Hi Pubudu,
On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka <[email protected]>
wrote:
> Hi,
>
> @Imesh: As we discussed will use sso_service_providers instead of
> sso_product_list. That is more meaningful.
>
> @Sanjaya: These hiera data will be mapped to the placeholders in
> authenticators.xml [1]. If you check the puppet template we have a property
> called disabled as follows.
>
> <Authenticator name="SAML2SSOAuthenticator" disabled="<%=
> @sso_authentication['disabled'] %>">
>
True. What you have done is correct. Improvement needs to be done in
configuration file :-)
Regards
~sanjaya
>
>
> So here, we cannot use as @sso_authentication['enabled'], because it will
> mark the disabled property as the opposite way.
>
> [1] -
> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
>
> Thank you!
>
> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera <[email protected]>
> wrote:
>
>> Hi Pubudu,
>> Looks great. I have a small suggestion if it make sense. Any specific
>> reason of having "disabled: *false" *instead of "enabled: *true" *for
>> enabling this feature :-)
>>
>> Regards
>>
>> ~sanjaya
>>
>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka <[email protected]>
>> wrote:
>>
>>> Hi,
>>>
>>> I have completed setting up sso for WSO2 products using WSO2 puppet
>>> modules. This is really helpful when you need to automate the entire
>>> process of setting up sso for WSO2 products. Basically you need to do the
>>> sso changes in the product as well as in the WSO2 Identity Server or any
>>> other Identity providers. Following are the changes that needs to be done
>>> in hiera yaml files.
>>>
>>> *Any WSO2 product configuration:*
>>>
>>> Following hiera values [1] should be set in the product hiera file to
>>> enable sso. Configurations include enable sso, login page url, service
>>> provider id, sso serverice url and consumer service url.
>>>
>>> wso2::sso_authentication:
>>> disabled: *false*
>>> login_page: */carbon/admin/login.jsp*
>>> service_provider_id: *wso2esb*
>>> sso_service_url: *https://wso2is-default:10113/samlsso
>>> <https://wso2is-default:10113/samlsso>*
>>> consumer_service_url: *https://wso2esb-default:10095/acs
>>> <https://wso2esb-default:10095/acs>*
>>>
>>> *WSO2 IS configuration:*
>>>
>>> You can create service providers in WSO2 IS based on the details you
>>> have given to each and every product. Other fully automated option is to
>>> provide the list of products that needs to be created service providers in
>>> WSO2 IS hiera data file as below.
>>>
>>> wso2::sso_product_list:
>>> wso2esb:
>>> assertion_consumer_service_url: *https://wso2esb-default:9443/acs
>>> <https://wso2esb-default:9443/acs>*
>>> default_assertion_consumer_service_url:
>>> *https://wso2esb-default:9443/acs
>>> <https://wso2esb-default:9443/acs>*
>>> wso2as:
>>> assertion_consumer_service_url: *https://wso2as-default:9443/acs
>>> <https://wso2as-default:9443/acs>*
>>> default_assertion_consumer_service_url:
>>> *https://wso2as-default:9443/acs
>>> <https://wso2as-default:9443/acs>*
>>>
>>> This will do the following changes in WSO2 IS side.
>>> 1. Add a new service_provider block in sso-idp-config.xml.
>>> 2. Create a new file under
>>> <WSO2_IS>/repository/conf/identity/service-providers/ directory with the
>>> same name of the service provider.
>>>
>>> The advantage of this is we can use this with docker containers. I have
>>> tested this in Mesos. Please share your thoughts.
>>>
>>> [1] -
>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
>>> [2] -
>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35
>>>
>>> Thank you!
>>> --
>>> *Pubudu Gunatilaka*
>>> Committer and PMC Member - Apache Stratos
>>> Software Engineer
>>> WSO2, Inc.: http://wso2.com
>>> mobile : +94774078049 <%2B94772207163>
>>>
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Sanjaya Ratnaweera
>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/.
>>
>> blog: http://www.samudura.org
>> homepage: http://www.samudura.net
>> twitter: http://twitter.com/sanjayar
>> Phone: +94 773037349
>>
>> Lean . Enterprise . Middleware
>>
>
>
>
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>
--
Sanjaya Ratnaweera
Associate Technical Lead; WSO2 Inc; http://www.wso2.com/.
blog: http://www.samudura.org
homepage: http://www.samudura.net
twitter: http://twitter.com/sanjayar
Phone: +94 773037349
Lean . Enterprise . Middleware
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
