From: Simo Sorce <simo@redhat.com>
Date: Fri, 30 May 2014 14:09:18 +0000 (-0400)
Subject: Allow turning off security at install time
X-Git-Tag: v0.2.5~8
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=ca38224edc22e794c77418d30c2034cdba7ebe67

Allow turning off security at install time

This should be used only for testing purposes

Signed-off-by: Simo Sorce <simo@redhat.com>
---

diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install
index d48df1b..2b3d2f2 100755
--- a/ipsilon/install/ipsilon-client-install
+++ b/ipsilon/install/ipsilon-client-install
@@ -84,7 +84,10 @@ def saml2():
     else:
         path = os.getcwd()
 
-    url = 'https://' + args['hostname']
+    proto = 'https'
+    if not args['saml_secure_setup']:
+        proto = 'http'
+    url = '%s://%s' % (proto, args['hostname'])
     url_sp = url + args['saml_sp']
     url_logout = url + args['saml_sp_logout']
     url_post = url + args['saml_sp_post']
@@ -118,6 +121,10 @@ def saml2():
             # default location, enable the default page
             psp = ''
 
+        saml_secure = 'Off'
+        if args['saml_secure_setup']:
+            saml_secure = 'On'
+
         samlopts = {'saml_base': args['saml_base'],
                     'saml_protect': saml_protect,
                     'saml_sp_key': c.key,
@@ -125,6 +132,7 @@ def saml2():
                     'saml_sp_meta': sp_metafile,
                     'saml_idp_meta': idp_metafile,
                     'saml_sp': args['saml_sp'],
+                    'saml_secure_on': saml_secure,
                     'saml_auth': saml_auth,
                     'sp': psp}
         files.write_from_template(SAML2_CONFFILE, SAML2_TEMPLATE, samlopts)
@@ -200,6 +208,8 @@ def parse_args():
                         help="Single Logout URL")
     parser.add_argument('--saml-sp-post', default='/saml2/postResponse',
                         help="Post response URL")
+    parser.add_argument('--saml-secure-setup', action='store_true',
+                        default=True, help="Turn on all security checks")
     parser.add_argument('--debug', action='store_true', default=False,
                         help="Turn on script debugging")
     parser.add_argument('--uninstall', action='store_true',
diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index b337652..e89fe0c 100755
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -246,6 +246,9 @@ class Installer(object):
     def install_args(self, group):
         group.add_argument('--saml2', choices=['yes', 'no'], default='yes',
                            help='Configure SAML2 Provider')
+        group.add_argument('--saml2-secure',
+                           choices=['yes', 'no'], default='yes',
+                           help='Configure SAML2 Provider')
 
     def configure(self, opts):
         if opts['saml2'] != 'yes':
@@ -261,7 +264,10 @@ class Installer(object):
         cert.generate('idp', opts['hostname'])
 
         # Generate Idp Metadata
-        url = 'https://' + opts['hostname'] + '/' + opts['instance'] + '/saml2'
+        proto = 'https'
+        if opts['saml2_secure'].lower() == 'no':
+            proto = 'http'
+        url = '%s://%s/%s/saml2' % (proto, opts['hostname'], opts['instance'])
         meta = metadata.Metadata(metadata.IDP_ROLE)
         meta.set_entity_id(url + '/metadata')
         meta.add_certs(cert, cert)
diff --git a/templates/install/saml2/sp.conf b/templates/install/saml2/sp.conf
index 57abdfd..73e6417 100644
--- a/templates/install/saml2/sp.conf
+++ b/templates/install/saml2/sp.conf
@@ -9,7 +9,7 @@
     MellonEndpointPath ${saml_sp}
     MellonVariable "saml-sesion-cookie"
     # Comment out the next line if you want to allow logins on bare HTTP
-    MellonsecureCookie On
+    MellonsecureCookie ${saml_secure_on}
     MellonUser "NAME_ID"
     MellonIdP "IDP"
     MellonSessionLength 3600