Upload service provider metadata to testshib
In order to register the service provider in testshib, we need to upload its metadata. Also makes some minor fixes. Change-Id: Idfe0eb016370e7776de3525a813d0535cfc75e27
This commit is contained in:
parent
ec9e5b2b26
commit
bd37276b5b
|
@ -3,7 +3,7 @@
|
||||||
SetHandler shib
|
SetHandler shib
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
<Location /identity/v3/OS-FEDERATION/identity_providers/testshib/protocols/mapped/auth>
|
<Location /identity/v3/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/mapped/auth>
|
||||||
ShibRequestSetting requireSession 1
|
ShibRequestSetting requireSession 1
|
||||||
AuthType shibboleth
|
AuthType shibboleth
|
||||||
ShibExportAssertion Off
|
ShibExportAssertion Off
|
||||||
|
|
|
@ -12,6 +12,10 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
IDP_ID=${IDP_ID:-testshib}
|
||||||
|
|
||||||
|
|
||||||
function install_federation {
|
function install_federation {
|
||||||
if is_ubuntu; then
|
if is_ubuntu; then
|
||||||
install_package libapache2-mod-shib2
|
install_package libapache2-mod-shib2
|
||||||
|
@ -22,12 +26,25 @@ function install_federation {
|
||||||
# Enable the Shibboleth module for Apache
|
# Enable the Shibboleth module for Apache
|
||||||
sudo a2enmod shib2
|
sudo a2enmod shib2
|
||||||
else
|
else
|
||||||
# Note(knikolla): For CentOS/RHEL, installing shibboleth is tricky
|
# NOTE(knikolla): For CentOS/RHEL, installing shibboleth is tricky
|
||||||
# It requires adding a separate repo not officially supported
|
# It requires adding a separate repo not officially supported
|
||||||
echo "Skipping installation of shibboleth for non ubuntu host"
|
echo "Skipping installation of shibboleth for non ubuntu host"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function upload_sp_metadata {
|
||||||
|
local metadata_fname=${HOST_IP//./}_"$RANDOM"_sp
|
||||||
|
local metadata_url=http://$HOST_IP/Shibboleth.sso/Metadata
|
||||||
|
|
||||||
|
wget $metadata_url -O $FILES/$metadata_fname
|
||||||
|
if [[ $? -ne 0 ]]; then
|
||||||
|
echo "Not found: $metadata_url"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
curl --form userfile=@"$FILES/${metadata_fname}" "https://www.testshib.org/procupload.php"
|
||||||
|
}
|
||||||
|
|
||||||
function configure_federation {
|
function configure_federation {
|
||||||
local keystone_apache_conf=$(apache_site_config_for keystone)
|
local keystone_apache_conf=$(apache_site_config_for keystone)
|
||||||
|
|
||||||
|
@ -50,8 +67,12 @@ function configure_federation {
|
||||||
|
|
||||||
# Enable the mapped auth method in /etc/keystone.conf
|
# Enable the mapped auth method in /etc/keystone.conf
|
||||||
iniset $KEYSTONE_CONF auth methods "external,password,token,mapped"
|
iniset $KEYSTONE_CONF auth methods "external,password,token,mapped"
|
||||||
|
|
||||||
# Specify the header that contains information about the identity provider
|
# Specify the header that contains information about the identity provider
|
||||||
iniset $KEYSTONE_CONF mapped remote_id_attribute "Shib-Identity-Provider"
|
iniset $KEYSTONE_CONF mapped remote_id_attribute "Shib-Identity-Provider"
|
||||||
|
|
||||||
|
# Register the service provider
|
||||||
|
upload_sp_metadata
|
||||||
}
|
}
|
||||||
|
|
||||||
function register_federation {
|
function register_federation {
|
||||||
|
|
Loading…
Reference in New Issue