ipsilon.git, branch ticket_25 Unnamed repository; edit this file 'description' to name the repository. Mapped Attrs - WIP 2015-03-20T14:57:46+00:00 Nathan Kinder nkinder@redhat.com 2015-03-17T04:58:10+00:00 0562d486c6906bbba909bddf1326a9ed497b4443 






Set Cache-control on all generated pages, centralize in Endpoint
2015-03-19T20:57:55+00:00

Rob Crittenden
rcritten@redhat.com

2015-03-16T20:31:55+00:00

83ec7148841303516fe31e76116b70c8a5f73aab

See "Bindings for the OASIS Security Assertion Markup Language (SAML)
V2.0" section 3.2.3.2.

https://fedorahosted.org/ipsilon/ticket/7

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>





See "Bindings for the OASIS Security Assertion Markup Language (SAML)
V2.0" section 3.2.3.2.

https://fedorahosted.org/ipsilon/ticket/7

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>







Assertion AttributeStatements must be non-empty
2015-03-18T21:49:43+00:00

John Dennis
jdennis@redhat.com

2015-03-18T21:14:07+00:00

b5730c293fc532fffd3f3300a14813027c4242ae

The saml-core-2.0-os specification section 2.7.3 requires
the AttributeStatement element to be non-empty. Shibboleth verifies
this and rejects assertions that do not comply. We gather attributes
into a local dict first before adding them to the AttributeStatement
so the fix is easy. Test if the dict is empty, move the initialization
of the assertion AttributeStatement inside the test so it's
conditional on whether the dict has members.

https://fedorahosted.org/ipsilon/ticket/61

Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>





The saml-core-2.0-os specification section 2.7.3 requires
the AttributeStatement element to be non-empty. Shibboleth verifies
this and rejects assertions that do not comply. We gather attributes
into a local dict first before adding them to the AttributeStatement
so the fix is easy. Test if the dict is empty, move the initialization
of the assertion AttributeStatement inside the test so it's
conditional on whether the dict has members.

https://fedorahosted.org/ipsilon/ticket/61

Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>







Allow SP installation to be on non-standard ports
2015-03-18T21:49:43+00:00

Nathan Kinder
nkinder@redhat.com

2015-03-14T17:00:51+00:00

7f146bcbe3ae20db27e2daf294c19a40ccd419e6

When setting up a SP using ipsilon-client-install, there is no
ability to use a non-standard port.  We should allow a port number
to be specified that results in the proper URLs in the SP metadata.

This patch adds a --port option to ipsilon-client-install.  This is
used in the construction of the URLs used in the SP metadata as well
as in the httpd redirect rules if httpd is being configured.

https://fedorahosted.org/ipsilon/ticket/92

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>





When setting up a SP using ipsilon-client-install, there is no
ability to use a non-standard port.  We should allow a port number
to be specified that results in the proper URLs in the SP metadata.

This patch adds a --port option to ipsilon-client-install.  This is
used in the construction of the URLs used in the SP metadata as well
as in the httpd redirect rules if httpd is being configured.

https://fedorahosted.org/ipsilon/ticket/92

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>







Properly handle groups info in SAML provider
2015-03-18T00:38:27+00:00

Simo Sorce
simo@redhat.com

2015-03-17T17:22:06+00:00

acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6

Also removes internal attributes (any attribute that starts with _

Fixes: https://fedorahosted.org/ipsilon/ticket/71

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>





Also removes internal attributes (any attribute that starts with _

Fixes: https://fedorahosted.org/ipsilon/ticket/71

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>







Add negative authentication test
2015-03-18T00:37:55+00:00

Simo Sorce
simo@redhat.com

2015-03-18T00:18:21+00:00

2b9b1190fdca8dc94d0a7d7f5f00d8084f729127

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>





Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>







Fix error returned from login plugins
2015-03-18T00:37:19+00:00

Simo Sorce
simo@redhat.com

2015-03-17T23:01:59+00:00

0b40c36998ed29c7e98a8cf5f42a798e0bec0870

Some login plugins use form based authentication and let the user retry
on authentication errors. This is fine, however the wrong error code is
returned in this case, 401 should be returned.

Fixes: https://fedorahosted.org/ipsilon/ticket/94

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>





Some login plugins use form based authentication and let the user retry
on authentication errors. This is fine, however the wrong error code is
returned in this case, 401 should be returned.

Fixes: https://fedorahosted.org/ipsilon/ticket/94

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>







Make SSSD Info enable the httpd_dbus_sssd boolean.
2015-03-17T14:52:25+00:00

Patrick Uiterwijk
puiterwijk@redhat.com

2015-03-16T14:07:41+00:00

b6cf2a56cf951b059e2755742522413c304e858e

https://fedorahosted.org/ipsilon/ticket/23#comment:13

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>





https://fedorahosted.org/ipsilon/ticket/23#comment:13

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>







Build dated RPMs by default
2015-03-16T21:47:50+00:00

Patrick Uiterwijk
puiterwijk@redhat.com

2015-03-16T14:16:03+00:00

cd855ea000e6baa994423c486779935bd02a6426

This stores the build date and git commit in the version.
This way, it's a lot easier to determine when it was last built.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>





This stores the build date and git commit in the version.
This way, it's a lot easier to determine when it was last built.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>







Save user attributes on subsequent calls to login.
2015-03-16T21:18:13+00:00

Rob Crittenden
rcritten@redhat.com

2015-03-16T18:34:24+00:00

2667fc13306912d4a1481e495181679012255ef6

When a login comes in via the remote_login() call no
user attributes are set. These may be later filled in by
a subsequent call to login() after the info plugins are
called but a short-circuit in that function exits if the
user matches the current session.

Add an extra conditional such that if the user matches,
userattributes are passed in and the current user attributes
for this user is empty then save the new data.

https://fedorahosted.org/ipsilon/ticket/86

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>





When a login comes in via the remote_login() call no
user attributes are set. These may be later filled in by
a subsequent call to login() after the info plugins are
called but a short-circuit in that function exits if the
user matches the current session.

Add an extra conditional such that if the user matches,
userattributes are passed in and the current user attributes
for this user is empty then save the new data.

https://fedorahosted.org/ipsilon/ticket/86

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>