Hi all, On Thu, Jun 30, 2016 at 3:34 PM, Akila Ravihansa Perera <[email protected]> wrote:
> Hi Pubudu, > > It's good that we fix this from Puppet side for now. But this should > ideally be fixed in the product. Shall we create a JIRA in the relevant > project and also create another JIRA in Puppet project to keep track of > this? > > +1. I don't see any logical reason to have it that way. > Thanks. > > On Thu, Jun 30, 2016 at 3:27 PM, Pubudu Gunatilaka <[email protected]> > wrote: > >> Hi Sanjaya, >> >> As per the suggestion we thought of doing the change in the puppet level >> to cater this requirement as it would be more cleaner for the users. >> Ideally this should be done in the configuration file. >> >> Thanks a lot Pubudu. Otherwise it'll be bit confusing to users. Regards ~sanjaya > I have done the relevant changes in [1] and [2]. >> >> [1] - >> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 >> [2] - >> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 >> >> Thank you! >> >> On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera <[email protected]> >> wrote: >> >>> Hi Pubudu, >>> >>> On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> @Imesh: As we discussed will use sso_service_providers instead of >>>> sso_product_list. That is more meaningful. >>>> >>>> @Sanjaya: These hiera data will be mapped to the placeholders in >>>> authenticators.xml [1]. If you check the puppet template we have a property >>>> called disabled as follows. >>>> >>>> <Authenticator name="SAML2SSOAuthenticator" disabled="<%= >>>> @sso_authentication['disabled'] %>"> >>>> >>> >>> True. What you have done is correct. Improvement needs to be done in >>> configuration file :-) >>> >>> Regards >>> >>> ~sanjaya >>> >>> >>> >>> >>>> >>>> >>>> So here, we cannot use as @sso_authentication['enabled'], because it >>>> will mark the disabled property as the opposite way. >>>> >>>> [1] - >>>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 >>>> >>>> Thank you! >>>> >>>> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera <[email protected]> >>>> wrote: >>>> >>>>> Hi Pubudu, >>>>> Looks great. I have a small suggestion if it make sense. Any >>>>> specific reason of having "disabled: *false" *instead of "enabled: *true" >>>>> *for enabling this feature :-) >>>>> >>>>> Regards >>>>> >>>>> ~sanjaya >>>>> >>>>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I have completed setting up sso for WSO2 products using WSO2 puppet >>>>>> modules. This is really helpful when you need to automate the entire >>>>>> process of setting up sso for WSO2 products. Basically you need to do the >>>>>> sso changes in the product as well as in the WSO2 Identity Server or any >>>>>> other Identity providers. Following are the changes that needs to be done >>>>>> in hiera yaml files. >>>>>> >>>>>> *Any WSO2 product configuration:* >>>>>> >>>>>> Following hiera values [1] should be set in the product hiera file to >>>>>> enable sso. Configurations include enable sso, login page url, service >>>>>> provider id, sso serverice url and consumer service url. >>>>>> >>>>>> wso2::sso_authentication: >>>>>> disabled: *false* >>>>>> login_page: */carbon/admin/login.jsp* >>>>>> service_provider_id: *wso2esb* >>>>>> sso_service_url: *https://wso2is-default:10113/samlsso >>>>>> <https://wso2is-default:10113/samlsso>* >>>>>> consumer_service_url: *https://wso2esb-default:10095/acs >>>>>> <https://wso2esb-default:10095/acs>* >>>>>> >>>>>> *WSO2 IS configuration:* >>>>>> >>>>>> You can create service providers in WSO2 IS based on the details you >>>>>> have given to each and every product. Other fully automated option is to >>>>>> provide the list of products that needs to be created service providers >>>>>> in >>>>>> WSO2 IS hiera data file as below. >>>>>> >>>>>> wso2::sso_product_list: >>>>>> wso2esb: >>>>>> assertion_consumer_service_url: *https://wso2esb-default:9443/acs >>>>>> <https://wso2esb-default:9443/acs>* >>>>>> default_assertion_consumer_service_url: >>>>>> *https://wso2esb-default:9443/acs >>>>>> <https://wso2esb-default:9443/acs>* >>>>>> wso2as: >>>>>> assertion_consumer_service_url: *https://wso2as-default:9443/acs >>>>>> <https://wso2as-default:9443/acs>* >>>>>> default_assertion_consumer_service_url: >>>>>> *https://wso2as-default:9443/acs >>>>>> <https://wso2as-default:9443/acs>* >>>>>> >>>>>> This will do the following changes in WSO2 IS side. >>>>>> 1. Add a new service_provider block in sso-idp-config.xml. >>>>>> 2. Create a new file under >>>>>> <WSO2_IS>/repository/conf/identity/service-providers/ directory with the >>>>>> same name of the service provider. >>>>>> >>>>>> The advantage of this is we can use this with docker containers. I >>>>>> have tested this in Mesos. Please share your thoughts. >>>>>> >>>>>> [1] - >>>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 >>>>>> [2] - >>>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35 >>>>>> >>>>>> Thank you! >>>>>> -- >>>>>> *Pubudu Gunatilaka* >>>>>> Committer and PMC Member - Apache Stratos >>>>>> Software Engineer >>>>>> WSO2, Inc.: http://wso2.com >>>>>> mobile : +94774078049 <%2B94772207163> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Sanjaya Ratnaweera >>>>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. >>>>> >>>>> blog: http://www.samudura.org >>>>> homepage: http://www.samudura.net >>>>> twitter: http://twitter.com/sanjayar >>>>> Phone: +94 773037349 >>>>> >>>>> Lean . Enterprise . Middleware >>>>> >>>> >>>> >>>> >>>> -- >>>> *Pubudu Gunatilaka* >>>> Committer and PMC Member - Apache Stratos >>>> Software Engineer >>>> WSO2, Inc.: http://wso2.com >>>> mobile : +94774078049 <%2B94772207163> >>>> >>>> >>> >>> >>> -- >>> Sanjaya Ratnaweera >>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. >>> >>> blog: http://www.samudura.org >>> homepage: http://www.samudura.net >>> twitter: http://twitter.com/sanjayar >>> Phone: +94 773037349 >>> >>> Lean . Enterprise . Middleware >>> >> >> >> >> -- >> *Pubudu Gunatilaka* >> Committer and PMC Member - Apache Stratos >> Software Engineer >> WSO2, Inc.: http://wso2.com >> mobile : +94774078049 <%2B94772207163> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Akila Ravihansa Perera > WSO2 Inc.; http://wso2.com/ > > Blog: http://ravihansa3000.blogspot.com > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Sanjaya Ratnaweera Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. blog: http://www.samudura.org homepage: http://www.samudura.net twitter: http://twitter.com/sanjayar Phone: +94 773037349 Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
