.git, branch ticket_87 Unnamed repository; edit this file 'description' to name the repository. IdP-initiated logout for current user 2015-03-31T16:53:00+00:00 Rob Crittenden rcritten@redhat.com 2015-03-30T15:42:10+00:00 c44b299b7ee92edae70c726ac359a9eb9489b5b7 Perform Single Logout for the current user when a logout is initiated in the IdP. A fake initial session is created. In the current logout code the initial logout requestor holds the final redirect URL. In this case it redirects back to the root IdP page. https://fedorahosted.org/ipsilon/ticket/87 Signed-off-by: Rob Crittenden <rcritten@redhat.com> 
Perform Single Logout for the current user when a logout is initiated
in the IdP.

A fake initial session is created. In the current logout code the
initial logout requestor holds the final redirect URL. In this case
it redirects back to the root IdP page.

https://fedorahosted.org/ipsilon/ticket/87

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Use all SSSD domains for info plugin by default. 2015-03-27T18:47:11+00:00 Rob Crittenden rcritten@redhat.com 2015-03-26T19:36:02+00:00 db41f6ea5ac2b4648350900791e32a83d0974e14 Rather than requiring --info-sssd-domain as an argument make it an optional argument, defaulting to enabling all SSSD domains. Convert the argument from a single value into a list so that multiple invocations can be made and all domains in the list will be enabled. There is still the possibility that failures in configuring a domain will occur (no domain found, for example) and these are considered "soft" failures. That is it won't abort the server installation. https://fedorahosted.org/ipsilon/ticket/78 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Rather than requiring --info-sssd-domain as an argument make it
an optional argument, defaulting to enabling all SSSD domains.

Convert the argument from a single value into a list so that multiple
invocations can be made and all domains in the list will be enabled.

There is still the possibility that failures in configuring a domain
will occur (no domain found, for example) and these are considered
"soft" failures. That is it won't abort the server installation.

https://fedorahosted.org/ipsilon/ticket/78

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add a method to Installer classes to validate argument input 2015-03-27T18:46:52+00:00 Rob Crittenden rcritten@redhat.com 2015-03-26T18:55:27+00:00 101022e3bf4dfe3f0c56ffb61abbf358a3b1ab26 There was no way to validate argument input from plugins and cause the installer to bail out. If a plugin needs to validate some input it can use the validate_args() method and raise ConfigurationError() if an issue is found. https://fedorahosted.org/ipsilon/ticket/78 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
There was no way to validate argument input from plugins and
cause the installer to bail out. If a plugin needs to validate
some input it can use the validate_args() method and raise
ConfigurationError() if an issue is found.

https://fedorahosted.org/ipsilon/ticket/78

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Try to return a redirect instead a 400 for "not logged in" state 2015-03-27T18:43:26+00:00 Rob Crittenden rcritten@redhat.com 2015-03-25T21:29:22+00:00 83ac397cd5904cbbaa5a21adcac73815dda9fa63 If the user is not logged in and submits a valid logout request then just redirect the user to the RelayState in the request indicating that the logout was successful. This provides a better user experience. https://fedorahosted.org/ipsilon/ticket/88 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
If the user is not logged in and submits a valid logout request
then just redirect the user to the RelayState in the request
indicating that the logout was successful. This provides a better
user experience.

https://fedorahosted.org/ipsilon/ticket/88

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add tests for Name ID functionality 2015-03-24T13:42:24+00:00 Rob Crittenden rcritten@redhat.com 2015-03-19T19:20:28+00:00 0f56ef9942ee631a9306806bea8f3bb8e7b81076 Some Name ID formats are not implemented so are expected to fail. Kerberos is implemented but the test is done using form authentication so no Kerberos principal is available so authentication is denied. https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Some Name ID formats are not implemented so are expected to fail.

Kerberos is implemented but the test is done using form authentication
so no Kerberos principal is available so authentication is denied.

https://fedorahosted.org/ipsilon/ticket/27

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Make unspecified the default Name ID format, add to enabled list 2015-03-23T22:00:34+00:00 Rob Crittenden rcritten@redhat.com 2015-03-23T21:25:55+00:00 424a03e5bd141bfa80220816d6e9bd6be9aa256f https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
https://fedorahosted.org/ipsilon/ticket/27

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Allow user to specify Name ID format when configuring SP. 2015-03-23T22:00:27+00:00 Rob Crittenden rcritten@redhat.com 2015-03-19T19:19:24+00:00 cc527bd439314e45dc9f88599f9a3c03eb9b6220 https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
https://fedorahosted.org/ipsilon/ticket/27

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Implement urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified 2015-03-23T22:00:21+00:00 Rob Crittenden rcritten@redhat.com 2015-03-23T17:57:12+00:00 704452cfa38a1d880fab920dab25f670f4fbc519 Return the name the user authenticated with. https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Return the name the user authenticated with.

https://fedorahosted.org/ipsilon/ticket/27

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Implement urn:oasis:names:tc:SAML:2.0:nameid-format:persistent 2015-03-23T22:00:15+00:00 Rob Crittenden rcritten@redhat.com 2015-03-19T19:15:26+00:00 217cabe5a2b0950b9ac4090568aa8986d51f4fc5 This also makes persistent the default NameID format when generating metadata. https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
This also makes persistent the default NameID format when generating
metadata.

https://fedorahosted.org/ipsilon/ticket/27

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Implement urn:oasis:names:tc:SAML:2.0:nameid-format:transient 2015-03-23T22:00:06+00:00 Rob Crittenden rcritten@redhat.com 2015-03-18T14:16:38+00:00 2ab0852570e3e18dfd7d959ae7c3bd62ea33dcca NameQualifier and SPNameQualifier are optional and are not included. https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
NameQualifier and SPNameQualifier are optional and are not included.

https://fedorahosted.org/ipsilon/ticket/27

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>