Allow turning off security at install time

[cascardo/ipsilon.git] / ipsilon / install / ipsilon-client-install

diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install
index b9cc4b6..2b3d2f2 100755 (executable)
--- a/ipsilon/install/ipsilon-client-install
+++ b/ipsilon/install/ipsilon-client-install
@@ -78,13 +78,16 @@ def saml2():
         raise
 
     path = None
-    if args['saml_httpd']:
+    if not args['saml_no_httpd']:
         path = os.path.join(SAML2_HTTPDIR, args['hostname'])
         os.makedirs(path, 0750)
     else:
         path = os.getcwd()
 
-    url = 'https://' + args['hostname']
+    proto = 'https'
+    if not args['saml_secure_setup']:
+        proto = 'http'
+    url = '%s://%s' % (proto, args['hostname'])
     url_sp = url + args['saml_sp']
     url_logout = url + args['saml_sp_logout']
     url_post = url + args['saml_sp_post']
@@ -100,7 +103,7 @@ def saml2():
     sp_metafile = os.path.join(path, 'metadata.xml')
     m.output(sp_metafile)
 
-    if args['saml_httpd']:
+    if not args['saml_no_httpd']:
         idp_metafile = os.path.join(path, 'idp-metadata.xml')
         with open(idp_metafile, 'w+') as f:
             f.write(idpmeta)
@@ -118,6 +121,10 @@ def saml2():
             # default location, enable the default page
             psp = ''
 
+        saml_secure = 'Off'
+        if args['saml_secure_setup']:
+            saml_secure = 'On'
+
         samlopts = {'saml_base': args['saml_base'],
                     'saml_protect': saml_protect,
                     'saml_sp_key': c.key,
@@ -125,7 +132,9 @@ def saml2():
                     'saml_sp_meta': sp_metafile,
                     'saml_idp_meta': idp_metafile,
                     'saml_sp': args['saml_sp'],
-                    'saml_auth': saml_auth, sp=psp}
+                    'saml_secure_on': saml_secure,
+                    'saml_auth': saml_auth,
+                    'sp': psp}
         files.write_from_template(SAML2_CONFFILE, SAML2_TEMPLATE, samlopts)
 
         files.fix_user_dirs(SAML2_HTTPDIR, args['httpd_user'])
@@ -183,12 +192,12 @@ def parse_args():
                         help="Account allowed to create a SP")
     parser.add_argument('--httpd-user', default='apache',
                         help="Web server account used to read certs")
-    parser.add_argument('--saml', action='store_true', default=False,
+    parser.add_argument('--saml', action='store_true', default=True,
                         help="Whether to install a saml2 SP")
     parser.add_argument('--saml-idp-metadata', default=None,
                         help="A URL pointing at the IDP Metadata (FILE or HTTP)")
-    parser.add_argument('--saml-httpd', action='store_true', default=False,
-                        help="Automatically configure httpd")
+    parser.add_argument('--saml-no-httpd', action='store_true', default=False,
+                        help="Do not configure httpd")
     parser.add_argument('--saml-base', default='/',
                         help="Where saml2 authdata is available")
     parser.add_argument('--saml-auth', default=SAML2_PROTECTED,
@@ -199,6 +208,8 @@ def parse_args():
                         help="Single Logout URL")
     parser.add_argument('--saml-sp-post', default='/saml2/postResponse',
                         help="Post response URL")
+    parser.add_argument('--saml-secure-setup', action='store_true',
+                        default=True, help="Turn on all security checks")
     parser.add_argument('--debug', action='store_true', default=False,
                         help="Turn on script debugging")
     parser.add_argument('--uninstall', action='store_true',