You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2020/06/18 13:36:00 UTC

[jira] [Commented] (KNOX-2390) Configure SAML using provider parameters

    [ https://issues.apache.org/jira/browse/KNOX-2390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17139426#comment-17139426 ] 

Sandor Molnar commented on KNOX-2390:
-------------------------------------

In this round, the following 4 SAML 2 parameters are allowed to be configured:
 * useNameQualifier
 * forceAuth
 * passive
 * nameIdPolicyFormat

They all play a significant role when building up am authentication request [here|https://github.com/pac4j/pac4j/blob/master/pac4j-saml/src/main/java/org/pac4j/saml/sso/impl/SAML2AuthnRequestBuilder.java].

Of course, with the new classes, it's quite easy to extend the above list.

> Configure SAML using provider parameters
> ----------------------------------------
>
>                 Key: KNOX-2390
>                 URL: https://issues.apache.org/jira/browse/KNOX-2390
>             Project: Apache Knox
>          Issue Type: Task
>          Components: Server
>    Affects Versions: 1.4.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 1.5.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently, there is a bunch of SAML parameters which the Pac4j federation provider knows about and can be used to update SAML 2 configuration:
>  * saml.keystorePassword
>  * saml.privateKeyPassword
>  * saml.keystorePath
>  * saml.keystoreAlias
>  * saml.identityProviderMetadataPath
>  * saml.maximumAuthenticationLifetime
>  * saml.serviceProviderEntityId
>  * saml.serviceProviderMetadataPath
>  * saml.destinationBindingType
> However, there are other SAML 2 configurations that also should be configurable via provider parameters. For instance: the default value of {{useNameQualifier}} changed from {{'false'}} to {{'true'}} in pac4j {{v3.7.0}} (and changed back to {{'false'}} in {{v3.8.2}}) which may cause an issue with ADFS integration.
> The purpose of this Jira is to identify a list of SAML 2 configuration that should be configurable and make it happen via the Pac4j federation provider parameters.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)