saml: purge token after first response and improve setting description

[rohityadavcloud]

This improves the description of a saml signature checking global setting, and purges the SAML token upon handling the first SAML response.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI
• test (unit or integration test code)

Testing

The community QA server is applied with these changes to test the SAML SSO with the rick user https://qa.cloudstack.cloud/simulator

[DaanHoogland]

clgtm

[rohityadavcloud]

@blueorangutan package

[blueorangutan]

@rohityadavcloud a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[rohityadavcloud]

this isn't very useful for now; but potentially guards against any replays

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 5 lines in your changes missing coverage. Please review.

Project coverage is 15.08%. Comparing base (32cc1d4) to head (df2328c).
Report is 1 commits behind head on 4.19.

Files	Patch %	Lines
...g/apache/cloudstack/saml/SAML2AuthManagerImpl.java	0.00%	4 Missing ⚠️
...ack/api/command/SAML2LoginAPIAuthenticatorCmd.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##               4.19    #9377    +/-   ##
==========================================
  Coverage     15.07%   15.08%            
- Complexity    11166    11173     +7     
==========================================
  Files          5405     5405            
  Lines        472672   472677     +5     
  Branches      58189    58295   +106     
==========================================
+ Hits          71257    71283    +26     
+ Misses       393486   393464    -22     
- Partials       7929     7930     +1     

Flag	Coverage Δ
uitests	4.27% <ø> (ø)
unittests	15.80% <0.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rohityadavcloud]

@blueorangutan package

[blueorangutan]

Packaging result [SF]: ✖️ el7 ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 10334

[shwstppr]

code lgtm

[DaanHoogland]

unit test failure :( , trying locally.

[weizhouapache]

unit test failure :( , trying locally.

the unit test with ActionEventInterceptorTest ?
it is happening with all prs againt 4.19

[rohityadavcloud]

Yup it’s failure on 4.19 branch, anyone fixing it?

[DaanHoogland]

it compiles without issues locally

[rohityadavcloud]

@blueorangutan package

[blueorangutan]

@rohityadavcloud a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[shwstppr]

Seems like I didn't wait enough while reopening the PR to kick GH actions. Trying again

[shwstppr]

Or maybe it was my mobile app 🤦

[blueorangutan]

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 10345

[sureshanaparti]

clgtm

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-10827)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 47305 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9377-t10827-kvm-centos7.zip
Smoke tests completed. 132 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File