summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathan Kinder <nkinder@redhat.com>2015-03-14 10:00:51 -0700
committerRob Crittenden <rcritten@redhat.com>2015-03-18 17:49:43 -0400
commit7f146bcbe3ae20db27e2daf294c19a40ccd419e6 (patch)
treea36b960ea52998fd75529569fc5c44146b00988d
parentacd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6 (diff)
downloadipsilon-7f146bcbe3ae20db27e2daf294c19a40ccd419e6.zip
ipsilon-7f146bcbe3ae20db27e2daf294c19a40ccd419e6.tar.gz
ipsilon-7f146bcbe3ae20db27e2daf294c19a40ccd419e6.tar.xz
Allow SP installation to be on non-standard ports
When setting up a SP using ipsilon-client-install, there is no ability to use a non-standard port. We should allow a port number to be specified that results in the proper URLs in the SP metadata. This patch adds a --port option to ipsilon-client-install. This is used in the construction of the URLs used in the SP metadata as well as in the httpd redirect rules if httpd is being configured. https://fedorahosted.org/ipsilon/ticket/92 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
-rwxr-xr-xipsilon/install/ipsilon-client-install21
-rw-r--r--templates/install/saml2/sp.conf4
2 files changed, 21 insertions, 4 deletions
diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install
index f7d9883..2390992 100755
--- a/ipsilon/install/ipsilon-client-install
+++ b/ipsilon/install/ipsilon-client-install
@@ -88,7 +88,12 @@ def saml2():
proto = 'https'
if not args['saml_secure_setup']:
proto = 'http'
- url = '%s://%s' % (proto, args['hostname'])
+
+ port_str = ''
+ if args['port']:
+ port_str = ':%s' % args['port']
+
+ url = '%s://%s%s' % (proto, args['hostname'], port_str)
url_sp = url + args['saml_sp']
url_logout = url + args['saml_sp_logout']
url_post = url + args['saml_sp_post']
@@ -126,6 +131,11 @@ def saml2():
saml_secure = 'Off'
ssl_require = '#'
ssl_rewrite = '#'
+ if args['port']:
+ ssl_port = args['port']
+ else:
+ ssl_port = '443'
+
if args['saml_secure_setup']:
saml_secure = 'On'
ssl_require = ''
@@ -142,7 +152,9 @@ def saml2():
'saml_auth': saml_auth,
'ssl_require': ssl_require,
'ssl_rewrite': ssl_rewrite,
+ 'ssl_port': ssl_port,
'sp_hostname': args['hostname'],
+ 'sp_port': port_str,
'sp': psp}
files.write_from_template(SAML2_CONFFILE, SAML2_TEMPLATE, samlopts)
@@ -233,6 +245,8 @@ def parse_args():
action='version', version='%(prog)s 0.1')
parser.add_argument('--hostname', default=socket.getfqdn(),
help="Machine's fully qualified host name")
+ parser.add_argument('--port', default=None,
+ help="Port number that SP listens on")
parser.add_argument('--admin-user', default='admin',
help="Account allowed to create a SP")
parser.add_argument('--httpd-user', default='apache',
@@ -268,7 +282,10 @@ def parse_args():
args = parse_config_profile(args)
if len(args['hostname'].split('.')) < 2:
- raise ValueError('Hostname: %s is not a FQDN.')
+ raise ValueError('Hostname: %s is not a FQDN.' % args['hostname'])
+
+ if args['port'] and not args['port'].isdigit():
+ raise ValueError('Port number: %s is not an integer.' % args['port'])
# Validate that all path options begin with '/'
path_args = ['saml_base', 'saml_auth', 'saml_sp', 'saml_sp_logout',
diff --git a/templates/install/saml2/sp.conf b/templates/install/saml2/sp.conf
index d7872cc..a7adaf9 100644
--- a/templates/install/saml2/sp.conf
+++ b/templates/install/saml2/sp.conf
@@ -30,5 +30,5 @@ ${sp}</Directory>
# Redirect requests to the secure port
${ssl_rewrite}RewriteEngine on
-${ssl_rewrite}RewriteCond %{SERVER_PORT} !^443$$
-${ssl_rewrite}RewriteRule ^${saml_base}(.*) https://${sp_hostname}${saml_base}$$1 [L,R=301,NC]
+${ssl_rewrite}RewriteCond %{SERVER_PORT} !^${ssl_port}$$
+${ssl_rewrite}RewriteRule ^${saml_base}(.*) https://${sp_hostname}${sp_port}${saml_base}$$1 [L,R=301,NC]