4.19 fix saml account selector #10311
Conversation
plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
Outdated
Show resolved
Hide resolved
...ators/saml2/src/main/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmd.java
Show resolved
Hide resolved
|
@blueorangutan package |
|
@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 12317 |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## 4.19 #10311 +/- ##
============================================
+ Coverage 15.15% 15.17% +0.01%
- Complexity 11315 11333 +18
============================================
Files 5413 5414 +1
Lines 474709 474856 +147
Branches 57894 57917 +23
============================================
+ Hits 71940 72042 +102
- Misses 394723 394758 +35
- Partials 8046 8056 +10
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
@rg9975 can you check and address build failures on the PR branch. I'll kick it again just in case. @blueorangutan package |
|
@rohityadavcloud a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 12406 |
|
@rg9975 there is a unit test failure. Can you look at this? |
|
[SF] Trillian Build Failed (tid-12444) |
|
@blueorangutan test |
|
@Pearl1594 a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests |
|
[SF] Trillian test result (tid-12481)
|
plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
Outdated
Show resolved
Hide resolved
plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
Outdated
Show resolved
Hide resolved
|
@blueorangutan package |
|
@rohityadavcloud a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 12608 |
|
@rg9975 , can you look at 05:50:07 [ERROR] /jenkins/workspace/acs-centos8-pkg-builder/dist/rpmbuild/BUILD/cloudstack-4.19.3.0-SNAPSHOT/server/src/test/java/com/cloud/user/AccountManagerImplTest.java:19:15: Unused import - org.junit.Assert.assertThrows. [UnusedImports] |
|
@blueorangutan package |
|
@kiranchavala a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13038 |
There was a problem hiding this comment.
LGTM
Tested the followig
- Reliable account switch when selecting a new account/domain combination from UI
The switching of the saml account is smooth, the issue reported before is also fixed
- New global property (saml2.require.password) to disable password authentication requirement (this enables delegation to the SAML IDP to allow other forms of authentication like 2FA, mobile device, security key, etc). Default to true to match previous hard-coded behavior.
Kiran> Tested the global setting
- New global property (user.allow.multiple.accounts) to allow the same username to exist on multiple accounts in the same domain. Defaults to false to match previous behavior. Also this ONLY applies to SAML2 plugin at this time as other account types do not have an implementation for multi-account selection.
Kiran> We can have multiple users with same username in multiple accounts in the same domain
Description
Fix issues with SAML multi-account selector in UI and various SAML2 plugin limitations.
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
Setup domain using SAML2 IDP (Azure Entra specifically) and performed validations of existing behaviors (single username only in a domain; password auth requirement), as well as tested ability to add multiple accounts for the same username in a domain and authentication with 2FA/device authentication.