Feature #51137: mgr/dashboard: log SAML message in ceph-mgr logs - Dashboard - Ceph

Actions

Copy link

Feature #51137

closed

mgr/dashboard: log SAML message in ceph-mgr logs

Added by Ponnuvel P almost 3 years ago. Updated almost 3 years ago.

Status:

Rejected

Priority:

Normal

Assignee:

Alfonso Martínez

Category:

Security & Auth

Target version:

% Done:

Source:

Tags:

Backport:

Reviewed:

Affected Versions:

Ceph - v17.0.0

Pull request ID:

Description

The SAML message from an IdP doesn't get logged in ceph-mgr logs.

Sometimes when IdP sends SAML payload and if the UID or something else is incorrect,
the authentication is fails. But this is difficult to debug as it's not clear
why it was rejected.

Can we log the SAML message on authentication failure?

Actions

Copy link

Updated by Ernesto Puerta almost 3 years ago

Category changed from Component - Logs to Security & Auth
Assignee set to Alfonso Martínez

Actions

Copy link

Updated by Alfonso Martínez almost 3 years ago

Status changed from New to Rejected

This would be a security concern so I suggest you to use a browser extension like:

https://github.com/UNINETT/SAML-tracer#readme

https://chrome.google.com/webstore/detail/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » mgr » Dashboard

Custom queries

Feature #51137

mgr/dashboard: log SAML message in ceph-mgr logs

Updated by Ernesto Puerta almost 3 years ago

Updated by Alfonso Martínez almost 3 years ago