search

apache / cloudstack

Apache CloudStack is an opensource Infrastructure as a Service (IaaS) cloud computing platform
https://cloudstack.apache.org/
Apache License 2.0
2.1k stars 1.11k forks source link

UI : Provide option for Saml user to logoff completely from Cloudstack #9934

Open kiranchavala opened 3 hours ago

kiranchavala commented 3 hours ago

ISSUE TYPE

Improvement request

COMPONENT NAME

Component: Improvement

CLOUDSTACK VERSION

Cloudstack version 4.19.1.x

SUMMARY

UI : Provide option for Saml user to logoff completely from Cloudstack

Steps to reproduce the issue

  1. Have a Cloudstack environment with saml enabled

  2. Make sure there are multiple users present in the saml idp

  3. Short Screen-recording

https://www.loom.com/share/2ee3884930354657881e27f297231edb?sid=9336b86f-0571-46a9-863c-20b2f3b168c2

Expected behaviour

We can provide the option for the end user to logout from SAML using the following API, this prevents another user from getting access to the system

https://cloudstack.apache.org/api/apidocs-4.19/apis/samlSlo.html

Screenshot 2024-11-15 at 1 56 32 PM

DaanHoogland commented 3 hours ago

@kiranchavala , I would say we need to not allow this unless the operator decides that the SSO provider used is not used for any other productivity software in the environment. So whoever implements this, should at least hide this behind a feature flag that has a default of off.