ipsilon.git/ipsilon/providers, branch non-empty-attrs Unnamed repository; edit this file 'description' to name the repository. Assertion AttributeStatements must be non-empty 2015-03-18T21:14:07+00:00 John Dennis jdennis@redhat.com 2015-03-18T21:14:07+00:00 8473dd1abcfb4ad92a4700a7715246b207ae1323 The saml-core-2.0-os specification section 2.7.3 requires the AttributeStatement element to be non-empty. Shibboleth verifies this and rejects assertions that do not comply. We gather attributes into a local dict first before adding them to the AttributeStatement so the fix is easy. Test if the dict is empty, move the initialization of the assertion AttributeStatement inside the test so it's conditional on whether the dict has members. Fixes: https://fedorahosted.org/ipsilon/ticket/61 Signed-off-by: John Dennis <jdennis@redhat.com> 
The saml-core-2.0-os specification section 2.7.3 requires
the AttributeStatement element to be non-empty. Shibboleth verifies
this and rejects assertions that do not comply. We gather attributes
into a local dict first before adding them to the AttributeStatement
so the fix is easy. Test if the dict is empty, move the initialization
of the assertion AttributeStatement inside the test so it's
conditional on whether the dict has members.

Fixes: https://fedorahosted.org/ipsilon/ticket/61
Signed-off-by: John Dennis <jdennis@redhat.com>
Properly handle groups info in SAML provider 2015-03-18T00:38:27+00:00 Simo Sorce simo@redhat.com 2015-03-17T17:22:06+00:00 acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6 Also removes internal attributes (any attribute that starts with _ Fixes: https://fedorahosted.org/ipsilon/ticket/71 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com> 
Also removes internal attributes (any attribute that starts with _

Fixes: https://fedorahosted.org/ipsilon/ticket/71

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Require admin when accessing REST pages 2015-03-03T02:44:38+00:00 Rob Crittenden rcritten@redhat.com 2015-03-02T19:47:22+00:00 13b359d8e4682fb239cf02293aef3a1b235a2cf6 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Load and initialize REST in the SAML2 plugin 2015-02-27T21:11:43+00:00 Rob Crittenden rcritten@redhat.com 2015-02-26T20:56:55+00:00 38bda85cbff4ad9f53bc7ffcbc9e02a46bae79ec https://fedorahosted.org/ipsilon/ticket/26 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
https://fedorahosted.org/ipsilon/ticket/26

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Implement GET and POST REST API for Service Providers 2015-02-27T21:10:51+00:00 Rob Crittenden rcritten@redhat.com 2015-02-26T20:57:20+00:00 90296d59d094a3a9871f04c0e9dad238b701c2b8 The mount point is /idp/rest/providers/saml2/SPS. GET .../SPS will retrieve all Service Providers GET .../SPS/foo will retrieve the Service Provider named foo POST .../SPS/foo will create the Service Provider named foo https://fedorahosted.org/ipsilon/ticket/26 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The mount point is /idp/rest/providers/saml2/SPS.

GET .../SPS will retrieve all Service Providers
GET .../SPS/foo will retrieve the Service Provider named foo
POST .../SPS/foo will create the Service Provider named foo

https://fedorahosted.org/ipsilon/ticket/26

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add base REST provider framework classes 2015-02-27T21:05:49+00:00 Rob Crittenden rcritten@redhat.com 2015-02-26T20:50:37+00:00 7957f8d19d6693de52c758cad76cd61480ec336f These classes handle mounting the REST plugins. The starting mount point is: /idp/rest/providers https://fedorahosted.org/ipsilon/ticket/26 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
These classes handle mounting the REST plugins.

The starting mount point is: /idp/rest/providers

https://fedorahosted.org/ipsilon/ticket/26

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add uninstallation support. 2015-02-26T20:18:02+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-02-04T09:58:14+00:00 7ad204c13898245cdea5acfa90be83e767276994 As part of this, made all plugins use a Installer baseclass. https://fedorahosted.org/ipsilon/ticket/38 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
As part of this, made all plugins use a Installer baseclass.

https://fedorahosted.org/ipsilon/ticket/38

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Add support for attribute policies in openidp 2015-02-24T15:58:20+00:00 Simo Sorce simo@redhat.com 2015-02-16T18:47:33+00:00 db88788fe906f315733b6ae67929f62cfc307d24 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add support for attribute policies in samlidp 2015-02-24T15:37:48+00:00 Simo Sorce simo@redhat.com 2015-02-16T16:13:29+00:00 edfd8d4b514a4089108d19026bc38c656f49bbee Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Prefix userdata hives with _ to avoid conflicts 2015-02-24T15:37:38+00:00 Simo Sorce simo@redhat.com 2015-02-16T19:04:49+00:00 771b8fd095f3bcb922f761d297c62f1a56a997d5 The main userdata dict contains common attributes, but we add a sepcial groups list and unmapped extras, as well as indicators like auth_type. All these additional attributes are now prefixed by a _ character so that conflicts with legitimate attributes are improbable. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
The main userdata dict contains common attributes, but we add
a sepcial groups list and unmapped extras, as well as indicators
like auth_type.
All these additional attributes are now prefixed by a _ character
so that conflicts with legitimate attributes are improbable.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>