ipsilon.git/ipsilon/install/ipsilon-client-install, branch ticket_92 Unnamed repository; edit this file 'description' to name the repository. Allow SP installation to be on non-standard ports 2015-03-14T17:13:43+00:00 Nathan Kinder nkinder@redhat.com 2015-03-14T17:00:51+00:00 bd10f81c2ba0615ee77ab2ef3613dc242dbb0899 When setting up a SP using ipsilon-client-install, there is no ability to use a non-standard port. We should allow a port number to be specified that results in the proper URLs in the SP metadata. This patch adds a --port option to ipsilon-client-install. This is used in the construction of the URLs used in the SP metadata as well as in the httpd redirect rules if httpd is being configured. https://fedorahosted.org/ipsilon/ticket/92 Signed-off-by: Nathan Kinder <nkinder@redhat.com> 
When setting up a SP using ipsilon-client-install, there is no
ability to use a non-standard port.  We should allow a port number
to be specified that results in the proper URLs in the SP metadata.

This patch adds a --port option to ipsilon-client-install.  This is
used in the construction of the URLs used in the SP metadata as well
as in the httpd redirect rules if httpd is being configured.

https://fedorahosted.org/ipsilon/ticket/92
Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Validate SP path settings during installation 2015-03-11T13:48:55+00:00 Nathan Kinder nkinder@redhat.com 2015-03-11T03:02:07+00:00 a1bcbfd426a6c3860edf53e12da32ff6daad4442 There are a number of URL path options that can be specified as options when running ipsilon-client-install. There are certain rules that must be followed to result in a valid mod_auth_mellon configuration: - All path options must be prefixed with '/'. - The mellon endpoint path (--saml-sp) must be a subpath of the httpd 'Location' element is it contained within (--saml-base). - The logout (--saml-sp-logout) and post (--saml-sp-post) paths must be subpaths of the mellon endpoint (--saml-sp). This adds validation for all of the above rules. https://fedorahosted.org/ipsilon/ticket/82 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
There are a number of URL path options that can be specified as
options when running ipsilon-client-install. There are certain
rules that must be followed to result in a valid mod_auth_mellon
configuration:

 - All path options must be prefixed with '/'.

 - The mellon endpoint path (--saml-sp) must be a subpath of the
   httpd 'Location' element is it contained within (--saml-base).

 - The logout (--saml-sp-logout) and post (--saml-sp-post) paths
   must be subpaths of the mellon endpoint (--saml-sp).

This adds validation for all of the above rules.

https://fedorahosted.org/ipsilon/ticket/82

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add Cache-Control header to prevent browser caching of SAML auth location 2015-03-10T22:24:08+00:00 Nathan Kinder nkinder@redhat.com 2015-03-10T18:22:47+00:00 d67664fbffe9c380a354abe115ee5afa1ff968be We should prevent browser caching of the SAML auth location that we configure for an SP. This can be easily done by adding the following directive to that location in the httpd config: Header append Cache-Control "no-cache" https://fedorahosted.org/ipsilon/ticket/81 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
We should prevent browser caching of the SAML auth location that we
configure for an SP. This can be easily done by adding the following
directive to that location in the httpd config:

    Header append Cache-Control "no-cache"

https://fedorahosted.org/ipsilon/ticket/81

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Require SSL on SP when using --saml-secure-setup 2015-03-10T22:24:01+00:00 Nathan Kinder nkinder@redhat.com 2015-03-10T03:28:47+00:00 42700be962e245243f10c30a29c41fcda1f3f712 If ipsilon-client-install is used with the --saml-secure-setup option (which is set by default), only https connections will work for authentication. We are not setting the SSLRequireSSL directive though, so we set mellon up to fail. This patch adds the SSLRequireSSL directive to the SP config when --saml-secure-setup is specified. In addition, we add a rewrite rule to rewrite http requests to https for the SP. https://fedorahosted.org/ipsilon/ticket/80 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
If ipsilon-client-install is used with the --saml-secure-setup
option (which is set by default), only https connections will
work for authentication.  We are not setting the SSLRequireSSL
directive though, so we set mellon up to fail.

This patch adds the SSLRequireSSL directive to the SP config
when --saml-secure-setup is specified.  In addition, we add a
rewrite rule to rewrite http requests to https for the SP.

https://fedorahosted.org/ipsilon/ticket/80

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Add support for passing configuration profile 2014-06-04T14:26:34+00:00 Simo Sorce simo@redhat.com 2014-05-27T22:02:29+00:00 8fa20c6c81aab558cd00bf1e4ac87ec8ee5a8556 The new option --config-profile accepts a INI style file, so that installation options are passed in via a file. this is useful for testing and automated installs. This file can have 2 sections: globals, arguments. The globals section can change global variable in the install script like: TEMPLATES, CONFDIR, DATADIR, HTTPDCONFD and so on, so that an installation can use non-standad directories. The argumets section accepts any argument option. The config profile file is parsed after all arguments have parsed and can override any plugin argument. Signed-off-by: Simo Sorce <simo@redhat.com> 
The new option --config-profile accepts a INI style file, so that
installation options are passed in via a file. this is useful for
testing and automated installs.

This file can have 2 sections: globals, arguments.

The globals section can change global variable in the install script
like: TEMPLATES, CONFDIR, DATADIR, HTTPDCONFD and so on, so that an
installation can use non-standad directories.

The argumets section accepts any argument option.
The config profile file is parsed after all arguments have parsed and
can override any plugin argument.

Signed-off-by: Simo Sorce <simo@redhat.com>
Allow turning off security at install time 2014-06-04T14:26:34+00:00 Simo Sorce simo@redhat.com 2014-05-30T14:09:18+00:00 ca38224edc22e794c77418d30c2034cdba7ebe67 This should be used only for testing purposes Signed-off-by: Simo Sorce <simo@redhat.com> 
This should be used only for testing purposes

Signed-off-by: Simo Sorce <simo@redhat.com>
Always use saml by default 2014-05-02T01:05:47+00:00 Simo Sorce simo@redhat.com 2014-05-02T01:00:14+00:00 f139821010d71a07e011b257132b4acbc872a21b Signed-off-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Fix typo in ipsilon-client-install 2014-05-02T00:52:24+00:00 Simo Sorce simo@redhat.com 2014-05-02T00:52:02+00:00 c3dbeaddbef676c65a039764dcc17ccec3685568 Signed-off-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Move templatized file creation to tools 2014-04-21T04:05:05+00:00 Simo Sorce simo@redhat.com 2014-04-18T04:16:12+00:00 47ff8363b7961188084f05c55558a166b06decb4 Signed-off-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Move fixing files functionality to tools 2014-04-21T04:05:05+00:00 Simo Sorce simo@redhat.com 2014-04-18T03:59:35+00:00 a20178b055e783b4146925596e815a05d82b0ac6 Signed-off-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>