Hi Sanjaya, As per the suggestion we thought of doing the change in the puppet level to cater this requirement as it would be more cleaner for the users. Ideally this should be done in the configuration file.
I have done the relevant changes in [1] and [2]. [1] - https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 [2] - https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 Thank you! On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera <[email protected]> wrote: > Hi Pubudu, > > On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka <[email protected]> > wrote: > >> Hi, >> >> @Imesh: As we discussed will use sso_service_providers instead of >> sso_product_list. That is more meaningful. >> >> @Sanjaya: These hiera data will be mapped to the placeholders in >> authenticators.xml [1]. If you check the puppet template we have a property >> called disabled as follows. >> >> <Authenticator name="SAML2SSOAuthenticator" disabled="<%= >> @sso_authentication['disabled'] %>"> >> > > True. What you have done is correct. Improvement needs to be done in > configuration file :-) > > Regards > > ~sanjaya > > > > >> >> >> So here, we cannot use as @sso_authentication['enabled'], because it >> will mark the disabled property as the opposite way. >> >> [1] - >> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 >> >> Thank you! >> >> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera <[email protected]> >> wrote: >> >>> Hi Pubudu, >>> Looks great. I have a small suggestion if it make sense. Any >>> specific reason of having "disabled: *false" *instead of "enabled: *true" >>> *for enabling this feature :-) >>> >>> Regards >>> >>> ~sanjaya >>> >>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> I have completed setting up sso for WSO2 products using WSO2 puppet >>>> modules. This is really helpful when you need to automate the entire >>>> process of setting up sso for WSO2 products. Basically you need to do the >>>> sso changes in the product as well as in the WSO2 Identity Server or any >>>> other Identity providers. Following are the changes that needs to be done >>>> in hiera yaml files. >>>> >>>> *Any WSO2 product configuration:* >>>> >>>> Following hiera values [1] should be set in the product hiera file to >>>> enable sso. Configurations include enable sso, login page url, service >>>> provider id, sso serverice url and consumer service url. >>>> >>>> wso2::sso_authentication: >>>> disabled: *false* >>>> login_page: */carbon/admin/login.jsp* >>>> service_provider_id: *wso2esb* >>>> sso_service_url: *https://wso2is-default:10113/samlsso >>>> <https://wso2is-default:10113/samlsso>* >>>> consumer_service_url: *https://wso2esb-default:10095/acs >>>> <https://wso2esb-default:10095/acs>* >>>> >>>> *WSO2 IS configuration:* >>>> >>>> You can create service providers in WSO2 IS based on the details you >>>> have given to each and every product. Other fully automated option is to >>>> provide the list of products that needs to be created service providers in >>>> WSO2 IS hiera data file as below. >>>> >>>> wso2::sso_product_list: >>>> wso2esb: >>>> assertion_consumer_service_url: *https://wso2esb-default:9443/acs >>>> <https://wso2esb-default:9443/acs>* >>>> default_assertion_consumer_service_url: >>>> *https://wso2esb-default:9443/acs >>>> <https://wso2esb-default:9443/acs>* >>>> wso2as: >>>> assertion_consumer_service_url: *https://wso2as-default:9443/acs >>>> <https://wso2as-default:9443/acs>* >>>> default_assertion_consumer_service_url: >>>> *https://wso2as-default:9443/acs >>>> <https://wso2as-default:9443/acs>* >>>> >>>> This will do the following changes in WSO2 IS side. >>>> 1. Add a new service_provider block in sso-idp-config.xml. >>>> 2. Create a new file under >>>> <WSO2_IS>/repository/conf/identity/service-providers/ directory with the >>>> same name of the service provider. >>>> >>>> The advantage of this is we can use this with docker containers. I have >>>> tested this in Mesos. Please share your thoughts. >>>> >>>> [1] - >>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 >>>> [2] - >>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35 >>>> >>>> Thank you! >>>> -- >>>> *Pubudu Gunatilaka* >>>> Committer and PMC Member - Apache Stratos >>>> Software Engineer >>>> WSO2, Inc.: http://wso2.com >>>> mobile : +94774078049 <%2B94772207163> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Sanjaya Ratnaweera >>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. >>> >>> blog: http://www.samudura.org >>> homepage: http://www.samudura.net >>> twitter: http://twitter.com/sanjayar >>> Phone: +94 773037349 >>> >>> Lean . Enterprise . Middleware >>> >> >> >> >> -- >> *Pubudu Gunatilaka* >> Committer and PMC Member - Apache Stratos >> Software Engineer >> WSO2, Inc.: http://wso2.com >> mobile : +94774078049 <%2B94772207163> >> >> > > > -- > Sanjaya Ratnaweera > Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. > > blog: http://www.samudura.org > homepage: http://www.samudura.net > twitter: http://twitter.com/sanjayar > Phone: +94 773037349 > > Lean . Enterprise . Middleware > -- *Pubudu Gunatilaka* Committer and PMC Member - Apache Stratos Software Engineer WSO2, Inc.: http://wso2.com mobile : +94774078049 <%2B94772207163>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
