginAPIAuthenticatorCmd.java | 350 --
.../auth/SAML2LogoutAPIAuthenticatorCmd.java| 71
14 files changed, 621 insertions(+), 617 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/68e094eb/api/src/org/apache/cloudstack/api/ApiServerService.java
--
diff --git a/api/src/org/apache/cloudstack/api/ApiServerService.java
b/api/src/org/apache/cloudstack/api/ApiServerService.java
new file mode 100644
index 000..9c0cfa3
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/ApiServerService.java
@@ -0,0 +1,45 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api;
+
+import com.cloud.exception.CloudAuthenticationException;
+import org.apache.cloudstack.api.ResponseObject;
+import org.apache.cloudstack.api.ServerApiException;
+
+import javax.servlet.http.HttpSession;
+import java.util.Map;
+
+public interface ApiServerService {
+public boolean verifyRequest(Map requestParameters, Long
userId) throws ServerApiException;
+
+public Long fetchDomainId(String domainUUID);
+
+public ResponseObject loginUser(HttpSession session, String username,
String password, Long domainId, String domainPath, String loginIpAddress,
+Map requestParameters)
throws CloudAuthenticationException;
+
+public void logoutUser(long userId);
+
+public boolean verifyUser(Long userId);
+
+public String getSerializedApiError(int errorCode, String errorText,
Map apiCommandParams, String responseType);
+
+public String getSerializedApiError(ServerApiException ex, Map apiCommandParams, String responseType);
+
+public String handleRequest(Map params, String responseType, StringBuilder
auditTrailSb) throws ServerApiException;
+
+public Class getCmdClass(String cmdName);
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/68e094eb/api/src/org/apache/cloudstack/api/auth/APIAuthenticationManager.java
--
diff --git
a/api/src/org/apache/cloudstack/api/auth/APIAuthenticationManager.java
b/api/src/org/apache/cloudstack/api/auth/APIAuthenticationManager.java
new file mode 100644
index 000..5d4d664
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/auth/APIAuthenticationManager.java
@@ -0,0 +1,24 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you
[12/50] git commit: updated refs/heads/master to 97ed5ff
api: Add PluggableAPIAuthenticator interface
This interface is used by any plugin for implementing a pluggable API
authenticator such as SAML, OAuth etc.
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7ff50499
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7ff50499
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7ff50499
Branch: refs/heads/master
Commit: 7ff50499a1b2eb42beeea021d850d5bf5a726571
Parents: 74f5795
Author: Rohit Yadav
Authored: Sun Aug 24 15:53:53 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:22 2014 +0200
--
.../api/auth/PluggableAPIAuthenticator.java | 25
1 file changed, 25 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7ff50499/api/src/org/apache/cloudstack/api/auth/PluggableAPIAuthenticator.java
--
diff --git
a/api/src/org/apache/cloudstack/api/auth/PluggableAPIAuthenticator.java
b/api/src/org/apache/cloudstack/api/auth/PluggableAPIAuthenticator.java
new file mode 100644
index 000..e1e46b8
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/auth/PluggableAPIAuthenticator.java
@@ -0,0 +1,25 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.auth;
+
+import com.cloud.utils.component.Adapter;
+
+import java.util.List;
+
+public interface PluggableAPIAuthenticator extends Adapter {
+public List> getAuthCommands();
+}
\ No newline at end of file
[41/50] git commit: updated refs/heads/master to 97ed5ff
SAML2UserAuthenticator: check that request params has SAMLResponse
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ad13d3d7
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ad13d3d7
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ad13d3d7
Branch: refs/heads/master
Commit: ad13d3d7472bcb2361ba97914fa5c5c90b5429ca
Parents: 7ee4176
Author: Rohit Yadav
Authored: Mon Aug 25 01:57:24 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:26 2014 +0200
--
.../src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ad13d3d7/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
index a4902d1..5cd9b52 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
@@ -48,8 +48,8 @@ public class SAML2UserAuthenticator extends
DefaultUserAuthenticator {
return new Pair(false,
null);
} else {
User user = _userDao.getUser(userAccount.getId());
-// TODO: check SAMLRequest, signature etc. from requestParameters
-if (user != null && SAMLUtils.checkSAMLUserId(user.getUuid())) {
+if (user != null && SAMLUtils.checkSAMLUserId(user.getUuid()) &&
+requestParameters.containsKey(SAMLUtils.SAML_RESPONSE)) {
return new Pair(true,
null);
}
}
[04/50] git commit: updated refs/heads/master to 97ed5ff
SAML2: add saml sso and slo apicmds skeleton, add classes to AuthManager
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/df95a762
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/df95a762
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/df95a762
Branch: refs/heads/master
Commit: df95a762f4a5ca7671995cf035223ab90790174a
Parents: d9531fb
Author: Rohit Yadav
Authored: Tue Aug 12 13:10:05 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:20 2014 +0200
--
.../org/apache/cloudstack/api/ApiConstants.java | 1 +
.../api/auth/APIAuthenticationManagerImpl.java | 2 +
.../api/auth/SAML2LoginAPIAuthenticatorCmd.java | 94
.../auth/SAML2LogoutAPIAuthenticatorCmd.java| 71 +++
4 files changed, 168 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/df95a762/api/src/org/apache/cloudstack/api/ApiConstants.java
--
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java
b/api/src/org/apache/cloudstack/api/ApiConstants.java
index f89aa14..6baa95c 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -514,6 +514,7 @@ public class ApiConstants {
public static final String VMPROFILE_ID = "vmprofileid";
public static final String VMGROUP_ID = "vmgroupid";
public static final String CS_URL = "csurl";
+public static final String IDP_URL = "idpurl";
public static final String SCALEUP_POLICY_IDS = "scaleuppolicyids";
public static final String SCALEDOWN_POLICY_IDS = "scaledownpolicyids";
public static final String SCALEUP_POLICIES = "scaleuppolicies";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/df95a762/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
--
diff --git a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
index 886d277..ece2e03 100644
--- a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
+++ b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
@@ -57,6 +57,8 @@ public class APIAuthenticationManagerImpl extends ManagerBase
implements APIAuth
s_commandList = new ArrayList>();
s_commandList.add(DefaultLoginAPIAuthenticatorCmd.class);
s_commandList.add(DefaultLogoutAPIAuthenticatorCmd.class);
+s_commandList.add(SAML2LoginAPIAuthenticatorCmd.class);
+s_commandList.add(SAML2LogoutAPIAuthenticatorCmd.class);
}
return s_commandList;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/df95a762/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git a/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
new file mode 100644
index 000..beba4f1
--- /dev/null
+++ b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
@@ -0,0 +1,94 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.api.auth;
+
+import com.cloud.user.Account;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.LoginCmdResponse;
+import org.apache.log4j.Logger;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.util.Map;
+
+@APICommand(name = "samlsso", description = "SP initiated SAML Single Sign
On", requestHasSensitiveInfo = true, responseObje
[09/50] git commit: updated refs/heads/master to 97ed5ff
DefaultLoginAPIAuthenticatorCmd: move createLoginResponse to ApiServer
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9c7204d3
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9c7204d3
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9c7204d3
Branch: refs/heads/master
Commit: 9c7204d38637f046768541a3dc3aa707fe5eb927
Parents: 1a3813a
Author: Rohit Yadav
Authored: Mon Aug 18 03:43:37 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:21 2014 +0200
--
.../auth/DefaultLoginAPIAuthenticatorCmd.java | 56 +---
1 file changed, 2 insertions(+), 54 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9c7204d3/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
--
diff --git a/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
b/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
index f5d633e..243ad9b 100644
--- a/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
+++ b/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
@@ -25,7 +25,6 @@ import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ResponseObject;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.LoginCmdResponse;
import org.apache.log4j.Logger;
@@ -33,7 +32,6 @@ import org.apache.log4j.Logger;
import javax.inject.Inject;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import java.util.Enumeration;
import java.util.Map;
@APICommand(name = "login", description = "Logs a user into the CloudStack. A
successful login attempt will generate a JSESSIONID cookie value that can be
passed in subsequent Query command calls until the \"logout\" command has been
issued or the session has expired.", requestHasSensitiveInfo = true,
responseObject = LoginCmdResponse.class, entityType = {})
@@ -100,54 +98,6 @@ public class DefaultLoginAPIAuthenticatorCmd extends
BaseCmd implements APIAuthe
throw new ServerApiException(ApiErrorCode.METHOD_NOT_ALLOWED, "This is
an authentication api, cannot be used directly");
}
-private String createLoginResponse(HttpSession session, String
responseType) {
-LoginCmdResponse response = new LoginCmdResponse();
-response.setTimeout(session.getMaxInactiveInterval());
-
-final String user_UUID = (String)session.getAttribute("user_UUID");
-session.removeAttribute("user_UUID");
-response.setUserId(user_UUID);
-
-final String domain_UUID = (String)session.getAttribute("domain_UUID");
-session.removeAttribute("domain_UUID");
-response.setDomainId(domain_UUID);
-
-// FIXME: the while loop mess
-final Enumeration attrNames = session.getAttributeNames();
-if (attrNames != null) {
-while (attrNames.hasMoreElements()) {
-final String attrName = (String) attrNames.nextElement();
-final Object attrObj = session.getAttribute(attrName);
-if (ApiConstants.USERNAME.equalsIgnoreCase(attrName)) {
-response.setUsername(attrObj.toString());
-}
-if (ApiConstants.ACCOUNT.equalsIgnoreCase(attrName)) {
-response.setAccount(attrObj.toString());
-}
-if (ApiConstants.FIRSTNAME.equalsIgnoreCase(attrName)) {
-response.setFirstName(attrObj.toString());
-}
-if (ApiConstants.LASTNAME.equalsIgnoreCase(attrName)) {
-response.setLastName(attrObj.toString());
-}
-if (ApiConstants.TYPE.equalsIgnoreCase(attrName)) {
-response.setType((attrObj.toString()));
-}
-if (ApiConstants.TIMEZONE.equalsIgnoreCase(attrName)) {
-response.setTimeZone(attrObj.toString());
-}
-if (ApiConstants.REGISTERED.equalsIgnoreCase(attrName)) {
-response.setRegistered(attrObj.toString());
-}
-if (ApiConstants.SESSIONKEY.equalsIgnoreCase(attrName)) {
-response.setSessionKey(attrObj.toString());
-}
-}
-}
-response.setResponseName(getCommandName());
-return ApiResponseSerializer.toSerializedString((ResponseObject)
response, responseType);
-}
-
@Override
public String authenticate(
[25/50] git commit: updated refs/heads/master to 97ed5ff
client: add getSPMetadata API in commands.properties Signed-off-by: Rohit Yadav Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/2a264cc7 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/2a264cc7 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/2a264cc7 Branch: refs/heads/master Commit: 2a264cc7267f9dbb0b74e665274f200ec5ad9ab5 Parents: a13da8f Author: Rohit Yadav Authored: Mon Aug 25 00:15:18 2014 +0200 Committer: Rohit Yadav Committed: Thu Aug 28 19:45:24 2014 +0200 -- client/tomcatconf/commands.properties.in | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2a264cc7/client/tomcatconf/commands.properties.in -- diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index 006a4ff..09b7ddc 100644 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -21,8 +21,11 @@ ### CloudStack authentication commands login=15 logout=15 + +### SAML SSO/SLO commands samlsso=15 samlslo=15 +getSPMetadata=15 ### Account commands createAccount=7
[30/50] git commit: updated refs/heads/master to 97ed5ff
saml: Implement logic to check response against X509 keys
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7687b731
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7687b731
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7687b731
Branch: refs/heads/master
Commit: 7687b7311a9813a2c422e592e8ad1d50a4f8284e
Parents: 47ccce8
Author: Rohit Yadav
Authored: Sun Aug 24 20:48:25 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:24 2014 +0200
--
.../command/SAML2LogoutAPIAuthenticatorCmd.java | 6 ++
.../cloudstack/saml/SAML2AuthManager.java | 15 +++-
.../cloudstack/saml/SAML2AuthManagerImpl.java | 85
3 files changed, 87 insertions(+), 19 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7687b731/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
index 32e2f99..723209f 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
@@ -24,11 +24,13 @@ import org.apache.cloudstack.api.BaseCmd;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.auth.APIAuthenticationType;
import org.apache.cloudstack.api.auth.APIAuthenticator;
+import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
import org.apache.cloudstack.api.response.LogoutCmdResponse;
import org.apache.log4j.Logger;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import java.util.List;
import java.util.Map;
@APICommand(name = "samlslo", description = "SAML Global Log Out API",
responseObject = LogoutCmdResponse.class, entityType = {})
@@ -70,4 +72,8 @@ public class SAML2LogoutAPIAuthenticatorCmd extends BaseCmd
implements APIAuthen
public APIAuthenticationType getAPIType() {
return APIAuthenticationType.LOGOUT_API;
}
+
+@Override
+public void setAuthenticators(List
authenticators) {
+}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7687b731/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
index c01cf21..507fa04 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -17,11 +17,20 @@
package org.apache.cloudstack.saml;
-public interface SAML2AuthManager {
+import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
+
+import java.security.cert.X509Certificate;
+
+public interface SAML2AuthManager extends PluggableAPIAuthenticator {
public String getServiceProviderId();
-public String getSpSingleSignOnUrl();
-public String getSpSingleLogOutUrl();
+public String getIdentityProviderId();
+public X509Certificate getIdpSigningKey();
+public X509Certificate getIdpEncryptionKey();
+
+public String getSpSingleSignOnUrl();
public String getIdpSingleSignOnUrl();
+
+public String getSpSingleLogOutUrl();
public String getIdpSingleLogOutUrl();
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7687b731/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index 41595b6..7ef126a 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -23,32 +23,48 @@ import
org.apache.cloudstack.api.command.SAML2LoginAPIAuthenticatorCmd;
import org.apache.cloudstack.api.command.SAML2LogoutAPIAuthenticatorCmd;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.log4j.Logger;
+import org.opensaml.DefaultBootst
[49/50] git commit: updated refs/heads/master to 97ed5ff
saml: disable plugin by default and don't initiate if not enabled
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6eae9b85
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6eae9b85
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6eae9b85
Branch: refs/heads/master
Commit: 6eae9b859692417182103d06f5215fff11289942
Parents: aa02e30
Author: Rohit Yadav
Authored: Thu Aug 28 18:47:08 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:49:48 2014 +0200
--
.../cloudstack/saml/SAML2AuthManagerImpl.java | 17 +
server/src/com/cloud/configuration/Config.java | 2 +-
2 files changed, 14 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6eae9b85/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index 22d99cb..8480c0e 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -69,12 +69,14 @@ public class SAML2AuthManagerImpl extends AdapterBase
implements SAML2AuthManage
@Inject
ConfigurationDao _configDao;
-protected SAML2AuthManagerImpl() {
-super();
-}
-
@Override
public boolean start() {
+return isSAMLPluginEnabled() && setup();
+}
+
+private boolean setup() {
+// TODO: In future if need added logic to get SP X509 cert for Idps
that need signed requests
+
this.serviceProviderId =
_configDao.getValue(Config.SAMLServiceProviderID.key());
this.identityProviderId =
_configDao.getValue(Config.SAMLIdentityProviderID.key());
@@ -145,6 +147,9 @@ public class SAML2AuthManagerImpl extends AdapterBase
implements SAML2AuthManage
@Override
public List> getAuthCommands() {
+if (!isSAMLPluginEnabled()) {
+return null;
+}
List> cmdList = new ArrayList>();
cmdList.add(SAML2LoginAPIAuthenticatorCmd.class);
cmdList.add(SAML2LogoutAPIAuthenticatorCmd.class);
@@ -183,4 +188,8 @@ public class SAML2AuthManagerImpl extends AdapterBase
implements SAML2AuthManage
public X509Certificate getIdpEncryptionKey() {
return idpEncryptionKey;
}
+
+public Boolean isSAMLPluginEnabled() {
+return
Boolean.valueOf(_configDao.getValue(Config.SAMLIsPluginEnabled.key()));
+}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6eae9b85/server/src/com/cloud/configuration/Config.java
--
diff --git a/server/src/com/cloud/configuration/Config.java
b/server/src/com/cloud/configuration/Config.java
index 2c78f1b..8527738 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -1384,7 +1384,7 @@ public enum Config {
ManagementServer.class,
Boolean.class,
"saml2.enabled",
-"true",
+"false",
"Set it to true to enable SAML SSO plugin",
null),
SAMLUserAccountName(
[48/50] git commit: updated refs/heads/master to 97ed5ff
server: add config to enable/disable SAML SSO/SLO plugin
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/249446dc
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/249446dc
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/249446dc
Branch: refs/heads/master
Commit: 249446dc521a273fe14b3e9e49b397a363ef577d
Parents: 5e7928b
Author: Rohit Yadav
Authored: Thu Aug 28 18:40:05 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:27 2014 +0200
--
server/src/com/cloud/configuration/Config.java | 8
1 file changed, 8 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/249446dc/server/src/com/cloud/configuration/Config.java
--
diff --git a/server/src/com/cloud/configuration/Config.java
b/server/src/com/cloud/configuration/Config.java
index 530303a..2c78f1b 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -1379,6 +1379,14 @@ public enum Config {
"30",
"The allowable clock difference in milliseconds between when an
SSO login request is made and when it is received.",
null),
+SAMLIsPluginEnabled(
+"Advanced",
+ManagementServer.class,
+Boolean.class,
+"saml2.enabled",
+"true",
+"Set it to true to enable SAML SSO plugin",
+null),
SAMLUserAccountName(
"Advanced",
ManagementServer.class,
[19/50] git commit: updated refs/heads/master to 97ed5ff
ApiServer: Fix imports order, use org.apache.cloudstack.api.ApiServerService Signed-off-by: Rohit Yadav Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/37d696db Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/37d696db Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/37d696db Branch: refs/heads/master Commit: 37d696db80fd521b7ddc9b958cb5205c496e75bc Parents: d45b303 Author: Rohit Yadav Authored: Sun Aug 24 16:03:21 2014 +0200 Committer: Rohit Yadav Committed: Thu Aug 28 19:45:23 2014 +0200 -- server/src/com/cloud/api/ApiServer.java | 214 +-- 1 file changed, 106 insertions(+), 108 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/37d696db/server/src/com/cloud/api/ApiServer.java -- diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index fc55026..4357230 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -16,82 +16,49 @@ // under the License. package com.cloud.api; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InterruptedIOException; -import java.net.InetAddress; -import java.net.ServerSocket; -import java.net.Socket; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URLEncoder; -import java.security.SecureRandom; -import java.text.DateFormat; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.TimeZone; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.LinkedBlockingQueue; -import java.util.concurrent.ThreadPoolExecutor; -import java.util.concurrent.TimeUnit; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.crypto.Mac; -import javax.crypto.spec.SecretKeySpec; -import javax.inject.Inject; -import javax.naming.ConfigurationException; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - +import com.cloud.api.dispatch.DispatchChainFactory; +import com.cloud.api.dispatch.DispatchTask; +import com.cloud.api.response.ApiResponseSerializer; +import com.cloud.configuration.Config; +import com.cloud.domain.Domain; +import com.cloud.domain.DomainVO; +import com.cloud.domain.dao.DomainDao; +import com.cloud.event.ActionEventUtils; +import com.cloud.event.EventCategory; +import com.cloud.event.EventTypes; +import com.cloud.exception.AccountLimitException; +import com.cloud.exception.CloudAuthenticationException; +import com.cloud.exception.InsufficientCapacityException; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.PermissionDeniedException; +import com.cloud.exception.RequestLimitException; +import com.cloud.exception.ResourceAllocationException; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.user.Account; +import com.cloud.user.AccountManager; +import com.cloud.user.DomainManager; +import com.cloud.user.User; +import com.cloud.user.UserAccount; +import com.cloud.user.UserVO; import com.cloud.utils.HttpUtils; -import org.apache.cloudstack.api.response.LoginCmdResponse; -import org.apache.commons.codec.binary.Base64; -import org.apache.http.ConnectionClosedException; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.HttpServerConnection; -import org.apache.http.HttpStatus; -import org.apache.http.NameValuePair; -import org.apache.http.client.utils.URLEncodedUtils; -import org.apache.http.entity.BasicHttpEntity; -import org.apache.http.impl.DefaultHttpResponseFactory; -import org.apache.http.impl.DefaultHttpServerConnection; -import org.apache.http.impl.NoConnectionReuseStrategy; -import org.apache.http.impl.SocketHttpServerConnection; -import org.apache.http.params.BasicHttpParams; -import org.apache.http.params.CoreConnectionPNames; -import org.apache.http.params.CoreProtocolPNames; -import org.apache.http.params.HttpParams; -import org.apache.http.protocol.BasicHttpContext; -import org.apache.http.protocol.BasicHttpProcessor; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; -import org.apache.http.protocol.HttpRequestHandlerRegistry; -import org.apache.http.protocol.HttpService; -import org.apache.http.protocol.ResponseConnControl; -import org.apache.http.protocol.ResponseContent; -import org.apache.htt
[44/50] git commit: updated refs/heads/master to 97ed5ff
SAMLUtils: Create new NameID using passed nameId taking just id and session idx
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3bf387c8
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3bf387c8
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3bf387c8
Branch: refs/heads/master
Commit: 3bf387c8828fdd388155704fd64f9bcd84bc3e7a
Parents: 8dc5092
Author: Rohit Yadav
Authored: Mon Aug 25 02:39:50 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:26 2014 +0200
--
utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3bf387c8/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
--
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index a238c82..51cf507 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -40,6 +40,7 @@ import
org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml2.core.impl.LogoutRequestBuilder;
+import org.opensaml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml2.core.impl.NameIDPolicyBuilder;
import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder;
import org.opensaml.saml2.core.impl.SessionIndexBuilder;
@@ -138,7 +139,7 @@ public class SAMLUtils {
return authnRequest;
}
-public static LogoutRequest buildLogoutRequest(String logoutUrl, String
spId, NameID nameId, String sessionIndex) {
+public static LogoutRequest buildLogoutRequest(String logoutUrl, String
spId, NameID sessionNameId, String sessionIndex) {
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(spId);
@@ -146,6 +147,10 @@ public class SAMLUtils {
SessionIndex sessionIndexElement = new
SessionIndexBuilder().buildObject();
sessionIndexElement.setSessionIndex(sessionIndex);
+NameID nameID = new NameIDBuilder().buildObject();
+nameID.setValue(sessionNameId.getValue());
+nameID.setFormat(sessionNameId.getFormat());
+
LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
logoutRequest.setID(generateSecureRandomId());
logoutRequest.setDestination(logoutUrl);
@@ -153,7 +158,7 @@ public class SAMLUtils {
logoutRequest.setIssueInstant(new DateTime());
logoutRequest.setIssuer(issuer);
logoutRequest.getSessionIndexes().add(sessionIndexElement);
-logoutRequest.setNameID(nameId);
+logoutRequest.setNameID(nameID);
return logoutRequest;
}
[46/50] git commit: updated refs/heads/master to 97ed5ff
saml: fix tests and update method signature that generates random certs
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/aa02e30e
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/aa02e30e
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/aa02e30e
Branch: refs/heads/master
Commit: aa02e30e9502d0bbb175a5367bce0282b035d5b6
Parents: 249446d
Author: Rohit Yadav
Authored: Thu Aug 28 18:40:51 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:27 2014 +0200
--
.../cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java | 2 +-
.../cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java | 2 +-
.../cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aa02e30e/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
--
diff --git
a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
index 0f956ae..fbd381d 100644
---
a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
+++
b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
@@ -71,7 +71,7 @@ public class GetServiceProviderMetaDataCmdTest {
String spId = "someSPID";
String url = "someUrl";
-X509Certificate cert = SAMLUtils.generateRandomX509Certification();
+X509Certificate cert = SAMLUtils.generateRandomX509Certificate();
Mockito.when(samlAuthManager.getServiceProviderId()).thenReturn(spId);
Mockito.when(samlAuthManager.getIdpSigningKey()).thenReturn(cert);
Mockito.when(samlAuthManager.getIdpSingleLogOutUrl()).thenReturn(url);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aa02e30e/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
--
diff --git
a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
index 7747065..5769a8f 100644
---
a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
+++
b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
@@ -133,7 +133,7 @@ public class SAML2LoginAPIAuthenticatorCmdTest {
String spId = "someSPID";
String url = "someUrl";
-X509Certificate cert = SAMLUtils.generateRandomX509Certification();
+X509Certificate cert = SAMLUtils.generateRandomX509Certificate();
Mockito.when(samlAuthManager.getServiceProviderId()).thenReturn(spId);
Mockito.when(samlAuthManager.getIdpSigningKey()).thenReturn(null);
Mockito.when(samlAuthManager.getIdpSingleSignOnUrl()).thenReturn(url);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aa02e30e/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
--
diff --git
a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
index d309abe..820132b 100644
---
a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
+++
b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
@@ -73,7 +73,7 @@ public class SAML2LogoutAPIAuthenticatorCmdTest {
String spId = "someSPID";
String url = "someUrl";
-X509Certificate cert = SAMLUtils.generateRandomX509Certification();
+X509Certificate cert = SAMLUtils.generateRandomX509Certificate();
Mockito.when(samlAuthManager.getServiceProviderId()).thenReturn(spId);
Mockito.when(samlAuthManager.getIdpSigningKey()).thenReturn(cert);
Mockito.when(samlAuthManager.getIdpSingleLogOutUrl()).thenReturn(url);
[22/50] git commit: updated refs/heads/master to 97ed5ff
utils: Remove hard coded strings from SAMLUtils
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1b0f81ec
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1b0f81ec
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1b0f81ec
Branch: refs/heads/master
Commit: 1b0f81ec6f13ce967908049a4bb5bba0cd0a08d9
Parents: 5d94fd5
Author: Rohit Yadav
Authored: Sun Aug 24 17:33:45 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:23 2014 +0200
--
utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1b0f81ec/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
--
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index bc39eaf..9c54053 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -19,6 +19,7 @@
package org.apache.cloudstack.utils.auth;
+import com.cloud.utils.HttpUtils;
import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
@@ -85,7 +86,7 @@ public class SAMLUtils {
NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
nameIdPolicy.setFormat(NameIDType.PERSISTENT);
-nameIdPolicy.setSPNameQualifier("Apache CloudStack");
+nameIdPolicy.setSPNameQualifier(spId);
nameIdPolicy.setAllowCreate(true);
// AuthnContextClass
@@ -113,7 +114,7 @@ public class SAMLUtils {
authnRequest.setIsPassive(false);
authnRequest.setIssuer(issuer);
authnRequest.setIssueInstant(new DateTime());
-authnRequest.setProviderName("Apache CloudStack");
+authnRequest.setProviderName(spId);
authnRequest.setProtocolBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
authnRequest.setAssertionConsumerServiceURL(consumerUrl);
authnRequest.setNameIDPolicy(nameIdPolicy);
@@ -136,7 +137,7 @@ public class SAMLUtils {
deflaterOutputStream.write(requestMessage.getBytes());
deflaterOutputStream.close();
String encodedRequestMessage =
Base64.encodeBytes(byteArrayOutputStream.toByteArray(),
Base64.DONT_BREAK_LINES);
-encodedRequestMessage = URLEncoder.encode(encodedRequestMessage,
"UTF-8").trim();
+encodedRequestMessage = URLEncoder.encode(encodedRequestMessage,
HttpUtils.UTF_8).trim();
return encodedRequestMessage;
}
[29/50] git commit: updated refs/heads/master to 97ed5ff
api: add method to pass on api authenticators to cmd classes
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/47ccce85
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/47ccce85
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/47ccce85
Branch: refs/heads/master
Commit: 47ccce85a12ef4932b67359e20c2fba7c192ff1c
Parents: 8e6cb04
Author: Rohit Yadav
Authored: Sun Aug 24 20:47:43 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:24 2014 +0200
--
.../cloudstack/api/auth/APIAuthenticator.java | 4 +++
.../command/SAML2LoginAPIAuthenticatorCmd.java | 38 +---
.../api/auth/APIAuthenticationManagerImpl.java | 1 +
.../auth/DefaultLoginAPIAuthenticatorCmd.java | 6
.../auth/DefaultLogoutAPIAuthenticatorCmd.java | 6
server/src/com/cloud/configuration/Config.java | 2 +-
6 files changed, 51 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/47ccce85/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
--
diff --git a/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
b/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
index b008f00..67fa1d8 100644
--- a/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
+++ b/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
@@ -20,6 +20,7 @@ import org.apache.cloudstack.api.ServerApiException;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import java.util.List;
import java.util.Map;
/*
@@ -36,5 +37,8 @@ public interface APIAuthenticator {
public String authenticate(String command, Map params,
HttpSession session, String remoteAddress,
String responseType,
StringBuilder auditTrailSb, final
HttpServletResponse resp) throws ServerApiException;
+
public APIAuthenticationType getAPIType();
+
+public void setAuthenticators(List
authenticators);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/47ccce85/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index ec3a4d2..88acfe1 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -32,6 +32,7 @@ import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.auth.APIAuthenticationType;
import org.apache.cloudstack.api.auth.APIAuthenticator;
+import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
import org.apache.cloudstack.api.response.LoginCmdResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.saml.SAML2AuthManager;
@@ -49,7 +50,10 @@ import org.opensaml.saml2.core.StatusCode;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.validation.ValidationException;
import org.xml.sax.SAXException;
import javax.inject.Inject;
@@ -80,7 +84,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
ApiServerService _apiServer;
@Inject
EntityManager _entityMgr;
-@Inject
+
SAML2AuthManager _samlAuthManager;
/
@@ -135,9 +139,10 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
public Response processSAMLResponse(String responseMessage) {
Response responseObject = null;
try {
+DefaultBootstrap.bootstrap();
responseObject = SAMLUtils.decodeSAMLResponse(responseMessage);
-} catch (ConfigurationException | ParserConfigurationException |
SAXException | IOException | UnmarshallingException e) {
+} catch (ConfigurationException | FactoryConfigurationError |
ParserConfigurationException | SAXException | IOException |
UnmarshallingException e) {
s_logger.error("SAMLResponse processing error: "
[18/50] git commit: updated refs/heads/master to 97ed5ff
saml: Implement SAML2AuthManager interface
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/37961ebd
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/37961ebd
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/37961ebd
Branch: refs/heads/master
Commit: 37961ebdd8690075c39925476c12c705388a4014
Parents: 37d696d
Author: Rohit Yadav
Authored: Sun Aug 24 17:32:56 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:23 2014 +0200
--
.../cloudstack/saml/SAML2AuthManager.java | 27
1 file changed, 27 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/37961ebd/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
new file mode 100644
index 000..c01cf21
--- /dev/null
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -0,0 +1,27 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.saml;
+
+public interface SAML2AuthManager {
+public String getServiceProviderId();
+public String getSpSingleSignOnUrl();
+public String getSpSingleLogOutUrl();
+
+public String getIdpSingleSignOnUrl();
+public String getIdpSingleLogOutUrl();
+}
[35/50] git commit: updated refs/heads/master to 97ed5ff
saml: use values from config for user account, domain and redirected url
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b401828a
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b401828a
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b401828a
Branch: refs/heads/master
Commit: b401828aef17b051fcc7874aee81201b305bb5b1
Parents: b0f3d66
Author: Rohit Yadav
Authored: Mon Aug 25 01:03:05 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:25 2014 +0200
--
.../command/SAML2LoginAPIAuthenticatorCmd.java | 29 ++--
1 file changed, 26 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b401828a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index 88acfe1..e1d95ef 100644
---
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -18,8 +18,11 @@
package org.apache.cloudstack.api.command;
import com.cloud.api.response.ApiResponseSerializer;
+import com.cloud.configuration.Config;
+import com.cloud.domain.Domain;
import com.cloud.exception.CloudAuthenticationException;
import com.cloud.user.Account;
+import com.cloud.user.DomainManager;
import com.cloud.user.User;
import com.cloud.utils.HttpUtils;
import com.cloud.utils.db.EntityManager;
@@ -35,6 +38,7 @@ import org.apache.cloudstack.api.auth.APIAuthenticator;
import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
import org.apache.cloudstack.api.response.LoginCmdResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.saml.SAML2AuthManager;
import org.apache.cloudstack.utils.auth.SAMLUtils;
import org.apache.log4j.Logger;
@@ -84,6 +88,10 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
ApiServerService _apiServer;
@Inject
EntityManager _entityMgr;
+@Inject
+ConfigurationDao _configDao;
+@Inject
+private DomainManager _domainMgr;
SAML2AuthManager _samlAuthManager;
@@ -186,8 +194,23 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
}
String uniqueUserId = null;
-String accountName = "admin"; //GET from config, try, fail
-Long domainId = 1L; // GET from config, try, fail
+String accountName =
_configDao.getValue(Config.SAMLUserAccountName.key());
+String domainString =
_configDao.getValue(Config.SAMLUserDomain.key());
+
+Long domainId = -1L;
+Domain domain = _domainMgr.getDomain(domainString);
+if (domain != null) {
+domainId = domain.getId();
+} else {
+try {
+domainId = Long.parseLong(domainString);
+} catch (NumberFormatException ignore) {
+}
+}
+if (domainId == -1L) {
+s_logger.error("The default domain ID for SAML users is
not set correct, it should be a UUID");
+}
+
String username = null;
String password = "";
String firstName = "";
@@ -246,7 +269,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
resp.addCookie(new Cookie("account",
URLEncoder.encode(loginResponse.getAccount(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("timezone",
URLEncoder.encode(loginResponse.getTimeZone(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("userfullname",
loginResponse.getFirstName() + "%20" + loginResponse.getLastName()));
-resp.sendRedirect("http://localhost:8080/client";);
+
resp.sendRedirect(_configDao.getValue(Config.SAMLCloudStackRedirectionUrl.key()));
return
ApiResponseSerializer.toSerializedString(loginResponse, responseType);
}
[03/50] git commit: updated refs/heads/master to 97ed5ff
server: add opensaml as dependency
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/18ff47ef
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/18ff47ef
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/18ff47ef
Branch: refs/heads/master
Commit: 18ff47efc046c134592461938b87f560762c11b8
Parents: df95a76
Author: Rohit Yadav
Authored: Sun Aug 17 19:11:40 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:20 2014 +0200
--
server/pom.xml | 5 +
1 file changed, 5 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/18ff47ef/server/pom.xml
--
diff --git a/server/pom.xml b/server/pom.xml
index 1b21ebd..04c25af 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -133,6 +133,11 @@
cloud-engine-components-api
${project.version}
+
+ org.opensaml
+ opensaml
+ 2.6.1
+
[14/50] git commit: updated refs/heads/master to 97ed5ff
api: fix refactored ApiServerService interface to api
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/74f57959
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/74f57959
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/74f57959
Branch: refs/heads/master
Commit: 74f57959085c170fe18808b9da9eac2a1cb22d78
Parents: 68e094e
Author: Rohit Yadav
Authored: Sun Aug 24 15:52:55 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:22 2014 +0200
--
api/pom.xml | 5 +
api/src/org/apache/cloudstack/api/ApiServerService.java | 3 ---
api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java | 1 -
3 files changed, 5 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/74f57959/api/pom.xml
--
diff --git a/api/pom.xml b/api/pom.xml
index abfa2c5..ba547df 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -36,6 +36,11 @@
gson
+ javax.servlet
+ servlet-api
+ ${cs.servlet.version}
+
+
org.apache.cloudstack
cloud-framework-db
${project.version}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/74f57959/api/src/org/apache/cloudstack/api/ApiServerService.java
--
diff --git a/api/src/org/apache/cloudstack/api/ApiServerService.java
b/api/src/org/apache/cloudstack/api/ApiServerService.java
index 9c0cfa3..69215c5 100644
--- a/api/src/org/apache/cloudstack/api/ApiServerService.java
+++ b/api/src/org/apache/cloudstack/api/ApiServerService.java
@@ -17,9 +17,6 @@
package org.apache.cloudstack.api;
import com.cloud.exception.CloudAuthenticationException;
-import org.apache.cloudstack.api.ResponseObject;
-import org.apache.cloudstack.api.ServerApiException;
-
import javax.servlet.http.HttpSession;
import java.util.Map;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/74f57959/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
--
diff --git a/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
b/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
index 20fe61f..b008f00 100644
--- a/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
+++ b/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
@@ -37,5 +37,4 @@ public interface APIAuthenticator {
HttpSession session, String remoteAddress,
String responseType,
StringBuilder auditTrailSb, final
HttpServletResponse resp) throws ServerApiException;
public APIAuthenticationType getAPIType();
-
}
[32/50] git commit: updated refs/heads/master to 97ed5ff
SAMLUtils: add logout request utility for saml slo
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/230e9705
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/230e9705
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/230e9705
Branch: refs/heads/master
Commit: 230e9705692705c5ec06d8f822c91892a4a026fc
Parents: b401828
Author: Rohit Yadav
Authored: Mon Aug 25 01:50:47 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:25 2014 +0200
--
.../apache/cloudstack/utils/auth/SAMLUtils.java | 38 ++--
1 file changed, 36 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/230e9705/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
--
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index 8a2f93b..9eafe55 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -29,16 +29,22 @@ import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.SessionIndex;
import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
import org.opensaml.saml2.core.impl.IssuerBuilder;
+import org.opensaml.saml2.core.impl.LogoutRequestBuilder;
import org.opensaml.saml2.core.impl.NameIDPolicyBuilder;
import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder;
+import org.opensaml.saml2.core.impl.SessionIndexBuilder;
import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.Unmarshaller;
@@ -57,7 +63,9 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringWriter;
+import java.math.BigInteger;
import java.net.URLEncoder;
+import java.security.SecureRandom;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
@@ -65,6 +73,8 @@ public class SAMLUtils {
public static final Logger s_logger = Logger.getLogger(SAMLUtils.class);
public static final String SAML_NS = "saml://";
+public static final String SAML_NAMEID = "SAML_NAMEID";
+public static final String SAML_SESSION = "SAML_SESSION";
public static final String CERTIFICATE_NAME = "SAMLSP_CERTIFICATE";
@@ -76,7 +86,12 @@ public class SAMLUtils {
return uuid.startsWith(SAML_NS);
}
-public static AuthnRequest buildAuthnRequestObject(String authnId, String
spId, String idpUrl, String consumerUrl) {
+public static String generateSecureRandomId() {
+return new BigInteger(130, new SecureRandom()).toString(32);
+}
+
+public static AuthnRequest buildAuthnRequestObject(String spId, String
idpUrl, String consumerUrl) {
+String authnId = generateSecureRandomId();
// Issuer object
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
@@ -123,7 +138,26 @@ public class SAMLUtils {
return authnRequest;
}
-public static String encodeSAMLRequest(AuthnRequest authnRequest)
+public static LogoutRequest buildLogoutRequest(String logoutUrl, String
spId, NameID nameId, String sessionIndex) {
+IssuerBuilder issuerBuilder = new IssuerBuilder();
+Issuer issuer = issuerBuilder.buildObject();
+issuer.setValue(spId);
+
+SessionIndex sessionIndexElement = new
SessionIndexBuilder().buildObject();
+sessionIndexElement.setSessionIndex(sessionIndex);
+
+LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
+logoutRequest.setID(generateSecureRandomId());
+logoutRequest.setDestination(logoutUrl);
+logoutRequest.setVersion(SAMLVersion.VERSION_20);
+logoutRequest.setIssueInstant(new DateTime());
+logoutRequest.setIssuer(issuer);
+logoutRequest.getSessionIndexes().add(sessionIndexElement);
+logoutRequest.setNameID(nameId);
+return logoutRequest;
+}
+
+public static String encodeSAMLRequest(XMLObject authn
[23/50] git commit: updated refs/heads/master to 97ed5ff
server: fix server package after auth plugin refactor
- Have opensaml dependency to get version from root pom
- add com.cloud.api.auth.APIAuthenticationManagerImpl to spring ctx manager
- Fix getCommands() in APIAuthenticationManagerImpl
- Fix imports in resources, test and src classes
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/591a686d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/591a686d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/591a686d
Branch: refs/heads/master
Commit: 591a686d77b93675fcfa0c7940bddd02a389dffd
Parents: 4422fdd
Author: Rohit Yadav
Authored: Sun Aug 24 15:59:10 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:23 2014 +0200
--
server/pom.xml | 2 +-
.../spring-server-core-managers-context.xml | 5 +++-
server/src/com/cloud/api/ApiServlet.java| 7 ++---
.../api/auth/APIAuthenticationManagerImpl.java | 27 ++--
.../auth/DefaultLoginAPIAuthenticatorCmd.java | 4 ++-
.../auth/DefaultLogoutAPIAuthenticatorCmd.java | 2 ++
server/test/com/cloud/api/ApiServletTest.java | 6 ++---
7 files changed, 36 insertions(+), 17 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/591a686d/server/pom.xml
--
diff --git a/server/pom.xml b/server/pom.xml
index 04c25af..0e517f7 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -136,7 +136,7 @@
org.opensaml
opensaml
- 2.6.1
+ ${cs.opensaml.version}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/591a686d/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
--
diff --git
a/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
b/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
index 17681f7..e2d4d27 100644
---
a/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
+++
b/server/resources/META-INF/cloudstack/core/spring-server-core-managers-context.xml
@@ -32,7 +32,10 @@
http://www.springframework.org/schema/util/spring-util-3.0.xsd";
>
-
+
+
+
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/591a686d/server/src/com/cloud/api/ApiServlet.java
--
diff --git a/server/src/com/cloud/api/ApiServlet.java
b/server/src/com/cloud/api/ApiServlet.java
index 8dff6eb..454fc8b 100644
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@@ -16,9 +16,9 @@
// under the License.
package com.cloud.api;
-import com.cloud.api.auth.APIAuthenticationManager;
-import com.cloud.api.auth.APIAuthenticationType;
-import com.cloud.api.auth.APIAuthenticator;
+import org.apache.cloudstack.api.auth.APIAuthenticationManager;
+import org.apache.cloudstack.api.auth.APIAuthenticationType;
+import org.apache.cloudstack.api.auth.APIAuthenticator;
import com.cloud.user.Account;
import com.cloud.user.AccountService;
import com.cloud.user.User;
@@ -26,6 +26,7 @@ import com.cloud.utils.HttpUtils;
import com.cloud.utils.StringUtils;
import com.cloud.utils.db.EntityManager;
import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiServerService;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.managed.context.ManagedContext;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/591a686d/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
--
diff --git a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
index ece2e03..790b6d9 100644
--- a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
+++ b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
@@ -19,6 +19,9 @@ package com.cloud.api.auth;
import com.cloud.utils.component.ComponentContext;
import com.cloud.utils.component.ManagerBase;
import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.auth.APIAuthenticationManager;
+import org.apache.cloudstack.api.auth.APIAuthenticator;
+import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
import org.apache.log4j.Logger;
import javax.ejb.Local;
@@ -32,12 +35,21 @@ import java.util.Map;
public class APIAuthenticationManagerImpl extends ManagerBase implements
APIAuthenticationMa
[08/50] git commit: updated refs/heads/master to 97ed5ff
ApiServlet: Fix NPE while inserting to auditTrail
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/2694ad7b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/2694ad7b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/2694ad7b
Branch: refs/heads/master
Commit: 2694ad7bd91671629831f9feede879cb24d05d69
Parents: a1dc9e8
Author: Rohit Yadav
Authored: Mon Aug 18 03:50:18 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:21 2014 +0200
--
server/src/com/cloud/api/ApiServlet.java | 3 ---
1 file changed, 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2694ad7b/server/src/com/cloud/api/ApiServlet.java
--
diff --git a/server/src/com/cloud/api/ApiServlet.java
b/server/src/com/cloud/api/ApiServlet.java
index 5484b1e..8dff6eb 100644
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@@ -201,9 +201,6 @@ public class ApiServlet extends HttpServlet {
} catch (final IllegalStateException ignored) {
}
}
-} else {
-auditTrailSb.insert(0, "(userId=" +
session.getAttribute("userid") + " accountId=" + ((Account)
session.getAttribute("accountobj")).getId() +
-" sessionId=" + session.getId() + ")");
}
HttpUtils.writeHttpResponse(resp, responseString,
httpResponseCode, responseType);
return;
[05/50] git commit: updated refs/heads/master to 97ed5ff
Minor fixes
Signed-off-by: Rohit Yadav
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a364054d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a364054d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a364054d
Branch: refs/heads/master
Commit: a364054db60e1a91c5fb671616783b1db9deb590
Parents: 2464e02
Author: Rohit Yadav
Authored: Mon Aug 18 04:31:46 2014 +0200
Committer: Rohit Yadav
Committed: Thu Aug 28 19:45:21 2014 +0200
--
server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java | 2 +-
ui/scripts/cloudStack.js | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a364054d/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
--
diff --git a/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
index 1f88c1c..ce97cfd 100644
--- a/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
+++ b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
@@ -325,7 +325,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
resp.addCookie(new Cookie("sessionKey",
URLEncoder.encode(loginResponse.getSessionKey(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("account",
URLEncoder.encode(loginResponse.getAccount(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("timezone",
URLEncoder.encode(loginResponse.getTimeZone(), HttpUtils.UTF_8)));
-resp.addCookie(new Cookie("userfullname",
URLEncoder.encode(loginResponse.getFirstName() + " " +
loginResponse.getLastName(), HttpUtils.UTF_8)));
+resp.addCookie(new Cookie("userfullname",
loginResponse.getFirstName() + "%20" + loginResponse.getLastName()));
resp.sendRedirect("http://localhost:8080/client";);
return
ApiResponseSerializer.toSerializedString(loginResponse, responseType);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a364054d/ui/scripts/cloudStack.js
--
diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index 420c137..edc7c21 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -132,7 +132,7 @@
g_mySession = $.cookie('JSESSIONID');
g_sessionKey = $.cookie('sessionKey');
// Unbox quotes from sessionKey cookie value
-if (g_sessionKey[0] === '"' &&
g_sessionKey[g_sessionKey.length-1] === '"') {
+if (g_sessionKey && g_sessionKey[0] === '"' &&
g_sessionKey[g_sessionKey.length-1] === '"') {
g_sessionKey = g_sessionKey.slice(1,
g_sessionKey.length-1);
$.cookie('sessionKey', g_sessionKey, {
expires: 1
[50/50] git commit: updated refs/heads/master to 97ed5ff
Merge branch 'saml2' Implements CLOUDSTACK-7083 Branch: saml2 Proposal: http://markmail.org/message/4ba4ztmqpud3l4uo JIRA ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-7083 FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/SAML+2.0+Plugin Unit tests: Tests for each auth cmd class, SAMLUtils and SAMLAuthenticator, fixes unit test for ApiServlet Build status: clean build works with unit tests, testing using mvn3.0.5 and jdk 1.7 Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/97ed5ff6 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/97ed5ff6 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/97ed5ff6 Branch: refs/heads/master Commit: 97ed5ff636d922212e6ced91f6b1c41a9c9824d5 Parents: d9531fb 6eae9b8 Author: Rohit Yadav Authored: Thu Aug 28 19:57:25 2014 +0200 Committer: Rohit Yadav Committed: Thu Aug 28 19:57:25 2014 +0200 -- api/pom.xml | 5 + .../org/apache/cloudstack/api/ApiConstants.java | 1 + .../apache/cloudstack/api/ApiServerService.java | 42 +++ .../api/auth/APIAuthenticationManager.java | 24 ++ .../api/auth/APIAuthenticationType.java | 21 ++ .../cloudstack/api/auth/APIAuthenticator.java | 44 +++ .../api/auth/PluggableAPIAuthenticator.java | 25 ++ client/tomcatconf/commands.properties.in| 3 + ...g-core-lifecycle-api-context-inheritable.xml | 6 + .../core/spring-core-registry-core-context.xml | 9 +- plugins/user-authenticators/saml2/pom.xml | 12 +- .../cloudstack/saml2/spring-saml2-context.xml | 6 +- .../cloudstack/SAML2UserAuthenticator.java | 65 .../command/GetServiceProviderMetaDataCmd.java | 202 + .../command/SAML2LoginAPIAuthenticatorCmd.java | 303 +++ .../command/SAML2LogoutAPIAuthenticatorCmd.java | 169 +++ .../api/response/SAMLMetaDataResponse.java | 40 +++ .../cloudstack/saml/SAML2AuthManager.java | 36 +++ .../cloudstack/saml/SAML2AuthManagerImpl.java | 195 .../cloudstack/saml/SAML2UserAuthenticator.java | 64 .../cloudstack/SAML2UserAuthenticatorTest.java | 51 +++- .../GetServiceProviderMetaDataCmdTest.java | 94 ++ .../SAML2LoginAPIAuthenticatorCmdTest.java | 175 +++ .../SAML2LogoutAPIAuthenticatorCmdTest.java | 93 ++ pom.xml | 1 + server/pom.xml | 5 + .../spring-server-core-managers-context.xml | 5 +- server/src/com/cloud/api/ApiServer.java | 263 +--- server/src/com/cloud/api/ApiServerService.java | 46 --- server/src/com/cloud/api/ApiServlet.java| 7 +- .../api/auth/APIAuthenticationManager.java | 24 -- .../api/auth/APIAuthenticationManagerImpl.java | 26 +- .../cloud/api/auth/APIAuthenticationType.java | 21 -- .../com/cloud/api/auth/APIAuthenticator.java| 41 --- .../auth/DefaultLoginAPIAuthenticatorCmd.java | 66 +--- .../auth/DefaultLogoutAPIAuthenticatorCmd.java | 8 + server/src/com/cloud/configuration/Config.java | 80 + server/test/com/cloud/api/ApiServletTest.java | 6 +- tools/apidoc/gen_toc.py | 1 + ui/scripts/cloudStack.js| 26 +- utils/pom.xml | 5 + .../apache/cloudstack/utils/auth/SAMLUtils.java | 232 ++ .../cloudstack/utils/auth/SAMLUtilsTest.java| 67 43 files changed, 2228 insertions(+), 387 deletions(-) --
Git Push Summary
Repository: cloudstack Updated Branches: refs/heads/saml2 [deleted] 1d809ffa6
git commit: updated refs/heads/master to 81608af
Repository: cloudstack Updated Branches: refs/heads/master 97ed5ff63 -> 81608afee SAML2LoginAPIAuthenticatorCmdTest: Add missing license Signed-off-by: Rohit Yadav Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/81608afe Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/81608afe Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/81608afe Branch: refs/heads/master Commit: 81608afee1318b2a283707ac9e6481f4f6629cc2 Parents: 97ed5ff Author: Rohit Yadav Authored: Thu Aug 28 20:06:38 2014 +0200 Committer: Rohit Yadav Committed: Thu Aug 28 20:06:38 2014 +0200 -- .../SAML2LoginAPIAuthenticatorCmdTest.java | 19 +++ 1 file changed, 19 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/81608afe/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java -- diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java index 5769a8f..b91978e 100644 --- a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java +++ b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.apache.cloudstack.api.command; import com.cloud.domain.Domain;
git commit: updated refs/heads/master to bea73e5
Repository: cloudstack
Updated Branches:
refs/heads/master 81608afee -> bea73e511
CLOUDSTACK-7454: UI > zone wizard > Hyper-V > primary storage/secondary storage
> move SMB Domain field to be on top of SMB Username field.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bea73e51
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bea73e51
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bea73e51
Branch: refs/heads/master
Commit: bea73e511e47e6543529d823f003a4dd998f7a49
Parents: 81608af
Author: Jessica Wang
Authored: Thu Aug 28 16:17:00 2014 -0700
Committer: Jessica Wang
Committed: Thu Aug 28 16:19:53 2014 -0700
--
ui/scripts/zoneWizard.js | 33 +
1 file changed, 17 insertions(+), 16 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bea73e51/ui/scripts/zoneWizard.js
--
diff --git a/ui/scripts/zoneWizard.js b/ui/scripts/zoneWizard.js
index 0a84bdb..8928545 100755
--- a/ui/scripts/zoneWizard.js
+++ b/ui/scripts/zoneWizard.js
@@ -1785,7 +1785,14 @@
isHidden: true
},
-//SMB
+//SMB
+smbDomain: {
+ label: 'label.smb.domain',
+ validation: {
+required: true
+},
+isHidden: true
+},
smbUsername: {
label: 'label.smb.username',
validation: {
@@ -1801,13 +1808,7 @@
},
isHidden: true
},
-smbDomain: {
- label: 'label.smb.domain',
- validation: {
-required: true
-},
-isHidden: true
-},
+
//iscsi
iqn: {
@@ -2121,7 +2122,13 @@
//NFS, SMB (end)
-//SMB (begin)
+//SMB (begin)
+smbDomain: {
+ label: 'label.smb.domain',
+ validation: {
+required: true
+}
+},
smbUsername: {
label: 'label.smb.username',
validation: {
@@ -2134,13 +2141,7 @@
validation: {
required: true
}
-},
-smbDomain: {
- label: 'label.smb.domain',
- validation: {
-required: true
-}
-},
+},
//SMB (end)
//S3 (begin)
git commit: updated refs/heads/master to b693e61
Repository: cloudstack
Updated Branches:
refs/heads/master bea73e511 -> b693e61fe
Temp fix for compilation issue, need to check what caused it
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b693e61f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b693e61f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b693e61f
Branch: refs/heads/master
Commit: b693e61fe665c98177f85aedb0b4b228f269c0b9
Parents: bea73e5
Author: amoghvk
Authored: Thu Aug 28 17:47:08 2014 -0700
Committer: amoghvk
Committed: Thu Aug 28 17:47:08 2014 -0700
--
.../src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b693e61f/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
--
diff --git
a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
index cb34b72..e1caee5 100644
---
a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
+++
b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
@@ -1228,15 +1228,15 @@ public class CiscoVnmcConnectionImpl implements
CiscoVnmcConnection {
}
private String sendRequest(String service, String xmlRequest) throws
ExecutionException {
-org.apache.commons.httpclient.protocol.Protocol myhttps = new
org.apache.commons.httpclient.protocol.Protocol("https", new
EasySSLProtocolSocketFactory(), 443);
+org.apache.commons.httpclient.protocol.Protocol myhttps = null;
HttpClient client = new HttpClient();
-client.getHostConfiguration().setHost(_ip, 443, myhttps);
byte[] response = null;
PostMethod method = new PostMethod("/xmlIM/" + service);
-
method.setRequestBody(xmlRequest);
try {
+myhttps = new
org.apache.commons.httpclient.protocol.Protocol("https", new
EasySSLProtocolSocketFactory(), 443);
+client.getHostConfiguration().setHost(_ip, 443, myhttps);
int statusCode = client.executeMethod(method);
if (statusCode != HttpStatus.SC_OK) {
git commit: updated refs/heads/master to 0e79cd1
Repository: cloudstack
Updated Branches:
refs/heads/master b693e61fe -> 0e79cd117
Minor changes to SolidFire automation-related code
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0e79cd11
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0e79cd11
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0e79cd11
Branch: refs/heads/master
Commit: 0e79cd1172e4340b957b0328354761e8a9305609
Parents: b693e61
Author: Mike Tutkowski
Authored: Thu Aug 28 23:14:42 2014 -0600
Committer: Mike Tutkowski
Committed: Thu Aug 28 23:14:42 2014 -0600
--
.../solidfire/ApiSolidFireServiceImpl.java | 15 ++-
1 file changed, 6 insertions(+), 9 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0e79cd11/plugins/api/solidfire-intg-test/src/org/apache/cloudstack/solidfire/ApiSolidFireServiceImpl.java
--
diff --git
a/plugins/api/solidfire-intg-test/src/org/apache/cloudstack/solidfire/ApiSolidFireServiceImpl.java
b/plugins/api/solidfire-intg-test/src/org/apache/cloudstack/solidfire/ApiSolidFireServiceImpl.java
index 85e195c..a95272a 100644
---
a/plugins/api/solidfire-intg-test/src/org/apache/cloudstack/solidfire/ApiSolidFireServiceImpl.java
+++
b/plugins/api/solidfire-intg-test/src/org/apache/cloudstack/solidfire/ApiSolidFireServiceImpl.java
@@ -24,7 +24,7 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
-import org.apache.log4j.Logger;
+// import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.APIChecker;
import org.apache.cloudstack.storage.datastore.util.SolidFireUtil;
import
org.apache.cloudstack.api.command.user.solidfire.GetSolidFireAccountIdCmd;
@@ -55,14 +55,11 @@ import com.cloud.utils.component.AdapterBase;
@Component
@Local(value = APIChecker.class)
public class ApiSolidFireServiceImpl extends AdapterBase implements
APIChecker, ApiSolidFireService {
-private static final Logger s_logger =
Logger.getLogger(ApiSolidFireServiceImpl.class);
+// private static final Logger s_logger =
Logger.getLogger(ApiSolidFireServiceImpl.class);
-@Inject
-private AccountDetailsDao _accountDetailsDao;
-@Inject
-private DataStoreProviderManager _dataStoreProviderMgr;
-@Inject
-private ClusterDetailsDao _clusterDetailsDao;
+@Inject private AccountDetailsDao _accountDetailsDao;
+@Inject private DataStoreProviderManager _dataStoreProviderMgr;
+@Inject private ClusterDetailsDao _clusterDetailsDao;
@Override
public boolean configure(String name, Map params) throws
ConfigurationException {
@@ -91,7 +88,7 @@ public class ApiSolidFireServiceImpl extends AdapterBase
implements APIChecker,
primaryStoreDriver = (PrimaryDataStoreDriver)storeDriver;
}
}
-catch(InvalidParameterValueException e) {
+catch (InvalidParameterValueException e) {
throw new InvalidParameterValueException("Invalid Storage Driver
Type");
}
git commit: updated refs/heads/master to de6a311
Repository: cloudstack
Updated Branches:
refs/heads/master 0e79cd117 -> de6a3112b
Update to volume-resize logic
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/de6a3112
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/de6a3112
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/de6a3112
Branch: refs/heads/master
Commit: de6a3112b6b80952d1598acaa112ac50a3ef9d32
Parents: 0e79cd1
Author: Mike Tutkowski
Authored: Thu Aug 28 23:19:04 2014 -0600
Committer: Mike Tutkowski
Committed: Thu Aug 28 23:19:04 2014 -0600
--
server/src/com/cloud/storage/VolumeApiServiceImpl.java | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/de6a3112/server/src/com/cloud/storage/VolumeApiServiceImpl.java
--
diff --git a/server/src/com/cloud/storage/VolumeApiServiceImpl.java
b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
index 0c7c6e5..c662165 100644
--- a/server/src/com/cloud/storage/VolumeApiServiceImpl.java
+++ b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
@@ -710,7 +710,11 @@ public class VolumeApiServiceImpl extends ManagerBase
implements VolumeApiServic
_accountMgr.checkAccess(CallContext.current().getCallingAccount(),
null, true, volume);
DiskOfferingVO diskOffering =
_diskOfferingDao.findById(volume.getDiskOfferingId());
-DiskOfferingVO newDiskOffering =
_diskOfferingDao.findById(cmd.getNewDiskOfferingId());
+DiskOfferingVO newDiskOffering = null;
+
+if (cmd.getNewDiskOfferingId() != null && volume.getDiskOfferingId()
!= cmd.getNewDiskOfferingId()) {
+newDiskOffering =
_diskOfferingDao.findById(cmd.getNewDiskOfferingId());
+}
/* Only works for KVM/XenServer/VMware (or "Any") for now, and volumes
with 'None' since they're just allocated in DB */
git commit: updated refs/heads/master to 08995b6
Repository: cloudstack
Updated Branches:
refs/heads/master de6a3112b -> 08995b68e
Name the SolidFire Volume Access Group after the UUID of the CloudStack cluster
it serves
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/08995b68
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/08995b68
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/08995b68
Branch: refs/heads/master
Commit: 08995b68e65a9f5aba919f8de878bab3f8998fe3
Parents: de6a311
Author: Mike Tutkowski
Authored: Thu Aug 28 23:57:52 2014 -0600
Committer: Mike Tutkowski
Committed: Thu Aug 28 23:57:52 2014 -0600
--
.../datastore/driver/SolidFirePrimaryDataStoreDriver.java | 7 ++-
.../lifecycle/SolidFireSharedPrimaryDataStoreLifeCycle.java | 3 ++-
.../cloudstack/storage/datastore/util/SolidFireUtil.java | 6 +++---
3 files changed, 11 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/08995b68/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/driver/SolidFirePrimaryDataStoreDriver.java
--
diff --git
a/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/driver/SolidFirePrimaryDataStoreDriver.java
b/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/driver/SolidFirePrimaryDataStoreDriver.java
index 6eee9fe..e5a1585 100644
---
a/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/driver/SolidFirePrimaryDataStoreDriver.java
+++
b/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/driver/SolidFirePrimaryDataStoreDriver.java
@@ -43,9 +43,11 @@ import com.cloud.agent.api.to.DataObjectType;
import com.cloud.agent.api.to.DataStoreTO;
import com.cloud.agent.api.to.DataTO;
import com.cloud.capacity.CapacityManager;
+import com.cloud.dc.ClusterVO;
import com.cloud.dc.ClusterDetailsVO;
import com.cloud.dc.ClusterDetailsDao;
import com.cloud.dc.dao.DataCenterDao;
+import com.cloud.dc.dao.ClusterDao;
import com.cloud.host.Host;
import com.cloud.host.HostVO;
import com.cloud.host.dao.HostDao;
@@ -65,6 +67,7 @@ public class SolidFirePrimaryDataStoreDriver implements
PrimaryDataStoreDriver {
@Inject private AccountDao _accountDao;
@Inject private AccountDetailsDao _accountDetailsDao;
@Inject private CapacityManager _capacityMgr;
+@Inject private ClusterDao _clusterDao;
@Inject private ClusterDetailsDao _clusterDetailsDao;
@Inject private DataCenterDao _zoneDao;
@Inject private HostDao _hostDao;
@@ -135,7 +138,9 @@ public class SolidFirePrimaryDataStoreDriver implements
PrimaryDataStoreDriver {
SolidFireUtil.modifySolidFireVag(sfConnection, sfVag.getId(),
hostIqns, volumeIds);
}
else {
-SolidFireUtil.placeVolumeInVolumeAccessGroup(sfConnection,
sfVolumeId, storagePoolId, hosts, _clusterDetailsDao);
+ClusterVO cluster = _clusterDao.findById(clusterId);
+
+SolidFireUtil.placeVolumeInVolumeAccessGroup(sfConnection,
sfVolumeId, storagePoolId, cluster.getUuid(), hosts, _clusterDetailsDao);
}
return true;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/08995b68/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/lifecycle/SolidFireSharedPrimaryDataStoreLifeCycle.java
--
diff --git
a/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/lifecycle/SolidFireSharedPrimaryDataStoreLifeCycle.java
b/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/lifecycle/SolidFireSharedPrimaryDataStoreLifeCycle.java
index 30d6659..b70333d 100644
---
a/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/lifecycle/SolidFireSharedPrimaryDataStoreLifeCycle.java
+++
b/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/lifecycle/SolidFireSharedPrimaryDataStoreLifeCycle.java
@@ -255,8 +255,9 @@ public class SolidFireSharedPrimaryDataStoreLifeCycle
implements PrimaryDataStor
// place the newly created volume in the Volume Access Group
try {
List hosts = _hostDao.findByClusterId(clusterId);
+ClusterVO cluster = _clusterDao.findById(clusterId);
-SolidFireUtil.placeVolumeInVolumeAccessGroup(sfConnection,
sfVolume.getId(), dataStore.getId(), hosts, _clusterDetailsDao);
+SolidFireUtil.placeVolumeInVolumeAccessGroup(sfConnection,
sfVolume.getId(), dataStore.getId(), cluster.getUuid(), hosts,
_clusterDetailsDao);
SolidFireUtil.SolidFireAccount sfAccount =
sfCreateVolume.getAccount();
git commit: updated refs/heads/master to ef0adc1
Repository: cloudstack Updated Branches: refs/heads/master 08995b68e -> ef0adc123 Removed an un-used import Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ef0adc12 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ef0adc12 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ef0adc12 Branch: refs/heads/master Commit: ef0adc12389e44f042719ef460e9e85d52e68ed8 Parents: 08995b6 Author: Mike Tutkowski Authored: Fri Aug 29 00:23:48 2014 -0600 Committer: Mike Tutkowski Committed: Fri Aug 29 00:23:48 2014 -0600 -- .../org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java | 1 - 1 file changed, 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ef0adc12/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java -- diff --git a/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java b/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java index f962289..93ec4a2 100644 --- a/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java +++ b/plugins/storage/volume/solidfire/src/org/apache/cloudstack/storage/datastore/util/SolidFireUtil.java @@ -33,7 +33,6 @@ import java.util.List; import java.util.Map; import java.util.Set; import java.util.StringTokenizer; -import java.util.UUID; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager;
