| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
With the switch to mod_auth_gssapi we aren't limited to only
negotiated Kerberos so name the plugin to reflect this.
https://fedorahosted.org/ipsilon/ticket/114
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our current default IdP metadata validity period is hardcoded to 30
days. This is very limiting for anything other than a test environment
unless there is a way to allow SPs to automatically fetch updated metadata
on a regular interval.
This patch increases the default validity period to 5 years. In addition,
a new option for ipsilon-server-install is provided to allow a different
validity period to be specified.
https://fedorahosted.org/ipsilon/ticket/103
Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Perform Single Logout for the current user when a logout is initiated
in the IdP.
A fake initial session is created. In the current logout code the
initial logout requestor holds the final redirect URL. In this case
it redirects back to the root IdP page.
https://fedorahosted.org/ipsilon/ticket/87
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/ipsilon/ticket/27
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This also makes persistent the default NameID format when generating
metadata.
https://fedorahosted.org/ipsilon/ticket/27
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/ipsilon/ticket/26
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
| |
As part of this, made all plugins use a Installer baseclass.
https://fedorahosted.org/ipsilon/ticket/38
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/ipsilon/ticket/24
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/ipsilon/ticket/24
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
Also regenerate it frequently, so that any change in configuration can be
automatically reflected in the metadata downloaded my clients over time.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move most plugin enablement and initialization code in plugin.py to
reduce code duplication and simplify and unifify plugin enablement
for all base plugin types (login, info, providers).
This patch breaks backwards compatibility as it changes how the list
of enabled plugins is stored in the database tables.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fork a PluginConfig class out of PluginObject, the base object now supports
a simple dictionary config, while using PluginConfig provide access to
structured util.config based configuration.
Change UI code that deal with plugins configuration to properly use the new
structured config objects in order to represent data in appropriate format
based on the data type.
Use the new util.config objects to represent plugins configuration.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
|
|
|
|
| |
All we care about in configure is to store the config in the db,
so skip setting the config explicitly in the plugin object and go
straight to the database.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This is to allow different default headers between Admin pages and
other pages.
In particular we set no-caching headers to all admin pages to force
browsers to refresh as often as possible.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
|
|
| |
This fixes enabling a provider after the sever is started.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
|
|
| |
Makes lint happier
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
|
|
|
|
|
|
| |
Always deny access to the IDP if not using SSL by default.
Always turn on secure/httponly cookies by default.
Add a switch to disable all security options for testing.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
| |
This should be used only for testing purposes
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
At some point a '/' got lost, causing the generation of wrong endpoints.
Clients would then be redirected to an unexisting path and get a 404.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
| |
Add a map that takes care of the lower level lasso-related details
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
This will allow to easly share the module with install tools, without the
need to install server side modules in clients
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
If debug is enabled make lasso spit debug messages to stderr too, to aid
admins in resolving issues related to saml2 issues, like finding out why
a metadata file may be rejected.
This is very simple for now, a future enhancement may involve piping the
logs into a calss so they can be spat out as feedback to users.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds:
- helper functions to create new providers
- separate IdentityProvider class to represent the IDP.
Database changes:
The saml2 plugin database now contain the metadata file contents and does not
rely anymore on on-disk data.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
| |
Certificates are already contained in the metadata.xml file
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Creates the storage directory if not availble
Generates new IDP certificate
Generate metadata file
Fixups permissions
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
| |
This class allows to represent a service provider and its associated policy
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|