diff options
| author | Colleen Murphy <colleen@gazlene.net> | 2018-11-03 21:55:42 +0100 |
|---|---|---|
| committer | Colleen Murphy <colleen.murphy@suse.de> | 2019-03-15 15:43:55 +0100 |
| commit | a922d541cd34e8d7ec4d09daccf8c40dabab985c (patch) | |
| tree | ad292ebbd201570c124e9c84698e88d53fbac7a5 | |
| parent | 4420b78c0151783b5e1acb0cfc060eb35713d0ae (diff) | |
| download | keystone-a922d541cd34e8d7ec4d09daccf8c40dabab985c.tar.gz | |
Switch devstack plugin to samltest.id
testshib.org is no longer maintained and has been broken for some
time[1]. Use the new samltest.id provider instead.
This is not a permanent solution, this is a stopgap measure until we
configure our own IdP in the devstack plugin.
[1] https://marc.info/?l=shibboleth-users&m=154056288800549&w=2
Depends-On: https://review.openstack.org/643599
Change-Id: Ifa514395d9cdb2197ef8a43885ec598483dd7a38
(cherry picked from commit e4fe2659c46b5e11adcc193945d311c0337ce982)
| -rw-r--r-- | devstack/files/federation/attribute-map.xml | 3 | ||||
| -rw-r--r-- | devstack/lib/federation.sh | 25 |
2 files changed, 15 insertions, 13 deletions
diff --git a/devstack/files/federation/attribute-map.xml b/devstack/files/federation/attribute-map.xml index e651bdb43..4094caad0 100644 --- a/devstack/files/federation/attribute-map.xml +++ b/devstack/files/federation/attribute-map.xml @@ -63,4 +63,7 @@ <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/> </Attribute> + <!-- UID attribute used by samltest.id --> + <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid" /> + </Attributes> diff --git a/devstack/lib/federation.sh b/devstack/lib/federation.sh index b93e259f4..774b7c271 100644 --- a/devstack/lib/federation.sh +++ b/devstack/lib/federation.sh @@ -16,15 +16,14 @@ DOMAIN_NAME=${DOMAIN_NAME:-federated_domain} PROJECT_NAME=${PROJECT_NAME:-federated_project} GROUP_NAME=${GROUP_NAME:-federated_users} -# TODO(rodrigods): remove/update the settings based at testshib -IDP_ID=${IDP_ID:-testshib} -IDP_USERNAME=${IDP_USERNAME:-myself} -IDP_PASSWORD=${IDP_PASSWORD:-myself} -IDP_REMOTE_ID=${IDP_REMOTE_ID:-https://idp.testshib.org/idp/shibboleth} -IDP_ECP_URL=${IDP_ECP_URL:-https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP} -IDP_METADATA_URL=${IDP_METADATA_URL:-http://www.testshib.org/metadata/testshib-providers.xml} - -MAPPING_REMOTE_TYPE=${MAPPING_REMOTE_TYPE:-eppn} +IDP_ID=${IDP_ID:-samltest} +IDP_USERNAME=${IDP_USERNAME:-morty} +IDP_PASSWORD=${IDP_PASSWORD:-panic} +IDP_REMOTE_ID=${IDP_REMOTE_ID:-https://samltest.id/saml/idp} +IDP_ECP_URL=${IDP_ECP_URL:-https://samltest.id/idp/profile/SAML2/SOAP/ECP} +IDP_METADATA_URL=${IDP_METADATA_URL:-https://samltest.id/saml/idp} + +MAPPING_REMOTE_TYPE=${MAPPING_REMOTE_TYPE:-uid} MAPPING_USER_NAME=${MAPPING_USER_NAME:-"{0}"} PROTOCOL_ID=${PROTOCOL_ID:-mapped} @@ -74,7 +73,7 @@ function install_federation { fi } -function upload_sp_metadata_to_testshib { +function upload_sp_metadata_to_samltest { local metadata_fname=${HOST_IP//./}_"$RANDOM"_sp local metadata_url=http://$HOST_IP/Shibboleth.sso/Metadata @@ -84,7 +83,7 @@ function upload_sp_metadata_to_testshib { return fi - curl --form userfile=@"$FILES/${metadata_fname}" "https://www.testshib.org/procupload.php" + curl --form userfile=@"$FILES/${metadata_fname}" --form "submit=OK" "https://samltest.id/upload.php" } function configure_federation { @@ -115,8 +114,8 @@ function configure_federation { # TODO(knikolla): We should not be relying on an external service. This # will be removed once we have an idp deployed during devstack install. - if [[ "$IDP_ID" == "testshib" ]]; then - upload_sp_metadata_to_testshib + if [[ "$IDP_ID" == "samltest" ]]; then + upload_sp_metadata_to_samltest fi } |