Bug 1653105

Summary: [RFE] add support for SAML auth to the API (this is SAML v2.0 Enhanced Client or Proxy Profile protocol, NOT JWT and is non-trivial).
Product: Red Hat CloudForms Management Engine Reporter: Loic Avenel <lavenel>
Component: APIAssignee: Joe Vlcek <jvlcek>
Status: CLOSED WONTFIX QA Contact: Parthvi Vala <pvala>
Severity: medium Docs Contact: Red Hat CloudForms Documentation <cloudforms-docs>
Priority: medium    
Version: 5.10.0CC: dcarmich, gtanzill, jvlcek, lavenel, obarenbo, pvala
Target Milestone: GAKeywords: FutureFeature, Reopened, RFE
Target Release: 5.12.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: RFE
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-01-15 16:59:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Embargoed:

Description Loic Avenel 2018-11-25 20:39:40 UTC 
Description of problem: add support for SAML auth to the API (this is SAML v2.0 Enhanced Client or Proxy Profile protocol, NOT JWT and is non-trivial).
Comment 2 Dave Johnson 2018-11-29 04:45:41 UTC 
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

If it's something like a tracker bug where it doesn't matter, please set the severity to Low.
Comment 3 Dave Johnson 2018-11-29 15:02:00 UTC 
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

If it's something like a tracker bug where it doesn't matter, please set the severity to Low.
Comment 4 Dave Johnson 2018-12-19 11:02:34 UTC 
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

If it's something like a tracker bug where it doesn't matter, please set the severity to Low.
Comment 5 Joe Vlcek 2019-07-18 17:04:55 UTC 
I'll start to research what this involves.
Comment 6 Joe Vlcek 2019-07-22 17:53:17 UTC 
Moving back to Status: NEW, I've researched and talked with Alberto.

Just to help other understand what's involved. Fundamentally SAML is web browser dependent. Without the browser, 
the Enhanced Client or Proxy profile, which allows clients to directly contact a SAML directory without requiring a browser, would be
needed. There currently is no existing Ruby gem that provides ECP so we would have to implement the protocol in order to provide this
functionality.

JoeV
Comment 10 Joe Vlcek 2020-01-14 20:05:13 UTC 
I am actively working to add the requested functionality.
Comment 11 Joe Vlcek 2020-01-15 16:59:50 UTC 
Going forward this work will be track by:

https://github.com/ManageIQ/manageiq/issues/19717