Add basic installation script with saml support

Generates (self signed) certificates and a metdata.xml file.
Optionally configures an Apache Httpd server.
If the admin does not configure a specific application at install time
a default landing page is made available to be able to test that the SP
configuration works.
Uninstall removes all certificates and metadata file and is irreversible.

1 files changed, 28 insertions, 0 deletions

diff --git a/templates/install/saml2/sp.conf b/templates/install/saml2/sp.conf
new file mode 100644
index 0000000..57abdfd
--- /dev/null
+++ b/templates/install/saml2/sp.conf
@@ -0,0 +1,28 @@
+# This is a server-wide configuration that will add information from the Mellon
+# session to all requests under this path.
+<Location ${saml_base}>
+    MellonEnable "${saml_protect}"
+    MellonSPPrivateKeyFile "${saml_sp_key}"
+    MellonSPCertFile "${saml_sp_cert}"
+    MellonSPMetadataFile "${saml_sp_meta}"
+    MellonIdPMetadataFile "${saml_idp_meta}"
+    MellonEndpointPath ${saml_sp}
+    MellonVariable "saml-sesion-cookie"
+    # Comment out the next line if you want to allow logins on bare HTTP
+    MellonsecureCookie On
+    MellonUser "NAME_ID"
+    MellonIdP "IDP"
+    MellonSessionLength 3600
+    # MellonNoCookieErrorPage "https://idp.example.com/no-cookie-error.html"
+    # MellonPostDirectory "/var/lib/ipsilon/post_cache"
+    # MellonPostReplay On
+</Location>
+
+${saml_auth}
+
+${sp}Alias /saml2protected /usr/share/ipsilon/ui/saml2sp
+${sp}
+${sp}<Directory /usr/share/ipsilon/ui/saml2sp>
+${sp}    SSLRequireSSL
+${sp}    Require all granted
+${sp}</Directory>