[CLOUDSTACK-8457] Make SAML plugin production grade - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.5.2, 4.6.0, Future
Component/s: SAML
Security Level: Public (Anyone can view this level - this is the default.)
Labels:
None

Description

The current SAML plugin is not well tested with major IdPs used in production such as Shibboleth. It is also limited to using HTTP-redirect only and does not support HTTP-Post and other artifacts. Further, the security concerns are not well addressed, for example both authorization, creation of users/accounts (on first login) and authentication is done by the plugin which needs to be tested wrt security, addressed and improved.

Attachments

Issue Links

mentioned in: Page Loading...

Sub-Tasks

1.	Support Multiple IdPs, show list to users to select from etc.	Closed	Rohit Yadav
2.	Improve SAML plugin to support multiple endpoint bindings	Closed	Rohit Yadav
3.	SAML: Define and support supported IdP servers	Closed	Rohit Yadav
4.	SAML: Ensure SP implementation compatibility with SAML standards of interoperability	Closed	Rohit Yadav
5.	SAML: Auth plugin should handle authentication, admins to authorize users before they can authenticated	Closed	Rohit Yadav
6.	SAML: Allow admin to specify attribute name returned by IdP	Closed	Rohit Yadav
7.	SAML: allow IdP metadata XML to be saved in DB or a file	Closed	Rohit Yadav
8.	SAML: allow sigalg configurable	Closed	Rohit Yadav
9.	SAML: add metadata refresh worker/handler and handle https failures	Closed	Rohit Yadav

Activity

People

Assignee:: Rohit Yadav

Reporter:: Rohit Yadav

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 12/May/15 14:58

Updated:: 26/Apr/16 10:03

Resolved:: 29/Jun/15 11:10