git.cascardo.info Git - cascardo/ipsilon.git/commit

author	Nathan Kinder <nkinder@redhat.com>
	Tue, 10 Mar 2015 03:28:47 +0000 (20:28 -0700)
committer	Rob Crittenden <rcritten@redhat.com>
	Tue, 10 Mar 2015 22:24:01 +0000 (18:24 -0400)
commit	42700be962e245243f10c30a29c41fcda1f3f712
tree	08c2fb51959ad9f59866695517247963abda1a1f	tree \| snapshot
parent	e0aa4f23846fa9f6bb0fb9eb021e930b035100eb	commit \| diff

Require SSL on SP when using --saml-secure-setup

If ipsilon-client-install is used with the --saml-secure-setup
option (which is set by default), only https connections will
work for authentication. We are not setting the SSLRequireSSL
directive though, so we set mellon up to fail.

This patch adds the SSLRequireSSL directive to the SP config
when --saml-secure-setup is specified. In addition, we add a
rewrite rule to rewrite http requests to https for the SP.

https://fedorahosted.org/ipsilon/ticket/80

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>

ipsilon/install/ipsilon-client-install		diff \| blob \| history
templates/install/saml2/sp.conf		diff \| blob \| history