ipsilon.git - The Ipsilon project

	Commit message (Collapse)	Author	Age	Files	Lines
*	SP uninstall attempts to run install	Nathan Kinder	2015-03-31	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \|	When running 'ipsilon-client-install --uninstall' to uninstall a SP, we call the install routine again after completing the uninstallation. This leads to confusing error messages about missing required options. This patch corrects the uninstallation logic. https://fedorahosted.org/ipsilon/ticket/100 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
*	Allow user to specify Name ID format when configuring SP.	Rob Crittenden	2015-03-23	1	-0/+4
\| \| \| \| \| \| \|	https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
*	Allow SP installation to be on non-standard ports	Nathan Kinder	2015-03-18	1	-2/+19
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	When setting up a SP using ipsilon-client-install, there is no ability to use a non-standard port. We should allow a port number to be specified that results in the proper URLs in the SP metadata. This patch adds a --port option to ipsilon-client-install. This is used in the construction of the URLs used in the SP metadata as well as in the httpd redirect rules if httpd is being configured. https://fedorahosted.org/ipsilon/ticket/92 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
*	Validate SP path settings during installation	Nathan Kinder	2015-03-11	1	-0/+21
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	There are a number of URL path options that can be specified as options when running ipsilon-client-install. There are certain rules that must be followed to result in a valid mod_auth_mellon configuration: - All path options must be prefixed with '/'. - The mellon endpoint path (--saml-sp) must be a subpath of the httpd 'Location' element is it contained within (--saml-base). - The logout (--saml-sp-logout) and post (--saml-sp-post) paths must be subpaths of the mellon endpoint (--saml-sp). This adds validation for all of the above rules. https://fedorahosted.org/ipsilon/ticket/82 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
*	Add Cache-Control header to prevent browser caching of SAML auth location	Nathan Kinder	2015-03-10	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	We should prevent browser caching of the SAML auth location that we configure for an SP. This can be easily done by adding the following directive to that location in the httpd config: Header append Cache-Control "no-cache" https://fedorahosted.org/ipsilon/ticket/81 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
*	Require SSL on SP when using --saml-secure-setup	Nathan Kinder	2015-03-10	1	-0/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	If ipsilon-client-install is used with the --saml-secure-setup option (which is set by default), only https connections will work for authentication. We are not setting the SSLRequireSSL directive though, so we set mellon up to fail. This patch adds the SSLRequireSSL directive to the SP config when --saml-secure-setup is specified. In addition, we add a rewrite rule to rewrite http requests to https for the SP. https://fedorahosted.org/ipsilon/ticket/80 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
*	Add support for passing configuration profile	Simo Sorce	2014-06-04	1	-0/+42
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The new option --config-profile accepts a INI style file, so that installation options are passed in via a file. this is useful for testing and automated installs. This file can have 2 sections: globals, arguments. The globals section can change global variable in the install script like: TEMPLATES, CONFDIR, DATADIR, HTTPDCONFD and so on, so that an installation can use non-standad directories. The argumets section accepts any argument option. The config profile file is parsed after all arguments have parsed and can override any plugin argument. Signed-off-by: Simo Sorce <simo@redhat.com>
*	Allow turning off security at install time	Simo Sorce	2014-06-04	1	-1/+11
\| \| \| \| \| \|	This should be used only for testing purposes Signed-off-by: Simo Sorce <simo@redhat.com>
*	Always use saml by default	Simo Sorce	2014-05-01	1	-5/+5
\| \| \| \|	Signed-off-by: Simo Sorce <simo@redhat.com>
*	Fix typo in ipsilon-client-install	Simo Sorce	2014-05-01	1	-1/+2
\| \| \| \|	Signed-off-by: Simo Sorce <simo@redhat.com>
*	Move templatized file creation to tools	Simo Sorce	2014-04-21	1	-15/+10
\| \| \| \|	Signed-off-by: Simo Sorce <simo@redhat.com>
*	Move fixing files functionality to tools	Simo Sorce	2014-04-21	1	-10/+1
\| \| \| \|	Signed-off-by: Simo Sorce <simo@redhat.com>
*	Add basic installation script with saml support	Simo Sorce	2014-04-11	1	-0/+259
	Generates (self signed) certificates and a metdata.xml file. Optionally configures an Apache Httpd server. If the admin does not configure a specific application at install time a default landing page is made available to be able to test that the SP configuration works. Uninstall removes all certificates and metadata file and is irreversible.