'sysuser': args['system_user'],
'ipsilondir': BINDIR,
'staticdir': STATICDIR,
+ 'secure': "False" if args['secure'] == "no" else "True",
'debugging': "True" if args['server_debugging'] else "False"}
+ if args['secure'] == 'no':
+ confopts['secure'] = "False"
+ confopts['sslrequiressl'] = ""
+ else:
+ confopts['secure'] = "True"
+ confopts['sslrequiressl'] = " SSLRequireSSL"
if WSGI_SOCKET_PREFIX:
confopts['wsgi_socket'] = 'WSGISocketPrefix %s' % WSGI_SOCKET_PREFIX
else:
help="User account used to run the server")
parser.add_argument('--admin-user', default='admin',
help="User account that is assigned admin privileges")
+ parser.add_argument('--secure', choices=['yes', 'no'], default='yes',
+ help="Turn on all security checks")
parser.add_argument('--config-profile', default=None,
help="File containing install options")
parser.add_argument('--server-debugging', action='store_true',
def install_args(self, group):
group.add_argument('--saml2', choices=['yes', 'no'], default='yes',
help='Configure SAML2 Provider')
- group.add_argument('--saml2-secure',
- choices=['yes', 'no'], default='yes',
- help='Configure SAML2 Provider')
def configure(self, opts):
if opts['saml2'] != 'yes':
# Generate Idp Metadata
proto = 'https'
- if opts['saml2_secure'].lower() == 'no':
+ if opts['secure'].lower() == 'no':
proto = 'http'
url = '%s://%s/%s/saml2' % (proto, opts['hostname'], opts['instance'])
meta = metadata.Metadata(metadata.IDP_ROLE)
tools.sessions.storage_type = "file"
tools.sessions.storage_path = "${datadir}/sessions"
tools.sessions.timeout = 60
+tools.sessions.httponly = ${secure}
+tools.sessions.secure = ${secure}
tools.protect.on = True