puppet-keystone/templates/shibboleth.conf.erb
Iury Gregory Melo Ferreira ebb2450ce5 Support for Keystone as Service Provider
This patch implements the class to configure Keystone
as a Service Provider. It covers only Keystone as SP
for K2K (Protocol is SAML and module is Shibboleth)

On Debian based systems:
1- Configure keystone.conf
2- Install Shibboleth
3- Reconfigure the selected Keystone VirtualHost on Apache.

On RedHat based systems:
1- Configure keystone.conf
2- Reconfigure the selected Keystone VirtualHost on Apache.
Note: Step 2 will only execute if the user have add the extra repository
or installed shibboleth.
(About the extra repository, see:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxRPMInstall)

Implements: blueprint enabling-federation
Change-Id: I32a1487c7674605124e6d0b182fe38ea4b58de87
2015-11-24 11:48:26 +00:00

13 lines
440 B
Plaintext

WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ <%= scope['keystone::params::keystone_wsgi_script_path'] -%>/$1
<Location /Shibboleth.sso>
SetHandler shib
</Location>
<LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/saml2/auth>
ShibRequestSetting requireSession 1
AuthType shibboleth
ShibExportAssertion Off
Require valid-user
</LocationMatch>