Details
Critical Description
At the time of writing the auth plugin, I did not consider many security issues. The current SAML2 auth plugin would automatically create users and allow them inside CloudStack which in production could cause a severe security issue, especially in environment with public IdP server infra such as large institutions. Therefore, the idea is to let admin add/import users manually or from LDAP and then allow them to be SAML authenticated. This delegates the security issue and account creation/handling to the admin or some other business layer/system.
The following scenario would be supported:
- Admin adds a user either manually or importing from LDAP etc.
- Admin can then specify (multi-select or through API) a list of one or more users with their username (or any unique ID) to be allowed to be SAML authenticated
Assumption here is that every SAML authenticated user would have a unique username mapped into CloudStack. Edge case handling: In case multiple users exist in CloudStack with the same username (could be across domains) and if the admin enables SAML authentication for all those user account, then the plugin would assume all the users as the same and allowed by the SAML authenticated user. Then, upon log in, the user should be able to select/switch between all such accounts under any of the domains.