Skip to content

SAML2: add cookie with HttpOnly too#10047

Merged
DaanHoogland merged 1 commit intoapache:4.19from
weizhouapache:4.19-fix-saml-switch-domain
Dec 9, 2024
Merged

SAML2: add cookie with HttpOnly too#10047
DaanHoogland merged 1 commit intoapache:4.19from
weizhouapache:4.19-fix-saml-switch-domain

Conversation

@weizhouapache
Copy link
Member

@weizhouapache weizhouapache commented Dec 5, 2024

Description

This PR fixes #10003

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • build/CI
  • test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

@weizhouapache weizhouapache added this to the 4.19.2 milestone Dec 5, 2024
@weizhouapache
Copy link
Member Author

weizhouapache commented Dec 5, 2024

@blueorangutan package

@blueorangutan
Copy link

blueorangutan commented Dec 5, 2024

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@codecov
Copy link

codecov bot commented Dec 5, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 15.13%. Comparing base (47f6019) to head (75261dd).
Report is 3 commits behind head on 4.19.

Additional details and impacted files 
@@             Coverage Diff              @@
##               4.19   #10047      +/-   ##
============================================
- Coverage     15.13%   15.13%   -0.01%     
- Complexity    11261    11263       +2     
============================================
  Files          5408     5408              
  Lines        473842   473843       +1     
  Branches      57771    57771              
============================================
  Hits          71696    71696              
- Misses       394145   394146       +1     
  Partials       8001     8001
Flag Coverage Δ
uitests 4.30% <ø> (ø)
unittests 15.85% <100.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

DaanHoogland
DaanHoogland reviewed Dec 5, 2024
View reviewed changes
Copy link
Contributor

@DaanHoogland DaanHoogland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks ok, but I have no idea if it results in the desired behaviour. (needs-testing)

@DaanHoogland
Copy link
Contributor

DaanHoogland commented Dec 5, 2024

@kiranchavala , maybe we can look at testing this together?

@blueorangutan
Copy link

blueorangutan commented Dec 5, 2024

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11722

@weizhouapache
Copy link
Member Author

weizhouapache commented Dec 5, 2024

@blueorangutan test keepEnv

@blueorangutan
Copy link

blueorangutan commented Dec 5, 2024

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

@DaanHoogland DaanHoogland linked an issue Dec 5, 2024 that may be closed by this pull request
Unable to change the domain when a user is authenticated by SAML #10003
Closed
@DaanHoogland DaanHoogland changed the title SAML2: add cookie with HttpOnly too #10013 SAML2: add cookie with HttpOnly too Dec 5, 2024
@blueorangutan
Copy link

blueorangutan commented Dec 6, 2024

[SF] Trillian test result (tid-11857)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 47641 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10047-t11857-kvm-ol8.zip
Smoke tests completed. 133 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File

kiranchavala
kiranchavala approved these changes Dec 9, 2024
View reviewed changes
Copy link
Member

@kiranchavala kiranchavala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, tested manually and the saml user is able to switch the domains successfully

Video recording

https://www.loom.com/share/bd87a0752712429eaf60f5490af3c3dc?sid=70d14bdc-a27f-4d92-99c0-0e4a024d547c

@weizhouapache weizhouapache marked this pull request as ready for review December 9, 2024 12:33
@weizhouapache
Copy link
Member Author

weizhouapache commented Dec 9, 2024

LGTM, tested manually and the saml user is able to switch the domains successfully

Video recording

https://www.loom.com/share/bd87a0752712429eaf60f5490af3c3dc?sid=70d14bdc-a27f-4d92-99c0-0e4a024d547c

thanks @kiranchavala for testing !

DaanHoogland
DaanHoogland approved these changes Dec 9, 2024
View reviewed changes
Copy link
Contributor

@DaanHoogland DaanHoogland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clgtm

@DaanHoogland DaanHoogland merged commit f9b1767 into apache:4.19 Dec 9, 2024
@DaanHoogland DaanHoogland deleted the 4.19-fix-saml-switch-domain branch December 9, 2024 15:45
@DaanHoogland DaanHoogland mentioned this pull request Dec 10, 2024
Closed
weizhouapache added a commit to weizhouapache/cloudstack that referenced this pull request Dec 11, 2024
@weizhouapache
SAML2: add cookie with HttpOnly too apache#10013 (apache#10047)
a18f1a6
DaanHoogland added a commit that referenced this pull request Dec 20, 2024
@DaanHoogland
Merge release branch 4.20 to main
9295a16 
* 4.20:
  VR: apply iptables rules when add/remove static routes (#10064)
  Certificate and VM hostname validation improvements (#10051)
  set ulimit for server according to redhat spec (#10040)
  kvm-storage: provide isVMMigrate information to storage plugins (#10093)
  Allow config drive deletion of migrated VM, on host maintenance (#10045)
  linstor: improve heartbeat check with also asking linstor (#10105)
  server: simplify role change validation (#9173)
  UI: create VPC network offering with conserve mode (#10082)
  server: fix typo removeaccessvpn in VirtualRouterElement (#10086)
  UI: remove duplicated Instance Name in Public IP details page (#10087)
  UI: Fixes in the Usage UI (#10000)
  SAML2: add cookie with HttpOnly too #10013 (#10047)
  ui: Allow font-awesome icon usage and optimise icon size inconsistency (#9744)
dhslove pushed a commit to ablecloud-team/ablestack-cloud that referenced this pull request Dec 26, 2024
@weizhouapache @dhslove
SAML2: add cookie with HttpOnly too apache#10013 (apache#10047)
0eb311e
@kiranchavala kiranchavala mentioned this pull request Apr 14, 2025
Merged
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kiranchavala kiranchavala kiranchavala approved these changes

@DaanHoogland DaanHoogland DaanHoogland approved these changes

Assignees

No one assigned

Labels

component:saml

Projects

None yet

Milestone

4.19.2

Development

Successfully merging this pull request may close these issues.

Unable to change the domain when a user is authenticated by SAML

4 participants

@weizhouapache @blueorangutan @DaanHoogland @kiranchavala