From 8a9b4fe36f1bd9b358b20333956af5602eb48a6c Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 17 Jun 2014 09:13:38 -0400
Subject: Strenghten default Security options in IDP

Always deny access to the IDP if not using SSL by default.
Always turn on secure/httponly cookies by default.
Add a switch to disable all security options for testing.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 ipsilon/providers/saml2idp.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'ipsilon/providers/saml2idp.py')

diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index e89fe0c..a94a0a4 100755
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -246,9 +246,6 @@ class Installer(object):
     def install_args(self, group):
         group.add_argument('--saml2', choices=['yes', 'no'], default='yes',
                            help='Configure SAML2 Provider')
-        group.add_argument('--saml2-secure',
-                           choices=['yes', 'no'], default='yes',
-                           help='Configure SAML2 Provider')
 
     def configure(self, opts):
         if opts['saml2'] != 'yes':
@@ -265,7 +262,7 @@ class Installer(object):
 
         # Generate Idp Metadata
         proto = 'https'
-        if opts['saml2_secure'].lower() == 'no':
+        if opts['secure'].lower() == 'no':
             proto = 'http'
         url = '%s://%s/%s/saml2' % (proto, opts['hostname'], opts['instance'])
         meta = metadata.Metadata(metadata.IDP_ROLE)
-- 
cgit