ipsilon.git/templates/install, branch test The Ipsilon project Add request/response logging via cherrypy tool hooks 2015-01-26T18:34:06+00:00 John Dennis jdennis@redhat.com 2015-01-20T22:13:34+00:00 e85f190d8e081fbbfeadca24781266d1c3e1bba1 The ability to easily review the HTTP Ipsilon request and response is boon for development and issue debugging. Normally these HTTP conversations occur on SSL/TLS encrypted connections making it difficult to use other tools to view the traffic. Client side tools have known pitfalls (e.g. Firebug) and not all conversations are browser initiated (e.g. SAML ECP). Logging performed by the server hosting Ipsilon makes logging at the server level server specific (e.g. Apache's dumpio requires post-processing the log file to extract and reassamble the HTTP conversation). The best place to log requests and responses is within Ipsilon using the cherrypy framework Ipsilon is embedded in. Cherrypy provides user defined hooks that can be invoked at specific places in the request pipeline. We establish a hook at the last stage just before the response is written to the client, it logs the incoming request and outgoing response. Resolves: https://fedorahosted.org/ipsilon/ticket/44 Signed-off-by: John Dennis <jdennis@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The ability to easily review the HTTP Ipsilon request and response is
boon for development and issue debugging. Normally these HTTP
conversations occur on SSL/TLS encrypted connections making it
difficult to use other tools to view the traffic. Client side tools
have known pitfalls (e.g. Firebug) and not all conversations are
browser initiated (e.g. SAML ECP). Logging performed by the server
hosting Ipsilon makes logging at the server level server specific
(e.g. Apache's dumpio requires post-processing the log file to extract
and reassamble the HTTP conversation). The best place to log requests
and responses is within Ipsilon using the cherrypy framework
Ipsilon is embedded in. Cherrypy provides user defined hooks that can
be invoked at specific places in the request pipeline. We establish a
hook at the last stage just before the response is written to the
client, it logs the incoming request and outgoing response.

Resolves: https://fedorahosted.org/ipsilon/ticket/44

Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add support for Persona Identity Provider 2014-11-14T18:06:27+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2014-11-13T09:18:05+00:00 943158d19f879eb6ad515edeb59017671e4252c5 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add simple SqlSession implementation 2014-11-12T22:46:52+00:00 Simo Sorce simo@redhat.com 2014-11-10T19:57:53+00:00 5e0b9747121eab67c5a3ee3bb42a677e35da7fd6 This allows us to store session data in the DB. This way session data can be shared by multiple servers behind a balancer. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
This allows us to store session data in the DB. This way session data can
be shared by multiple servers behind a balancer.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add test to check a real database (pgsql) works 2014-11-12T22:46:47+00:00 Simo Sorce simo@redhat.com 2014-10-29T14:22:36+00:00 0087ad1e0824b4b1c49ce1468bfbb2e492ac7992 Change config template to e able to set up ipsilon with an extrenal database. For the easy install the database server must have 3 datbases configured, and named exactly: admincondif, userprefs, transactions If different names are required manual instalation will be necessary. Database URLs (including credentials) can be set using the new option named --database-url Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Change config template to e able to set up ipsilon with an extrenal
database.
For the easy install the database server must have 3 datbases configured,
and named exactly: admincondif, userprefs, transactions

If different names are required manual instalation will be necessary.
Database URLs (including credentials) can be set using the new option
named --database-url

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Make the template directory configurable 2014-10-24T16:03:28+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2014-10-10T18:21:25+00:00 e94243aa74e7a77fb6457e02f6f4201b3f063b96 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add transactions db default paths 2014-10-06T17:53:44+00:00 Simo Sorce simo@redhat.com 2014-09-25T18:36:32+00:00 a61d6f1b713836d0614eaa6f1ea033420e73dd6f Fixes installation and quickrun Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Fixes installation and quickrun

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Use an instance specific session id cookie name 2014-09-24T18:29:26+00:00 Simo Sorce simo@redhat.com 2014-08-01T14:22:04+00:00 5ab2d15611117e3d1b4cd263d2b4580af985f625 Avoids issues if multiple instances are used on the same server Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Avoids issues if multiple instances are used on the same server

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Confine session to the instance 2014-09-24T18:29:24+00:00 Simo Sorce simo@redhat.com 2014-08-01T14:19:53+00:00 afdeb5ac28a7b0e4648292ea60c028c21bf79c6f Set session path so that the session is sent only for the specific instance Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Set session path so that the session is sent only for the specific instance

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Rework remote_login and remove protect decorator 2014-08-27T20:31:57+00:00 Simo Sorce simo@redhat.com 2014-06-18T04:04:08+00:00 34bb81a826d023ce39714e1a6e027b19cf96a5fd The protect decorator was not really being used for anything, remove it. Change the way UserSession's remote_login() works. If called now it either sets a REMOTE_USER (if found) or nukes the current user data in the session. This means this function can be safely called only in a login plugin now. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
The protect decorator was not really being used for anything, remove it.

Change the way UserSession's remote_login() works.
If called now it either sets a REMOTE_USER (if found) or nukes the current
user data in the session.
This means this function can be safely called only in a login plugin now.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Strenghten default Security options in IDP 2014-06-17T18:51:10+00:00 Simo Sorce simo@redhat.com 2014-06-17T13:13:38+00:00 8a9b4fe36f1bd9b358b20333956af5602eb48a6c Always deny access to the IDP if not using SSL by default. Always turn on secure/httponly cookies by default. Add a switch to disable all security options for testing. Signed-off-by: Simo Sorce <simo@redhat.com> 
Always deny access to the IDP if not using SSL by default.
Always turn on secure/httponly cookies by default.
Add a switch to disable all security options for testing.

Signed-off-by: Simo Sorce <simo@redhat.com>