ipsilon.git, branch sp_register Unnamed repository; edit this file 'description' to name the repository. Allow SP registration from ipsilon-client-install 2015-04-02T01:17:46+00:00 Nathan Kinder nkinder@redhat.com 2015-03-31T02:36:04+00:00 a099b0d3a89f08c6f2f9053d308dc8beefd7dfdb This optionally allows a SAML SP to be registered with the IDP when running ipsilon-client-install. To register an SP, the following options are used: --saml-idp-url (Ipsilon IDP URL) --saml-sp-name (Name to register the SP as) --admin-user (Ipsilon admin user) --admin-password (Ipsilon admin password file) If the --saml-idp-url option is set, we attempt to register the SP. The --saml-sp-name option is required if you are registering a SP. The --admin-user already defaults to admin, so it only needs to be specified if your admin user has a different username. If the --admin-password option is not specified, we prompt for the password. The --saml-idp-metadata was previously required, but this option is redundant if the new --saml-idp-url option is specified and you are not using a local copy of the IDP metadata. You can now just use the --saml-idp-url option, and we build the metadata URL from it. This helps to minimize the number of required options when you are registering an SP during installation. https://fedorahosted.org/ipsilon/ticket/101 Signed-off-by: Nathan Kinder <nkinder@redhat.com> 
This optionally allows a SAML SP to be registered with the IDP when
running ipsilon-client-install.  To register an SP, the following
options are used:

  --saml-idp-url   (Ipsilon IDP URL)
  --saml-sp-name   (Name to register the SP as)
  --admin-user     (Ipsilon admin user)
  --admin-password (Ipsilon admin password file)

If the --saml-idp-url option is set, we attempt to register the SP.
The --saml-sp-name option is required if you are registering a SP.
The --admin-user already defaults to admin, so it only needs to be
specified if your admin user has a different username.  If the
--admin-password option is not specified, we prompt for the password.

The --saml-idp-metadata was previously required, but this option is
redundant if the new --saml-idp-url option is specified and you are
not using a local copy of the IDP metadata.  You can now just use
the --saml-idp-url option, and we build the metadata URL from it.
This helps to minimize the number of required options when you are
registering an SP during installation.

https://fedorahosted.org/ipsilon/ticket/101
Signed-off-by: Nathan Kinder <nkinder@redhat.com>
SP uninstall attempts to run install 2015-03-31T04:23:03+00:00 Nathan Kinder nkinder@redhat.com 2015-03-31T04:21:31+00:00 a17d442e213ee2104cbf2aea923fcd9ad853e895 When running 'ipsilon-client-install --uninstall' to uninstall a SP, we call the install routine again after completing the uninstallation. This leads to confusing error messages about missing required options. This patch corrects the uninstallation logic. https://fedorahosted.org/ipsilon/ticket/100 Signed-off-by: Nathan Kinder <nkinder@redhat.com> 
When running 'ipsilon-client-install --uninstall' to uninstall a SP,
we call the install routine again after completing the uninstallation.
This leads to confusing error messages about missing required options.
This patch corrects the uninstallation logic.

https://fedorahosted.org/ipsilon/ticket/100
Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Release v0.5.0 2015-03-30T21:13:54+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-03-30T20:19:48+00:00 084c893c7f4639a2ee67ea79008148291af1fafa Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Add options to explicitly set database uris during install 2015-03-30T18:20:11+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-03-30T14:38:10+00:00 3fd51fe0d4593cdc39c28f11deafe27845f25584 Also offer the option to set the OpenID database URI during install https://fedorahosted.org/ipsilon/ticket/17 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
Also offer the option to set the OpenID database URI during install

https://fedorahosted.org/ipsilon/ticket/17

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Use all SSSD domains for info plugin by default. 2015-03-27T18:47:11+00:00 Rob Crittenden rcritten@redhat.com 2015-03-26T19:36:02+00:00 db41f6ea5ac2b4648350900791e32a83d0974e14 Rather than requiring --info-sssd-domain as an argument make it an optional argument, defaulting to enabling all SSSD domains. Convert the argument from a single value into a list so that multiple invocations can be made and all domains in the list will be enabled. There is still the possibility that failures in configuring a domain will occur (no domain found, for example) and these are considered "soft" failures. That is it won't abort the server installation. https://fedorahosted.org/ipsilon/ticket/78 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Rather than requiring --info-sssd-domain as an argument make it
an optional argument, defaulting to enabling all SSSD domains.

Convert the argument from a single value into a list so that multiple
invocations can be made and all domains in the list will be enabled.

There is still the possibility that failures in configuring a domain
will occur (no domain found, for example) and these are considered
"soft" failures. That is it won't abort the server installation.

https://fedorahosted.org/ipsilon/ticket/78

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add a method to Installer classes to validate argument input 2015-03-27T18:46:52+00:00 Rob Crittenden rcritten@redhat.com 2015-03-26T18:55:27+00:00 101022e3bf4dfe3f0c56ffb61abbf358a3b1ab26 There was no way to validate argument input from plugins and cause the installer to bail out. If a plugin needs to validate some input it can use the validate_args() method and raise ConfigurationError() if an issue is found. https://fedorahosted.org/ipsilon/ticket/78 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
There was no way to validate argument input from plugins and
cause the installer to bail out. If a plugin needs to validate
some input it can use the validate_args() method and raise
ConfigurationError() if an issue is found.

https://fedorahosted.org/ipsilon/ticket/78

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Try to return a redirect instead a 400 for "not logged in" state 2015-03-27T18:43:26+00:00 Rob Crittenden rcritten@redhat.com 2015-03-25T21:29:22+00:00 83ac397cd5904cbbaa5a21adcac73815dda9fa63 If the user is not logged in and submits a valid logout request then just redirect the user to the RelayState in the request indicating that the logout was successful. This provides a better user experience. https://fedorahosted.org/ipsilon/ticket/88 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
If the user is not logged in and submits a valid logout request
then just redirect the user to the RelayState in the request
indicating that the logout was successful. This provides a better
user experience.

https://fedorahosted.org/ipsilon/ticket/88

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add tests for Name ID functionality 2015-03-24T13:42:24+00:00 Rob Crittenden rcritten@redhat.com 2015-03-19T19:20:28+00:00 0f56ef9942ee631a9306806bea8f3bb8e7b81076 Some Name ID formats are not implemented so are expected to fail. Kerberos is implemented but the test is done using form authentication so no Kerberos principal is available so authentication is denied. https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Some Name ID formats are not implemented so are expected to fail.

Kerberos is implemented but the test is done using form authentication
so no Kerberos principal is available so authentication is denied.

https://fedorahosted.org/ipsilon/ticket/27

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Make unspecified the default Name ID format, add to enabled list 2015-03-23T22:00:34+00:00 Rob Crittenden rcritten@redhat.com 2015-03-23T21:25:55+00:00 424a03e5bd141bfa80220816d6e9bd6be9aa256f https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
https://fedorahosted.org/ipsilon/ticket/27

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Allow user to specify Name ID format when configuring SP. 2015-03-23T22:00:27+00:00 Rob Crittenden rcritten@redhat.com 2015-03-19T19:19:24+00:00 cc527bd439314e45dc9f88599f9a3c03eb9b6220 https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
https://fedorahosted.org/ipsilon/ticket/27

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>