Add client install option to disable logout over SOAP

This is at least somewhat for testing to ensure that
a mixed environment works but HTTP Redirect is the
recommended mechanism in the spec so some may want
to use only that.

https://fedorahosted.org/ipsilon/ticket/59

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>

diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install
index d8a310c..452c7e0 100755 (executable)
--- a/ipsilon/install/ipsilon-client-install
+++ b/ipsilon/install/ipsilon-client-install
@@ -97,7 +97,8 @@ def saml2():
     m.set_entity_id(url_sp)
     m.add_certs(c)
     m.add_service(SAML2_SERVICE_MAP['logout-redirect'], url_logout)
-    m.add_service(SAML2_SERVICE_MAP['slo-soap'], url_logout)
+    if not args['no_saml_soap_logout']:
+        m.add_service(SAML2_SERVICE_MAP['slo-soap'], url_logout)
     m.add_service(SAML2_SERVICE_MAP['response-post'], url_post, index="0")
     m.add_allowed_name_format(SAML2_NAMEID_MAP[args['saml_nameid']])
     sp_metafile = os.path.join(path, 'metadata.xml')
@@ -335,6 +336,9 @@ def parse_args():
                         help="Single Logout URL")
     parser.add_argument('--saml-sp-post', default=None,
                         help="Post response URL")
+    parser.add_argument('--no-saml-soap-logout', action='store_true',
+                        default=False,
+                        help="Disable Single Logout over SOAP")
     parser.add_argument('--saml-secure-setup', action='store_true',
                         default=True, help="Turn on all security checks")
     parser.add_argument('--saml-nameid', default='unspecified',

diff --git a/man/ipsilon-client-install.1 b/man/ipsilon-client-install.1
index 886fb48..5624d2f 100644 (file)
--- a/man/ipsilon-client-install.1
+++ b/man/ipsilon-client-install.1
@@ -55,6 +55,9 @@ Where saml communication happens. The default is /saml2.
 \fB\-\-saml\-sp\-logout\fR \fISAML_SP_LOGOUT\fR
 Single Logout URL. The default is /saml2/logout.
 .TP
+\fB\-\-no\-saml\-soap\-logout\fR
+Disable Single Logout using SOAP.
+.TP
 \fB\-\-saml\-sp\-post\fR \fISAML_SP_POST\fR
 Post response URL. The default is /saml2/postResponse.
 .TP