You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2020/06/18 13:36:00 UTC
[jira] [Commented] (KNOX-2390) Configure SAML using provider
parameters
[ https://issues.apache.org/jira/browse/KNOX-2390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17139426#comment-17139426 ]
Sandor Molnar commented on KNOX-2390:
-------------------------------------
In this round, the following 4 SAML 2 parameters are allowed to be configured:
* useNameQualifier
* forceAuth
* passive
* nameIdPolicyFormat
They all play a significant role when building up am authentication request [here|https://github.com/pac4j/pac4j/blob/master/pac4j-saml/src/main/java/org/pac4j/saml/sso/impl/SAML2AuthnRequestBuilder.java].
Of course, with the new classes, it's quite easy to extend the above list.
> Configure SAML using provider parameters
> ----------------------------------------
>
> Key: KNOX-2390
> URL: https://issues.apache.org/jira/browse/KNOX-2390
> Project: Apache Knox
> Issue Type: Task
> Components: Server
> Affects Versions: 1.4.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 1.5.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Currently, there is a bunch of SAML parameters which the Pac4j federation provider knows about and can be used to update SAML 2 configuration:
> * saml.keystorePassword
> * saml.privateKeyPassword
> * saml.keystorePath
> * saml.keystoreAlias
> * saml.identityProviderMetadataPath
> * saml.maximumAuthenticationLifetime
> * saml.serviceProviderEntityId
> * saml.serviceProviderMetadataPath
> * saml.destinationBindingType
> However, there are other SAML 2 configurations that also should be configurable via provider parameters. For instance: the default value of {{useNameQualifier}} changed from {{'false'}} to {{'true'}} in pac4j {{v3.7.0}} (and changed back to {{'false'}} in {{v3.8.2}}) which may cause an issue with ADFS integration.
> The purpose of this Jira is to identify a list of SAML 2 configuration that should be configurable and make it happen via the Pac4j federation provider parameters.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)