ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
All versions with SAML support
CONFIGURATION
Setup SAML with Azure AD
OS / ENVIRONMENT
SUMMARY
The authentication works but if I open the UI on a Browser which was already used by another application to authenticate against Azure AD I get an error message
https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/app-integration/error-code-aadsts75011-auth-method-mismatch
As per the document above, we need to set the value for forceAuthn to true. The value is hardcoded as false as of now.
|
authnRequest.setForceAuthn(false); |
Another error is that during login, org name being displayed in the UI is same as the URL. The actual value should be same as the value set for saml2.org.name global setting.
EXPECTED RESULTS
ACTUAL RESULTS
Login fails with an error
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
Setup SAML with Azure AD
OS / ENVIRONMENT
SUMMARY
The authentication works but if I open the UI on a Browser which was already used by another application to authenticate against Azure AD I get an error message
https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/app-integration/error-code-aadsts75011-auth-method-mismatch
As per the document above, we need to set the value for forceAuthn to true. The value is hardcoded as false as of now.
cloudstack/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
Line 193 in 1d37ff2
Another error is that during login, org name being displayed in the UI is same as the URL. The actual value should be same as the value set for
saml2.org.nameglobal setting.EXPECTED RESULTS
ACTUAL RESULTS