Add memcache setup to shibboleth2.xml

Adds memcache session information to /etc/shibboleth/shibboleth2.xml when the shibboleth sp is configured. Change-Id: I4489b01d0c6741c9390c2f65bbf3650308123a49 Closes-Bug: 1661197
2018-03-07 10:30:47 +00:00 · 2018-03-07 10:30:47 +00:00 · 6f6fe28fc5
parent 8fceb54c24
commit 6f6fe28fc5
1 changed files with 23 additions and 1 deletions
--- a/templates/shibboleth2.xml.j2
+++ b/templates/shibboleth2.xml.j2
@ -5,6 +5,28 @@
          xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
          clockSkew="180">

+    <OutOfProcess>
+        <Extensions>
+            <Library path="memcache-store.so" fatal="true"/>
+        </Extensions>
+    </OutOfProcess>
+
+    <StorageService type="MEMCACHE" id="mc" prefix="shibboleth2:">
+        <Hosts>
+            {{ memcached_servers }}
+        </Hosts>
+    </StorageService>
+
+    <StorageService type="MEMCACHE" id="mc-ctx" prefix="shibboleth2:" buildMap="1">
+        <Hosts>
+            {{ memcached_servers }}
+        </Hosts>
+    </StorageService>
+
+    <SessionCache type="StorageService" cacheTimeout="{{ horizon_session_timeout }}" StorageService="mc-ctx" StorageServiceLite="mc" />
+    <ReplayCache StorageService="mc"/>
+    <ArtifactMap StorageService="mc" artifactTTL="180"/>
+
    <!-- The entityID is the name by which your IdP will know your SP. -->
    <ApplicationDefaults entityID="{{ keystone_service_publicuri }}/shibboleth">

@ -12,7 +34,7 @@
        <!-- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions -->
        <Sessions lifetime="28800"
                  timeout="3600"
-                  relayState="ss:mem"
+                  relayState="ss:mc"
                  checkAddress="false"
                  handlerSSL="{% if keystone_ssl | bool %}true{% else %}false{% endif %}"
                  {% if keystone_service_publicuri_proto == "https" %}cookieProps="; path=/; secure"{% endif %}>