diff options
Diffstat (limited to 'ipsilon')
-rwxr-xr-x | ipsilon/install/ipsilon-client-install | 12 | ||||
-rwxr-xr-x | ipsilon/providers/saml2idp.py | 8 |
2 files changed, 18 insertions, 2 deletions
diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install index d48df1b..2b3d2f2 100755 --- a/ipsilon/install/ipsilon-client-install +++ b/ipsilon/install/ipsilon-client-install @@ -84,7 +84,10 @@ def saml2(): else: path = os.getcwd() - url = 'https://' + args['hostname'] + proto = 'https' + if not args['saml_secure_setup']: + proto = 'http' + url = '%s://%s' % (proto, args['hostname']) url_sp = url + args['saml_sp'] url_logout = url + args['saml_sp_logout'] url_post = url + args['saml_sp_post'] @@ -118,6 +121,10 @@ def saml2(): # default location, enable the default page psp = '' + saml_secure = 'Off' + if args['saml_secure_setup']: + saml_secure = 'On' + samlopts = {'saml_base': args['saml_base'], 'saml_protect': saml_protect, 'saml_sp_key': c.key, @@ -125,6 +132,7 @@ def saml2(): 'saml_sp_meta': sp_metafile, 'saml_idp_meta': idp_metafile, 'saml_sp': args['saml_sp'], + 'saml_secure_on': saml_secure, 'saml_auth': saml_auth, 'sp': psp} files.write_from_template(SAML2_CONFFILE, SAML2_TEMPLATE, samlopts) @@ -200,6 +208,8 @@ def parse_args(): help="Single Logout URL") parser.add_argument('--saml-sp-post', default='/saml2/postResponse', help="Post response URL") + parser.add_argument('--saml-secure-setup', action='store_true', + default=True, help="Turn on all security checks") parser.add_argument('--debug', action='store_true', default=False, help="Turn on script debugging") parser.add_argument('--uninstall', action='store_true', diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index b337652..e89fe0c 100755 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -246,6 +246,9 @@ class Installer(object): def install_args(self, group): group.add_argument('--saml2', choices=['yes', 'no'], default='yes', help='Configure SAML2 Provider') + group.add_argument('--saml2-secure', + choices=['yes', 'no'], default='yes', + help='Configure SAML2 Provider') def configure(self, opts): if opts['saml2'] != 'yes': @@ -261,7 +264,10 @@ class Installer(object): cert.generate('idp', opts['hostname']) # Generate Idp Metadata - url = 'https://' + opts['hostname'] + '/' + opts['instance'] + '/saml2' + proto = 'https' + if opts['saml2_secure'].lower() == 'no': + proto = 'http' + url = '%s://%s/%s/saml2' % (proto, opts['hostname'], opts['instance']) meta = metadata.Metadata(metadata.IDP_ROLE) meta.set_entity_id(url + '/metadata') meta.add_certs(cert, cert) |