First Last Prev Next    This bug is not in your last search results.
Bug 48348 - Allow inclusion of additional configuration files for SSO virtualhost
Allow inclusion of additional configuration files for SSO virtualhost
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SAML
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-3-errata
Assigned To: Erik Damrose
Jürn Brodersen
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-12-13 15:25 CET by Erik Damrose
Modified: 2019-03-30 07:54 CET (History)
1 user (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2018-12-13 15:25:48 CET 
The UCS default apache configuration can be extended by placing files in /etc/apache2/ucs-sites.conf.d/, these get included with an IncludeOptional statement in/etc/apache2/sites-available/000-default.conf and default-ssl.conf.

There is currently no way to extend the single sign on VirtualHost configuration in a similar way. Additional software should have an easy way to be added to the VirtualHost, e.g. the OpenID Connect provider.

An IncludeOptional Statement will be added to univention-saml.conf
Comment 1 Erik Damrose univentionstaff 2018-12-13 16:03:48 CET 
fc58260b Include additional configuration files from /etc/apache2/sso-vhost.conf.d in saml virtualhost config

Package: univention-saml
Version: 5.0.4-30A~4.3.0.201812131559
Branch: ucs_4.3-0
Scope: errata4.3-3

9138d5a2 yaml
Comment 2 Philipp Hahn univentionstaff 2018-12-14 13:37:16 CET 
4a2cd9dbbc Bug #48348: univention-saml 5.0.4-30A~4.3.0.201812131559---
 doc/errata/staging/univention-saml.yaml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

 This update addresses the following [-issue(s):-]{+issue:+}
 * The univention-saml [-apache2-]{+Apache2+} VirtualHost configuration can now be extended
   by placing .conf files in the directory /etc/apache2/sso-vhost.conf.d/
Comment 3 Jürn Brodersen univentionstaff 2019-01-10 11:41:24 CET 
Including sso-vhost.conf.d/*.conf into the non vhost config (the fqdn instead of ucs-sso is used for saml) might be a problem for some options. But I don't see an easy solution for that nor is it a problem at the moment.


Config used for testing:
'''
<Location "/secure">
    AuthType basic
    AuthName "private area"
    AuthUserFile    "/etc/apache2/test"
    Require            valid-user
</Location>
'''


What I tested:
Added config to /etc/apache2/sso-vhost.conf.d and restart apache -> OK
  "curl http://ucs-sso.univention.intranet/secure" asks for creds -> OK
  "curl https://ucs-sso.univention.intranet/secure" asks for creds -> OK
  ucs-test/82_saml/04_saml_login -> OK

Removed config and restart apache -> OK
  ucs-test/82_saml/04_saml_login -> OK

YAML -> OK
Code in 4.4-0 -> OK
Comment 4 Arvid Requate univentionstaff 2019-01-16 13:25:22 CET 
<http://errata.software-univention.de/ucs/4.3/406.html>
First Last Prev Next    This bug is not in your last search results.