cascardo/ipsilon.git
5 years agoFix generation fo server's metadata file
Simo Sorce [Mon, 19 May 2014 19:15:56 +0000 (21:15 +0200)]
Fix generation fo server's metadata file

At some point a '/' got lost, causing the generation of wrong endpoints.
Clients would then be redirected to an unexisting path and get a 404.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoBump up release to 0.2.3 v0.2.3
Simo Sorce [Wed, 7 May 2014 16:23:28 +0000 (12:23 -0400)]
Bump up release to 0.2.3

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix broken login plugins order config handling
Nathan Kinder [Sat, 10 May 2014 00:38:32 +0000 (17:38 -0700)]
Fix broken login plugins order config handling

The administrative page for configuring login plugins order had
a number of problems.  The html template expects a list of plugin
names to be supplied,  but a list of the actual plugin objects
was being supplied.  This caused a 500 error since join() would
throw an exception when it encounters something other than a string.

Even after fixing the 500 error, actually modifying the plugin
order would not work due to further issues with plugin objects
being used when strings representing the plugin names are expected
(and vice-versa).

This patch ensures that strings representing plugin names are
supplied to the html template, and that plugin objects are used
when re-ordering the live plugin list.

Resolves: https://fedorahosted.org/ipsilon/ticket/2

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
5 years agoWSGI settings incorrectly makes instance global
Nathan Kinder [Fri, 9 May 2014 23:16:11 +0000 (16:16 -0700)]
WSGI settings incorrectly makes instance global

The WSGIProcessGroup directive should only apply to the /idp URI.
Without wrapping this directive in the Location element, multiple
Ipsilon instances or an Ipsilon instance installed on a FreeIPA
server will conflict and encounter problems running in the same
httpd process. All wsgi processes will end up redirected to the
last process grup defined in the configuration in this case and
all other instances of wsgi applications will be unreachable.

Resolves: https://fedorahosted.org/ipsilon/ticket/1

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
5 years agoAdd details on using a principal for the admin
Nathan Kinder [Fri, 9 May 2014 23:12:31 +0000 (16:12 -0700)]
Add details on using a principal for the admin

When Ipsilon is being installed with IPA, one is most likely going
to use Kerberos to login to Ipsilon as the administrator.  We should
call this out, as the default of 'admin' for the Ipsilon admin user
will conflict with the IPA 'admin' user.  You will be unable to
create a local 'admin' user at this point, requiring you to modify
the sqlite database directly to change the admin user to a full
principal.

I also corrected a typo and wrapped a line that was > 79 chars.

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
5 years agoAdd 500 Error handler for krb module
Simo Sorce [Wed, 7 May 2014 13:51:25 +0000 (09:51 -0400)]
Add 500 Error handler for krb module

If mod_auth_kerb encounters an internal error, catch it so we can fall back to
the next authentication module, if any, or return a proper failure message.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoRemind the user to restart HTTPD when done
Simo Sorce [Wed, 7 May 2014 13:47:20 +0000 (09:47 -0400)]
Remind the user to restart HTTPD when done

On a successful install you need to retsart apache to enable the instance,
remind the user that is necessary.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoGive more user feedback around keytab issues
Simo Sorce [Wed, 7 May 2014 13:45:32 +0000 (09:45 -0400)]
Give more user feedback around keytab issues

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoVersion bump, go to 0.2.2 v0.2.2
Simo Sorce [Fri, 2 May 2014 00:52:50 +0000 (20:52 -0400)]
Version bump, go to 0.2.2

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd README file with basic installation HOWTO
Simo Sorce [Fri, 2 May 2014 00:50:17 +0000 (20:50 -0400)]
Add README file with basic installation HOWTO

The HowTo cover the simplest scenarios for both the Identiry and
Service Provider applications.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd IPA helper for server install
Simo Sorce [Tue, 29 Apr 2014 21:24:29 +0000 (17:24 -0400)]
Add IPA helper for server install

The IPa helper chcks a krb keytab is available for the local HTTPD
service at the standard ipa location, and if not available, tries
to register the sevice and retrieve one from the IPA server.

At the end of the process forces the activation of the krb plugin
as well as the fallback to pam for authentication.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd Environment Helpers installer framework
Simo Sorce [Mon, 28 Apr 2014 17:58:51 +0000 (13:58 -0400)]
Add Environment Helpers installer framework

Environment helpers are meta-plugins that allow to set ipsilon in
well defined environments.
For example when ipsilon is install in a FreeIPA or AD domains and
authentication methods, cetificate, keytabs etc, can be pre-configured
and deployed at the same time the server is installed with minimal
effort and wellknown methods.

These are run before any of the other plugins as they can chage the
configuration option for any of the plugins, enable or disable plugins,
or pre-configure some elements.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAlways use saml by default
Simo Sorce [Fri, 2 May 2014 01:00:14 +0000 (21:00 -0400)]
Always use saml by default

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoMake SELinux happy
Simo Sorce [Thu, 1 May 2014 17:16:14 +0000 (13:16 -0400)]
Make SELinux happy

Add proper context to shared state directories so that httpd can write there.

Relax SElinux boolans to allow use of pam modules
This allows running Ipsilon in fully enforcing mode when pam auth
using the python-pam modules is used.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAvoid failing install if sessions directory exists
Simo Sorce [Thu, 1 May 2014 19:31:25 +0000 (15:31 -0400)]
Avoid failing install if sessions directory exists

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoEliminte stale locks
Simo Sorce [Thu, 1 May 2014 20:37:12 +0000 (16:37 -0400)]
Eliminte stale locks

If the server crashes stale lock files may e left behind.
This will cause the application to deadlock for the user that has
the misfortune of having a stale lock.
Forcibly remove all locks on startup.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix typo in ipsilon-client-install
Simo Sorce [Fri, 2 May 2014 00:52:02 +0000 (20:52 -0400)]
Fix typo in ipsilon-client-install

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoBump up spec file vesion too
Simo Sorce [Mon, 28 Apr 2014 13:27:30 +0000 (09:27 -0400)]
Bump up spec file vesion too

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoBump version up to 0.2.1
Simo Sorce [Fri, 25 Apr 2014 20:46:00 +0000 (16:46 -0400)]
Bump version up to 0.2.1

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoDo not hardcode sessions directory in spec file
Simo Sorce [Mon, 21 Apr 2014 03:45:18 +0000 (23:45 -0400)]
Do not hardcode sessions directory in spec file

This directory is now generated dynamicaly based on the instance
name at ipsilon-server-install time.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoMake it easy to install mutiple server instances
Simo Sorce [Fri, 18 Apr 2014 04:43:37 +0000 (00:43 -0400)]
Make it easy to install mutiple server instances

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoMove templatized file creation to tools
Simo Sorce [Fri, 18 Apr 2014 04:16:12 +0000 (00:16 -0400)]
Move templatized file creation to tools

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoMove fixing files functionality to tools
Simo Sorce [Fri, 18 Apr 2014 03:59:35 +0000 (23:59 -0400)]
Move fixing files functionality to tools

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoConvert all forms to use util.Page form support
Simo Sorce [Mon, 21 Apr 2014 02:00:08 +0000 (22:00 -0400)]
Convert all forms to use util.Page form support

This way all forms will get Referer checking automaticaly

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd New form helper to Page object
Simo Sorce [Mon, 21 Apr 2014 01:41:24 +0000 (21:41 -0400)]
Add New form helper to Page object

This removes the need to define a root funciton only to redirect to
a GET/POST one.
Also adds basic CSRF protection if the page is declared a form.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoUpdate contrib spec file for version 0.2
Simo Sorce [Fri, 18 Apr 2014 04:51:26 +0000 (00:51 -0400)]
Update contrib spec file for version 0.2

Drop changelog, it's unnecessary, commit logs are available in git

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix warning
Simo Sorce [Fri, 18 Apr 2014 05:28:34 +0000 (01:28 -0400)]
Fix warning

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoRevert incorrect change to template file
Simo Sorce [Fri, 18 Apr 2014 05:27:09 +0000 (01:27 -0400)]
Revert incorrect change to template file

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd missing install file
Simo Sorce [Fri, 18 Apr 2014 04:47:52 +0000 (00:47 -0400)]
Add missing install file

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoBump up to version 0.2
Simo Sorce [Wed, 16 Apr 2014 22:12:52 +0000 (18:12 -0400)]
Bump up to version 0.2

now that we have a basic client and server installers we have reached
a milestone. Bump up the version.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix NameId exception
Simo Sorce [Mon, 14 Apr 2014 22:38:45 +0000 (18:38 -0400)]
Fix NameId exception

Report what invalid name was used and fix exception on raising the exception on
line 129

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd nameid values validation
Simo Sorce [Mon, 14 Apr 2014 20:27:52 +0000 (16:27 -0400)]
Add nameid values validation

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoRefactor argument validation for SP forms
Simo Sorce [Mon, 14 Apr 2014 20:18:06 +0000 (16:18 -0400)]
Refactor argument validation for SP forms

Use helper functions to make the code more readbale and exceptions to reduce
error hndling duplication.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoValidate Service Provider names
Simo Sorce [Fri, 11 Apr 2014 22:20:32 +0000 (18:20 -0400)]
Validate Service Provider names

We use the name to construct the admin page path, avoid odd characters

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoInstall client tools in a separate rpm package
Simo Sorce [Thu, 10 Apr 2014 20:22:53 +0000 (16:22 -0400)]
Install client tools in a separate rpm package

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd basic installation script with saml support
Simo Sorce [Sat, 5 Apr 2014 17:23:02 +0000 (13:23 -0400)]
Add basic installation script with saml support

Generates (self signed) certificates and a metdata.xml file.
Optionally configures an Apache Httpd server.
If the admin does not configure a specific application at install time
a default landing page is made available to be able to test that the SP
configuration works.
Uninstall removes all certificates and metadata file and is irreversible.

5 years agoAllow to set additional custom keys on services
Simo Sorce [Fri, 11 Apr 2014 20:46:24 +0000 (16:46 -0400)]
Allow to set additional custom keys on services

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoSimplify metadata add_service signature
Simo Sorce [Wed, 9 Apr 2014 19:21:55 +0000 (15:21 -0400)]
Simplify metadata add_service signature

Add a map that takes care of the lower level lasso-related details

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoStore full path immediately
Simo Sorce [Fri, 11 Apr 2014 19:42:54 +0000 (15:42 -0400)]
Store full path immediately

Allows to query .key and .cert to e used to find the files on the system
directly w/o having to know what path was previously used to initialize the
class.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoIf no path is provided use current directory
Simo Sorce [Wed, 9 Apr 2014 19:16:02 +0000 (15:16 -0400)]
If no path is provided use current directory

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoMove accessory functions to a generic tools module
Simo Sorce [Wed, 9 Apr 2014 18:02:08 +0000 (14:02 -0400)]
Move accessory functions to a generic tools module

This will allow to easly share the module with install tools, without the
need to install server side modules in clients

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoRename scripts and mark them as such
Simo Sorce [Mon, 7 Apr 2014 20:02:20 +0000 (16:02 -0400)]
Rename scripts and mark them as such

Mark actual top level scripts as such instead of disguising them as modules.

Also remove __init__.py from ipsilon/install as this is not a module just
the place where install scripts are kept, for now.

Note: Scripts are installed in the bin directory but the contrib spec file
moves them to sbin.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd debug logging of lasso library
Simo Sorce [Fri, 11 Apr 2014 20:36:16 +0000 (16:36 -0400)]
Add debug logging of lasso library

If debug is enabled make lasso spit debug messages to stderr too, to aid
admins in resolving issues related to saml2 issues, like finding out why
a metadata file may be rejected.

This is very simple for now, a future enhancement may involve piping the
logs into a calss so they can be spat out as feedback to users.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoReturn Idps metadata file on request
Simo Sorce [Mon, 7 Apr 2014 22:41:12 +0000 (18:41 -0400)]
Return Idps metadata file on request

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix generation of endopint URLs
Simo Sorce [Mon, 7 Apr 2014 22:28:41 +0000 (18:28 -0400)]
Fix generation of endopint URLs

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoChange provider plugins registration and enablement
Simo Sorce [Mon, 7 Apr 2014 20:49:06 +0000 (16:49 -0400)]
Change provider plugins registration and enablement

When plugins are not enabled at startup the admin page is not available
as it is created only on enablement.

Split enablement and registration, so plugins can be registered even
when actually disabled.

Also rework the way enablement is tracked and make sure enablement status
is saved back to the database when it changes so it is kept on restarts.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd explicit error for Unknown Providers
Simo Sorce [Fri, 11 Apr 2014 21:24:46 +0000 (17:24 -0400)]
Add explicit error for Unknown Providers

This way the user will get a slightly more meaningful error message.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoProperly support rename operation
Simo Sorce [Fri, 4 Apr 2014 22:01:19 +0000 (18:01 -0400)]
Properly support rename operation

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdmin functions to delete Service Providers
Simo Sorce [Fri, 4 Apr 2014 17:19:51 +0000 (13:19 -0400)]
Admin functions to delete Service Providers

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd infrastructure to delete plugin data by id
Simo Sorce [Fri, 4 Apr 2014 17:26:02 +0000 (13:26 -0400)]
Add infrastructure to delete plugin data by id

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdmin functions to add new Service Providers
Simo Sorce [Fri, 4 Apr 2014 17:08:02 +0000 (13:08 -0400)]
Admin functions to add new Service Providers

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdmin classes to change SP properties
Simo Sorce [Fri, 4 Apr 2014 17:07:19 +0000 (13:07 -0400)]
Admin classes to change SP properties

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoProviders can save properties back to the database
Simo Sorce [Thu, 3 Apr 2014 19:42:35 +0000 (15:42 -0400)]
Providers can save properties back to the database

This way a provider class can be used in admin pages as well and remain
consistent.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd Service and Identity Provider abstraction
Simo Sorce [Thu, 3 Apr 2014 19:42:35 +0000 (15:42 -0400)]
Add Service and Identity Provider abstraction

This commit adds:
- helper functions to create new providers
- separate IdentityProvider class to represent the IDP.

Database changes:
The saml2 plugin database now contain the metadata file contents and does not
rely anymore on on-disk data.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd racefree way to add a new unique data point
Simo Sorce [Fri, 4 Apr 2014 14:34:21 +0000 (10:34 -0400)]
Add racefree way to add a new unique data point

Our schema gathers together data related to a service by using an ID
column. This column cannot be unique or a primary key as the ID is
repeated for each key/value pair in the datum group.

Use a unique identifier to make sure we can let dqlite generate a new
ID internally and then find out wat it is as race-free as possible.

We keep this method in the data module so it can be changed later
without affecting application logic.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoNo need to have a separate certificate file
Simo Sorce [Thu, 3 Apr 2014 21:10:18 +0000 (17:10 -0400)]
No need to have a separate certificate file

Certificates are already contained in the metadata.xml file

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoSaml2 initial admin page
Simo Sorce [Thu, 27 Mar 2014 16:57:19 +0000 (12:57 -0400)]
Saml2 initial admin page

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd generic support for IdP plugin admin pages
Simo Sorce [Thu, 27 Mar 2014 16:56:28 +0000 (12:56 -0400)]
Add generic support for IdP plugin admin pages

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoBasic Identity providers plugin configuration
Simo Sorce [Wed, 26 Mar 2014 19:20:16 +0000 (15:20 -0400)]
Basic Identity providers plugin configuration

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoRefactor provider plugins enablement
Simo Sorce [Thu, 27 Mar 2014 15:56:34 +0000 (11:56 -0400)]
Refactor provider plugins enablement

This allow to enable/disable Identity Providers directly from the
configuration interface.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoRefactor login plugin enablement code
Simo Sorce [Wed, 26 Mar 2014 21:31:19 +0000 (17:31 -0400)]
Refactor login plugin enablement code

This allows us to finally implement the plugin enable/disable configuration
buttons and enable/disable plugins on the fly.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAutomatically build configuration page menu
Simo Sorce [Wed, 26 Mar 2014 19:44:26 +0000 (15:44 -0400)]
Automatically build configuration page menu

Do not hardcode it, rather build it out of the pages tree.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd common way to add a subtree to a page
Simo Sorce [Fri, 28 Mar 2014 18:07:11 +0000 (14:07 -0400)]
Add common way to add a subtree to a page

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoMove login plugin configuration to its own module
Simo Sorce [Mon, 24 Mar 2014 20:59:41 +0000 (16:59 -0400)]
Move login plugin configuration to its own module

move also the template, in preparation for handling other configuration
data in the main page.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoMove admin_protect to a more generic module
Simo Sorce [Mon, 24 Mar 2014 21:06:05 +0000 (17:06 -0400)]
Move admin_protect to a more generic module

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoImplement plugin ordering configuration
Simo Sorce [Mon, 24 Mar 2014 20:37:15 +0000 (16:37 -0400)]
Implement plugin ordering configuration

Allows to change the login plugins order from the admin configuration page.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd a default admin user at install time
Simo Sorce [Thu, 20 Mar 2014 21:54:35 +0000 (17:54 -0400)]
Add a default admin user at install time

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd way to save user preferences
Simo Sorce [Thu, 20 Mar 2014 21:54:18 +0000 (17:54 -0400)]
Add way to save user preferences

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd install script and other spec file changes
Simo Sorce [Thu, 20 Mar 2014 15:36:10 +0000 (11:36 -0400)]
Add install script and other spec file changes

Add install script
Change server name to drop .py suffix
Add necessary requires

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd PAM configuration code
Simo Sorce [Thu, 20 Mar 2014 20:46:18 +0000 (16:46 -0400)]
Add PAM configuration code

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd Krb configuration code
Simo Sorce [Thu, 20 Mar 2014 16:45:21 +0000 (12:45 -0400)]
Add Krb configuration code

5 years agoAdd way to add data to the global login config
Simo Sorce [Thu, 20 Mar 2014 17:21:55 +0000 (13:21 -0400)]
Add way to add data to the global login config

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd saml2 configuration code
Simo Sorce [Tue, 18 Mar 2014 21:16:18 +0000 (17:16 -0400)]
Add saml2 configuration code

Creates the storage directory if not availble
Generates new IDP certificate
Generate metadata file
Fixups permissions

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd functions to wipe and save plugin config data
Simo Sorce [Wed, 19 Mar 2014 22:41:56 +0000 (18:41 -0400)]
Add functions to wipe and save plugin config data

This way all is needed is to instantiate a proper PluginObject from
any provider and just call its functions

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoSaml2 Metadata generator class
Simo Sorce [Tue, 18 Mar 2014 18:44:05 +0000 (14:44 -0400)]
Saml2 Metadata generator class

This class generates metadata files for IDP and SP services and is meant
to be used at install/configure time.
It uses the certs module to generate certificates.

With tests!

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoSimple certificate generator class
Simo Sorce [Tue, 18 Mar 2014 18:43:04 +0000 (14:43 -0400)]
Simple certificate generator class

For now just generates self-signed certificates.
In future this calss should connect to a CA, or other service like
certmnger's getcert to retrieve a certificate from a CA.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd user configuration option
Simo Sorce [Wed, 19 Mar 2014 20:30:53 +0000 (16:30 -0400)]
Add user configuration option

This allow to specifify what system user should be used to configure
the ipsilon server to run as.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd hostname configuration option
Simo Sorce [Tue, 18 Mar 2014 21:18:53 +0000 (17:18 -0400)]
Add hostname configuration option

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoSilence cherrypy logging to the screen
Simo Sorce [Tue, 18 Mar 2014 22:50:59 +0000 (18:50 -0400)]
Silence cherrypy logging to the screen

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoInstall default configuration files
Simo Sorce [Thu, 20 Mar 2014 16:16:52 +0000 (12:16 -0400)]
Install default configuration files

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd logging and install/uninstall targets
Simo Sorce [Tue, 18 Mar 2014 21:13:28 +0000 (17:13 -0400)]
Add logging and install/uninstall targets

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd server-install plugin configuration support
Simo Sorce [Fri, 14 Mar 2014 22:08:49 +0000 (18:08 -0400)]
Add server-install plugin configuration support

Automatically find plugins installed in the system and exposes their
installation and configuration functions through the installer.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFirst install script commit
Simo Sorce [Fri, 14 Mar 2014 20:55:29 +0000 (16:55 -0400)]
First install script commit

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix minor syntax issues in saml2 provider
Simo Sorce [Wed, 19 Mar 2014 21:08:51 +0000 (17:08 -0400)]
Fix minor syntax issues in saml2 provider

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoRemove unused import and fix syntax
Simo Sorce [Wed, 19 Mar 2014 21:05:04 +0000 (17:05 -0400)]
Remove unused import and fix syntax

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd sample spec file
Simo Sorce [Fri, 7 Mar 2014 21:13:53 +0000 (16:13 -0500)]
Add sample spec file

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix default and example paths
Simo Sorce [Thu, 13 Mar 2014 20:43:18 +0000 (16:43 -0400)]
Fix default and example paths

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix install of data files.
Simo Sorce [Fri, 7 Mar 2014 21:21:56 +0000 (16:21 -0500)]
Fix install of data files.

Move doc and examples under appropriate directory.
Crate data directry for templates and ui static files.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoBetter handling of configuration file
Simo Sorce [Thu, 13 Mar 2014 20:05:46 +0000 (16:05 -0400)]
Better handling of configuration file

allow to pass it on the command line or to look for it in well known
locations.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoImprove exceptions for saml2 providers
Simo Sorce [Mon, 3 Mar 2014 00:03:38 +0000 (19:03 -0500)]
Improve exceptions for saml2 providers

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd ability to strip domain/realm per provider
Simo Sorce [Sun, 2 Mar 2014 23:32:06 +0000 (18:32 -0500)]
Add ability to strip domain/realm per provider

This allows to return (hopefully) the same name whether the user
authenticated via ESSO or form based authentication.

Crude for now, may be augmented with some regex configuration in the future.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoUnsplit checking functions
Simo Sorce [Sun, 2 Mar 2014 23:29:15 +0000 (18:29 -0500)]
Unsplit checking functions

Easier to deal with stuff if they are a single validation function.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd a way to return the email address of the user
Simo Sorce [Sun, 2 Mar 2014 23:09:27 +0000 (18:09 -0500)]
Add a way to return the email address of the user

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd way to return Kerberos nameid if available
Simo Sorce [Fri, 28 Feb 2014 21:16:25 +0000 (16:16 -0500)]
Add way to return Kerberos nameid if available

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd way to save user data after login
Simo Sorce [Sun, 2 Mar 2014 23:06:44 +0000 (18:06 -0500)]
Add way to save user data after login

The login manager that successfully authenticated the user can now
pass data to be stored in the user facility of the session.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoCreate a user facility in the session
Simo Sorce [Sun, 2 Mar 2014 22:59:14 +0000 (17:59 -0500)]
Create a user facility in the session

This way all identification data about the user can be managed in
a single place and be erased/replaced at login time.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoCheck the NameID policy during authentication
Simo Sorce [Thu, 27 Feb 2014 02:50:33 +0000 (21:50 -0500)]
Check the NameID policy during authentication

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd Service Provider class
Simo Sorce [Wed, 26 Feb 2014 23:42:09 +0000 (18:42 -0500)]
Add Service Provider class

This class allows to represent a service provider and its associated policy

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd authentication exception support
Simo Sorce [Tue, 25 Feb 2014 02:43:12 +0000 (21:43 -0500)]
Add authentication exception support

This also add code to return an error code to the SP.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoInitial SAML2 provider
Simo Sorce [Sun, 23 Feb 2014 23:41:13 +0000 (18:41 -0500)]
Initial SAML2 provider

Signed-off-by: Simo Sorce <simo@redhat.com>