Hello, I'm trying to configure SAML2 SSO support to connect CloudStack 4.9.2.0 as a service provider (SP) to our own identity provider Shibboleth 2.4.4 (IdP - Authentication Service and Authorization based on XML).
I have completed the following CloudStack SAML2 settings: saml2.append.idpdomain = false saml2.default.idpid = néant saml2.enabled = true saml2.idp.metadata.url = http://idp.etrs.terre.defense.gouv.fr:8080/idp/shibboleth <http://idp.etrs.terre.defense.gouv.fr:8080/idp/shibboleth> saml2.redirect.url = https://cloud.etrs.terre.defense.gouv.fr/client saml2.sigalg = SHA256 saml2.sp.id = cloud.etrs.terre.defense.gouv.fr saml2.sp.slo.url = https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSlo <https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSlo> saml2.sp.sso.url = https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSso saml2.user.attribute = uid But the URL SSO-SAML2 https://cloud.etrs.terre.defense.gouv.fr/client/api?command=samlSso returns me to the native authentication URL of our IdP https://idp.etrs.terre.defense.gouv.fr/idp/Authn/UserPassword instead of the SSO-CAS delegation URL https://idp.etrs.terre.defense.gouv.fr/idp/Authn/RemoteUser. The meta data of my SP are listed in my IdP (from the configuration file relying-party.xml): <!-- Metadonnées de ETRS CloudStack --> <metadata:MetadataProvider id="cloud.etrs.terre.defense.gouv.fr" xsi:type="metadata:FileBackedHTTPMetadataProvider" metadataURL="http://cloud.etrs.terre.defense.gouv.fr:8080/client/api?command=getSPMetadata"; backingFile="/opt/shibboleth-idp/metadata/main-sps-etrs-cloudstack-metadata.xml"> </metadata:MetadataProvider> Thank you for your help. -- IEF MINDEF POLLET Fabrice TERRE/COMSIC/ETRS/DGF/BAF/ING-NEF/PFI-PEDA COMSIC BP18 35998 RENNES 9 France 821 354 34 82 / 02 99 84 34 82 [email protected] (Internet) [email protected] (Intradef)
