ipsilon.git/templates/install, branch ecp Unnamed repository; edit this file 'description' to name the repository. Make wellknowndir substitution work on Alias line as well. 2015-08-25T12:44:58+00:00 Jan Pazdziora jpazdziora@redhat.com 2015-08-25T11:56:35+00:00 eab6689943558a6ad27ccbe008cbab7c2560617d Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Use plugin-specific configuration, better expiration 2015-05-11T22:39:31+00:00 Rob Crittenden rcritten@redhat.com 2015-05-11T22:14:42+00:00 8445b3297cd0b25989f2575c21bf3426aee7c5ad Use a SAML2 plugin specific option to specify the database uri for sessions. Use a much more robust method to find sessions that need expiration (thanks Patrick). https://fedorahosted.org/ipsilon/ticket/90 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Use a SAML2 plugin specific option to specify the database uri
for sessions.

Use a much more robust method to find sessions that need
expiration (thanks Patrick).

https://fedorahosted.org/ipsilon/ticket/90

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Configure the SAML2 session database during installation 2015-05-11T22:39:06+00:00 Rob Crittenden rcritten@redhat.com 2015-04-21T13:34:41+00:00 2858e7a24f9f071a20be00700dc9cec8931434a6 https://fedorahosted.org/ipsilon/ticket/90 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
https://fedorahosted.org/ipsilon/ticket/90

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add db.conn.log option to suppress sql logs by default 2015-05-07T20:08:04+00:00 Rob Crittenden rcritten@redhat.com 2015-05-07T19:51:23+00:00 abcefb0f2eece549371f951b58144188d2ac9307 The Store logging is quite verbose with a flurry of init and destroy messages with each session. Setting db.conn.log to False (default) will suppress these. If one needs to do connection tracing it can be enabled. Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The Store logging is quite verbose with a flurry of
init and destroy messages with each session. Setting
db.conn.log to False (default) will suppress these. If one
needs to do connection tracing it can be enabled.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Allow SP installation to be on non-standard ports 2015-03-18T21:49:43+00:00 Nathan Kinder nkinder@redhat.com 2015-03-14T17:00:51+00:00 7f146bcbe3ae20db27e2daf294c19a40ccd419e6 When setting up a SP using ipsilon-client-install, there is no ability to use a non-standard port. We should allow a port number to be specified that results in the proper URLs in the SP metadata. This patch adds a --port option to ipsilon-client-install. This is used in the construction of the URLs used in the SP metadata as well as in the httpd redirect rules if httpd is being configured. https://fedorahosted.org/ipsilon/ticket/92 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
When setting up a SP using ipsilon-client-install, there is no
ability to use a non-standard port.  We should allow a port number
to be specified that results in the proper URLs in the SP metadata.

This patch adds a --port option to ipsilon-client-install.  This is
used in the construction of the URLs used in the SP metadata as well
as in the httpd redirect rules if httpd is being configured.

https://fedorahosted.org/ipsilon/ticket/92

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Add mod_wsgi display name for Ipsilon WSGI process 2015-03-11T13:39:10+00:00 Nathan Kinder nkinder@redhat.com 2015-03-11T03:12:03+00:00 f06950e46262e4899f42ba3b197525bb2b88b9cb This adds the mod_wsgi display-name setting to allow the Ipsilon WSGI process to show up with a useful process name instead of 'httpd'. This allows one to easily distinguish the WSGI process from other httpd processes. https://fedorahosted.org/ipsilon/ticket/62 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
This adds the mod_wsgi display-name setting to allow the Ipsilon
WSGI process to show up with a useful process name instead of
'httpd'.  This allows one to easily distinguish the WSGI process
from other httpd processes.

https://fedorahosted.org/ipsilon/ticket/62

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Require SSL on SP when using --saml-secure-setup 2015-03-10T22:24:01+00:00 Nathan Kinder nkinder@redhat.com 2015-03-10T03:28:47+00:00 42700be962e245243f10c30a29c41fcda1f3f712 If ipsilon-client-install is used with the --saml-secure-setup option (which is set by default), only https connections will work for authentication. We are not setting the SSLRequireSSL directive though, so we set mellon up to fail. This patch adds the SSLRequireSSL directive to the SP config when --saml-secure-setup is specified. In addition, we add a rewrite rule to rewrite http requests to https for the SP. https://fedorahosted.org/ipsilon/ticket/80 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
If ipsilon-client-install is used with the --saml-secure-setup
option (which is set by default), only https connections will
work for authentication.  We are not setting the SSLRequireSSL
directive though, so we set mellon up to fail.

This patch adds the SSLRequireSSL directive to the SP config
when --saml-secure-setup is specified.  In addition, we add a
rewrite rule to rewrite http requests to https for the SP.

https://fedorahosted.org/ipsilon/ticket/80

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Add request/response logging via cherrypy tool hooks 2015-01-26T18:34:06+00:00 John Dennis jdennis@redhat.com 2015-01-20T22:13:34+00:00 e85f190d8e081fbbfeadca24781266d1c3e1bba1 The ability to easily review the HTTP Ipsilon request and response is boon for development and issue debugging. Normally these HTTP conversations occur on SSL/TLS encrypted connections making it difficult to use other tools to view the traffic. Client side tools have known pitfalls (e.g. Firebug) and not all conversations are browser initiated (e.g. SAML ECP). Logging performed by the server hosting Ipsilon makes logging at the server level server specific (e.g. Apache's dumpio requires post-processing the log file to extract and reassamble the HTTP conversation). The best place to log requests and responses is within Ipsilon using the cherrypy framework Ipsilon is embedded in. Cherrypy provides user defined hooks that can be invoked at specific places in the request pipeline. We establish a hook at the last stage just before the response is written to the client, it logs the incoming request and outgoing response. Resolves: https://fedorahosted.org/ipsilon/ticket/44 Signed-off-by: John Dennis <jdennis@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The ability to easily review the HTTP Ipsilon request and response is
boon for development and issue debugging. Normally these HTTP
conversations occur on SSL/TLS encrypted connections making it
difficult to use other tools to view the traffic. Client side tools
have known pitfalls (e.g. Firebug) and not all conversations are
browser initiated (e.g. SAML ECP). Logging performed by the server
hosting Ipsilon makes logging at the server level server specific
(e.g. Apache's dumpio requires post-processing the log file to extract
and reassamble the HTTP conversation). The best place to log requests
and responses is within Ipsilon using the cherrypy framework
Ipsilon is embedded in. Cherrypy provides user defined hooks that can
be invoked at specific places in the request pipeline. We establish a
hook at the last stage just before the response is written to the
client, it logs the incoming request and outgoing response.

Resolves: https://fedorahosted.org/ipsilon/ticket/44

Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add support for Persona Identity Provider 2014-11-14T18:06:27+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2014-11-13T09:18:05+00:00 943158d19f879eb6ad515edeb59017671e4252c5 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add simple SqlSession implementation 2014-11-12T22:46:52+00:00 Simo Sorce simo@redhat.com 2014-11-10T19:57:53+00:00 5e0b9747121eab67c5a3ee3bb42a677e35da7fd6 This allows us to store session data in the DB. This way session data can be shared by multiple servers behind a balancer. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
This allows us to store session data in the DB. This way session data can
be shared by multiple servers behind a balancer.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>