etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,503 Commits 323 Branches 325 Tags 866 MiB
Commit Graph

24503 Commits

Author SHA1 Message Date
Mike Tutkowski 0e79cd1172 Minor changes to SolidFire automation-related code 2014-08-28 23:14:42 -06:00
amoghvk b693e61fe6 Temp fix for compilation issue, need to check what caused it 2014-08-28 17:47:08 -07:00
Jessica Wang bea73e511e CLOUDSTACK-7454: UI > zone wizard > Hyper-V > primary storage/secondary storage > move SMB Domain field to be on top of SMB Username field. 2014-08-28 16:19:53 -07:00
Rohit Yadav 81608afee1 SAML2LoginAPIAuthenticatorCmdTest: Add missing license 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 20:06:38 +02:00
Rohit Yadav 97ed5ff636 Merge branch 'saml2' 
Implements CLOUDSTACK-7083

Branch: saml2
Proposal: http://markmail.org/message/4ba4ztmqpud3l4uo
JIRA ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-7083
FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/SAML+2.0+Plugin
Unit tests: Tests for each auth cmd class, SAMLUtils and SAMLAuthenticator, fixes unit test for ApiServlet
Build status: clean build works with unit tests, testing using mvn3.0.5 and jdk 1.7
 2014-08-28 19:57:25 +02:00
Rohit Yadav 6eae9b8596 saml: disable plugin by default and don't initiate if not enabled 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:49:48 +02:00
Rohit Yadav aa02e30e95 saml: fix tests and update method signature that generates random certs 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:27 +02:00
Rohit Yadav 249446dc52 server: add config to enable/disable SAML SSO/SLO plugin 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:27 +02:00
Rohit Yadav 5e7928bcb9 utils: fix static certificate value string in SAMLUtils 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:27 +02:00
Rohit Yadav 0402f68b12 SAML2LogoutAPIAuthenticatorCmd: if session is null, redirect to login page 
If session is null, probably logout (local) happened removing the name id and
session index which is needed for global logout. The limitation by design is that
local logout will void possibility of global logout. To globally logout, one
use the SLO api which would logout locally as well.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav de4e74b2b4 saml: Add unit tests for saml plugin 
- Fixes signatures on plugin manager for ease of testing
- Fixes authenticator
- Adds unit testing for getType and authenticate methods for all cmd classes
- Adds SAMLAuthenticator test

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 1ed532fb20 SAMLUtils: add unit test for SAMLUtils and method to randomly generate X509 certs 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 15fdc1744c SAML2LogoutAPIAuthenticatorCmd: check logout response and redirect to UI 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 3bf387c882 SAMLUtils: Create new NameID using passed nameId taking just id and session idx 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 8dc50927f9 saml: use SAML_RESPONSE from SAMLUtils 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav ad13d3d747 SAML2UserAuthenticator: check that request params has SAMLResponse 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 7ee4176c7a SAML2LogoutAPIAuthenticatorCmd: implement single log out 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav b1946e8c13 SAML2LoginAPIAuthenticatorCmd: store nameid and session index in user's session 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav 230e970569 SAMLUtils: add logout request utility for saml slo 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav b401828aef saml: use values from config for user account, domain and redirected url 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav b0f3d66f9d Config: add config for saml user account, domain and redirected URL to ACS UI 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav 2f6fa268f4 apidocs: add entry for getSPMetaData 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav 8fa9d2c276 utils: fix SAMLUtils's authnrequest maker 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav 2a264cc726 client: add getSPMetadata API in commands.properties 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav a13da8f9e0 saml2: Add GetServiceProviderMetaDataCmd that returns SP metadata XML 
This adds GetServiceProviderMetaDataCmd which returns SP metadata XML, since
this information should be public for IdPs to discover, we implement this as a
login/cmd api so this does not require any kind of authentication to GET this

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 7687b7311a saml: Implement logic to check response against X509 keys 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 47ccce85a1 api: add method to pass on api authenticators to cmd classes 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 8e6cb04480 SAMLUtils: leave bootstrapping to upper layers 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 0444bfb653 server: Add IDP entity ID config param 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 06e909923a saml: Have the plugin use IDP metadata from URL, get values from Config 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 1b0f81ec6f utils: Remove hard coded strings from SAMLUtils 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00
Rohit Yadav 5d94fd5be5 server: Add SAML related config params in Config 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00
Rohit Yadav 37961ebdd8 saml: Implement SAML2AuthManager interface 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00
Rohit Yadav 37d696db80 ApiServer: Fix imports order, use org.apache.cloudstack.api.ApiServerService 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00
Rohit Yadav d45b303569 saml2: Fix plugin after refactoring 
- Use opensaml version from root pom
- Add utils and api as explicit dependency
- Add org.apache.cloudstack.saml.SAML2AuthServiceImpl bean
- Fix imports in all source files and resource xmls
- Use methods available from SAMLUtils to encode/decode SAML request/response
- SAML logout api is not the global logout api

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00
Rohit Yadav 591a686d77 server: fix server package after auth plugin refactor 
- Have opensaml dependency to get version from root pom
- add com.cloud.api.auth.APIAuthenticationManagerImpl to spring ctx manager
- Fix getCommands() in APIAuthenticationManagerImpl
- Fix imports in resources, test and src classes

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00
Rohit Yadav 4422fdd9ad saml2: Implement SAML2AuthServiceImpl which is a PluggableAPIAuthenticator 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00
Rohit Yadav 47c9050871 core: Add registry and beans in spring registry for PluggableAPIAuthenticator 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:22 +02:00
Rohit Yadav 7ff50499a1 api: Add PluggableAPIAuthenticator interface 
This interface is used by any plugin for implementing a pluggable API
authenticator such as SAML, OAuth etc.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:22 +02:00
Rohit Yadav 74f5795908 api: fix refactored ApiServerService interface to api 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:22 +02:00
Rohit Yadav 68e094ebaf saml: move refactor files from server to api module 
- Move interfaces and classes from server to api module
- This can be then used for pluggable api authenticators

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:22 +02:00
Rohit Yadav c04b9ed661 Maven: add opensaml 2.6.1 version id in pom.xml 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:22 +02:00
Rohit Yadav d6ea4ad7e0 utils: refactor and aggregate methods in SAMLUtils 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:22 +02:00
Rohit Yadav e6ec51e12a ui: refactor and use a unified unboxing helping method in cloudStack.js 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:22 +02:00
Rohit Yadav a364054db6 Minor fixes 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:21 +02:00
Rohit Yadav 2464e02bf4 SAML2LoginAPIAuthenticatorCmd: Set all necessary cookies and redirect to UI 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:21 +02:00
Rohit Yadav 9b1a6dac4a ui: Unbox extra quotes from sessionKey cookie value 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:21 +02:00
Rohit Yadav 2694ad7bd9 ApiServlet: Fix NPE while inserting to auditTrail 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:21 +02:00
Rohit Yadav a1dc9e8189 SAML2LoginAPIAuthenticatorCmd: Implement SAML SSO using HTTP Redirect binding 
- Creates SAMLRequest and uses HTTP redirect binding (uses GET/302)
- Redirects to IdP for auth
- On successful auth, check for assertion
- Tries to get attributes based on standard LDAP attribute names
- Next, gets user using EntityManager, if not found creates one with NameID as UUID
- Finally tries to log in and redirect

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:21 +02:00
Rohit Yadav 9c7204d386 DefaultLoginAPIAuthenticatorCmd: move createLoginResponse to ApiServer 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:21 +02:00