On Thu, Jun 30, 2016 at 4:13 PM, Pubudu Gunatilaka <[email protected]> wrote:

> Hi,
>
> I have created relevant jiras in [1] and [2].
>
> [1] - https://wso2.org/jira/browse/PMODULES-1
>

​I do not think we need a JIRA for this task on Puppet Modules side as it
is not released yet.​

Thanks



> [2] - https://wso2.org/jira/browse/IDENTITY-4747
>
> Thank you!
>
> On Thu, Jun 30, 2016 at 3:49 PM, Sanjaya Ratnaweera <[email protected]>
> wrote:
>
>> Hi all,
>>
>> On Thu, Jun 30, 2016 at 3:34 PM, Akila Ravihansa Perera <
>> [email protected]> wrote:
>>
>>> Hi Pubudu,
>>>
>>> It's good that we fix this from Puppet side for now. But this should
>>> ideally be fixed in the product. Shall we create a JIRA in the relevant
>>> project and also create another JIRA in Puppet project to keep track of
>>> this?
>>>
>>>
>> +1. I don't see any logical reason to have it that way.
>>
>>
>>
>>> Thanks.
>>>
>>> On Thu, Jun 30, 2016 at 3:27 PM, Pubudu Gunatilaka <[email protected]>
>>> wrote:
>>>
>>>> Hi Sanjaya,
>>>>
>>>> As per the suggestion we thought of doing the change in the puppet
>>>> level to cater this requirement as it would be more cleaner for the users.
>>>> Ideally this should be done in the configuration file.
>>>>
>>>>
>>
>> Thanks a lot Pubudu. Otherwise it'll be bit confusing to users.
>>
>> Regards
>>
>>        ~sanjaya
>>
>>
>>> I have done the relevant changes in [1] and [2].
>>>>
>>>> [1] -
>>>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
>>>> [2] -
>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
>>>>
>>>> Thank you!
>>>>
>>>> On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi Pubudu,
>>>>>
>>>>> On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> @Imesh: As we discussed will use sso_service_providers instead of
>>>>>> sso_product_list. That is more meaningful.
>>>>>>
>>>>>> @Sanjaya: These hiera data will be mapped to the placeholders in
>>>>>> authenticators.xml [1]. If you check the puppet template we have a 
>>>>>> property
>>>>>> called disabled as follows.
>>>>>>
>>>>>> <Authenticator name="SAML2SSOAuthenticator" disabled="<%=
>>>>>> @sso_authentication['disabled'] %>">
>>>>>>
>>>>>
>>>>> True. What you have done is correct. Improvement needs to be done in
>>>>> configuration file :-)
>>>>>
>>>>> Regards
>>>>>
>>>>>        ~sanjaya
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>> So here, we cannot use as @sso_authentication['enabled'], because it
>>>>>> will mark the disabled property as the opposite way.
>>>>>>
>>>>>> [1] -
>>>>>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
>>>>>>
>>>>>> Thank you!
>>>>>>
>>>>>> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera <[email protected]
>>>>>> > wrote:
>>>>>>
>>>>>>> Hi Pubudu,
>>>>>>>     Looks great. I have a small suggestion if it make sense. Any
>>>>>>> specific reason of having "disabled: *false" *instead of "enabled: 
>>>>>>> *true"
>>>>>>> *for enabling this feature :-)
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>>      ~sanjaya
>>>>>>>
>>>>>>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka <[email protected]
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I have completed setting up sso for WSO2 products using WSO2 puppet
>>>>>>>> modules. This is really helpful when you need to automate the entire
>>>>>>>> process of setting up sso for WSO2 products. Basically you need to do 
>>>>>>>> the
>>>>>>>> sso changes in the product as well as in the WSO2 Identity Server or 
>>>>>>>> any
>>>>>>>> other Identity providers. Following are the changes that needs to be 
>>>>>>>> done
>>>>>>>> in hiera yaml files.
>>>>>>>>
>>>>>>>> *Any WSO2 product configuration:*
>>>>>>>>
>>>>>>>> Following hiera values [1] should be set in the product hiera file
>>>>>>>> to enable sso. Configurations include enable sso, login page url, 
>>>>>>>> service
>>>>>>>> provider id, sso serverice url and consumer service url.
>>>>>>>>
>>>>>>>>  wso2::sso_authentication:
>>>>>>>>     disabled: *false*
>>>>>>>>     login_page: */carbon/admin/login.jsp*
>>>>>>>>     service_provider_id: *wso2esb*
>>>>>>>>     sso_service_url: *https://wso2is-default:10113/samlsso
>>>>>>>> <https://wso2is-default:10113/samlsso>*
>>>>>>>>     consumer_service_url: *https://wso2esb-default:10095/acs
>>>>>>>> <https://wso2esb-default:10095/acs>*
>>>>>>>>
>>>>>>>> *WSO2 IS configuration:*
>>>>>>>>
>>>>>>>> You can create service providers in WSO2 IS based on the details
>>>>>>>> you have given to each and every product. Other fully automated option 
>>>>>>>> is
>>>>>>>> to provide the list of products that needs to be created service 
>>>>>>>> providers
>>>>>>>> in WSO2 IS hiera data file as below.
>>>>>>>>
>>>>>>>> wso2::sso_product_list:
>>>>>>>>     wso2esb:
>>>>>>>>       assertion_consumer_service_url: *https://wso2esb-default:9443/acs
>>>>>>>> <https://wso2esb-default:9443/acs>*
>>>>>>>>       default_assertion_consumer_service_url: 
>>>>>>>> *https://wso2esb-default:9443/acs
>>>>>>>> <https://wso2esb-default:9443/acs>*
>>>>>>>>     wso2as:
>>>>>>>>       assertion_consumer_service_url: *https://wso2as-default:9443/acs
>>>>>>>> <https://wso2as-default:9443/acs>*
>>>>>>>>       default_assertion_consumer_service_url: 
>>>>>>>> *https://wso2as-default:9443/acs
>>>>>>>> <https://wso2as-default:9443/acs>*
>>>>>>>>
>>>>>>>> This will do the following changes in WSO2 IS side.
>>>>>>>> 1. Add a new service_provider block in sso-idp-config.xml.
>>>>>>>> 2. Create a new file under
>>>>>>>> <WSO2_IS>/repository/conf/identity/service-providers/ directory with 
>>>>>>>> the
>>>>>>>> same name of the service provider.
>>>>>>>>
>>>>>>>> The advantage of this is we can use this with docker containers. I
>>>>>>>> have tested this in Mesos. Please share your thoughts.
>>>>>>>>
>>>>>>>> [1] -
>>>>>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
>>>>>>>> [2] -
>>>>>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35
>>>>>>>>
>>>>>>>> Thank you!
>>>>>>>> --
>>>>>>>> *Pubudu Gunatilaka*
>>>>>>>> Committer and PMC Member - Apache Stratos
>>>>>>>> Software Engineer
>>>>>>>> WSO2, Inc.: http://wso2.com
>>>>>>>> mobile : +94774078049 <%2B94772207163>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Dev mailing list
>>>>>>>> [email protected]
>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Sanjaya Ratnaweera
>>>>>>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/.
>>>>>>>
>>>>>>> blog: http://www.samudura.org
>>>>>>> homepage: http://www.samudura.net
>>>>>>> twitter: http://twitter.com/sanjayar
>>>>>>> Phone: +94 773037349
>>>>>>>
>>>>>>> Lean . Enterprise . Middleware
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Pubudu Gunatilaka*
>>>>>> Committer and PMC Member - Apache Stratos
>>>>>> Software Engineer
>>>>>> WSO2, Inc.: http://wso2.com
>>>>>> mobile : +94774078049 <%2B94772207163>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Sanjaya Ratnaweera
>>>>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/.
>>>>>
>>>>> blog: http://www.samudura.org
>>>>> homepage: http://www.samudura.net
>>>>> twitter: http://twitter.com/sanjayar
>>>>> Phone: +94 773037349
>>>>>
>>>>> Lean . Enterprise . Middleware
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Pubudu Gunatilaka*
>>>> Committer and PMC Member - Apache Stratos
>>>> Software Engineer
>>>> WSO2, Inc.: http://wso2.com
>>>> mobile : +94774078049 <%2B94772207163>
>>>>
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> [email protected]
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Akila Ravihansa Perera
>>> WSO2 Inc.;  http://wso2.com/
>>>
>>> Blog: http://ravihansa3000.blogspot.com
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Sanjaya Ratnaweera
>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/.
>>
>> blog: http://www.samudura.org
>> homepage: http://www.samudura.net
>> twitter: http://twitter.com/sanjayar
>> Phone: +94 773037349
>>
>> Lean . Enterprise . Middleware
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Imesh Gunaratne*
Software Architect
WSO2 Inc: http://wso2.com
T: +94 11 214 5345 M: +94 77 374 2057
W: https://medium.com/@imesh TW: @imesh
Lean . Enterprise . Middleware
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to