ipsilon.git/ipsilon/providers, branch login_stacks The Ipsilon project Disallow iframes via X-Frame-Options and CSP by default 2015-04-24T17:10:34+00:00 Rob Crittenden rcritten@redhat.com 2015-04-23T20:42:27+00:00 44f663ac7dc5a6f28b25b083a21f6d9e912cff92 A decorator, allow_iframe, is also created so that specific pages can remove the deny values and allow operating within a frame. The Persona plugin relies on iframes and uses this decorator for all endpoints. https://fedorahosted.org/ipsilon/ticket/15 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
A decorator, allow_iframe, is also created so that specific
pages can remove the deny values and allow operating within
a frame.

The Persona plugin relies on iframes and uses this decorator
for all endpoints.

https://fedorahosted.org/ipsilon/ticket/15

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Use the new transaction convenience function in Persona 2015-04-24T17:08:27+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-04-23T21:25:04+00:00 b6d5f11ffe484e2ba7de14c7bac31c52461fe791 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Add test for per-SP allowed and mapping attributes 2015-04-10T14:41:22+00:00 Rob Crittenden rcritten@redhat.com 2015-04-09T19:11:39+00:00 1055b7bc810139d1e6ee3c225bcfba7b88e7aeab This buidls up a specific global mapping and allowed attributes then creates an SP-specific configuration which differs enough to confirm that it is in fact overriding the default. It finishes by removing the per-SP configuration and ensuring that it falls back to the IdP-default. https://fedorahosted.org/ipsilon/ticket/25 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
This buidls up a specific global mapping and allowed attributes then
creates an SP-specific configuration which differs enough to confirm
that it is in fact overriding the default. It finishes by removing the
per-SP configuration and ensuring that it falls back to the IdP-default.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
The last allowed/mapping rule can be removed in SPs 2015-04-10T14:41:09+00:00 Rob Crittenden rcritten@redhat.com 2015-04-08T20:13:55+00:00 348fcbcbaf5c686cdb077c9bed53ded95ad04b49 If you created rule(s) in an SP for either allowed attributes or attribute mapping there was no way to remove the last rule meaning it could never go back to use the global defaults. https://fedorahosted.org/ipsilon/ticket/25 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
If you created rule(s) in an SP for either allowed attributes or
attribute mapping there was no way to remove the last rule meaning
it could never go back to use the global defaults.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add per-SP attribute mapping and allowed attributes 2015-04-10T14:38:20+00:00 Rob Crittenden rcritten@redhat.com 2015-04-07T19:34:43+00:00 81ad559af403d4d62f21209d34ba00833e007300 The per-SP values are considered overrides and the global values are default. https://fedorahosted.org/ipsilon/ticket/25 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The per-SP values are considered overrides and the global values
are default.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Rename and move PluginConfig to ConfigHelper 2015-04-10T14:38:15+00:00 Rob Crittenden rcritten@redhat.com 2015-04-08T13:44:14+00:00 434bffc3b1ab4a74f0f23508e624e7427987aaf8 The configuration class was originally intended to be tied. At this point it is quite generic and useful outside of plugins. Rename it to something more generic and move it into the config module. https://fedorahosted.org/ipsilon/ticket/25 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The configuration class was originally intended to be tied. At this
point it is quite generic and useful outside of plugins. Rename
it to something more generic and move it into the config module.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Convert SAML2 SP Provider UI to use Config object 2015-04-10T14:38:07+00:00 Rob Crittenden rcritten@redhat.com 2015-04-07T19:33:32+00:00 e235c7be58ddf563ed6fd6d6f52dbc96497b0389 This makes the look-and-feel the same between the SAML2 configuration and the per-SP configuration. https://fedorahosted.org/ipsilon/ticket/25 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
This makes the look-and-feel the same between the SAML2 configuration
and the per-SP configuration.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Print exceptions when saving data fails in admin UI 2015-04-10T14:37:37+00:00 Rob Crittenden rcritten@redhat.com 2015-03-31T18:23:49+00:00 fa333f2d94885df6beb3d7ea29380e28fde651a4 There were places where a broad exception was caught when saving administrative changes but the actual exception wasn't logged. The user was presented only with a 'Failed to save data!' message. https://fedorahosted.org/ipsilon/ticket/39 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
There were places where a broad exception was caught when saving
administrative changes but the actual exception wasn't logged. The
user was presented only with a 'Failed to save data!' message.

https://fedorahosted.org/ipsilon/ticket/39

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
This was renamed to _groups internally 2015-04-10T00:53:37+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-04-10T00:47:29+00:00 34275a71299437e8371ba518ba301ed9d7c83f74 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Extend default SAML IdP metadata validity period 2015-04-08T23:48:29+00:00 Nathan Kinder nkinder@redhat.com 2015-04-07T18:53:52+00:00 d51e2b7ff3b1ea8b41bd43d2b554398fc9b3e636 Our current default IdP metadata validity period is hardcoded to 30 days. This is very limiting for anything other than a test environment unless there is a way to allow SPs to automatically fetch updated metadata on a regular interval. This patch increases the default validity period to 5 years. In addition, a new option for ipsilon-server-install is provided to allow a different validity period to be specified. https://fedorahosted.org/ipsilon/ticket/103 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Our current default IdP metadata validity period is hardcoded to 30
days.  This is very limiting for anything other than a test environment
unless there is a way to allow SPs to automatically fetch updated metadata
on a regular interval.

This patch increases the default validity period to 5 years.  In addition,
a new option for ipsilon-server-install is provided to allow a different
validity period to be specified.

https://fedorahosted.org/ipsilon/ticket/103
Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>