Attachment #7427 for bug #33214

View | Details | Raw Unified | Return to bug 33214
Collapse All | Expand All

Lines 17-22 RewriteRule ^/?simplesamlphp/(.*) https://%{SERVER_NAME}/simplesamlphp/$1 [R,L] Link Here

(-)a/saml/univention-saml/conffiles/etc/apache2/sites-available/univention-saml (+2 lines)
17	@!@	17	@!@
18		18
19	<LocationMatch /simplesamlphp/>	19	<LocationMatch /simplesamlphp/>
		20	SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
		21
20	# AJAX-Requests via UMC must be possible	22	# AJAX-Requests via UMC must be possible
21	Header always set Access-Control-Allow-Origin "*"	23	Header always set Access-Control-Allow-Origin "*"
22	SetEnvIf Origin "^https?://" origin=true	24	SetEnvIf Origin "^https?://" origin=true




		// Can be NULL/unset, in which case a builtin discovery service will be used.
		'discoURL' => NULL,
	),
	'univention-negotiate' => array(
		'negotiate:Negotiate',
		'keytab' => '/etc/krb5.keytab',
		'fallback' => 'univention-ldap',
@!@
ldap_user = 'uid=sys-idp-user,cn=users,%s' % configRegistry.get('ldap/base', 'null')
if configRegistry.get('saml/idp/ldap/user'):
	ldap_user = configRegistry.get('saml/idp/ldap/user')
password = ''
try:
	password = open('/etc/idp-ldap-user.secret','r').read().strip()
except (IOError, OSError):
	import sys
	print >> sys.stderr, '/etc/idp-ldap-user.secret could not be read!'
print "		'hostname' => '%s.%s'," % (configRegistry['hostname'], configRegistry['domainname'])
print "		'base' => '%s'," % (configRegistry['ldap/base'],)
print "		'adminUser' => '%s'," % (ldap_user,)
print "		'adminPassword' => '%s'," % (password,)
print "	),"
print ""
print """
	// LDAP authentication source.
	'univention-ldap' => array(
		'uldap:uLDAP',

		//'hostname' => '127.0.0.1',
		// Whether SSL/TLS should be used when contacting the LDAP server.
		//'enable_tls' => FALSE,
"""

@!@
from univention.lib.misc import getLDAPURIs
hostname = getLDAPURIs()


print "	'attributes'		=> array(%s)," % attributes
print "	'search.base'		=> '%s'," % configRegistry.get('ldap/base', 'null')
print "	'search.attributes' 	=> array(%s)," % configRegistry.get('saml/idp/ldap/search_attributes', '\'uid\'')

ldap_user = 'uid=sys-idp-user,cn=users,%s' % configRegistry.get('ldap/base', 'null')
if configRegistry.get('saml/idp/ldap/user'):
	ldap_user = configRegistry.get('saml/idp/ldap/user')

print "	'search.username'	=> '%s'," % ldap_user

password = ''
try:
	password = open('/etc/idp-ldap-user.secret','r').read().strip()
except (IOError, OSError):
	import sys
	print >> sys.stderr, '/etc/idp-ldap-user.secret could not be read!'

print "	'search.password'	=> '%s'," % password
@!@


Lines 26-33 print " 'certificate' => '%s'," % configRegistry.get('saml/idp/certificate/certi Link Here

(-)a/saml/univention-saml/conffiles/etc/simplesamlphp/metadata/00_saml20-idp-hosted.php (-2 / +3 lines)
26	* Authentication source to use. Must be one that is configured in	26	* Authentication source to use. Must be one that is configured in
27	* 'config/authsources.php'.	27	* 'config/authsources.php'.
28	*/	28	*/
29	//'auth' => 'example-userpass',	29	@!@
30	'auth' => 'univention-ldap',	30	print " 'auth' => '%s'," % (configRegistry.get('saml/idp/auth', 'univention-ldap'),)
		31	@!@
31		32
32	/* Uncomment the following to use the uri NameFormat on attributes. */	33	/* Uncomment the following to use the uri NameFormat on attributes. */
33	/*	34	/*

Lines 63-68 configure) Link Here

(-)a/saml/univention-saml/debian/univention-saml.postinst (+1 lines)
63	if [ ! -e /etc/simplesamlphp/metadata/metadata_include.php ]; then	63	if [ ! -e /etc/simplesamlphp/metadata/metadata_include.php ]; then
64	touch /etc/simplesamlphp/metadata/metadata_include.php	64	touch /etc/simplesamlphp/metadata/metadata_include.php
65	fi	65	fi
		66	touch /usr/share/simplesamlphp/modules/negotiate/enable
66		67
67	chown -R root:samlcgi /etc/simplesamlphp	68	chown -R root:samlcgi /etc/simplesamlphp
68		69

Return to bug 33214

Lines 29-35 $config = array( Link Here

(-)a/saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php (-17 / +22 lines)
29	// Can be NULL/unset, in which case a builtin discovery service will be used.	29	// Can be NULL/unset, in which case a builtin discovery service will be used.
30	'discoURL' => NULL,	30	'discoURL' => NULL,
31	),	31	),
32		32	'univention-negotiate' => array(
		33	'negotiate:Negotiate',
		34	'keytab' => '/etc/krb5.keytab',
		35	'fallback' => 'univention-ldap',
		36	@!@
		37	ldap_user = 'uid=sys-idp-user,cn=users,%s' % configRegistry.get('ldap/base', 'null')
		38	if configRegistry.get('saml/idp/ldap/user'):
		39	ldap_user = configRegistry.get('saml/idp/ldap/user')
		40	password = ''
		41	try:
		42	password = open('/etc/idp-ldap-user.secret','r').read().strip()
		43	except (IOError, OSError):
		44	import sys
		45	print >> sys.stderr, '/etc/idp-ldap-user.secret could not be read!'
		46	print " 'hostname' => '%s.%s'," % (configRegistry['hostname'], configRegistry['domainname'])
		47	print " 'base' => '%s'," % (configRegistry['ldap/base'],)
		48	print " 'adminUser' => '%s'," % (ldap_user,)
		49	print " 'adminPassword' => '%s'," % (password,)
		50	print " ),"
		51	print ""
		52	print """
33	// LDAP authentication source.	53	// LDAP authentication source.
34	'univention-ldap' => array(	54	'univention-ldap' => array(
35	'uldap:uLDAP',	55	'uldap:uLDAP',
Lines 43-51 $config = array( Link Here
43	//'hostname' => '127.0.0.1',	63	//'hostname' => '127.0.0.1',
44	// Whether SSL/TLS should be used when contacting the LDAP server.	64	// Whether SSL/TLS should be used when contacting the LDAP server.
45	//'enable_tls' => FALSE,	65	//'enable_tls' => FALSE,
46		66	"""
47
48	@!@
49	from univention.lib.misc import getLDAPURIs	67	from univention.lib.misc import getLDAPURIs
50	hostname = getLDAPURIs()	68	hostname = getLDAPURIs()
51		69
Lines 61-80 print " 'debug' => %s," % configRegistry.get('saml/idp/ldap/debug', 'FALSE') Link Here
61	print " 'attributes' => array(%s)," % attributes	79	print " 'attributes' => array(%s)," % attributes
62	print " 'search.base' => '%s'," % configRegistry.get('ldap/base', 'null')	80	print " 'search.base' => '%s'," % configRegistry.get('ldap/base', 'null')
63	print " 'search.attributes' => array(%s)," % configRegistry.get('saml/idp/ldap/search_attributes', '\'uid\'')	81	print " 'search.attributes' => array(%s)," % configRegistry.get('saml/idp/ldap/search_attributes', '\'uid\'')
64
65	ldap_user = 'uid=sys-idp-user,cn=users,%s' % configRegistry.get('ldap/base', 'null')
66	if configRegistry.get('saml/idp/ldap/user'):
67	ldap_user = configRegistry.get('saml/idp/ldap/user')
68
69	print " 'search.username' => '%s'," % ldap_user	82	print " 'search.username' => '%s'," % ldap_user
70
71	password = ''
72	try:
73	password = open('/etc/idp-ldap-user.secret','r').read().strip()
74	except (IOError, OSError):
75	import sys
76	print >> sys.stderr, '/etc/idp-ldap-user.secret could not be read!'
77
78	print " 'search.password' => '%s'," % password	83	print " 'search.password' => '%s'," % password
79	@!@	84	@!@
80		85