Attachment #7427 for bug #33214

View | Details | Raw Unified | Return to bug 33214
Collapse All | Expand All

(-)a/saml/univention-saml/conffiles/etc/apache2/sites-available/univention-saml (+2 lines)

Lines 17-22 RewriteRule ^/?simplesamlphp/(.*) https://%{SERVER_NAME}/simplesamlphp/$1 [R,L]	Link Here

@!@

@!@

<LocationMatch /simplesamlphp/>

<LocationMatch /simplesamlphp/>

	SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

	# AJAX-Requests via UMC must be possible

	# AJAX-Requests via UMC must be possible

	Header always set Access-Control-Allow-Origin "*"

	Header always set Access-Control-Allow-Origin "*"

	SetEnvIf Origin "^https?://" origin=true

	SetEnvIf Origin "^https?://" origin=true




		// Can be NULL/unset, in which case a builtin discovery service will be used.
		'discoURL' => NULL,
	),
	'univention-negotiate' => array(
		'negotiate:Negotiate',
		'keytab' => '/etc/krb5.keytab',
		'fallback' => 'univention-ldap',
@!@
ldap_user = 'uid=sys-idp-user,cn=users,%s' % configRegistry.get('ldap/base', 'null')
if configRegistry.get('saml/idp/ldap/user'):
	ldap_user = configRegistry.get('saml/idp/ldap/user')
password = ''
try:
	password = open('/etc/idp-ldap-user.secret','r').read().strip()
except (IOError, OSError):
	import sys
	print >> sys.stderr, '/etc/idp-ldap-user.secret could not be read!'
print "		'hostname' => '%s.%s'," % (configRegistry['hostname'], configRegistry['domainname'])
print "		'base' => '%s'," % (configRegistry['ldap/base'],)
print "		'adminUser' => '%s'," % (ldap_user,)
print "		'adminPassword' => '%s'," % (password,)
print "	),"
print ""
print """
	// LDAP authentication source.
	'univention-ldap' => array(
		'uldap:uLDAP',

		//'hostname' => '127.0.0.1',
		// Whether SSL/TLS should be used when contacting the LDAP server.
		//'enable_tls' => FALSE,
"""

@!@
from univention.lib.misc import getLDAPURIs
hostname = getLDAPURIs()


print "	'attributes'		=> array(%s)," % attributes
print "	'search.base'		=> '%s'," % configRegistry.get('ldap/base', 'null')
print "	'search.attributes' 	=> array(%s)," % configRegistry.get('saml/idp/ldap/search_attributes', '\'uid\'')

ldap_user = 'uid=sys-idp-user,cn=users,%s' % configRegistry.get('ldap/base', 'null')
if configRegistry.get('saml/idp/ldap/user'):
	ldap_user = configRegistry.get('saml/idp/ldap/user')

print "	'search.username'	=> '%s'," % ldap_user

password = ''
try:
	password = open('/etc/idp-ldap-user.secret','r').read().strip()
except (IOError, OSError):
	import sys
	print >> sys.stderr, '/etc/idp-ldap-user.secret could not be read!'

print "	'search.password'	=> '%s'," % password
@!@


(-)a/saml/univention-saml/conffiles/etc/simplesamlphp/metadata/00_saml20-idp-hosted.php (-2 / +3 lines)

Lines 26-33 print " 'certificate' => '%s'," % configRegistry.get('saml/idp/certificate/certi	Link Here

	 * Authentication source to use. Must be one that is configured in

	 * Authentication source to use. Must be one that is configured in

	 * 'config/authsources.php'.

	 * 'config/authsources.php'.

*/

*/

	//'auth' => 'example-userpass',

@!@

	'auth' => 'univention-ldap',

print "	'auth' => '%s'," % (configRegistry.get('saml/idp/auth', 'univention-ldap'),)

@!@

	/* Uncomment the following to use the uri NameFormat on attributes. */

	/* Uncomment the following to use the uri NameFormat on attributes. */

/*

/*

(-)a/saml/univention-saml/debian/univention-saml.postinst (+1 lines)

Lines 63-68 configure)	Link Here

	if [ ! -e /etc/simplesamlphp/metadata/metadata_include.php ]; then

	if [ ! -e /etc/simplesamlphp/metadata/metadata_include.php ]; then

		touch /etc/simplesamlphp/metadata/metadata_include.php

		touch /etc/simplesamlphp/metadata/metadata_include.php

fi

fi

	touch /usr/share/simplesamlphp/modules/negotiate/enable

	chown -R root:samlcgi /etc/simplesamlphp

	chown -R root:samlcgi /etc/simplesamlphp

Return to bug 33214