Hi, @Imesh: As we discussed will use sso_service_providers instead of sso_product_list. That is more meaningful.
@Sanjaya: These hiera data will be mapped to the placeholders in authenticators.xml [1]. If you check the puppet template we have a property called disabled as follows. <Authenticator name="SAML2SSOAuthenticator" disabled="<%= @sso_authentication['disabled'] %>"> So here, we cannot use as @sso_authentication['enabled'], because it will mark the disabled property as the opposite way. [1] - https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 Thank you! On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera <[email protected]> wrote: > Hi Pubudu, > Looks great. I have a small suggestion if it make sense. Any specific > reason of having "disabled: *false" *instead of "enabled: *true" *for > enabling this feature :-) > > Regards > > ~sanjaya > > On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka <[email protected]> > wrote: > >> Hi, >> >> I have completed setting up sso for WSO2 products using WSO2 puppet >> modules. This is really helpful when you need to automate the entire >> process of setting up sso for WSO2 products. Basically you need to do the >> sso changes in the product as well as in the WSO2 Identity Server or any >> other Identity providers. Following are the changes that needs to be done >> in hiera yaml files. >> >> *Any WSO2 product configuration:* >> >> Following hiera values [1] should be set in the product hiera file to >> enable sso. Configurations include enable sso, login page url, service >> provider id, sso serverice url and consumer service url. >> >> wso2::sso_authentication: >> disabled: *false* >> login_page: */carbon/admin/login.jsp* >> service_provider_id: *wso2esb* >> sso_service_url: *https://wso2is-default:10113/samlsso >> <https://wso2is-default:10113/samlsso>* >> consumer_service_url: *https://wso2esb-default:10095/acs >> <https://wso2esb-default:10095/acs>* >> >> *WSO2 IS configuration:* >> >> You can create service providers in WSO2 IS based on the details you have >> given to each and every product. Other fully automated option is to provide >> the list of products that needs to be created service providers in WSO2 IS >> hiera data file as below. >> >> wso2::sso_product_list: >> wso2esb: >> assertion_consumer_service_url: *https://wso2esb-default:9443/acs >> <https://wso2esb-default:9443/acs>* >> default_assertion_consumer_service_url: >> *https://wso2esb-default:9443/acs >> <https://wso2esb-default:9443/acs>* >> wso2as: >> assertion_consumer_service_url: *https://wso2as-default:9443/acs >> <https://wso2as-default:9443/acs>* >> default_assertion_consumer_service_url: >> *https://wso2as-default:9443/acs >> <https://wso2as-default:9443/acs>* >> >> This will do the following changes in WSO2 IS side. >> 1. Add a new service_provider block in sso-idp-config.xml. >> 2. Create a new file under >> <WSO2_IS>/repository/conf/identity/service-providers/ directory with the >> same name of the service provider. >> >> The advantage of this is we can use this with docker containers. I have >> tested this in Mesos. Please share your thoughts. >> >> [1] - >> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 >> [2] - >> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35 >> >> Thank you! >> -- >> *Pubudu Gunatilaka* >> Committer and PMC Member - Apache Stratos >> Software Engineer >> WSO2, Inc.: http://wso2.com >> mobile : +94774078049 <%2B94772207163> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Sanjaya Ratnaweera > Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. > > blog: http://www.samudura.org > homepage: http://www.samudura.net > twitter: http://twitter.com/sanjayar > Phone: +94 773037349 > > Lean . Enterprise . Middleware > -- *Pubudu Gunatilaka* Committer and PMC Member - Apache Stratos Software Engineer WSO2, Inc.: http://wso2.com mobile : +94774078049 <%2B94772207163>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
