diff options
author | Simo Sorce <simo@redhat.com> | 2014-06-17 09:13:38 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-06-17 14:51:10 -0400 |
commit | 8a9b4fe36f1bd9b358b20333956af5602eb48a6c (patch) | |
tree | 48342203d5526a67bab7c89e32c08652b1acd867 /templates/install | |
parent | 84d84fb79997679bb5eb3fd86f57bc01c1490dfc (diff) | |
download | ipsilon-8a9b4fe36f1bd9b358b20333956af5602eb48a6c.tar.gz ipsilon-8a9b4fe36f1bd9b358b20333956af5602eb48a6c.tar.xz ipsilon-8a9b4fe36f1bd9b358b20333956af5602eb48a6c.zip |
Strenghten default Security options in IDP
Always deny access to the IDP if not using SSL by default.
Always turn on secure/httponly cookies by default.
Add a switch to disable all security options for testing.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'templates/install')
-rw-r--r-- | templates/install/idp.conf | 1 | ||||
-rw-r--r-- | templates/install/ipsilon.conf | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/templates/install/idp.conf b/templates/install/idp.conf index c49992b..19af096 100644 --- a/templates/install/idp.conf +++ b/templates/install/idp.conf @@ -5,6 +5,7 @@ ${wsgi_socket} <Location /${instance}> WSGIProcessGroup ${instance} +${sslrequiressl} </Location> <Directory ${ipsilondir}> diff --git a/templates/install/ipsilon.conf b/templates/install/ipsilon.conf index 357a3a7..8ab17d1 100644 --- a/templates/install/ipsilon.conf +++ b/templates/install/ipsilon.conf @@ -11,4 +11,6 @@ tools.sessions.on = True tools.sessions.storage_type = "file" tools.sessions.storage_path = "${datadir}/sessions" tools.sessions.timeout = 60 +tools.sessions.httponly = ${secure} +tools.sessions.secure = ${secure} tools.protect.on = True |