Hi, I have created relevant jiras in [1] and [2].
[1] - https://wso2.org/jira/browse/PMODULES-1 [2] - https://wso2.org/jira/browse/IDENTITY-4747 Thank you! On Thu, Jun 30, 2016 at 3:49 PM, Sanjaya Ratnaweera <sanj...@wso2.com> wrote: > Hi all, > > On Thu, Jun 30, 2016 at 3:34 PM, Akila Ravihansa Perera < > raviha...@wso2.com> wrote: > >> Hi Pubudu, >> >> It's good that we fix this from Puppet side for now. But this should >> ideally be fixed in the product. Shall we create a JIRA in the relevant >> project and also create another JIRA in Puppet project to keep track of >> this? >> >> > +1. I don't see any logical reason to have it that way. > > > >> Thanks. >> >> On Thu, Jun 30, 2016 at 3:27 PM, Pubudu Gunatilaka <pubu...@wso2.com> >> wrote: >> >>> Hi Sanjaya, >>> >>> As per the suggestion we thought of doing the change in the puppet level >>> to cater this requirement as it would be more cleaner for the users. >>> Ideally this should be done in the configuration file. >>> >>> > > Thanks a lot Pubudu. Otherwise it'll be bit confusing to users. > > Regards > > ~sanjaya > > >> I have done the relevant changes in [1] and [2]. >>> >>> [1] - >>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 >>> [2] - >>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 >>> >>> Thank you! >>> >>> On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera <sanj...@wso2.com> >>> wrote: >>> >>>> Hi Pubudu, >>>> >>>> On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka <pubu...@wso2.com> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> @Imesh: As we discussed will use sso_service_providers instead of >>>>> sso_product_list. That is more meaningful. >>>>> >>>>> @Sanjaya: These hiera data will be mapped to the placeholders in >>>>> authenticators.xml [1]. If you check the puppet template we have a >>>>> property >>>>> called disabled as follows. >>>>> >>>>> <Authenticator name="SAML2SSOAuthenticator" disabled="<%= >>>>> @sso_authentication['disabled'] %>"> >>>>> >>>> >>>> True. What you have done is correct. Improvement needs to be done in >>>> configuration file :-) >>>> >>>> Regards >>>> >>>> ~sanjaya >>>> >>>> >>>> >>>> >>>>> >>>>> >>>>> So here, we cannot use as @sso_authentication['enabled'], because it >>>>> will mark the disabled property as the opposite way. >>>>> >>>>> [1] - >>>>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 >>>>> >>>>> Thank you! >>>>> >>>>> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera <sanj...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi Pubudu, >>>>>> Looks great. I have a small suggestion if it make sense. Any >>>>>> specific reason of having "disabled: *false" *instead of "enabled: *true" >>>>>> *for enabling this feature :-) >>>>>> >>>>>> Regards >>>>>> >>>>>> ~sanjaya >>>>>> >>>>>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka <pubu...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I have completed setting up sso for WSO2 products using WSO2 puppet >>>>>>> modules. This is really helpful when you need to automate the entire >>>>>>> process of setting up sso for WSO2 products. Basically you need to do >>>>>>> the >>>>>>> sso changes in the product as well as in the WSO2 Identity Server or any >>>>>>> other Identity providers. Following are the changes that needs to be >>>>>>> done >>>>>>> in hiera yaml files. >>>>>>> >>>>>>> *Any WSO2 product configuration:* >>>>>>> >>>>>>> Following hiera values [1] should be set in the product hiera file >>>>>>> to enable sso. Configurations include enable sso, login page url, >>>>>>> service >>>>>>> provider id, sso serverice url and consumer service url. >>>>>>> >>>>>>> wso2::sso_authentication: >>>>>>> disabled: *false* >>>>>>> login_page: */carbon/admin/login.jsp* >>>>>>> service_provider_id: *wso2esb* >>>>>>> sso_service_url: *https://wso2is-default:10113/samlsso >>>>>>> <https://wso2is-default:10113/samlsso>* >>>>>>> consumer_service_url: *https://wso2esb-default:10095/acs >>>>>>> <https://wso2esb-default:10095/acs>* >>>>>>> >>>>>>> *WSO2 IS configuration:* >>>>>>> >>>>>>> You can create service providers in WSO2 IS based on the details you >>>>>>> have given to each and every product. Other fully automated option is to >>>>>>> provide the list of products that needs to be created service providers >>>>>>> in >>>>>>> WSO2 IS hiera data file as below. >>>>>>> >>>>>>> wso2::sso_product_list: >>>>>>> wso2esb: >>>>>>> assertion_consumer_service_url: *https://wso2esb-default:9443/acs >>>>>>> <https://wso2esb-default:9443/acs>* >>>>>>> default_assertion_consumer_service_url: >>>>>>> *https://wso2esb-default:9443/acs >>>>>>> <https://wso2esb-default:9443/acs>* >>>>>>> wso2as: >>>>>>> assertion_consumer_service_url: *https://wso2as-default:9443/acs >>>>>>> <https://wso2as-default:9443/acs>* >>>>>>> default_assertion_consumer_service_url: >>>>>>> *https://wso2as-default:9443/acs >>>>>>> <https://wso2as-default:9443/acs>* >>>>>>> >>>>>>> This will do the following changes in WSO2 IS side. >>>>>>> 1. Add a new service_provider block in sso-idp-config.xml. >>>>>>> 2. Create a new file under >>>>>>> <WSO2_IS>/repository/conf/identity/service-providers/ directory with the >>>>>>> same name of the service provider. >>>>>>> >>>>>>> The advantage of this is we can use this with docker containers. I >>>>>>> have tested this in Mesos. Please share your thoughts. >>>>>>> >>>>>>> [1] - >>>>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 >>>>>>> [2] - >>>>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35 >>>>>>> >>>>>>> Thank you! >>>>>>> -- >>>>>>> *Pubudu Gunatilaka* >>>>>>> Committer and PMC Member - Apache Stratos >>>>>>> Software Engineer >>>>>>> WSO2, Inc.: http://wso2.com >>>>>>> mobile : +94774078049 <%2B94772207163> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Sanjaya Ratnaweera >>>>>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. >>>>>> >>>>>> blog: http://www.samudura.org >>>>>> homepage: http://www.samudura.net >>>>>> twitter: http://twitter.com/sanjayar >>>>>> Phone: +94 773037349 >>>>>> >>>>>> Lean . Enterprise . Middleware >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Pubudu Gunatilaka* >>>>> Committer and PMC Member - Apache Stratos >>>>> Software Engineer >>>>> WSO2, Inc.: http://wso2.com >>>>> mobile : +94774078049 <%2B94772207163> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Sanjaya Ratnaweera >>>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. >>>> >>>> blog: http://www.samudura.org >>>> homepage: http://www.samudura.net >>>> twitter: http://twitter.com/sanjayar >>>> Phone: +94 773037349 >>>> >>>> Lean . Enterprise . Middleware >>>> >>> >>> >>> >>> -- >>> *Pubudu Gunatilaka* >>> Committer and PMC Member - Apache Stratos >>> Software Engineer >>> WSO2, Inc.: http://wso2.com >>> mobile : +94774078049 <%2B94772207163> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Akila Ravihansa Perera >> WSO2 Inc.; http://wso2.com/ >> >> Blog: http://ravihansa3000.blogspot.com >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Sanjaya Ratnaweera > Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. > > blog: http://www.samudura.org > homepage: http://www.samudura.net > twitter: http://twitter.com/sanjayar > Phone: +94 773037349 > > Lean . Enterprise . Middleware > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Pubudu Gunatilaka* Committer and PMC Member - Apache Stratos Software Engineer WSO2, Inc.: http://wso2.com mobile : +94774078049 <%2B94772207163>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev