summaryrefslogtreecommitdiffstats
path: root/ipsilon
diff options
context:
space:
mode:
Diffstat (limited to 'ipsilon')
-rwxr-xr-xipsilon/install/ipsilon-client-install12
-rwxr-xr-xipsilon/providers/saml2idp.py8
2 files changed, 18 insertions, 2 deletions
diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install
index d48df1b..2b3d2f2 100755
--- a/ipsilon/install/ipsilon-client-install
+++ b/ipsilon/install/ipsilon-client-install
@@ -84,7 +84,10 @@ def saml2():
else:
path = os.getcwd()
- url = 'https://' + args['hostname']
+ proto = 'https'
+ if not args['saml_secure_setup']:
+ proto = 'http'
+ url = '%s://%s' % (proto, args['hostname'])
url_sp = url + args['saml_sp']
url_logout = url + args['saml_sp_logout']
url_post = url + args['saml_sp_post']
@@ -118,6 +121,10 @@ def saml2():
# default location, enable the default page
psp = ''
+ saml_secure = 'Off'
+ if args['saml_secure_setup']:
+ saml_secure = 'On'
+
samlopts = {'saml_base': args['saml_base'],
'saml_protect': saml_protect,
'saml_sp_key': c.key,
@@ -125,6 +132,7 @@ def saml2():
'saml_sp_meta': sp_metafile,
'saml_idp_meta': idp_metafile,
'saml_sp': args['saml_sp'],
+ 'saml_secure_on': saml_secure,
'saml_auth': saml_auth,
'sp': psp}
files.write_from_template(SAML2_CONFFILE, SAML2_TEMPLATE, samlopts)
@@ -200,6 +208,8 @@ def parse_args():
help="Single Logout URL")
parser.add_argument('--saml-sp-post', default='/saml2/postResponse',
help="Post response URL")
+ parser.add_argument('--saml-secure-setup', action='store_true',
+ default=True, help="Turn on all security checks")
parser.add_argument('--debug', action='store_true', default=False,
help="Turn on script debugging")
parser.add_argument('--uninstall', action='store_true',
diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index b337652..e89fe0c 100755
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -246,6 +246,9 @@ class Installer(object):
def install_args(self, group):
group.add_argument('--saml2', choices=['yes', 'no'], default='yes',
help='Configure SAML2 Provider')
+ group.add_argument('--saml2-secure',
+ choices=['yes', 'no'], default='yes',
+ help='Configure SAML2 Provider')
def configure(self, opts):
if opts['saml2'] != 'yes':
@@ -261,7 +264,10 @@ class Installer(object):
cert.generate('idp', opts['hostname'])
# Generate Idp Metadata
- url = 'https://' + opts['hostname'] + '/' + opts['instance'] + '/saml2'
+ proto = 'https'
+ if opts['saml2_secure'].lower() == 'no':
+ proto = 'http'
+ url = '%s://%s/%s/saml2' % (proto, opts['hostname'], opts['instance'])
meta = metadata.Metadata(metadata.IDP_ROLE)
meta.set_entity_id(url + '/metadata')
meta.add_certs(cert, cert)