Upload service provider metadata to testshib

In order to register the service provider in testshib, we need to upload its metadata. Also makes some minor fixes. Change-Id: Idfe0eb016370e7776de3525a813d0535cfc75e27
2016-11-22 10:10:28 -03:00 · 2016-11-22 10:10:28 -03:00 · bd37276b5b
parent ec9e5b2b26
commit bd37276b5b
2 changed files with 23 additions and 2 deletions
--- a/devstack/files/federation/shib_apache_handler.txt
+++ b/devstack/files/federation/shib_apache_handler.txt
@ -3,7 +3,7 @@
    SetHandler shib
 </Location>

-<Location /identity/v3/OS-FEDERATION/identity_providers/testshib/protocols/mapped/auth>
+<Location /identity/v3/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/mapped/auth>
    ShibRequestSetting requireSession 1
    AuthType shibboleth
    ShibExportAssertion Off
--- a/devstack/lib/federation.sh
+++ b/devstack/lib/federation.sh
@ -12,6 +12,10 @@
 # License for the specific language governing permissions and limitations
 # under the License.

+
+IDP_ID=${IDP_ID:-testshib}
+
+
 function install_federation {
    if is_ubuntu; then
        install_package libapache2-mod-shib2
@ -22,12 +26,25 @@ function install_federation {
        # Enable the Shibboleth module for Apache
        sudo a2enmod shib2
    else
-        # Note(knikolla): For CentOS/RHEL, installing shibboleth is tricky
+        # NOTE(knikolla): For CentOS/RHEL, installing shibboleth is tricky
        # It requires adding a separate repo not officially supported
        echo "Skipping installation of shibboleth for non ubuntu host"
    fi
 }

+function upload_sp_metadata {
+    local metadata_fname=${HOST_IP//./}_"$RANDOM"_sp
+    local metadata_url=http://$HOST_IP/Shibboleth.sso/Metadata
+
+    wget $metadata_url -O $FILES/$metadata_fname
+    if [[ $? -ne 0 ]]; then
+        echo "Not found: $metadata_url"
+        return
+    fi
+
+    curl --form userfile=@"$FILES/${metadata_fname}" "https://www.testshib.org/procupload.php"
+}
+
 function configure_federation {
    local keystone_apache_conf=$(apache_site_config_for keystone)

@ -50,8 +67,12 @@ function configure_federation {

    # Enable the mapped auth method in /etc/keystone.conf
    iniset $KEYSTONE_CONF auth methods "external,password,token,mapped"
+
    # Specify the header that contains information about the identity provider
    iniset $KEYSTONE_CONF mapped remote_id_attribute "Shib-Identity-Provider"
+
+    # Register the service provider
+    upload_sp_metadata
 }

 function register_federation {