cloudstack

mirror of https://github.com/apache/cloudstack.git synced 2025-11-04 00:02:37 +01:00

Author	SHA1	Message	Date
Wei Zhou	f9b176744e	SAML2: add cookie with HttpOnly too #10013 (#10047 )	2024-12-09 16:45:21 +01:00
dahn	44597724f5	make saml auth request option `forceauthn` configurable (#9756 )	2024-10-16 10:45:18 +05:30
Wei Zhou	5ab0a52d66	util: check JSESSIONID in cookies if user is passed	2024-10-11 17:24:34 +02:00
Suresh Kumar Anaparti	3faf7cd2f1	Updating pom.xml version numbers for release 4.19.2.0-SNAPSHOT Signed-off-by: Suresh Kumar Anaparti <suresh.anaparti@shapeblue.com>	2024-07-19 10:29:26 +05:30
Suresh Kumar Anaparti	9f4c895974	Updating pom.xml version numbers for release 4.19.1.0 Signed-off-by: Suresh Kumar Anaparti <suresh.anaparti@shapeblue.com>	2024-07-15 17:19:29 +05:30
Rohit Yadav	2cfb541a1d	saml: purge token after first response and improve setting description (#9377 ) * saml: purge token after first response and improve setting description This improves the description of a saml signature checking global setting, and purges the SAML token upon handling the first SAML response. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> * fix failing unit test Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> --------- Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2024-07-15 09:45:28 +05:30
Rohit Yadav	7977d1475e	plugins: make default signature check mandatory (#9357 ) This improves upon #9219, to make the signature checks mandatory by default but allows for users to relax the setting if they really must. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2024-07-09 09:49:27 +05:30
Rohit Yadav	78ace3a750	saml: introduce saml2.check.signature (#9219 ) Adminstrators should ensure that IDP configuration has signing certificate for the actual signature check to be performed. In addition to this, this change introduces a new global setting `saml2.check.signature` which can deliberately fail a SAML login attempt when the SAML response has missing signature. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2024-06-13 11:30:33 +05:30
Abhishek Kumar	a7b97ff3b0	Updating pom.xml version numbers for release 4.19.1.0-SNAPSHOT Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>	2024-02-02 18:06:04 +05:30
Abhishek Kumar	2746225b99	Updating pom.xml version numbers for release 4.19.0.0 Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>	2024-01-29 10:21:52 +05:30
Abhishek Kumar	82a6a1f6c4	Merge remote-tracking branch 'apache/4.18' into main	2023-04-04 16:10:12 +05:30
Marcus Sorensen	5d5fa04c8b	saml: Add EncryptedElementType key resolver to SAML plugin (#7268 ) There are multiple ways in which a SAML response can be formatted, especially when encryption is enabled. This PR removes the hardcoding of EncryptedKeyResolver= InlineEncryptedKeyResolver in favor of using a ChainingEncryptedKeyResolver which will try multiple resolvers. It preserves the InlineEncryptedKeyResolver as the first option but adds EncryptedElementTypeEncryptedKeyResolver to the chain of resolvers to try. ChainingEncryptedKeyResolver is a bit finicky in that you can't provide it a list of resolvers, you can only fetch its internal list and add to it. Theoretically we could add all of the resolver types to the chain, but for now just preserving the ones known to be in use. Co-authored-by: Marcus Sorensen <mls@apple.com>	2023-04-03 15:16:03 +05:30
John Bampton	c2e17310d6	Add three more `pre-commit` checks (#7083 ) Co-authored-by: dahn <daan@onecht.net>	2023-03-27 13:28:55 +02:00
Daan Hoogland	fb4f6a334d	Updating pom.xml version numbers for release 4.19.0.0-SNAPSHOT Signed-off-by: Daan Hoogland <daan@onecht.net>	2023-03-15 19:46:01 +01:00
Daan Hoogland	05cda2729f	Updating pom.xml version numbers for release 4.18.1.0-SNAPSHOT Signed-off-by: Daan Hoogland <daan@onecht.net>	2023-03-15 19:38:14 +01:00
Daan Hoogland	0574087284	Updating pom.xml version numbers for release 4.18.0.0 Signed-off-by: Daan Hoogland <daan@onecht.net>	2023-03-11 09:35:41 +01:00
Harikrishna	a3feccf70c	User two factor authentication (#6924 ) Co-authored-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2023-02-13 09:14:17 +01:00
Suresh Kumar Anaparti	d8c7e34b38	Improve global settings UI to be more intuitive/logical (#5797 ) Co-authored-by: Suresh Kumar Anaparti <suresh.anaparti@shapeblue.com> Co-authored-by: nvazquez <nicovazquez90@gmail.com> Co-authored-by: davidjumani <dj.davidjumani1994@gmail.com> Co-authored-by: dahn <daan.hoogland@gmail.com> Co-authored-by: dahn <daan@onecht.net>	2023-01-31 11:23:43 +01:00
Eduardo Zanetta	a9b49f3ae9	Cleanup APIs getCommandName (#7022 ) Co-authored-by: Eduardo Zanetta <eduardo.zanetta@scclouds.com.br>	2023-01-03 12:11:52 +01:00
John Bampton	f9347ecf2c	Fix spelling (#6597 )	2022-08-03 15:43:47 +05:30
Rohit Yadav	5f04018bf0	Merge remote-tracking branch 'origin/4.17'	2022-07-27 12:41:31 +02:00
Rohit Yadav	441edf3ca7	utils: use safer parsing utility across codebase (#6562 ) This addresses SonarQube/SonarCloud quality checks to use safer xml parser to resist potential XXE attacks. https://sonarcloud.io/organizations/apache/rules?open=java%3AS2755&rule_key=java%3AS2755 Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2022-07-27 14:31:51 +05:30
Rohit Yadav	4baaf736b9	Merge remote-tracking branch 'origin/4.17' Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2022-07-18 19:42:44 +05:30
Rohit Yadav	7a3e97d67e	Tagging release 4.17.0.1 on branch b30a4a99d1b530efbf652373eda229f2cd5133b1. -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXtHhEi3F6KSkURLCSEJIIQ7j2IQFAmLRYi0ACgkQSEJIIQ7j 2ISTWxAAlozJuDMoRnr4D1TDbNCr2hzWSgVn5AK+IZGwnd22OnaZnS7tVQUheTCq t9aQgRLb7oUGAzNngHEjDaQBnxlHdLHMKby+QGe+RjX/d9urFoEyHe2xyvCJPkwM hFM1uesMqtH/HKwhIL3l8fATGPHlucdhQEZ+XA4bu91IVzxog0gikSnm7SjbaljF yYNkn9CgOWtZYFek7lcOM7iuKB79QSdpYxN8PYLpE7esyQSu4KjU4Ekufv1u6Tql ILsY5PA5tzzxS7ArfW5PICgSxkXOUIkflBbPHObGgduKw9Q36bmnRM/701lNb2re EWE4NMlM2PDn8kKZ2zULD2VBIq5tVdJuZjXbjDyD17z/KiU9pd6hGeHABSitnpDW vAS6rLJVY3YT9eqoVDVhpkpFQZmvdfDC8L4nYU2E7dCHj4lF9FlsgYO08SCfSgvP InAnfg1jZvbhA9EDL+LiuhxCStn6ZpjRuRCC89hYfRfRM1ZdrT2FazDj8KwPuC0P xfEr8eTnMm7xM+B9JCBQ2Lskl3jxQk3KAYQX13LtZCUj05Y1f3crx/iq6t0qIrAH PU9keojKMZffLz5MBlFU8qor32stw+uNMky8dZgtDIx6kRjnuYuPYOxpcPDzl+Cs KBRcwpIP+GR9mePU8PKBNDClLA45vDE1XqeK6KnOOf7MBSprU5o= =ETOD -----END PGP SIGNATURE----- Merge tag '4.17.0.1' into 4.17 Tagging release 4.17.0.1 on branch b30a4a99d1b530efbf652373eda229f2cd5133b1.	2022-07-18 19:40:53 +05:30
Rohit Yadav	1c7efcbd0d	Updating pom.xml version numbers for release 4.17.0.1 Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2022-07-15 18:18:40 +05:30
Rohit Yadav	f27de63644	saml: Safer DocumentBuilderFactory and ParserPool configuration This implements safer DocumentBuilderFactory and ParserPool utilities to be used throughout the codebase to prevent potential XXE exploits. References: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> (cherry picked from commit 8e0e68ef368ebe2793ef80e2c3821eaecb47b593) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>	2022-07-14 17:31:12 +05:30
Rohit Yadav	e57a0f9980	Merge remote-tracking branch 'origin/4.17'	2022-07-06 09:34:02 +05:30
Luis Moreira	c6b611433b	saml: Fix SAML SSO plugin redirect URL (#6457 ) This PR fixes the issue #6427 -> SAML request must be appended to an IdP URL as a query param with an ampersand, if the URL already contains a question mark, as opposed to always assume that IdP URLs don't have any query params. Google's IdP URL for instance looks like this: https://accounts.google.com/o/saml2/idp?idpid=<ID>, therefore the expected redirect URL would be https://accounts.google.com/o/saml2/idp?idpid=<ID>&SAMLRequest=<SAMLRequest> This code change is backwards compatible with the current behaviour.	2022-07-06 09:28:37 +05:30
nvazquez	0bcc609f05	Updating pom.xml version numbers for release 4.18.0.0-SNAPSHOT Signed-off-by: nvazquez <nicovazquez90@gmail.com>	2022-06-06 12:25:35 -03:00
nvazquez	038a669d6b	Updating pom.xml version numbers for release 4.17.1.0-SNAPSHOT Signed-off-by: nvazquez <nicovazquez90@gmail.com>	2022-06-06 12:19:44 -03:00
nvazquez	c56220fcf2	Updating pom.xml version numbers for release 4.17.0.0 Signed-off-by: nvazquez <nicovazquez90@gmail.com>	2022-05-31 14:33:47 -03:00
dahn	c123c3fd2f	remove request listener to prevent untimely session invalidation (#6393 ) * login/-out constants * no request listener * store session as value, using id as key * Apply suggestions from sonarcloud.io code review three instances of unsafe parameters to logging * new sonar issues * sonar issues	2022-05-24 10:00:06 -03:00
Abhishek Kumar	523805c8bc	schema,server,api: events improvement (#5997 ) * schema,server,api: events improvement Add resource ID and resource type to event. Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * wip Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * refactor resourcetype association with API class Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * add resource anme to the response Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * changes Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * test Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * more tests Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * new line Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * add resource test Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * changes Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * fix Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * smoke test for events resource Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * fix Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * changes Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * fix Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * ui improvements Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * refactor Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * api,ui: add support for listing events for a resource Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * since key Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * tests and permission changes Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * missing test Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * events for domain Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * improvements Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * fix Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * add missing license Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * ui: fix js console errors Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * sort enumeration Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * fix event resource for vpc Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * feedback changes Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * fix order Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * events with parent resource Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * missing UI labels Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * donot call cmd resource methods before dispatch Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * add restore vm to procedure Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * add missing imports Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * resource details for more events Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * add test for changes Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * more test, license fix Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * wrong merge fix Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> * fix for more event types Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>	2022-04-25 09:05:17 -03:00
Leo	70122007bb	Updated SAML2 auth sessionkey cookie path (#6149 ) This change will set the sessionkey under the /client/api path. This commit should prevent duplicate sessionkey cookies from being set on both /client (incorrect) and /client/api (correct). Prior to this commit, the /client version was being set while the /client/api version remained unchanged with an invalid sessionkey. As a result, subsequent requests after the SAML2 authentication would immediately fail with an invalid session and results in the user being logged out. The sessionkey is now set explicitly for the /client/api path which should fix this issue, regardless of the SSO URL and path that's being used.	2022-04-18 17:16:20 +05:30
nvazquez	1c238e101d	Merge branch '4.16'	2022-03-30 00:00:34 -03:00
Wei Zhou	ee27708ffb	SAML: replace first number with random alphabet if request ID starts with a number (#6165 )	2022-03-29 23:59:44 -03:00
JoaoJandre	5f07ddaca9	Refactor account type (#6048 ) * Refactor account type * Added license. * Address reviews * Address review. Co-authored-by: João Paraquetti <joao@scclouds.com.br> Co-authored-by: Joao <JoaoJandre@gitlab.com>	2022-03-09 11:14:19 -03:00
Suresh Kumar Anaparti	bc70535ee5	Updating pom.xml version numbers for release 4.16.2.0-SNAPSHOT Signed-off-by: Suresh Kumar Anaparti <suresh.anaparti@shapeblue.com>	2022-03-03 18:15:33 +05:30
Suresh Kumar Anaparti	cad9332082	Updating pom.xml version numbers for release 4.16.1.0 Signed-off-by: Suresh Kumar Anaparti <suresh.anaparti@shapeblue.com>	2022-02-25 19:01:16 +05:30
Daniel Augusto Veronezi Salvador	b4aabadc4d	Replace string libraries with org.apache.commons.lang3.StringUtils (#5386 ) * Replace google lib for lang3 and adjust methods calls * Replace string libs by lang3 * Prohibit others string libs Co-authored-by: GutoVeronezi <daniel@scclouds.com.br>	2021-11-18 13:41:48 +05:30
nicolas	3f79436840	Updating pom.xml version numbers for release 4.17.0.0-SNAPSHOT Signed-off-by: nicolas <nicovazquez90@gmail.com>	2021-11-09 22:55:52 -03:00
nicolas	93c3c3b9ac	Updating pom.xml version numbers for release 4.16.1.0-SNAPSHOT Signed-off-by: nicolas <nicovazquez90@gmail.com>	2021-11-09 22:50:22 -03:00
nicolas	44c08b5acc	Updating pom.xml version numbers for release 4.16.0.0 Signed-off-by: nicolas <nicovazquez90@gmail.com>	2021-11-04 14:14:57 -03:00
Daan Hoogland	e26202f23e	Updating pom.xml version numbers for release 4.16.0.0-SNAPSHOT Signed-off-by: Daan Hoogland <dahn@onecht.net>	2021-01-04 11:32:10 +00:00
Daan Hoogland	01b3e361c7	Updating pom.xml version numbers for release 4.15.0.0 Signed-off-by: Daan Hoogland <dahn@onecht.net>	2020-12-23 16:32:25 +00:00
Pearl Dsilva	fb78fb24c7	fix login issue post upgrade (#4465 ) Co-authored-by: Pearl Dsilva <pearl.dsilva@shapeblue.com>	2020-11-12 13:09:25 +00:00
Rohit Yadav	dfc76e0278	Merge remote-tracking branch 'origin/4.14'	2020-07-08 11:37:14 +05:30
Rohit Yadav	ba767783bd	Merge remote-tracking branch 'origin/4.13' into 4.14	2020-07-08 11:36:30 +05:30
Rohit Yadav	139aa13e6a	server: Purge all cookies on logout, set /client path on login (#4176 ) This will purge all the cookies on logout including multiple sessionkey cookies if passed. On login, this will restrict sessionkey cookie (httponly) to the / path. Fixes #4136 Co-authored-by: Pearl Dsilva <pearl.dsilva@shapeblue.com>	2020-07-08 08:03:51 +05:30
andrijapanicsb	5f926c3353	Updating pom.xml version numbers for release 4.15.0.0-SNAPSHOT Signed-off-by: andrijapanicsb <andrija.panic@shapeblue.com>	2020-05-23 10:18:39 +01:00

1 2 3 4

155 Commits