On Thu, Jun 30, 2016 at 4:13 PM, Pubudu Gunatilaka <[email protected]> wrote:
> Hi, > > I have created relevant jiras in [1] and [2]. > > [1] - https://wso2.org/jira/browse/PMODULES-1 > I do not think we need a JIRA for this task on Puppet Modules side as it is not released yet. Thanks > [2] - https://wso2.org/jira/browse/IDENTITY-4747 > > Thank you! > > On Thu, Jun 30, 2016 at 3:49 PM, Sanjaya Ratnaweera <[email protected]> > wrote: > >> Hi all, >> >> On Thu, Jun 30, 2016 at 3:34 PM, Akila Ravihansa Perera < >> [email protected]> wrote: >> >>> Hi Pubudu, >>> >>> It's good that we fix this from Puppet side for now. But this should >>> ideally be fixed in the product. Shall we create a JIRA in the relevant >>> project and also create another JIRA in Puppet project to keep track of >>> this? >>> >>> >> +1. I don't see any logical reason to have it that way. >> >> >> >>> Thanks. >>> >>> On Thu, Jun 30, 2016 at 3:27 PM, Pubudu Gunatilaka <[email protected]> >>> wrote: >>> >>>> Hi Sanjaya, >>>> >>>> As per the suggestion we thought of doing the change in the puppet >>>> level to cater this requirement as it would be more cleaner for the users. >>>> Ideally this should be done in the configuration file. >>>> >>>> >> >> Thanks a lot Pubudu. Otherwise it'll be bit confusing to users. >> >> Regards >> >> ~sanjaya >> >> >>> I have done the relevant changes in [1] and [2]. >>>> >>>> [1] - >>>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 >>>> [2] - >>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 >>>> >>>> Thank you! >>>> >>>> On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera <[email protected]> >>>> wrote: >>>> >>>>> Hi Pubudu, >>>>> >>>>> On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> @Imesh: As we discussed will use sso_service_providers instead of >>>>>> sso_product_list. That is more meaningful. >>>>>> >>>>>> @Sanjaya: These hiera data will be mapped to the placeholders in >>>>>> authenticators.xml [1]. If you check the puppet template we have a >>>>>> property >>>>>> called disabled as follows. >>>>>> >>>>>> <Authenticator name="SAML2SSOAuthenticator" disabled="<%= >>>>>> @sso_authentication['disabled'] %>"> >>>>>> >>>>> >>>>> True. What you have done is correct. Improvement needs to be done in >>>>> configuration file :-) >>>>> >>>>> Regards >>>>> >>>>> ~sanjaya >>>>> >>>>> >>>>> >>>>> >>>>>> >>>>>> >>>>>> So here, we cannot use as @sso_authentication['enabled'], because it >>>>>> will mark the disabled property as the opposite way. >>>>>> >>>>>> [1] - >>>>>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31 >>>>>> >>>>>> Thank you! >>>>>> >>>>>> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi Pubudu, >>>>>>> Looks great. I have a small suggestion if it make sense. Any >>>>>>> specific reason of having "disabled: *false" *instead of "enabled: >>>>>>> *true" >>>>>>> *for enabling this feature :-) >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> ~sanjaya >>>>>>> >>>>>>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka <[email protected] >>>>>>> > wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I have completed setting up sso for WSO2 products using WSO2 puppet >>>>>>>> modules. This is really helpful when you need to automate the entire >>>>>>>> process of setting up sso for WSO2 products. Basically you need to do >>>>>>>> the >>>>>>>> sso changes in the product as well as in the WSO2 Identity Server or >>>>>>>> any >>>>>>>> other Identity providers. Following are the changes that needs to be >>>>>>>> done >>>>>>>> in hiera yaml files. >>>>>>>> >>>>>>>> *Any WSO2 product configuration:* >>>>>>>> >>>>>>>> Following hiera values [1] should be set in the product hiera file >>>>>>>> to enable sso. Configurations include enable sso, login page url, >>>>>>>> service >>>>>>>> provider id, sso serverice url and consumer service url. >>>>>>>> >>>>>>>> wso2::sso_authentication: >>>>>>>> disabled: *false* >>>>>>>> login_page: */carbon/admin/login.jsp* >>>>>>>> service_provider_id: *wso2esb* >>>>>>>> sso_service_url: *https://wso2is-default:10113/samlsso >>>>>>>> <https://wso2is-default:10113/samlsso>* >>>>>>>> consumer_service_url: *https://wso2esb-default:10095/acs >>>>>>>> <https://wso2esb-default:10095/acs>* >>>>>>>> >>>>>>>> *WSO2 IS configuration:* >>>>>>>> >>>>>>>> You can create service providers in WSO2 IS based on the details >>>>>>>> you have given to each and every product. Other fully automated option >>>>>>>> is >>>>>>>> to provide the list of products that needs to be created service >>>>>>>> providers >>>>>>>> in WSO2 IS hiera data file as below. >>>>>>>> >>>>>>>> wso2::sso_product_list: >>>>>>>> wso2esb: >>>>>>>> assertion_consumer_service_url: *https://wso2esb-default:9443/acs >>>>>>>> <https://wso2esb-default:9443/acs>* >>>>>>>> default_assertion_consumer_service_url: >>>>>>>> *https://wso2esb-default:9443/acs >>>>>>>> <https://wso2esb-default:9443/acs>* >>>>>>>> wso2as: >>>>>>>> assertion_consumer_service_url: *https://wso2as-default:9443/acs >>>>>>>> <https://wso2as-default:9443/acs>* >>>>>>>> default_assertion_consumer_service_url: >>>>>>>> *https://wso2as-default:9443/acs >>>>>>>> <https://wso2as-default:9443/acs>* >>>>>>>> >>>>>>>> This will do the following changes in WSO2 IS side. >>>>>>>> 1. Add a new service_provider block in sso-idp-config.xml. >>>>>>>> 2. Create a new file under >>>>>>>> <WSO2_IS>/repository/conf/identity/service-providers/ directory with >>>>>>>> the >>>>>>>> same name of the service provider. >>>>>>>> >>>>>>>> The advantage of this is we can use this with docker containers. I >>>>>>>> have tested this in Mesos. Please share your thoughts. >>>>>>>> >>>>>>>> [1] - >>>>>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169 >>>>>>>> [2] - >>>>>>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35 >>>>>>>> >>>>>>>> Thank you! >>>>>>>> -- >>>>>>>> *Pubudu Gunatilaka* >>>>>>>> Committer and PMC Member - Apache Stratos >>>>>>>> Software Engineer >>>>>>>> WSO2, Inc.: http://wso2.com >>>>>>>> mobile : +94774078049 <%2B94772207163> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Sanjaya Ratnaweera >>>>>>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. >>>>>>> >>>>>>> blog: http://www.samudura.org >>>>>>> homepage: http://www.samudura.net >>>>>>> twitter: http://twitter.com/sanjayar >>>>>>> Phone: +94 773037349 >>>>>>> >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Pubudu Gunatilaka* >>>>>> Committer and PMC Member - Apache Stratos >>>>>> Software Engineer >>>>>> WSO2, Inc.: http://wso2.com >>>>>> mobile : +94774078049 <%2B94772207163> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Sanjaya Ratnaweera >>>>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. >>>>> >>>>> blog: http://www.samudura.org >>>>> homepage: http://www.samudura.net >>>>> twitter: http://twitter.com/sanjayar >>>>> Phone: +94 773037349 >>>>> >>>>> Lean . Enterprise . Middleware >>>>> >>>> >>>> >>>> >>>> -- >>>> *Pubudu Gunatilaka* >>>> Committer and PMC Member - Apache Stratos >>>> Software Engineer >>>> WSO2, Inc.: http://wso2.com >>>> mobile : +94774078049 <%2B94772207163> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Akila Ravihansa Perera >>> WSO2 Inc.; http://wso2.com/ >>> >>> Blog: http://ravihansa3000.blogspot.com >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Sanjaya Ratnaweera >> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/. >> >> blog: http://www.samudura.org >> homepage: http://www.samudura.net >> twitter: http://twitter.com/sanjayar >> Phone: +94 773037349 >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Pubudu Gunatilaka* > Committer and PMC Member - Apache Stratos > Software Engineer > WSO2, Inc.: http://wso2.com > mobile : +94774078049 <%2B94772207163> > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Imesh Gunaratne* Software Architect WSO2 Inc: http://wso2.com T: +94 11 214 5345 M: +94 77 374 2057 W: https://medium.com/@imesh TW: @imesh Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
