diff options
author | Colleen Murphy <colleen@gazlene.net> | 2018-11-03 21:55:42 +0100 |
---|---|---|
committer | Colleen Murphy <colleen@gazlene.net> | 2018-11-06 23:02:36 +0100 |
commit | e4fe2659c46b5e11adcc193945d311c0337ce982 (patch) | |
tree | bb02d2f01bc63e89507b1dc17600a33afa01f001 /devstack | |
parent | c785729efee0daf472301719e0b41e9ff2b7c64d (diff) | |
download | keystone-e4fe2659c46b5e11adcc193945d311c0337ce982.tar.gz |
Switch devstack plugin to samltest.id
testshib.org is no longer maintained and has been broken for some
time[1]. Use the new samltest.id provider instead.
This is not a permanent solution, this is a stopgap measure until we
configure our own IdP in the devstack plugin.
[1] https://marc.info/?l=shibboleth-users&m=154056288800549&w=2
Change-Id: Ifa514395d9cdb2197ef8a43885ec598483dd7a38
Diffstat (limited to 'devstack')
-rw-r--r-- | devstack/files/federation/attribute-map.xml | 3 | ||||
-rw-r--r-- | devstack/lib/federation.sh | 25 |
2 files changed, 15 insertions, 13 deletions
diff --git a/devstack/files/federation/attribute-map.xml b/devstack/files/federation/attribute-map.xml index e651bdb43..4094caad0 100644 --- a/devstack/files/federation/attribute-map.xml +++ b/devstack/files/federation/attribute-map.xml @@ -63,4 +63,7 @@ <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/> </Attribute> + <!-- UID attribute used by samltest.id --> + <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid" /> + </Attributes> diff --git a/devstack/lib/federation.sh b/devstack/lib/federation.sh index b93e259f4..774b7c271 100644 --- a/devstack/lib/federation.sh +++ b/devstack/lib/federation.sh @@ -16,15 +16,14 @@ DOMAIN_NAME=${DOMAIN_NAME:-federated_domain} PROJECT_NAME=${PROJECT_NAME:-federated_project} GROUP_NAME=${GROUP_NAME:-federated_users} -# TODO(rodrigods): remove/update the settings based at testshib -IDP_ID=${IDP_ID:-testshib} -IDP_USERNAME=${IDP_USERNAME:-myself} -IDP_PASSWORD=${IDP_PASSWORD:-myself} -IDP_REMOTE_ID=${IDP_REMOTE_ID:-https://idp.testshib.org/idp/shibboleth} -IDP_ECP_URL=${IDP_ECP_URL:-https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP} -IDP_METADATA_URL=${IDP_METADATA_URL:-http://www.testshib.org/metadata/testshib-providers.xml} - -MAPPING_REMOTE_TYPE=${MAPPING_REMOTE_TYPE:-eppn} +IDP_ID=${IDP_ID:-samltest} +IDP_USERNAME=${IDP_USERNAME:-morty} +IDP_PASSWORD=${IDP_PASSWORD:-panic} +IDP_REMOTE_ID=${IDP_REMOTE_ID:-https://samltest.id/saml/idp} +IDP_ECP_URL=${IDP_ECP_URL:-https://samltest.id/idp/profile/SAML2/SOAP/ECP} +IDP_METADATA_URL=${IDP_METADATA_URL:-https://samltest.id/saml/idp} + +MAPPING_REMOTE_TYPE=${MAPPING_REMOTE_TYPE:-uid} MAPPING_USER_NAME=${MAPPING_USER_NAME:-"{0}"} PROTOCOL_ID=${PROTOCOL_ID:-mapped} @@ -74,7 +73,7 @@ function install_federation { fi } -function upload_sp_metadata_to_testshib { +function upload_sp_metadata_to_samltest { local metadata_fname=${HOST_IP//./}_"$RANDOM"_sp local metadata_url=http://$HOST_IP/Shibboleth.sso/Metadata @@ -84,7 +83,7 @@ function upload_sp_metadata_to_testshib { return fi - curl --form userfile=@"$FILES/${metadata_fname}" "https://www.testshib.org/procupload.php" + curl --form userfile=@"$FILES/${metadata_fname}" --form "submit=OK" "https://samltest.id/upload.php" } function configure_federation { @@ -115,8 +114,8 @@ function configure_federation { # TODO(knikolla): We should not be relying on an external service. This # will be removed once we have an idp deployed during devstack install. - if [[ "$IDP_ID" == "testshib" ]]; then - upload_sp_metadata_to_testshib + if [[ "$IDP_ID" == "samltest" ]]; then + upload_sp_metadata_to_samltest fi } |