diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-07-13 17:43:20 -0400 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2015-07-16 15:04:57 +0200 |
commit | bc0c308174c5697e283be238c624922b2dc6d236 (patch) | |
tree | 0f590bd4e812eeee1fa8a2163ef4cdbcea5557a2 | |
parent | 2751451f4158417e66974d6415d2da84f612ab3c (diff) | |
download | ipsilon-bc0c308174c5697e283be238c624922b2dc6d236.tar.gz ipsilon-bc0c308174c5697e283be238c624922b2dc6d236.tar.xz ipsilon-bc0c308174c5697e283be238c624922b2dc6d236.zip |
Add client install option to disable logout over SOAP
This is at least somewhat for testing to ensure that
a mixed environment works but HTTP Redirect is the
recommended mechanism in the spec so some may want
to use only that.
https://fedorahosted.org/ipsilon/ticket/59
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
-rwxr-xr-x | ipsilon/install/ipsilon-client-install | 6 | ||||
-rw-r--r-- | man/ipsilon-client-install.1 | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install index d8a310c..452c7e0 100755 --- a/ipsilon/install/ipsilon-client-install +++ b/ipsilon/install/ipsilon-client-install @@ -97,7 +97,8 @@ def saml2(): m.set_entity_id(url_sp) m.add_certs(c) m.add_service(SAML2_SERVICE_MAP['logout-redirect'], url_logout) - m.add_service(SAML2_SERVICE_MAP['slo-soap'], url_logout) + if not args['no_saml_soap_logout']: + m.add_service(SAML2_SERVICE_MAP['slo-soap'], url_logout) m.add_service(SAML2_SERVICE_MAP['response-post'], url_post, index="0") m.add_allowed_name_format(SAML2_NAMEID_MAP[args['saml_nameid']]) sp_metafile = os.path.join(path, 'metadata.xml') @@ -335,6 +336,9 @@ def parse_args(): help="Single Logout URL") parser.add_argument('--saml-sp-post', default=None, help="Post response URL") + parser.add_argument('--no-saml-soap-logout', action='store_true', + default=False, + help="Disable Single Logout over SOAP") parser.add_argument('--saml-secure-setup', action='store_true', default=True, help="Turn on all security checks") parser.add_argument('--saml-nameid', default='unspecified', diff --git a/man/ipsilon-client-install.1 b/man/ipsilon-client-install.1 index 886fb48..5624d2f 100644 --- a/man/ipsilon-client-install.1 +++ b/man/ipsilon-client-install.1 @@ -55,6 +55,9 @@ Where saml communication happens. The default is /saml2. \fB\-\-saml\-sp\-logout\fR \fISAML_SP_LOGOUT\fR Single Logout URL. The default is /saml2/logout. .TP +\fB\-\-no\-saml\-soap\-logout\fR +Disable Single Logout using SOAP. +.TP \fB\-\-saml\-sp\-post\fR \fISAML_SP_POST\fR Post response URL. The default is /saml2/postResponse. .TP |