Browse Source

Upload service provider metadata to testshib

In order to register the service provider in testshib, we need to upload
its metadata.

Also makes some minor fixes.

Change-Id: Idfe0eb016370e7776de3525a813d0535cfc75e27
changes/47/400747/2
Rodrigo Duarte Sousa 5 years ago
parent
commit
bd37276b5b
  1. 2
      devstack/files/federation/shib_apache_handler.txt
  2. 23
      devstack/lib/federation.sh

2
devstack/files/federation/shib_apache_handler.txt

@ -3,7 +3,7 @@
SetHandler shib
</Location>
<Location /identity/v3/OS-FEDERATION/identity_providers/testshib/protocols/mapped/auth>
<Location /identity/v3/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/mapped/auth>
ShibRequestSetting requireSession 1
AuthType shibboleth
ShibExportAssertion Off

23
devstack/lib/federation.sh

@ -12,6 +12,10 @@
# License for the specific language governing permissions and limitations
# under the License.
IDP_ID=${IDP_ID:-testshib}
function install_federation {
if is_ubuntu; then
install_package libapache2-mod-shib2
@ -22,12 +26,25 @@ function install_federation {
# Enable the Shibboleth module for Apache
sudo a2enmod shib2
else
# Note(knikolla): For CentOS/RHEL, installing shibboleth is tricky
# NOTE(knikolla): For CentOS/RHEL, installing shibboleth is tricky
# It requires adding a separate repo not officially supported
echo "Skipping installation of shibboleth for non ubuntu host"
fi
}
function upload_sp_metadata {
local metadata_fname=${HOST_IP//./}_"$RANDOM"_sp
local metadata_url=http://$HOST_IP/Shibboleth.sso/Metadata
wget $metadata_url -O $FILES/$metadata_fname
if [[ $? -ne 0 ]]; then
echo "Not found: $metadata_url"
return
fi
curl --form userfile=@"$FILES/${metadata_fname}" "https://www.testshib.org/procupload.php"
}
function configure_federation {
local keystone_apache_conf=$(apache_site_config_for keystone)
@ -50,8 +67,12 @@ function configure_federation {
# Enable the mapped auth method in /etc/keystone.conf
iniset $KEYSTONE_CONF auth methods "external,password,token,mapped"
# Specify the header that contains information about the identity provider
iniset $KEYSTONE_CONF mapped remote_id_attribute "Shib-Identity-Provider"
# Register the service provider
upload_sp_metadata
}
function register_federation {

Loading…
Cancel
Save