summaryrefslogtreecommitdiffstats
path: root/ipsilon/install
Commit message (Collapse)AuthorAgeFilesLines
* Add options to explicitly set database uris during installPatrick Uiterwijk2015-03-301-7/+13
| | | | | | | | | Also offer the option to set the OpenID database URI during install https://fedorahosted.org/ipsilon/ticket/17 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
* Add a method to Installer classes to validate argument inputRob Crittenden2015-03-271-0/+5
| | | | | | | | | | | | There was no way to validate argument input from plugins and cause the installer to bail out. If a plugin needs to validate some input it can use the validate_args() method and raise ConfigurationError() if an issue is found. https://fedorahosted.org/ipsilon/ticket/78 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Allow user to specify Name ID format when configuring SP.Rob Crittenden2015-03-231-0/+4
| | | | | | | https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Implement urn:oasis:names:tc:SAML:2.0:nameid-format:persistentRob Crittenden2015-03-231-1/+2
| | | | | | | | | | This also makes persistent the default NameID format when generating metadata. https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Allow SP installation to be on non-standard portsNathan Kinder2015-03-181-2/+19
| | | | | | | | | | | | | | | When setting up a SP using ipsilon-client-install, there is no ability to use a non-standard port. We should allow a port number to be specified that results in the proper URLs in the SP metadata. This patch adds a --port option to ipsilon-client-install. This is used in the construction of the URLs used in the SP metadata as well as in the httpd redirect rules if httpd is being configured. https://fedorahosted.org/ipsilon/ticket/92 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
* Validate SP path settings during installationNathan Kinder2015-03-111-0/+21
| | | | | | | | | | | | | | | | | | | | | | There are a number of URL path options that can be specified as options when running ipsilon-client-install. There are certain rules that must be followed to result in a valid mod_auth_mellon configuration: - All path options must be prefixed with '/'. - The mellon endpoint path (--saml-sp) must be a subpath of the httpd 'Location' element is it contained within (--saml-base). - The logout (--saml-sp-logout) and post (--saml-sp-post) paths must be subpaths of the mellon endpoint (--saml-sp). This adds validation for all of the above rules. https://fedorahosted.org/ipsilon/ticket/82 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add Cache-Control header to prevent browser caching of SAML auth locationNathan Kinder2015-03-101-0/+1
| | | | | | | | | | | | | We should prevent browser caching of the SAML auth location that we configure for an SP. This can be easily done by adding the following directive to that location in the httpd config: Header append Cache-Control "no-cache" https://fedorahosted.org/ipsilon/ticket/81 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
* Require SSL on SP when using --saml-secure-setupNathan Kinder2015-03-101-0/+7
| | | | | | | | | | | | | | | | If ipsilon-client-install is used with the --saml-secure-setup option (which is set by default), only https connections will work for authentication. We are not setting the SSLRequireSSL directive though, so we set mellon up to fail. This patch adds the SSLRequireSSL directive to the SP config when --saml-secure-setup is specified. In addition, we add a rewrite rule to rewrite http requests to https for the SP. https://fedorahosted.org/ipsilon/ticket/80 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
* Add uninstallation support.Patrick Uiterwijk2015-02-261-3/+58
| | | | | | | | | As part of this, made all plugins use a Installer baseclass. https://fedorahosted.org/ipsilon/ticket/38 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
* Let the plugin configure calls notice failures.Rob Crittenden2015-02-131-4/+8
| | | | | | | | | | | | The call to configure the info/login/auth/provider plugins had no way of recognizing that the configuration failed. Have it check for an explicit False return value as an indication of failure. This lets the configuration plugin do a simple return (None) if it isn't enabled. Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix some copy-paste errors in help outputPatrick Uiterwijk2015-01-191-1/+1
| | | | | | | Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> https://fedorahosted.org/ipsilon/ticket/33
* Add support for Persona Identity ProviderPatrick Uiterwijk2014-11-141-0/+9
| | | | | Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add simple SqlSession implementationSimo Sorce2014-11-121-0/+12
| | | | | | | | This allows us to store session data in the DB. This way session data can be shared by multiple servers behind a balancer. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add test to check a real database (pgsql) worksSimo Sorce2014-11-121-1/+10
| | | | | | | | | | | | | | Change config template to e able to set up ipsilon with an extrenal database. For the easy install the database server must have 3 datbases configured, and named exactly: admincondif, userprefs, transactions If different names are required manual instalation will be necessary. Database URLs (including credentials) can be set using the new option named --database-url Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Refactor the data store a bitSimo Sorce2014-09-241-2/+2
| | | | | | | | | | | Reduce code duplication, and clearly separates admin and user dbs. Move plugin wrapper away and let plugin code use native functions. This patch also changes the indexed data to use a uuid and assumes 2 identical uuid cannot be created concurrently. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add Info Provider plugin frameworkSimo Sorce2014-09-241-0/+7
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Strenghten default Security options in IDPSimo Sorce2014-06-171-0/+9
| | | | | | | | Always deny access to the IDP if not using SSL by default. Always turn on secure/httponly cookies by default. Add a switch to disable all security options for testing. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix non-'make test' installationSimo Sorce2014-06-171-0/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add server install option to turn on debuggingSimo Sorce2014-06-061-1/+4
| | | | | | | Use this in the testsuite so we can get meaningful output in the logs when something fails. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add basic testing infrastructureSimo Sorce2014-06-041-0/+3
| | | | | | | | | | | | | | make test will now run some sanity tests to make sure basic installation procedures work in a sinthetic test environment. Adds: - custom httpd setup for tests - use profiles to driver ipsilon servers and clients installation - starts multiple httpd servers This way we can test interaction between IDP and SP servers Signed-off-by: Simo Sorce <simo@redhat.com>
* Additional parametrization of template filesSimo Sorce2014-06-041-1/+7
| | | | | | To allow for testing in a custom rootdir, and with a custom user. Signed-off-by: Simo Sorce <simo@redhat.com>
* Do not make directory unwritableSimo Sorce2014-06-041-1/+1
| | | | | | | | This does not stop the user, but makes it hard to deal wit the directory in testing. Let file fixing use the default 700 permissions. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add support for passing configuration profileSimo Sorce2014-06-042-0/+75
| | | | | | | | | | | | | | | | | | The new option --config-profile accepts a INI style file, so that installation options are passed in via a file. this is useful for testing and automated installs. This file can have 2 sections: globals, arguments. The globals section can change global variable in the install script like: TEMPLATES, CONFDIR, DATADIR, HTTPDCONFD and so on, so that an installation can use non-standad directories. The argumets section accepts any argument option. The config profile file is parsed after all arguments have parsed and can override any plugin argument. Signed-off-by: Simo Sorce <simo@redhat.com>
* Allow turning off security at install timeSimo Sorce2014-06-041-1/+11
| | | | | | This should be used only for testing purposes Signed-off-by: Simo Sorce <simo@redhat.com>
* Remind the user to restart HTTPD when doneSimo Sorce2014-05-071-0/+1
| | | | | | | On a successful install you need to retsart apache to enable the instance, remind the user that is necessary. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add Environment Helpers installer frameworkSimo Sorce2014-05-011-2/+7
| | | | | | | | | | | | | | | Environment helpers are meta-plugins that allow to set ipsilon in well defined environments. For example when ipsilon is install in a FreeIPA or AD domains and authentication methods, cetificate, keytabs etc, can be pre-configured and deployed at the same time the server is installed with minimal effort and wellknown methods. These are run before any of the other plugins as they can chage the configuration option for any of the plugins, enable or disable plugins, or pre-configure some elements. Signed-off-by: Simo Sorce <simo@redhat.com>
* Always use saml by defaultSimo Sorce2014-05-011-5/+5
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Make SELinux happySimo Sorce2014-05-011-0/+5
| | | | | | | | | | Add proper context to shared state directories so that httpd can write there. Relax SElinux boolans to allow use of pam modules This allows running Ipsilon in fully enforcing mode when pam auth using the python-pam modules is used. Signed-off-by: Simo Sorce <simo@redhat.com>
* Avoid failing install if sessions directory existsSimo Sorce2014-05-011-1/+3
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix typo in ipsilon-client-installSimo Sorce2014-05-011-1/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Make it easy to install mutiple server instancesSimo Sorce2014-04-211-5/+28
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Move templatized file creation to toolsSimo Sorce2014-04-211-15/+10
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Move fixing files functionality to toolsSimo Sorce2014-04-211-10/+1
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add basic installation script with saml supportSimo Sorce2014-04-111-0/+259
| | | | | | | | | Generates (self signed) certificates and a metdata.xml file. Optionally configures an Apache Httpd server. If the admin does not configure a specific application at install time a default landing page is made available to be able to test that the SP configuration works. Uninstall removes all certificates and metadata file and is irreversible.
* Rename scripts and mark them as suchSimo Sorce2014-04-112-0/+0
| | | | | | | | | | | | Mark actual top level scripts as such instead of disguising them as modules. Also remove __init__.py from ipsilon/install as this is not a module just the place where install scripts are kept, for now. Note: Scripts are installed in the bin directory but the contrib spec file moves them to sbin. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add a default admin user at install timeSimo Sorce2014-03-211-0/+10
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add Krb configuration codeSimo Sorce2014-03-201-3/+3
|
* Add user configuration optionSimo Sorce2014-03-201-0/+8
| | | | | | | This allow to specifify what system user should be used to configure the ipsilon server to run as. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add hostname configuration optionSimo Sorce2014-03-201-0/+9
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Silence cherrypy logging to the screenSimo Sorce2014-03-201-0/+5
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Install default configuration filesSimo Sorce2014-03-201-0/+28
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add logging and install/uninstall targetsSimo Sorce2014-03-201-3/+90
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add server-install plugin configuration supportSimo Sorce2014-03-201-2/+44
| | | | | | | Automatically find plugins installed in the system and exposes their installation and configuration functions through the installer. Signed-off-by: Simo Sorce <simo@redhat.com>
* First install script commitSimo Sorce2014-03-202-0/+34
Signed-off-by: Simo Sorce <simo@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-24 01:51:29 +0000