subject:"\[Dev\] Configure SSO for WSO2 products using WSO2 puppet modules"

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-30 Thread Imesh Gunaratne

Hi Akila,

On Thu, Jun 30, 2016 at 5:52 PM, Akila Ravihansa Perera 
wrote:

> 
>>> [1] - https://wso2.org/jira/browse/PMODULES-1
>>>
>>
>> I do not think we need a JIRA for this task on Puppet Modules side as it
>> is not released yet.
>>
>
> I didn't get what you meant by this. We need to track this from Puppet
> side because once IS product team fixes it then we need to update the
> template from Puppet side.
>

What I meant is that we don't need to create JIRA's for un-released code.

Right, if it is for future tracking purposes it should be fine.

Thanks

>
> --
> Akila Ravihansa Perera
> WSO2 Inc.;  http://wso2.com/
>
> Blog: http://ravihansa3000.blogspot.com
>



-- 
*Imesh Gunaratne*
Software Architect
WSO2 Inc: http://wso2.com
T: +94 11 214 5345 M: +94 77 374 2057
W: https://medium.com/@imesh TW: @imesh
Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-30 Thread Akila Ravihansa Perera

>
>
>> I have created relevant jiras in [1] and [2].
>>
>> [1] - https://wso2.org/jira/browse/PMODULES-1
>>
>
> I do not think we need a JIRA for this task on Puppet Modules side as it
> is not released yet.
>

I didn't get what you meant by this. We need to track this from Puppet side
because once IS product team fixes it then we need to update the template
from Puppet side.

-- 
Akila Ravihansa Perera
WSO2 Inc.;  http://wso2.com/

Blog: http://ravihansa3000.blogspot.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-30 Thread Imesh Gunaratne

On Thu, Jun 30, 2016 at 4:13 PM, Pubudu Gunatilaka  wrote:

> Hi,
>
> I have created relevant jiras in [1] and [2].
>
> [1] - https://wso2.org/jira/browse/PMODULES-1
>

I do not think we need a JIRA for this task on Puppet Modules side as it
is not released yet.

Thanks



> [2] - https://wso2.org/jira/browse/IDENTITY-4747
>
> Thank you!
>
> On Thu, Jun 30, 2016 at 3:49 PM, Sanjaya Ratnaweera 
> wrote:
>
>> Hi all,
>>
>> On Thu, Jun 30, 2016 at 3:34 PM, Akila Ravihansa Perera <
>> raviha...@wso2.com> wrote:
>>
>>> Hi Pubudu,
>>>
>>> It's good that we fix this from Puppet side for now. But this should
>>> ideally be fixed in the product. Shall we create a JIRA in the relevant
>>> project and also create another JIRA in Puppet project to keep track of
>>> this?
>>>
>>>
>> +1. I don't see any logical reason to have it that way.
>>
>>
>>
>>> Thanks.
>>>
>>> On Thu, Jun 30, 2016 at 3:27 PM, Pubudu Gunatilaka 
>>> wrote:
>>>
 Hi Sanjaya,

 As per the suggestion we thought of doing the change in the puppet
 level to cater this requirement as it would be more cleaner for the users.
 Ideally this should be done in the configuration file.


>>
>> Thanks a lot Pubudu. Otherwise it'll be bit confusing to users.
>>
>> Regards
>>
>>~sanjaya
>>
>>
>>> I have done the relevant changes in [1] and [2].

 [1] -
 https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
 [2] -
 https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169

 Thank you!

 On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera 
 wrote:

> Hi Pubudu,
>
> On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka 
> wrote:
>
>> Hi,
>>
>> @Imesh: As we discussed will use sso_service_providers instead of
>> sso_product_list. That is more meaningful.
>>
>> @Sanjaya: These hiera data will be mapped to the placeholders in
>> authenticators.xml [1]. If you check the puppet template we have a 
>> property
>> called disabled as follows.
>>
>> 
>>
>
> True. What you have done is correct. Improvement needs to be done in
> configuration file :-)
>
> Regards
>
>~sanjaya
>
>
>
>
>>
>>
>> So here, we cannot use as @sso_authentication['enabled'], because it
>> will mark the disabled property as the opposite way.
>>
>> [1] -
>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
>>
>> Thank you!
>>
>> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera > > wrote:
>>
>>> Hi Pubudu,
>>> Looks great. I have a small suggestion if it make sense. Any
>>> specific reason of having "disabled: *false" *instead of "enabled: 
>>> *true"
>>> *for enabling this feature :-)
>>>
>>> Regards
>>>
>>>  ~sanjaya
>>>
>>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka >> > wrote:
>>>
 Hi,

 I have completed setting up sso for WSO2 products using WSO2 puppet
 modules. This is really helpful when you need to automate the entire
 process of setting up sso for WSO2 products. Basically you need to do 
 the
 sso changes in the product as well as in the WSO2 Identity Server or 
 any
 other Identity providers. Following are the changes that needs to be 
 done
 in hiera yaml files.

 *Any WSO2 product configuration:*

 Following hiera values [1] should be set in the product hiera file
 to enable sso. Configurations include enable sso, login page url, 
 service
 provider id, sso serverice url and consumer service url.

  wso2::sso_authentication:
 disabled: *false*
 login_page: */carbon/admin/login.jsp*
 service_provider_id: *wso2esb*
 sso_service_url: *https://wso2is-default:10113/samlsso
 *
 consumer_service_url: *https://wso2esb-default:10095/acs
 *

 *WSO2 IS configuration:*

 You can create service providers in WSO2 IS based on the details
 you have given to each and every product. Other fully automated option 
 is
 to provide the list of products that needs to be created service 
 providers
 in WSO2 IS hiera data file as below.

 wso2::sso_product_list:
 wso2esb:
   assertion_consumer_service_url: *https://wso2esb-default:9443/acs

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-30 Thread Pubudu Gunatilaka

Hi,

I have created relevant jiras in [1] and [2].

[1] - https://wso2.org/jira/browse/PMODULES-1
[2] - https://wso2.org/jira/browse/IDENTITY-4747

Thank you!

On Thu, Jun 30, 2016 at 3:49 PM, Sanjaya Ratnaweera 
wrote:

> Hi all,
>
> On Thu, Jun 30, 2016 at 3:34 PM, Akila Ravihansa Perera <
> raviha...@wso2.com> wrote:
>
>> Hi Pubudu,
>>
>> It's good that we fix this from Puppet side for now. But this should
>> ideally be fixed in the product. Shall we create a JIRA in the relevant
>> project and also create another JIRA in Puppet project to keep track of
>> this?
>>
>>
> +1. I don't see any logical reason to have it that way.
>
>
>
>> Thanks.
>>
>> On Thu, Jun 30, 2016 at 3:27 PM, Pubudu Gunatilaka 
>> wrote:
>>
>>> Hi Sanjaya,
>>>
>>> As per the suggestion we thought of doing the change in the puppet level
>>> to cater this requirement as it would be more cleaner for the users.
>>> Ideally this should be done in the configuration file.
>>>
>>>
>
> Thanks a lot Pubudu. Otherwise it'll be bit confusing to users.
>
> Regards
>
>~sanjaya
>
>
>> I have done the relevant changes in [1] and [2].
>>>
>>> [1] -
>>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
>>> [2] -
>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
>>>
>>> Thank you!
>>>
>>> On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera 
>>> wrote:
>>>
 Hi Pubudu,

 On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka 
 wrote:

> Hi,
>
> @Imesh: As we discussed will use sso_service_providers instead of
> sso_product_list. That is more meaningful.
>
> @Sanjaya: These hiera data will be mapped to the placeholders in
> authenticators.xml [1]. If you check the puppet template we have a 
> property
> called disabled as follows.
>
> 
>

 True. What you have done is correct. Improvement needs to be done in
 configuration file :-)

 Regards

~sanjaya




>
>
> So here, we cannot use as @sso_authentication['enabled'], because it
> will mark the disabled property as the opposite way.
>
> [1] -
> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
>
> Thank you!
>
> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera 
> wrote:
>
>> Hi Pubudu,
>> Looks great. I have a small suggestion if it make sense. Any
>> specific reason of having "disabled: *false" *instead of "enabled: *true"
>> *for enabling this feature :-)
>>
>> Regards
>>
>>  ~sanjaya
>>
>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka 
>> wrote:
>>
>>> Hi,
>>>
>>> I have completed setting up sso for WSO2 products using WSO2 puppet
>>> modules. This is really helpful when you need to automate the entire
>>> process of setting up sso for WSO2 products. Basically you need to do 
>>> the
>>> sso changes in the product as well as in the WSO2 Identity Server or any
>>> other Identity providers. Following are the changes that needs to be 
>>> done
>>> in hiera yaml files.
>>>
>>> *Any WSO2 product configuration:*
>>>
>>> Following hiera values [1] should be set in the product hiera file
>>> to enable sso. Configurations include enable sso, login page url, 
>>> service
>>> provider id, sso serverice url and consumer service url.
>>>
>>>  wso2::sso_authentication:
>>> disabled: *false*
>>> login_page: */carbon/admin/login.jsp*
>>> service_provider_id: *wso2esb*
>>> sso_service_url: *https://wso2is-default:10113/samlsso
>>> *
>>> consumer_service_url: *https://wso2esb-default:10095/acs
>>> *
>>>
>>> *WSO2 IS configuration:*
>>>
>>> You can create service providers in WSO2 IS based on the details you
>>> have given to each and every product. Other fully automated option is to
>>> provide the list of products that needs to be created service providers 
>>> in
>>> WSO2 IS hiera data file as below.
>>>
>>> wso2::sso_product_list:
>>> wso2esb:
>>>   assertion_consumer_service_url: *https://wso2esb-default:9443/acs
>>> *
>>>   default_assertion_consumer_service_url: 
>>> *https://wso2esb-default:9443/acs
>>> *
>>> wso2as:
>>>   assertion_consumer_service_url: *https://wso2as-default:9443/acs
>>> *
>>>   default_assertion_consumer_service_url: 
>>>

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-30 Thread Sanjaya Ratnaweera

Hi all,

On Thu, Jun 30, 2016 at 3:34 PM, Akila Ravihansa Perera 
wrote:

> Hi Pubudu,
>
> It's good that we fix this from Puppet side for now. But this should
> ideally be fixed in the product. Shall we create a JIRA in the relevant
> project and also create another JIRA in Puppet project to keep track of
> this?
>
>
+1. I don't see any logical reason to have it that way.



> Thanks.
>
> On Thu, Jun 30, 2016 at 3:27 PM, Pubudu Gunatilaka 
> wrote:
>
>> Hi Sanjaya,
>>
>> As per the suggestion we thought of doing the change in the puppet level
>> to cater this requirement as it would be more cleaner for the users.
>> Ideally this should be done in the configuration file.
>>
>>

Thanks a lot Pubudu. Otherwise it'll be bit confusing to users.

Regards

   ~sanjaya


> I have done the relevant changes in [1] and [2].
>>
>> [1] -
>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
>> [2] -
>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
>>
>> Thank you!
>>
>> On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera 
>> wrote:
>>
>>> Hi Pubudu,
>>>
>>> On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka 
>>> wrote:
>>>
 Hi,

 @Imesh: As we discussed will use sso_service_providers instead of
 sso_product_list. That is more meaningful.

 @Sanjaya: These hiera data will be mapped to the placeholders in
 authenticators.xml [1]. If you check the puppet template we have a property
 called disabled as follows.

 

>>>
>>> True. What you have done is correct. Improvement needs to be done in
>>> configuration file :-)
>>>
>>> Regards
>>>
>>>~sanjaya
>>>
>>>
>>>
>>>


 So here, we cannot use as @sso_authentication['enabled'], because it
 will mark the disabled property as the opposite way.

 [1] -
 https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31

 Thank you!

 On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera 
 wrote:

> Hi Pubudu,
> Looks great. I have a small suggestion if it make sense. Any
> specific reason of having "disabled: *false" *instead of "enabled: *true"
> *for enabling this feature :-)
>
> Regards
>
>  ~sanjaya
>
> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka 
> wrote:
>
>> Hi,
>>
>> I have completed setting up sso for WSO2 products using WSO2 puppet
>> modules. This is really helpful when you need to automate the entire
>> process of setting up sso for WSO2 products. Basically you need to do the
>> sso changes in the product as well as in the WSO2 Identity Server or any
>> other Identity providers. Following are the changes that needs to be done
>> in hiera yaml files.
>>
>> *Any WSO2 product configuration:*
>>
>> Following hiera values [1] should be set in the product hiera file to
>> enable sso. Configurations include enable sso, login page url, service
>> provider id, sso serverice url and consumer service url.
>>
>>  wso2::sso_authentication:
>> disabled: *false*
>> login_page: */carbon/admin/login.jsp*
>> service_provider_id: *wso2esb*
>> sso_service_url: *https://wso2is-default:10113/samlsso
>> *
>> consumer_service_url: *https://wso2esb-default:10095/acs
>> *
>>
>> *WSO2 IS configuration:*
>>
>> You can create service providers in WSO2 IS based on the details you
>> have given to each and every product. Other fully automated option is to
>> provide the list of products that needs to be created service providers 
>> in
>> WSO2 IS hiera data file as below.
>>
>> wso2::sso_product_list:
>> wso2esb:
>>   assertion_consumer_service_url: *https://wso2esb-default:9443/acs
>> *
>>   default_assertion_consumer_service_url: 
>> *https://wso2esb-default:9443/acs
>> *
>> wso2as:
>>   assertion_consumer_service_url: *https://wso2as-default:9443/acs
>> *
>>   default_assertion_consumer_service_url: 
>> *https://wso2as-default:9443/acs
>> *
>>
>> This will do the following changes in WSO2 IS side.
>> 1. Add a new service_provider block in sso-idp-config.xml.
>> 2. Create a new file under
>> /repository/conf/identity/service-providers/ directory with the
>> same name of the service provider.
>>
>> The advantage of this is we can use this with docker containers. I
>> have

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-30 Thread Akila Ravihansa Perera

Hi Pubudu,

It's good that we fix this from Puppet side for now. But this should
ideally be fixed in the product. Shall we create a JIRA in the relevant
project and also create another JIRA in Puppet project to keep track of
this?

Thanks.

On Thu, Jun 30, 2016 at 3:27 PM, Pubudu Gunatilaka  wrote:

> Hi Sanjaya,
>
> As per the suggestion we thought of doing the change in the puppet level
> to cater this requirement as it would be more cleaner for the users.
> Ideally this should be done in the configuration file.
>
> I have done the relevant changes in [1] and [2].
>
> [1] -
> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
> [2] -
> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
>
> Thank you!
>
> On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera 
> wrote:
>
>> Hi Pubudu,
>>
>> On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka 
>> wrote:
>>
>>> Hi,
>>>
>>> @Imesh: As we discussed will use sso_service_providers instead of
>>> sso_product_list. That is more meaningful.
>>>
>>> @Sanjaya: These hiera data will be mapped to the placeholders in
>>> authenticators.xml [1]. If you check the puppet template we have a property
>>> called disabled as follows.
>>>
>>> 
>>>
>>
>> True. What you have done is correct. Improvement needs to be done in
>> configuration file :-)
>>
>> Regards
>>
>>~sanjaya
>>
>>
>>
>>
>>>
>>>
>>> So here, we cannot use as @sso_authentication['enabled'], because it
>>> will mark the disabled property as the opposite way.
>>>
>>> [1] -
>>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
>>>
>>> Thank you!
>>>
>>> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera 
>>> wrote:
>>>
 Hi Pubudu,
 Looks great. I have a small suggestion if it make sense. Any
 specific reason of having "disabled: *false" *instead of "enabled: *true"
 *for enabling this feature :-)

 Regards

  ~sanjaya

 On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka 
 wrote:

> Hi,
>
> I have completed setting up sso for WSO2 products using WSO2 puppet
> modules. This is really helpful when you need to automate the entire
> process of setting up sso for WSO2 products. Basically you need to do the
> sso changes in the product as well as in the WSO2 Identity Server or any
> other Identity providers. Following are the changes that needs to be done
> in hiera yaml files.
>
> *Any WSO2 product configuration:*
>
> Following hiera values [1] should be set in the product hiera file to
> enable sso. Configurations include enable sso, login page url, service
> provider id, sso serverice url and consumer service url.
>
>  wso2::sso_authentication:
> disabled: *false*
> login_page: */carbon/admin/login.jsp*
> service_provider_id: *wso2esb*
> sso_service_url: *https://wso2is-default:10113/samlsso
> *
> consumer_service_url: *https://wso2esb-default:10095/acs
> *
>
> *WSO2 IS configuration:*
>
> You can create service providers in WSO2 IS based on the details you
> have given to each and every product. Other fully automated option is to
> provide the list of products that needs to be created service providers in
> WSO2 IS hiera data file as below.
>
> wso2::sso_product_list:
> wso2esb:
>   assertion_consumer_service_url: *https://wso2esb-default:9443/acs
> *
>   default_assertion_consumer_service_url: 
> *https://wso2esb-default:9443/acs
> *
> wso2as:
>   assertion_consumer_service_url: *https://wso2as-default:9443/acs
> *
>   default_assertion_consumer_service_url: 
> *https://wso2as-default:9443/acs
> *
>
> This will do the following changes in WSO2 IS side.
> 1. Add a new service_provider block in sso-idp-config.xml.
> 2. Create a new file under
> /repository/conf/identity/service-providers/ directory with the
> same name of the service provider.
>
> The advantage of this is we can use this with docker containers. I
> have tested this in Mesos. Please share your thoughts.
>
> [1] -
> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
> [2] -
> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35
>
> Thank you!
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
>

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-30 Thread Pubudu Gunatilaka

Hi Sanjaya,

As per the suggestion we thought of doing the change in the puppet level to
cater this requirement as it would be more cleaner for the users. Ideally
this should be done in the configuration file.

I have done the relevant changes in [1] and [2].

[1] -
https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
[2] -
https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169

Thank you!

On Thu, Jun 30, 2016 at 11:03 AM, Sanjaya Ratnaweera 
wrote:

> Hi Pubudu,
>
> On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka 
> wrote:
>
>> Hi,
>>
>> @Imesh: As we discussed will use sso_service_providers instead of
>> sso_product_list. That is more meaningful.
>>
>> @Sanjaya: These hiera data will be mapped to the placeholders in
>> authenticators.xml [1]. If you check the puppet template we have a property
>> called disabled as follows.
>>
>> 
>>
>
> True. What you have done is correct. Improvement needs to be done in
> configuration file :-)
>
> Regards
>
>~sanjaya
>
>
>
>
>>
>>
>> So here, we cannot use as @sso_authentication['enabled'], because it
>> will mark the disabled property as the opposite way.
>>
>> [1] -
>> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
>>
>> Thank you!
>>
>> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera 
>> wrote:
>>
>>> Hi Pubudu,
>>> Looks great. I have a small suggestion if it make sense. Any
>>> specific reason of having "disabled: *false" *instead of "enabled: *true"
>>> *for enabling this feature :-)
>>>
>>> Regards
>>>
>>>  ~sanjaya
>>>
>>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka 
>>> wrote:
>>>
 Hi,

 I have completed setting up sso for WSO2 products using WSO2 puppet
 modules. This is really helpful when you need to automate the entire
 process of setting up sso for WSO2 products. Basically you need to do the
 sso changes in the product as well as in the WSO2 Identity Server or any
 other Identity providers. Following are the changes that needs to be done
 in hiera yaml files.

 *Any WSO2 product configuration:*

 Following hiera values [1] should be set in the product hiera file to
 enable sso. Configurations include enable sso, login page url, service
 provider id, sso serverice url and consumer service url.

  wso2::sso_authentication:
 disabled: *false*
 login_page: */carbon/admin/login.jsp*
 service_provider_id: *wso2esb*
 sso_service_url: *https://wso2is-default:10113/samlsso
 *
 consumer_service_url: *https://wso2esb-default:10095/acs
 *

 *WSO2 IS configuration:*

 You can create service providers in WSO2 IS based on the details you
 have given to each and every product. Other fully automated option is to
 provide the list of products that needs to be created service providers in
 WSO2 IS hiera data file as below.

 wso2::sso_product_list:
 wso2esb:
   assertion_consumer_service_url: *https://wso2esb-default:9443/acs
 *
   default_assertion_consumer_service_url: 
 *https://wso2esb-default:9443/acs
 *
 wso2as:
   assertion_consumer_service_url: *https://wso2as-default:9443/acs
 *
   default_assertion_consumer_service_url: 
 *https://wso2as-default:9443/acs
 *

 This will do the following changes in WSO2 IS side.
 1. Add a new service_provider block in sso-idp-config.xml.
 2. Create a new file under
 /repository/conf/identity/service-providers/ directory with the
 same name of the service provider.

 The advantage of this is we can use this with docker containers. I have
 tested this in Mesos. Please share your thoughts.

 [1] -
 https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
 [2] -
 https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35

 Thank you!
 --
 *Pubudu Gunatilaka*
 Committer and PMC Member - Apache Stratos
 Software Engineer
 WSO2, Inc.: http://wso2.com
 mobile : +94774078049 <%2B94772207163>

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev

>>>
>>>
>>> --
>>> Sanjaya Ratnaweera
>>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/.
>>>
>>> blog: http://www.samudura.org
>>> homepage: http://www.samudura.net
>>> twitter:

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-29 Thread Sanjaya Ratnaweera

Hi Pubudu,

On Thu, Jun 30, 2016 at 12:04 AM, Pubudu Gunatilaka 
wrote:

> Hi,
>
> @Imesh: As we discussed will use sso_service_providers instead of
> sso_product_list. That is more meaningful.
>
> @Sanjaya: These hiera data will be mapped to the placeholders in
> authenticators.xml [1]. If you check the puppet template we have a property
> called disabled as follows.
>
> 
>

True. What you have done is correct. Improvement needs to be done in
configuration file :-)

Regards

   ~sanjaya




>
>
> So here, we cannot use as @sso_authentication['enabled'], because it will
> mark the disabled property as the opposite way.
>
> [1] -
> https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31
>
> Thank you!
>
> On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera 
> wrote:
>
>> Hi Pubudu,
>> Looks great. I have a small suggestion if it make sense. Any specific
>> reason of having "disabled: *false" *instead of "enabled: *true" *for
>> enabling this feature :-)
>>
>> Regards
>>
>>  ~sanjaya
>>
>> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka 
>> wrote:
>>
>>> Hi,
>>>
>>> I have completed setting up sso for WSO2 products using WSO2 puppet
>>> modules. This is really helpful when you need to automate the entire
>>> process of setting up sso for WSO2 products. Basically you need to do the
>>> sso changes in the product as well as in the WSO2 Identity Server or any
>>> other Identity providers. Following are the changes that needs to be done
>>> in hiera yaml files.
>>>
>>> *Any WSO2 product configuration:*
>>>
>>> Following hiera values [1] should be set in the product hiera file to
>>> enable sso. Configurations include enable sso, login page url, service
>>> provider id, sso serverice url and consumer service url.
>>>
>>>  wso2::sso_authentication:
>>> disabled: *false*
>>> login_page: */carbon/admin/login.jsp*
>>> service_provider_id: *wso2esb*
>>> sso_service_url: *https://wso2is-default:10113/samlsso
>>> *
>>> consumer_service_url: *https://wso2esb-default:10095/acs
>>> *
>>>
>>> *WSO2 IS configuration:*
>>>
>>> You can create service providers in WSO2 IS based on the details you
>>> have given to each and every product. Other fully automated option is to
>>> provide the list of products that needs to be created service providers in
>>> WSO2 IS hiera data file as below.
>>>
>>> wso2::sso_product_list:
>>> wso2esb:
>>>   assertion_consumer_service_url: *https://wso2esb-default:9443/acs
>>> *
>>>   default_assertion_consumer_service_url: 
>>> *https://wso2esb-default:9443/acs
>>> *
>>> wso2as:
>>>   assertion_consumer_service_url: *https://wso2as-default:9443/acs
>>> *
>>>   default_assertion_consumer_service_url: 
>>> *https://wso2as-default:9443/acs
>>> *
>>>
>>> This will do the following changes in WSO2 IS side.
>>> 1. Add a new service_provider block in sso-idp-config.xml.
>>> 2. Create a new file under
>>> /repository/conf/identity/service-providers/ directory with the
>>> same name of the service provider.
>>>
>>> The advantage of this is we can use this with docker containers. I have
>>> tested this in Mesos. Please share your thoughts.
>>>
>>> [1] -
>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
>>> [2] -
>>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35
>>>
>>> Thank you!
>>> --
>>> *Pubudu Gunatilaka*
>>> Committer and PMC Member - Apache Stratos
>>> Software Engineer
>>> WSO2, Inc.: http://wso2.com
>>> mobile : +94774078049 <%2B94772207163>
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Sanjaya Ratnaweera
>> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/.
>>
>> blog: http://www.samudura.org
>> homepage: http://www.samudura.net
>> twitter: http://twitter.com/sanjayar
>> Phone: +94 773037349
>>
>> Lean . Enterprise . Middleware
>>
>
>
>
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>


-- 
Sanjaya Ratnaweera
Associate Technical Lead; WSO2 Inc; http://www.wso2.com/.

blog: http://www.samudura.org
homepage: http://www.samudura.net
twitter: http://twitter.com/sanjayar
Phone: +94 773037349

Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-29 Thread Pubudu Gunatilaka

Hi,

@Imesh: As we discussed will use sso_service_providers instead of
sso_product_list. That is more meaningful.

@Sanjaya: These hiera data will be mapped to the placeholders in
authenticators.xml [1]. If you check the puppet template we have a property
called disabled as follows.



So here, we cannot use as @sso_authentication['enabled'], because it will
mark the disabled property as the opposite way.

[1] -
https://github.com/wso2/puppet-modules/blob/master/modules/wso2esb/templates/4.9.0/repository/conf/security/authenticators.xml.erb#L31

Thank you!

On Wed, Jun 29, 2016 at 7:08 PM, Sanjaya Ratnaweera 
wrote:

> Hi Pubudu,
> Looks great. I have a small suggestion if it make sense. Any specific
> reason of having "disabled: *false" *instead of "enabled: *true" *for
> enabling this feature :-)
>
> Regards
>
>  ~sanjaya
>
> On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka 
> wrote:
>
>> Hi,
>>
>> I have completed setting up sso for WSO2 products using WSO2 puppet
>> modules. This is really helpful when you need to automate the entire
>> process of setting up sso for WSO2 products. Basically you need to do the
>> sso changes in the product as well as in the WSO2 Identity Server or any
>> other Identity providers. Following are the changes that needs to be done
>> in hiera yaml files.
>>
>> *Any WSO2 product configuration:*
>>
>> Following hiera values [1] should be set in the product hiera file to
>> enable sso. Configurations include enable sso, login page url, service
>> provider id, sso serverice url and consumer service url.
>>
>>  wso2::sso_authentication:
>> disabled: *false*
>> login_page: */carbon/admin/login.jsp*
>> service_provider_id: *wso2esb*
>> sso_service_url: *https://wso2is-default:10113/samlsso
>> *
>> consumer_service_url: *https://wso2esb-default:10095/acs
>> *
>>
>> *WSO2 IS configuration:*
>>
>> You can create service providers in WSO2 IS based on the details you have
>> given to each and every product. Other fully automated option is to provide
>> the list of products that needs to be created service providers in WSO2 IS
>> hiera data file as below.
>>
>> wso2::sso_product_list:
>> wso2esb:
>>   assertion_consumer_service_url: *https://wso2esb-default:9443/acs
>> *
>>   default_assertion_consumer_service_url: 
>> *https://wso2esb-default:9443/acs
>> *
>> wso2as:
>>   assertion_consumer_service_url: *https://wso2as-default:9443/acs
>> *
>>   default_assertion_consumer_service_url: 
>> *https://wso2as-default:9443/acs
>> *
>>
>> This will do the following changes in WSO2 IS side.
>> 1. Add a new service_provider block in sso-idp-config.xml.
>> 2. Create a new file under
>> /repository/conf/identity/service-providers/ directory with the
>> same name of the service provider.
>>
>> The advantage of this is we can use this with docker containers. I have
>> tested this in Mesos. Please share your thoughts.
>>
>> [1] -
>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
>> [2] -
>> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35
>>
>> Thank you!
>> --
>> *Pubudu Gunatilaka*
>> Committer and PMC Member - Apache Stratos
>> Software Engineer
>> WSO2, Inc.: http://wso2.com
>> mobile : +94774078049 <%2B94772207163>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Sanjaya Ratnaweera
> Associate Technical Lead; WSO2 Inc; http://www.wso2.com/.
>
> blog: http://www.samudura.org
> homepage: http://www.samudura.net
> twitter: http://twitter.com/sanjayar
> Phone: +94 773037349
>
> Lean . Enterprise . Middleware
>



-- 
*Pubudu Gunatilaka*
Committer and PMC Member - Apache Stratos
Software Engineer
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-29 Thread Sanjaya Ratnaweera

Hi Pubudu,
Looks great. I have a small suggestion if it make sense. Any specific
reason of having "disabled: *false" *instead of "enabled: *true" *for
enabling this feature :-)

Regards

 ~sanjaya

On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka  wrote:

> Hi,
>
> I have completed setting up sso for WSO2 products using WSO2 puppet
> modules. This is really helpful when you need to automate the entire
> process of setting up sso for WSO2 products. Basically you need to do the
> sso changes in the product as well as in the WSO2 Identity Server or any
> other Identity providers. Following are the changes that needs to be done
> in hiera yaml files.
>
> *Any WSO2 product configuration:*
>
> Following hiera values [1] should be set in the product hiera file to
> enable sso. Configurations include enable sso, login page url, service
> provider id, sso serverice url and consumer service url.
>
>  wso2::sso_authentication:
> disabled: *false*
> login_page: */carbon/admin/login.jsp*
> service_provider_id: *wso2esb*
> sso_service_url: *https://wso2is-default:10113/samlsso
> *
> consumer_service_url: *https://wso2esb-default:10095/acs
> *
>
> *WSO2 IS configuration:*
>
> You can create service providers in WSO2 IS based on the details you have
> given to each and every product. Other fully automated option is to provide
> the list of products that needs to be created service providers in WSO2 IS
> hiera data file as below.
>
> wso2::sso_product_list:
> wso2esb:
>   assertion_consumer_service_url: *https://wso2esb-default:9443/acs
> *
>   default_assertion_consumer_service_url: 
> *https://wso2esb-default:9443/acs
> *
> wso2as:
>   assertion_consumer_service_url: *https://wso2as-default:9443/acs
> *
>   default_assertion_consumer_service_url: *https://wso2as-default:9443/acs
> *
>
> This will do the following changes in WSO2 IS side.
> 1. Add a new service_provider block in sso-idp-config.xml.
> 2. Create a new file under
> /repository/conf/identity/service-providers/ directory with the
> same name of the service provider.
>
> The advantage of this is we can use this with docker containers. I have
> tested this in Mesos. Please share your thoughts.
>
> [1] -
> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
> [2] -
> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35
>
> Thank you!
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Sanjaya Ratnaweera
Associate Technical Lead; WSO2 Inc; http://www.wso2.com/.

blog: http://www.samudura.org
homepage: http://www.samudura.net
twitter: http://twitter.com/sanjayar
Phone: +94 773037349

Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-29 Thread Imesh Gunaratne

[+ Johann]

This looks great Pubudu!
Wouldn't it be more meaningful if we use "sso_service_providers" instead of
"sso_product_list"?

Thanks

On Wed, Jun 29, 2016 at 5:28 PM, Pubudu Gunatilaka  wrote:

> Hi,
>
> I have completed setting up sso for WSO2 products using WSO2 puppet
> modules. This is really helpful when you need to automate the entire
> process of setting up sso for WSO2 products. Basically you need to do the
> sso changes in the product as well as in the WSO2 Identity Server or any
> other Identity providers. Following are the changes that needs to be done
> in hiera yaml files.
>
> *Any WSO2 product configuration:*
>
> Following hiera values [1] should be set in the product hiera file to
> enable sso. Configurations include enable sso, login page url, service
> provider id, sso serverice url and consumer service url.
>
>  wso2::sso_authentication:
> disabled: *false*
> login_page: */carbon/admin/login.jsp*
> service_provider_id: *wso2esb*
> sso_service_url: *https://wso2is-default:10113/samlsso
> *
> consumer_service_url: *https://wso2esb-default:10095/acs
> *
>
> *WSO2 IS configuration:*
>
> You can create service providers in WSO2 IS based on the details you have
> given to each and every product. Other fully automated option is to provide
> the list of products that needs to be created service providers in WSO2 IS
> hiera data file as below.
>
> wso2::sso_product_list:
> wso2esb:
>   assertion_consumer_service_url: *https://wso2esb-default:9443/acs
> *
>   default_assertion_consumer_service_url: 
> *https://wso2esb-default:9443/acs
> *
> wso2as:
>   assertion_consumer_service_url: *https://wso2as-default:9443/acs
> *
>   default_assertion_consumer_service_url: *https://wso2as-default:9443/acs
> *
>
> This will do the following changes in WSO2 IS side.
> 1. Add a new service_provider block in sso-idp-config.xml.
> 2. Create a new file under
> /repository/conf/identity/service-providers/ directory with the
> same name of the service provider.
>
> The advantage of this is we can use this with docker containers. I have
> tested this in Mesos. Please share your thoughts.
>
> [1] -
> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
> [2] -
> https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35
>
> Thank you!
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>


-- 
*Imesh Gunaratne*
Software Architect
WSO2 Inc: http://wso2.com
T: +94 11 214 5345 M: +94 77 374 2057
W: https://medium.com/@imesh TW: @imesh
Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Configure SSO for WSO2 products using WSO2 puppet modules

2016-06-29 Thread Pubudu Gunatilaka

Hi,

I have completed setting up sso for WSO2 products using WSO2 puppet
modules. This is really helpful when you need to automate the entire
process of setting up sso for WSO2 products. Basically you need to do the
sso changes in the product as well as in the WSO2 Identity Server or any
other Identity providers. Following are the changes that needs to be done
in hiera yaml files.

*Any WSO2 product configuration:*

Following hiera values [1] should be set in the product hiera file to
enable sso. Configurations include enable sso, login page url, service
provider id, sso serverice url and consumer service url.

wso2::sso_authentication:
disabled: *false*
login_page: */carbon/admin/login.jsp*
service_provider_id: *wso2esb*
sso_service_url: *https://wso2is-default:10113/samlsso
*
consumer_service_url: *https://wso2esb-default:10095/acs
*

*WSO2 IS configuration:*

You can create service providers in WSO2 IS based on the details you have
given to each and every product. Other fully automated option is to provide
the list of products that needs to be created service providers in WSO2 IS
hiera data file as below.

wso2::sso_product_list:
wso2esb:
assertion_consumer_service_url: *https://wso2esb-default:9443/acs
*
default_assertion_consumer_service_url: *https://wso2esb-default:9443/acs
*
wso2as:
assertion_consumer_service_url: *https://wso2as-default:9443/acs
*
default_assertion_consumer_service_url: *https://wso2as-default:9443/acs
*

This will do the following changes in WSO2 IS side.
1. Add a new service_provider block in sso-idp-config.xml.
2. Create a new file under
/repository/conf/identity/service-providers/ directory with the
same name of the service provider.

The advantage of this is we can use this with docker containers. I have
tested this in Mesos. Please share your thoughts.

[1] -
https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
[2] -
https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35

Thank you!
--
*Pubudu Gunatilaka*
Committer and PMC Member - Apache Stratos
Software Engineer
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Re: [Dev] Configure SSO for WSO2 products using WSO2 puppet modules

[Dev] Configure SSO for WSO2 products using WSO2 puppet modules

12 matches

Site Navigation

Mail list logo

Footer information