cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gross, Christian" <gr...@netcloud.ch.INVALID>
Subject RE: Cloudstack SAML auth
Date Tue, 08 Dec 2020 10:53:17 GMT
Hi Rohit

Thanks for your answer.

This mapping/setting we have already configured and it is working, as long as we do not activate
encryption on the IDP.

I think, that we have something messed up with the keys/certs used for encryption.

As far as I understand the whole saml stuff, Cloudstack needs no special configuration regarding
the encryption part.
My IDP should take the key from "getSpMetadata" for encryption. Cloudstack can then itself
again decrypt the encrypted request.
Is that correct?

Regards
Christian

-----Original Message-----
From: Rohit Yadav <rohit.yadav@shapeblue.com> 
Sent: Dienstag, 8. Dezember 2020 11:24
To: users@cloudstack.apache.org
Subject: Re: Cloudstack SAML auth

Hi Christian,

Please refer to the SAML docs:
http://docs.cloudstack.apache.org/en/latest/adminguide/accounts.html#using-a-saml-2-0-identity-provider-for-user-authentication


You need to configure what assertion/attribute your SAML response will send to CloudStack
(SP) on successful authentication that CloudStack should use to map against a account/user.
Usually this is `uid` when SAML IDP uses say a LDAP source.


Regards.

________________________________

rohit.yadav@shapeblue.com
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK @shapeblue
  
 

From: Gross, Christian
Sent: Monday, December 07, 2020 19:34
To: users@cloudstack.apache.org
Subject: Cloudstack SAML auth


Hi All



I'm trying to secure our Cloudstack<->Redhat SSO communication, but not very successful.



As soon as I activate "Encrypt Assertions", I only receive



<errorcode>531</errorcode>

<errortext>Failed to find admin configured username attribute in the SAML Response.
Please ask your administrator to check SAML user attribute name.</errortext>



Currently, we're using CS 4.14 and RedHat SSO 7.3.8



Maybe, someone has an idea, what we could possibly doing wrong..



Kind regards
Christian

Platform Services Engineer, Netcloud AG, t: +41 58 344 12 46, m: +41 79 210 73 25

[Netcloud AG - ICT Professionals]<https://www.netcloud.ch/>

Mehr Infos unter https://www.netcloud.ch<http://www.netcloud.ch>

Mime
View raw message