summaryrefslogtreecommitdiffstats
path: root/templates
Commit message (Collapse)AuthorAgeFilesLines
* Rework remote_login and remove protect decoratorSimo Sorce2014-08-271-1/+0
| | | | | | | | | | | | The protect decorator was not really being used for anything, remove it. Change the way UserSession's remote_login() works. If called now it either sets a REMOTE_USER (if found) or nukes the current user data in the session. This means this function can be safely called only in a login plugin now. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Strenghten default Security options in IDPSimo Sorce2014-06-172-0/+3
| | | | | | | | Always deny access to the IDP if not using SSL by default. Always turn on secure/httponly cookies by default. Add a switch to disable all security options for testing. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add server install option to turn on debuggingSimo Sorce2014-06-061-2/+2
| | | | | | | Use this in the testsuite so we can get meaningful output in the logs when something fails. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add basic testing infrastructureSimo Sorce2014-06-041-0/+1
| | | | | | | | | | | | | | make test will now run some sanity tests to make sure basic installation procedures work in a sinthetic test environment. Adds: - custom httpd setup for tests - use profiles to driver ipsilon servers and clients installation - starts multiple httpd servers This way we can test interaction between IDP and SP servers Signed-off-by: Simo Sorce <simo@redhat.com>
* Additional parametrization of template filesSimo Sorce2014-06-042-6/+6
| | | | | | To allow for testing in a custom rootdir, and with a custom user. Signed-off-by: Simo Sorce <simo@redhat.com>
* Allow turning off security at install timeSimo Sorce2014-06-041-1/+1
| | | | | | This should be used only for testing purposes Signed-off-by: Simo Sorce <simo@redhat.com>
* Add optional field to allow pasting the metadataSimo Sorce2014-06-041-2/+16
| | | | | | | This way a user can avoid copying the metadata file arund but paste the content straight from a terminal window. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add tooltips to SAML formsSimo Sorce2014-05-293-6/+16
| | | | | | This should make clearer what is expected in each field. Signed-off-by: Simo Sorce <simo@redhat.com>
* Show the Save button only if it usefulSimo Sorce2014-05-291-4/+6
| | | | | | | If the user cannot perform any action there is no reason to show the save button. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix location nameSimo Sorce2014-05-291-1/+1
| | | | | | Must be the same name wher ethe instance is mounted! Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix handling of SP renamesSimo Sorce2014-05-201-0/+9
| | | | | | Properly replace page self.url Signed-off-by: Simo Sorce <simo@redhat.com>
* WSGI settings incorrectly makes instance globalNathan Kinder2014-05-101-1/+4
| | | | | | | | | | | | | | | The WSGIProcessGroup directive should only apply to the /idp URI. Without wrapping this directive in the Location element, multiple Ipsilon instances or an Ipsilon instance installed on a FreeIPA server will conflict and encounter problems running in the same httpd process. All wsgi processes will end up redirected to the last process grup defined in the configuration in this case and all other instances of wsgi applications will be unreachable. Resolves: https://fedorahosted.org/ipsilon/ticket/1 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Make it easy to install mutiple server instancesSimo Sorce2014-04-212-8/+8
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Revert incorrect change to template fileSimo Sorce2014-04-181-4/+4
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add missing install fileSimo Sorce2014-04-181-0/+14
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add basic installation script with saml supportSimo Sorce2014-04-111-0/+28
| | | | | | | | | Generates (self signed) certificates and a metdata.xml file. Optionally configures an Apache Httpd server. If the admin does not configure a specific application at install time a default landing page is made available to be able to test that the SP configuration works. Uninstall removes all certificates and metadata file and is irreversible.
* Change provider plugins registration and enablementSimo Sorce2014-04-111-1/+1
| | | | | | | | | | | | | When plugins are not enabled at startup the admin page is not available as it is created only on enablement. Split enablement and registration, so plugins can be registered even when actually disabled. Also rework the way enablement is tracked and make sure enablement status is saved back to the database when it changes so it is kept on restarts. Signed-off-by: Simo Sorce <simo@redhat.com>
* Admin functions to delete Service ProvidersSimo Sorce2014-04-041-0/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Admin functions to add new Service ProvidersSimo Sorce2014-04-042-0/+33
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Admin classes to change SP propertiesSimo Sorce2014-04-042-15/+69
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Saml2 initial admin pageSimo Sorce2014-03-281-0/+23
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add generic support for IdP plugin admin pagesSimo Sorce2014-03-281-0/+3
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Basic Identity providers plugin configurationSimo Sorce2014-03-281-0/+20
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Refactor login plugin enablement codeSimo Sorce2014-03-281-2/+7
| | | | | | | This allows us to finally implement the plugin enable/disable configuration buttons and enable/disable plugins on the fly. Signed-off-by: Simo Sorce <simo@redhat.com>
* Automatically build configuration page menuSimo Sorce2014-03-281-7/+3
| | | | | | Do not hardcode it, rather build it out of the pages tree. Signed-off-by: Simo Sorce <simo@redhat.com>
* Move login plugin configuration to its own moduleSimo Sorce2014-03-265-25/+31
| | | | | | | move also the template, in preparation for handling other configuration data in the main page. Signed-off-by: Simo Sorce <simo@redhat.com>
* Implement plugin ordering configurationSimo Sorce2014-03-242-2/+30
| | | | | | Allows to change the login plugins order from the admin configuration page. Signed-off-by: Simo Sorce <simo@redhat.com>
* Install default configuration filesSimo Sorce2014-03-201-0/+12
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Initial SAML2 providerSimo Sorce2014-02-241-0/+13
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Use cherrypy handlers to render error pagesSimo Sorce2014-02-243-2/+33
| | | | | | | Replaces custom code to render 401 Unauthorized page as well as adds 400 and 500 handlers Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix master-admin template upper left corner hrefSimo Sorce2014-02-241-1/+1
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Apply patternfly to administration pagesPetr Vobornik2014-02-173-78/+106
| | | | | Signed-off-by: Petr Vobornik <pvoborni@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Krb pagePetr Vobornik2014-02-171-20/+7
| | | | | Signed-off-by: Petr Vobornik <pvoborni@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* PAM pagePetr Vobornik2014-02-171-35/+42
| | | | | Signed-off-by: Petr Vobornik <pvoborni@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Login root pagePetr Vobornik2014-02-171-24/+6
| | | | | Signed-off-by: Petr Vobornik <pvoborni@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Unauthorized pagePetr Vobornik2014-02-171-0/+8
| | | | | Signed-off-by: Petr Vobornik <pvoborni@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Root pagesPetr Vobornik2014-02-172-65/+42
| | | | | Signed-off-by: Petr Vobornik <pvoborni@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Master templatePetr Vobornik2014-02-171-0/+28
| | | | | Signed-off-by: Petr Vobornik <pvoborni@redhat.com> Signed-off-by: Simo Sorce <simo@redhat.com>
* Add help text to be shown on form based login pageSimo Sorce2014-01-271-0/+3
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add infrastructure to configure serverSimo Sorce2014-01-243-1/+84
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add Kerberos Negotiate auth pluginSimo Sorce2014-01-241-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | This plugin depends on the proper configuration of mod_auth_kerb The mod_auth_kerb plugin should be configured with a <Location> directive like the folowing: <Location /idp/login/krb/negotiate> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on KrbMethodK5Passwd off KrbServiceName HTTP KrbAuthRealms $REALM_NAME Krb5KeyTab $KEYTAB_NAME KrbSaveCredentials off KrbConstrainedDelegation off Require valid-user ErrorDocument 401 /idp/login/krb/unauthorized </Location> Signed-off-by: Simo Sorce <simo@redhat.com>
* Add sample pam based login pluginSimo Sorce2014-01-241-0/+33
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Implement login plugin infrastructureSimo Sorce2014-01-243-2/+55
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Move template and user retrieval to page classSimo Sorce2013-12-181-2/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Initial user preferences infrastructureSimo Sorce2013-12-181-7/+20
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Use jinja2 as the templating systemSimo Sorce2013-12-111-0/+23
Add flashy css to indicate this is development stuff
generated by cgit (git 2.34.1) at 2024-11-16 20:17:39 +0000