Add SAML flow support ADFS endpoint "/adfs/services/trust/13/usernamemixed" #504
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
vbauzys
approved these changes
May 14, 2020
CHANGELOG.md
Outdated
| @@ -6,6 +6,8 @@ IMPROVEMENTS: | |||
| * Removed code that handled specific cases for API 29.0 and 30.0. This library now supports VCD versions from 9.5 to 10.1 included [GH-499] | |||
| * Added command line flags to test suite, corresponding to environment variables listed in TESTING.md [GH-505] | |||
| * `resource/vcd_vapp_vm` allows creating VM from multi VM vApp template [GH-501] | |||
| * Add support for SAML auth with Active Directory Federation Services (ADFS) as IdP using | |||
| "/adfs/services/trust/13/usernamemixed" endpoint. [GH-502] | |||
dataclouder
suggested changes
May 19, 2020
vcd/auth_saml_test.go
Outdated
| "github.com/hashicorp/terraform-plugin-sdk/helper/resource" | ||
| ) | ||
|
|
||
| // TestAccVcdSamlAuth explicitly tests a simple operation using SAML auth when explicit SAML |
There was a problem hiding this comment.
Suggested change
| // TestAccVcdSamlAuth explicitly tests a simple operation using SAML auth when explicit SAML | |
| // TestAccVcdSamlAuth tests a simple operation using SAML auth when explicit SAML |
vcd/config_test.go
Outdated
| UseSamlAdfs bool `json:"useSamlAdfs"` | ||
| CustomAdfsRptId string `json:"customAdfsRptId,omitempty"` | ||
|
|
||
| // The below `SamlUser`, `SamlPassword` and `SamlCustomRptId` variables are optional and are |
There was a problem hiding this comment.
Suggested change
| // The below `SamlUser`, `SamlPassword` and `SamlCustomRptId` variables are optional and are | |
| // The variables `SamlUser`, `SamlPassword` and `SamlCustomRptId` are optional and are |
vcd/sample_vcd_test_config.json
Outdated
| @@ -6,6 +6,14 @@ | |||
| "user": "root", | |||
| "password": "somePassword", | |||
| "token": "Access token to be used instead of username/password", | |||
|
|
|||
| "//": "Below 3 fields allow to set SAML credentials for tests that specifically use it.", | |||
There was a problem hiding this comment.
Suggested change
| "//": "Below 3 fields allow to set SAML credentials for tests that specifically use it.", | |
| "//": "The 3 fields below allow to set SAML credentials for tests that specifically use it.", |
vcd/sample_vcd_test_config.json
Outdated
|
|
||
| "//": "Below 3 fields allow to set SAML credentials for tests that specifically use it.", | ||
| "//": "May be useful when local user credentials are used by default.", | ||
| "//": "The below credentials will authenticate to Org specified in vcd.org parameter.", |
There was a problem hiding this comment.
Suggested change
| "//": "The below credentials will authenticate to Org specified in vcd.org parameter.", | |
| "//": "These credentials will authenticate to the Org specified in vcd.org parameter.", |
lvirbalas
requested changes
May 19, 2020
| org = "System" | ||
| url = "${var.vcd_url}" | ||
| max_retry_timeout = "${var.vcd_max_retry_timeout}" | ||
| allow_unverified_ssl = "${var.vcd_allow_unverified_ssl}" |
There was a problem hiding this comment.
Thank you for clearing this up!
website/docs/index.html.markdown
Outdated
| @@ -186,7 +209,17 @@ The following arguments are used to configure the VMware vCloud Director Provide | |||
| instead of username and password. When this is set, username and password will | |||
| be ignored, but should be left in configuration either empty or with any custom values. | |||
| A token can be specified with the `VCD_TOKEN` environment variable. | |||
|
|
|||
|
|
|||
| * `use_saml_adfs` - (Optional) Set `true` to use SAML login flow with Active Directory Federation | |||
There was a problem hiding this comment.
In discussions about this field. Options so far:
saml_adfs_enabled
saml_adfs_auth_enabled
auth_type = "saml_adfs" | "native" (default) | "token" | "ldap"
CC: @dataclouder @vbauzysvmware
There was a problem hiding this comment.
my vote auth_type if possible
lvirbalas
approved these changes
May 21, 2020
Replicated ADFS and tested on my env. |
vbauzys
referenced
this pull request
in vbauzys/terraform-provider-vcd_archive3
Jul 1, 2020
…mixed" (#504) * Add SAML support with ADFS
vbauzys
referenced
this pull request
in vbauzys/terraform-provider-vcd_archive3
Jul 1, 2020
…mixed" (#504) * Add SAML support with ADFS
vbauzys
referenced
this pull request
in vbauzys/terraform-provider-vcd_archive3
Jul 1, 2020
…mixed" (#504) * Add SAML support with ADFS
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for SAML login using Microsoft Active Directory Services as Identity Provider (IdP).
It introduces two new
providersection variablesuse_saml_adfsandsaml_rpt_idto alter login flow.Testing
PR adds a few new variables to configuration struct:
It allows to triggers explicitly a test
TestAccVcdSamlAuthdesigned to try SAML authentication and can be useful if local users are used for main testing.More details about flow and how it works is in go-vcloud-director SDK PR (vmware/go-vcloud-director#304) as this is where it all is handled. The main point of SDK PR is to make it as easy as possible to use new features.
This PR demonstrates it by showing how little SDK user needs to do.