cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gross, Christian" <>
Subject RE: Cloudstack SAML auth
Date Tue, 08 Dec 2020 10:53:17 GMT
Hi Rohit

Thanks for your answer.

This mapping/setting we have already configured and it is working, as long as we do not activate
encryption on the IDP.

I think, that we have something messed up with the keys/certs used for encryption.

As far as I understand the whole saml stuff, Cloudstack needs no special configuration regarding
the encryption part.
My IDP should take the key from "getSpMetadata" for encryption. Cloudstack can then itself
again decrypt the encrypted request.
Is that correct?


-----Original Message-----
From: Rohit Yadav <> 
Sent: Dienstag, 8. Dezember 2020 11:24
Subject: Re: Cloudstack SAML auth

Hi Christian,

Please refer to the SAML docs:

You need to configure what assertion/attribute your SAML response will send to CloudStack
(SP) on successful authentication that CloudStack should use to map against a account/user.
Usually this is `uid` when SAML IDP uses say a LDAP source.


3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK @shapeblue

From: Gross, Christian
Sent: Monday, December 07, 2020 19:34
Subject: Cloudstack SAML auth

Hi All

I'm trying to secure our Cloudstack<->Redhat SSO communication, but not very successful.

As soon as I activate "Encrypt Assertions", I only receive


<errortext>Failed to find admin configured username attribute in the SAML Response.
Please ask your administrator to check SAML user attribute name.</errortext>

Currently, we're using CS 4.14 and RedHat SSO 7.3.8

Maybe, someone has an idea, what we could possibly doing wrong..

Kind regards

Platform Services Engineer, Netcloud AG, t: +41 58 344 12 46, m: +41 79 210 73 25

[Netcloud AG - ICT Professionals]<>

Mehr Infos unter<>

View raw message