ipsilon.git/ipsilon, branch v0.2.4 Unnamed repository; edit this file 'description' to name the repository. Fix typo in selinux boolean name 2014-05-20T12:03:46+00:00 Simo Sorce simo@redhat.com 2014-05-20T12:03:09+00:00 c04cc1526981077544b3d3655a73282882efb030 This was causing pam auth to fail, as the boolean was not being turned on. Signed-off-by: Simo Sorce <simo@redhat.com> 
This was causing pam auth to fail, as the boolean was not being turned on.

Signed-off-by: Simo Sorce <simo@redhat.com>
Fix generation fo server's metadata file 2014-05-19T19:17:06+00:00 Simo Sorce simo@redhat.com 2014-05-19T19:15:56+00:00 3a174ea2d8b2266fc847e568fec373971b42def3 At some point a '/' got lost, causing the generation of wrong endpoints. Clients would then be redirected to an unexisting path and get a 404. Signed-off-by: Simo Sorce <simo@redhat.com> 
At some point a '/' got lost, causing the generation of wrong endpoints.
Clients would then be redirected to an unexisting path and get a 404.

Signed-off-by: Simo Sorce <simo@redhat.com>
Fix broken login plugins order config handling 2014-05-10T14:00:17+00:00 Nathan Kinder nkinder@redhat.com 2014-05-10T00:38:32+00:00 c950d7553e3f04a0fd5452afb705cf04e8f62a2b The administrative page for configuring login plugins order had a number of problems. The html template expects a list of plugin names to be supplied, but a list of the actual plugin objects was being supplied. This caused a 500 error since join() would throw an exception when it encounters something other than a string. Even after fixing the 500 error, actually modifying the plugin order would not work due to further issues with plugin objects being used when strings representing the plugin names are expected (and vice-versa). This patch ensures that strings representing plugin names are supplied to the html template, and that plugin objects are used when re-ordering the live plugin list. Resolves: https://fedorahosted.org/ipsilon/ticket/2 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The administrative page for configuring login plugins order had
a number of problems.  The html template expects a list of plugin
names to be supplied,  but a list of the actual plugin objects
was being supplied.  This caused a 500 error since join() would
throw an exception when it encounters something other than a string.

Even after fixing the 500 error, actually modifying the plugin
order would not work due to further issues with plugin objects
being used when strings representing the plugin names are expected
(and vice-versa).

This patch ensures that strings representing plugin names are
supplied to the html template, and that plugin objects are used
when re-ordering the live plugin list.

Resolves: https://fedorahosted.org/ipsilon/ticket/2

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add 500 Error handler for krb module 2014-05-07T14:00:35+00:00 Simo Sorce simo@redhat.com 2014-05-07T13:51:25+00:00 380b732e853b71d3a682a6189f8833c59b5e78d3 If mod_auth_kerb encounters an internal error, catch it so we can fall back to the next authentication module, if any, or return a proper failure message. Signed-off-by: Simo Sorce <simo@redhat.com> 
If mod_auth_kerb encounters an internal error, catch it so we can fall back to
the next authentication module, if any, or return a proper failure message.

Signed-off-by: Simo Sorce <simo@redhat.com>
Remind the user to restart HTTPD when done 2014-05-07T14:00:35+00:00 Simo Sorce simo@redhat.com 2014-05-07T13:47:20+00:00 0c7ff90e4380c2c690818b5a8079fdcfb61af389 On a successful install you need to retsart apache to enable the instance, remind the user that is necessary. Signed-off-by: Simo Sorce <simo@redhat.com> 
On a successful install you need to retsart apache to enable the instance,
remind the user that is necessary.

Signed-off-by: Simo Sorce <simo@redhat.com>
Give more user feedback around keytab issues 2014-05-07T14:00:25+00:00 Simo Sorce simo@redhat.com 2014-05-07T13:45:32+00:00 b93cf2d751e9c6078ee15d30a66d939bbe2f3b9f Signed-off-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Add IPA helper for server install 2014-05-02T01:05:47+00:00 Simo Sorce simo@redhat.com 2014-04-29T21:24:29+00:00 33d8af8c15d28a32c42f056546cf391b2cffa803 The IPa helper chcks a krb keytab is available for the local HTTPD service at the standard ipa location, and if not available, tries to register the sevice and retrieve one from the IPA server. At the end of the process forces the activation of the krb plugin as well as the fallback to pam for authentication. Signed-off-by: Simo Sorce <simo@redhat.com> 
The IPa helper chcks a krb keytab is available for the local HTTPD
service at the standard ipa location, and if not available, tries
to register the sevice and retrieve one from the IPA server.

At the end of the process forces the activation of the krb plugin
as well as the fallback to pam for authentication.

Signed-off-by: Simo Sorce <simo@redhat.com>
Add Environment Helpers installer framework 2014-05-02T01:05:47+00:00 Simo Sorce simo@redhat.com 2014-04-28T17:58:51+00:00 aaed708431955d4cc01e82f003c9d35851073510 Environment helpers are meta-plugins that allow to set ipsilon in well defined environments. For example when ipsilon is install in a FreeIPA or AD domains and authentication methods, cetificate, keytabs etc, can be pre-configured and deployed at the same time the server is installed with minimal effort and wellknown methods. These are run before any of the other plugins as they can chage the configuration option for any of the plugins, enable or disable plugins, or pre-configure some elements. Signed-off-by: Simo Sorce <simo@redhat.com> 
Environment helpers are meta-plugins that allow to set ipsilon in
well defined environments.
For example when ipsilon is install in a FreeIPA or AD domains and
authentication methods, cetificate, keytabs etc, can be pre-configured
and deployed at the same time the server is installed with minimal
effort and wellknown methods.

These are run before any of the other plugins as they can chage the
configuration option for any of the plugins, enable or disable plugins,
or pre-configure some elements.

Signed-off-by: Simo Sorce <simo@redhat.com>
Always use saml by default 2014-05-02T01:05:47+00:00 Simo Sorce simo@redhat.com 2014-05-02T01:00:14+00:00 f139821010d71a07e011b257132b4acbc872a21b Signed-off-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Make SELinux happy 2014-05-02T01:05:45+00:00 Simo Sorce simo@redhat.com 2014-05-01T17:16:14+00:00 c6e97e93a61b02602f14606a60b6154880308123 Add proper context to shared state directories so that httpd can write there. Relax SElinux boolans to allow use of pam modules This allows running Ipsilon in fully enforcing mode when pam auth using the python-pam modules is used. Signed-off-by: Simo Sorce <simo@redhat.com> 
Add proper context to shared state directories so that httpd can write there.

Relax SElinux boolans to allow use of pam modules
This allows running Ipsilon in fully enforcing mode when pam auth
using the python-pam modules is used.

Signed-off-by: Simo Sorce <simo@redhat.com>