Hi Pubudu, It's good that we fix this from Puppet side for now. But this should ideally be fixed in the product. Shall we create a JIRA in the relevant project and also create another JIRA in Puppet project to keep track of this?
Thanks. On Thu, Jun 30, 2016 at 3:27 PM, Pubudu Gunatilaka <pubu...@wso2.com> wrote: > Hi Sanjaya, > > As per the suggestion we thought of doing the change in the puppet level > to cater this requirement as it would be more cleaner for the users. > Ideally this should be done in the configuration file. > > I have done the relevant changes in [1] and [2]. > > [1] - > https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 > [2] - > https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 > > Thank you! > > On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera <sanj...@wso2.com> > wrote: > >> Hi Pubudu, >> >> On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka <pubu...@wso2.com> >> wrote: >> >>> Hi, >>> >>> @Imesh: As we discussed will use sso_service_providers instead of >>> sso_product_list. That is more meaningful. >>> >>> @Sanjaya: These hiera data will be mapped to the placeholders in >>> authenticators.xml [1]. If you check the puppet template we have a property >>> called disabled as follows. >>> >>> <Authenticator name="SAML2SSOAuthenticator" disabled="<%= >>> @sso_authentication['disabled'] %>"> >>> >> >> True. What you have done is correct. Improvement needs to be done in >> configuration file :-) >> >> Regards >> >> ~sanjaya >> >> >> >> >>> >>> >>> So here, we cannot use as @sso_authentication['enabled'], because it >>> will mark the disabled property as the opposite way. >>> >>> [1] - >>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 >>> >>> Thank you! >>> >>> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera <sanj...@wso2.com> >>> wrote: >>> >>>> Hi Pubudu, >>>> Looks great. I have a small suggestion if it make sense. Any >>>> specific reason of having "disabled: *false" *instead of "enabled: *true" >>>> *for enabling this feature :-) >>>> >>>> Regards >>>> >>>> ~sanjaya >>>> >>>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka <pubu...@wso2.com> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> I have completed setting up sso for WSO2 products using WSO2 puppet >>>>> modules. This is really helpful when you need to automate the entire >>>>> process of setting up sso for WSO2 products. Basically you need to do the >>>>> sso changes in the product as well as in the WSO2 Identity Server or any >>>>> other Identity providers. Following are the changes that needs to be done >>>>> in hiera yaml files. >>>>> >>>>> *Any WSO2 product configuration:* >>>>> >>>>> Following hiera values [1] should be set in the product hiera file to >>>>> enable sso. Configurations include enable sso, login page url, service >>>>> provider id, sso serverice url and consumer service url. >>>>> >>>>> wso2::sso_authentication: >>>>> disabled: *false* >>>>> login_page: */carbon/admin/login.jsp* >>>>> service_provider_id: *wso2esb* >>>>> sso_service_url: *https://wso2is-default:10113/samlsso >>>>> <https://wso2is-default:10113/samlsso>* >>>>> consumer_service_url: *https://wso2esb-default:10095/acs >>>>> <https://wso2esb-default:10095/acs>* >>>>> >>>>> *WSO2 IS configuration:* >>>>> >>>>> You can create service providers in WSO2 IS based on the details you >>>>> have given to each and every product. Other fully automated option is to >>>>> provide the list of products that needs to be created service providers in >>>>> WSO2 IS hiera data file as below. >>>>> >>>>> wso2::sso_product_list: >>>>> wso2esb: >>>>> assertion_consumer_service_url: *https://wso2esb-default:9443/acs >>>>> <https://wso2esb-default:9443/acs>* >>>>> default_assertion_consumer_service_url: >>>>> *https://wso2esb-default:9443/acs >>>>> <https://wso2esb-default:9443/acs>* >>>>> wso2as: >>>>> assertion_consumer_service_url: *https://wso2as-default:9443/acs >>>>> <https://wso2as-default:9443/acs>* >>>>> default_assertion_consumer_service_url: >>>>> *https://wso2as-default:9443/acs >>>>> <https://wso2as-default:9443/acs>* >>>>> >>>>> This will do the following changes in WSO2 IS side. >>>>> 1. Add a new service_provider block in sso-idp-config.xml. >>>>> 2. Create a new file under >>>>> <WSO2_IS>/repository/conf/identity/service-providers/ directory with the >>>>> same name of the service provider. >>>>> >>>>> The advantage of this is we can use this with docker containers. I >>>>> have tested this in Mesos. Please share your thoughts. >>>>> >>>>> [1] - >>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 >>>>> [2] - >>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35 >>>>> >>>>> Thank you! >>>>> -- >>>>> *Pubudu Gunatilaka* >>>>> Committer and PMC Member - Apache Stratos >>>>> Software Engineer >>>>> WSO2, Inc.: http://wso2.com >>>>> mobile : +94774078049 <%2B94772207163> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Sanjaya Ratnaweera >>>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. >>>> >>>> blog: http://www.samudura.org >>>> homepage: http://www.samudura.net >>>> twitter: http://twitter.com/sanjayar >>>> Phone: +94 773037349 >>>> >>>> Lean . Enterprise . Middleware >>>> >>> >>> >>> >>> -- >>> *Pubudu Gunatilaka* >>> Committer and PMC Member - Apache Stratos >>> Software Engineer >>> WSO2, Inc.: http://wso2.com >>> mobile : +94774078049 <%2B94772207163> >>> >>> >> >> >> -- >> Sanjaya Ratnaweera >> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. >> >> blog: http://www.samudura.org >> homepage: http://www.samudura.net >> twitter: http://twitter.com/sanjayar >> Phone: +94 773037349 >> >> Lean . Enterprise . Middleware >> > > > > -- > *Pubudu Gunatilaka* > Committer and PMC Member - Apache Stratos > Software Engineer > WSO2, Inc.: http://wso2.com > mobile : +94774078049 <%2B94772207163> > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Akila Ravihansa Perera WSO2 Inc.; http://wso2.com/ Blog: http://ravihansa3000.blogspot.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
