diff options
| author | Simo Sorce <simo@redhat.com> | 2014-05-30 10:09:18 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-06-04 10:26:34 -0400 |
| commit | ca38224edc22e794c77418d30c2034cdba7ebe67 (patch) | |
| tree | 8aabd122c87425b0cbaecd2e2974ba36f427cb89 | |
| parent | 5c0898a8e0fa977911fde7c24123f834e4792948 (diff) | |
| download | ipsilon-ca38224edc22e794c77418d30c2034cdba7ebe67.tar.gz ipsilon-ca38224edc22e794c77418d30c2034cdba7ebe67.tar.xz ipsilon-ca38224edc22e794c77418d30c2034cdba7ebe67.zip | |
Allow turning off security at install time
This should be used only for testing purposes
Signed-off-by: Simo Sorce <simo@redhat.com>
| -rwxr-xr-x | ipsilon/install/ipsilon-client-install | 12 | ||||
| -rwxr-xr-x | ipsilon/providers/saml2idp.py | 8 | ||||
| -rw-r--r-- | templates/install/saml2/sp.conf | 2 |
3 files changed, 19 insertions, 3 deletions
diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install index d48df1b..2b3d2f2 100755 --- a/ipsilon/install/ipsilon-client-install +++ b/ipsilon/install/ipsilon-client-install @@ -84,7 +84,10 @@ def saml2(): else: path = os.getcwd() - url = 'https://' + args['hostname'] + proto = 'https' + if not args['saml_secure_setup']: + proto = 'http' + url = '%s://%s' % (proto, args['hostname']) url_sp = url + args['saml_sp'] url_logout = url + args['saml_sp_logout'] url_post = url + args['saml_sp_post'] @@ -118,6 +121,10 @@ def saml2(): # default location, enable the default page psp = '' + saml_secure = 'Off' + if args['saml_secure_setup']: + saml_secure = 'On' + samlopts = {'saml_base': args['saml_base'], 'saml_protect': saml_protect, 'saml_sp_key': c.key, @@ -125,6 +132,7 @@ def saml2(): 'saml_sp_meta': sp_metafile, 'saml_idp_meta': idp_metafile, 'saml_sp': args['saml_sp'], + 'saml_secure_on': saml_secure, 'saml_auth': saml_auth, 'sp': psp} files.write_from_template(SAML2_CONFFILE, SAML2_TEMPLATE, samlopts) @@ -200,6 +208,8 @@ def parse_args(): help="Single Logout URL") parser.add_argument('--saml-sp-post', default='/saml2/postResponse', help="Post response URL") + parser.add_argument('--saml-secure-setup', action='store_true', + default=True, help="Turn on all security checks") parser.add_argument('--debug', action='store_true', default=False, help="Turn on script debugging") parser.add_argument('--uninstall', action='store_true', diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index b337652..e89fe0c 100755 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -246,6 +246,9 @@ class Installer(object): def install_args(self, group): group.add_argument('--saml2', choices=['yes', 'no'], default='yes', help='Configure SAML2 Provider') + group.add_argument('--saml2-secure', + choices=['yes', 'no'], default='yes', + help='Configure SAML2 Provider') def configure(self, opts): if opts['saml2'] != 'yes': @@ -261,7 +264,10 @@ class Installer(object): cert.generate('idp', opts['hostname']) # Generate Idp Metadata - url = 'https://' + opts['hostname'] + '/' + opts['instance'] + '/saml2' + proto = 'https' + if opts['saml2_secure'].lower() == 'no': + proto = 'http' + url = '%s://%s/%s/saml2' % (proto, opts['hostname'], opts['instance']) meta = metadata.Metadata(metadata.IDP_ROLE) meta.set_entity_id(url + '/metadata') meta.add_certs(cert, cert) diff --git a/templates/install/saml2/sp.conf b/templates/install/saml2/sp.conf index 57abdfd..73e6417 100644 --- a/templates/install/saml2/sp.conf +++ b/templates/install/saml2/sp.conf @@ -9,7 +9,7 @@ MellonEndpointPath ${saml_sp} MellonVariable "saml-sesion-cookie" # Comment out the next line if you want to allow logins on bare HTTP - MellonsecureCookie On + MellonsecureCookie ${saml_secure_on} MellonUser "NAME_ID" MellonIdP "IDP" MellonSessionLength 3600 |