diff options
| author | Nathan Kinder <nkinder@redhat.com> | 2015-03-14 10:00:51 -0700 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2015-03-18 17:49:43 -0400 |
| commit | 7f146bcbe3ae20db27e2daf294c19a40ccd419e6 (patch) | |
| tree | a36b960ea52998fd75529569fc5c44146b00988d | |
| parent | acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6 (diff) | |
| download | ipsilon-7f146bcbe3ae20db27e2daf294c19a40ccd419e6.tar.gz ipsilon-7f146bcbe3ae20db27e2daf294c19a40ccd419e6.tar.xz ipsilon-7f146bcbe3ae20db27e2daf294c19a40ccd419e6.zip | |
Allow SP installation to be on non-standard ports
When setting up a SP using ipsilon-client-install, there is no
ability to use a non-standard port. We should allow a port number
to be specified that results in the proper URLs in the SP metadata.
This patch adds a --port option to ipsilon-client-install. This is
used in the construction of the URLs used in the SP metadata as well
as in the httpd redirect rules if httpd is being configured.
https://fedorahosted.org/ipsilon/ticket/92
Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
| -rwxr-xr-x | ipsilon/install/ipsilon-client-install | 21 | ||||
| -rw-r--r-- | templates/install/saml2/sp.conf | 4 |
2 files changed, 21 insertions, 4 deletions
diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install index f7d9883..2390992 100755 --- a/ipsilon/install/ipsilon-client-install +++ b/ipsilon/install/ipsilon-client-install @@ -88,7 +88,12 @@ def saml2(): proto = 'https' if not args['saml_secure_setup']: proto = 'http' - url = '%s://%s' % (proto, args['hostname']) + + port_str = '' + if args['port']: + port_str = ':%s' % args['port'] + + url = '%s://%s%s' % (proto, args['hostname'], port_str) url_sp = url + args['saml_sp'] url_logout = url + args['saml_sp_logout'] url_post = url + args['saml_sp_post'] @@ -126,6 +131,11 @@ def saml2(): saml_secure = 'Off' ssl_require = '#' ssl_rewrite = '#' + if args['port']: + ssl_port = args['port'] + else: + ssl_port = '443' + if args['saml_secure_setup']: saml_secure = 'On' ssl_require = '' @@ -142,7 +152,9 @@ def saml2(): 'saml_auth': saml_auth, 'ssl_require': ssl_require, 'ssl_rewrite': ssl_rewrite, + 'ssl_port': ssl_port, 'sp_hostname': args['hostname'], + 'sp_port': port_str, 'sp': psp} files.write_from_template(SAML2_CONFFILE, SAML2_TEMPLATE, samlopts) @@ -233,6 +245,8 @@ def parse_args(): action='version', version='%(prog)s 0.1') parser.add_argument('--hostname', default=socket.getfqdn(), help="Machine's fully qualified host name") + parser.add_argument('--port', default=None, + help="Port number that SP listens on") parser.add_argument('--admin-user', default='admin', help="Account allowed to create a SP") parser.add_argument('--httpd-user', default='apache', @@ -268,7 +282,10 @@ def parse_args(): args = parse_config_profile(args) if len(args['hostname'].split('.')) < 2: - raise ValueError('Hostname: %s is not a FQDN.') + raise ValueError('Hostname: %s is not a FQDN.' % args['hostname']) + + if args['port'] and not args['port'].isdigit(): + raise ValueError('Port number: %s is not an integer.' % args['port']) # Validate that all path options begin with '/' path_args = ['saml_base', 'saml_auth', 'saml_sp', 'saml_sp_logout', diff --git a/templates/install/saml2/sp.conf b/templates/install/saml2/sp.conf index d7872cc..a7adaf9 100644 --- a/templates/install/saml2/sp.conf +++ b/templates/install/saml2/sp.conf @@ -30,5 +30,5 @@ ${sp}</Directory> # Redirect requests to the secure port ${ssl_rewrite}RewriteEngine on -${ssl_rewrite}RewriteCond %{SERVER_PORT} !^443$$ -${ssl_rewrite}RewriteRule ^${saml_base}(.*) https://${sp_hostname}${saml_base}$$1 [L,R=301,NC] +${ssl_rewrite}RewriteCond %{SERVER_PORT} !^${ssl_port}$$ +${ssl_rewrite}RewriteRule ^${saml_base}(.*) https://${sp_hostname}${sp_port}${saml_base}$$1 [L,R=301,NC] |