diff options
| author | Rodrigo Duarte Sousa <rduartes@redhat.com> | 2016-11-22 10:10:28 -0300 |
|---|---|---|
| committer | Rodrigo Duarte Sousa <rduartes@redhat.com> | 2016-11-28 23:44:01 -0300 |
| commit | bd37276b5b051a2c7d732d0839c786ffabf7fad3 (patch) | |
| tree | 71fd2166149d7ad5f20263bc67a2d119b6537183 /devstack | |
| parent | ec9e5b2b262d6976968602974eb9aaf258b60362 (diff) | |
| download | keystone-bd37276b5b051a2c7d732d0839c786ffabf7fad3.tar.gz | |
Upload service provider metadata to testshib
In order to register the service provider in testshib, we need to upload
its metadata.
Also makes some minor fixes.
Change-Id: Idfe0eb016370e7776de3525a813d0535cfc75e27
Diffstat (limited to 'devstack')
| -rw-r--r-- | devstack/files/federation/shib_apache_handler.txt | 2 | ||||
| -rw-r--r-- | devstack/lib/federation.sh | 23 |
2 files changed, 23 insertions, 2 deletions
diff --git a/devstack/files/federation/shib_apache_handler.txt b/devstack/files/federation/shib_apache_handler.txt index 117e022dc..ebf53ada6 100644 --- a/devstack/files/federation/shib_apache_handler.txt +++ b/devstack/files/federation/shib_apache_handler.txt @@ -3,7 +3,7 @@ SetHandler shib </Location> -<Location /identity/v3/OS-FEDERATION/identity_providers/testshib/protocols/mapped/auth> +<Location /identity/v3/OS-FEDERATION/identity_providers/%IDP_ID%/protocols/mapped/auth> ShibRequestSetting requireSession 1 AuthType shibboleth ShibExportAssertion Off diff --git a/devstack/lib/federation.sh b/devstack/lib/federation.sh index 4f33bfe84..9b450e921 100644 --- a/devstack/lib/federation.sh +++ b/devstack/lib/federation.sh @@ -12,6 +12,10 @@ # License for the specific language governing permissions and limitations # under the License. + +IDP_ID=${IDP_ID:-testshib} + + function install_federation { if is_ubuntu; then install_package libapache2-mod-shib2 @@ -22,12 +26,25 @@ function install_federation { # Enable the Shibboleth module for Apache sudo a2enmod shib2 else - # Note(knikolla): For CentOS/RHEL, installing shibboleth is tricky + # NOTE(knikolla): For CentOS/RHEL, installing shibboleth is tricky # It requires adding a separate repo not officially supported echo "Skipping installation of shibboleth for non ubuntu host" fi } +function upload_sp_metadata { + local metadata_fname=${HOST_IP//./}_"$RANDOM"_sp + local metadata_url=http://$HOST_IP/Shibboleth.sso/Metadata + + wget $metadata_url -O $FILES/$metadata_fname + if [[ $? -ne 0 ]]; then + echo "Not found: $metadata_url" + return + fi + + curl --form userfile=@"$FILES/${metadata_fname}" "https://www.testshib.org/procupload.php" +} + function configure_federation { local keystone_apache_conf=$(apache_site_config_for keystone) @@ -50,8 +67,12 @@ function configure_federation { # Enable the mapped auth method in /etc/keystone.conf iniset $KEYSTONE_CONF auth methods "external,password,token,mapped" + # Specify the header that contains information about the identity provider iniset $KEYSTONE_CONF mapped remote_id_attribute "Shib-Identity-Provider" + + # Register the service provider + upload_sp_metadata } function register_federation { |