Re: [Freeipa-users] FreeIPA, Ipsilon, Duo Security integration
On Thu, 2016-12-01 at 11:37 -0800, Mike Jacobacci wrote: > Hi, > > As of now, we have FreeIPA/FreeRadius with OTP and Ipsilon working > perfectly. Now, I am looking at possibly integrating Duo security instead > of FreeIPA's 2FA. I am concerned about how it will fit in with Ipsilon and > FreeIPA... Has anyone else tried this before? If so, are there any > pitfalls or problems you have encountered or any general advise? I think there are issues with the workflow Duo requires and the latency (sending token via SMS and waiting for user to input). Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] FreeIPA, Ipsilon, Duo Security integration
Hi, As of now, we have FreeIPA/FreeRadius with OTP and Ipsilon working perfectly. Now, I am looking at possibly integrating Duo security instead of FreeIPA's 2FA. I am concerned about how it will fit in with Ipsilon and FreeIPA... Has anyone else tried this before? If so, are there any pitfalls or problems you have encountered or any general advise? Cheers, Mike -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
On Thu, 2014-08-07 at 17:49 +0200, Luca Tartarini wrote:
Hi,
thanks for the reply, with Cherrypy 3.2.2 it works. Unfortunately now when
I try to login with 'admin' account ('admin' user created previously during
the installation of ipa-server) I can't see the Administration tab.
Basically this condition (in /usr/share/ipsilon/templates/index.html) is
not satisfied:
{% if user.is_admin %}
a href={{ basepath }}/admin id=adminAdministration/a |
{% endif %}
For ipsilon-server installation I run:
ipsilon-server-install --secure=no --ipa=yes --krb=yes
because I read that 'admin' is default.
When I login with 'admin' in IPA Identity Management it is all ok (I login
as administrator), with IPSILON I can login but not as administrator.
Is this using kerberos authentication ? Or username/password ?
If Kerberos SSO then do you have KrbLocalUserMapping On in the
Location /idp/login/krb/negotiate section in the file
/etc/httpd/conf.g/ipsilon-idp.conf ?
If not then the user will be seen as admin@REALM and not considered the
same as the user admin by ipsilon.
Simo.
I used the last version of jinja2 (jinja2 2.7.2).
Log of ipsilon-server-install:
[2014-08-07 17:48:11,242] Intallation arguments:
[2014-08-07 17:48:11,242] admin_user: admin
[2014-08-07 17:48:11,242] config_profile: None
[2014-08-07 17:48:11,242] hostname: ltartari3.cern.ch
[2014-08-07 17:48:11,242] instance: idp
[2014-08-07 17:48:11,242] ipa: yes
[2014-08-07 17:48:11,243] krb: yes
[2014-08-07 17:48:11,243] krb_httpd_keytab: /etc/httpd/conf/http.keytab
[2014-08-07 17:48:11,243] krb_realms: None
[2014-08-07 17:48:11,243] lm_order: ['krb']
[2014-08-07 17:48:11,243] pam: no
[2014-08-07 17:48:11,243] pam_service: remote
[2014-08-07 17:48:11,243] saml2: yes
[2014-08-07 17:48:11,243] secure: no
[2014-08-07 17:48:11,243] server_debugging: False
[2014-08-07 17:48:11,244] system_user: ipsilon
[2014-08-07 17:48:11,244] testauth: no
[2014-08-07 17:48:11,244] uninstall: False
[2014-08-07 17:48:11,244] Installation initiated
[2014-08-07 17:48:11,244] Installing default config files
[2014-08-07 17:48:11,461] Configuring environment helpers
Searching for keytab in: /etc/httpd/conf/http.keytab ... Found!
Searching for keytab in: /etc/httpd/conf/ipa.keytab ... Found!
[2014-08-07 17:48:11,486] Configuring login managers
Cannot set persistent booleans without managed policy.
[2014-08-07 17:48:12,126] Configuring Authentication Providers
Generating a 2048 bit RSA private key
.+++
..+++
writing new private key to '/var/lib/ipsilon/idp/saml2/idp.key'
-
Installation complete.
Please restart HTTPD to enable the IdP instance.
Thanks in advance.
Luca Tartarini
2014-08-06 17:37 GMT+02:00 Simo Sorce sso...@redhat.com:
On Wed, 2014-08-06 at 17:20 +0200, Luca Tartarini wrote:
Hi,
Thanks for the replies. I updated the line with:
plugins_by_name = dict((p.name, p) for p in
self._site[FACILITY]['enabled'])
and it works (the installation is completed succesfully).
But now when I try to connect to:
https://myidp.example.com/idp
or I try to configure ipsilon-client (ipsilon-client-install ...) I got
HTTP 500 Internal Error (with ipsilon background). I put debug = True
in /etc/ipsilon/idp/ipsilon.conf and I got this (in
/var/log/httpd/error_log):
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Available
providers: ['saml2']
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
metadata file: metadata.xml
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
key
file: /var/lib/ipsilon/idp/saml2/idp.key
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
registered: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2]
enabled:
1
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
enabled: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: krb
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: pam
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] username
text: Username
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] password
text: Password
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] service
name: remote
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09]
Re: [Freeipa-users] FreeIPA + Ipsilon
Hi,
thanks for the reply, with Cherrypy 3.2.2 it works. Unfortunately now when
I try to login with 'admin' account ('admin' user created previously during
the installation of ipa-server) I can't see the Administration tab.
Basically this condition (in /usr/share/ipsilon/templates/index.html) is
not satisfied:
{% if user.is_admin %}
a href={{ basepath }}/admin id=adminAdministration/a |
{% endif %}
For ipsilon-server installation I run:
ipsilon-server-install --secure=no --ipa=yes --krb=yes
because I read that 'admin' is default.
When I login with 'admin' in IPA Identity Management it is all ok (I login
as administrator), with IPSILON I can login but not as administrator.
I used the last version of jinja2 (jinja2 2.7.2).
Log of ipsilon-server-install:
[2014-08-07 17:48:11,242] Intallation arguments:
[2014-08-07 17:48:11,242] admin_user: admin
[2014-08-07 17:48:11,242] config_profile: None
[2014-08-07 17:48:11,242] hostname: ltartari3.cern.ch
[2014-08-07 17:48:11,242] instance: idp
[2014-08-07 17:48:11,242] ipa: yes
[2014-08-07 17:48:11,243] krb: yes
[2014-08-07 17:48:11,243] krb_httpd_keytab: /etc/httpd/conf/http.keytab
[2014-08-07 17:48:11,243] krb_realms: None
[2014-08-07 17:48:11,243] lm_order: ['krb']
[2014-08-07 17:48:11,243] pam: no
[2014-08-07 17:48:11,243] pam_service: remote
[2014-08-07 17:48:11,243] saml2: yes
[2014-08-07 17:48:11,243] secure: no
[2014-08-07 17:48:11,243] server_debugging: False
[2014-08-07 17:48:11,244] system_user: ipsilon
[2014-08-07 17:48:11,244] testauth: no
[2014-08-07 17:48:11,244] uninstall: False
[2014-08-07 17:48:11,244] Installation initiated
[2014-08-07 17:48:11,244] Installing default config files
[2014-08-07 17:48:11,461] Configuring environment helpers
Searching for keytab in: /etc/httpd/conf/http.keytab ... Found!
Searching for keytab in: /etc/httpd/conf/ipa.keytab ... Found!
[2014-08-07 17:48:11,486] Configuring login managers
Cannot set persistent booleans without managed policy.
[2014-08-07 17:48:12,126] Configuring Authentication Providers
Generating a 2048 bit RSA private key
.+++
..+++
writing new private key to '/var/lib/ipsilon/idp/saml2/idp.key'
-
Installation complete.
Please restart HTTPD to enable the IdP instance.
Thanks in advance.
Luca Tartarini
2014-08-06 17:37 GMT+02:00 Simo Sorce sso...@redhat.com:
On Wed, 2014-08-06 at 17:20 +0200, Luca Tartarini wrote:
Hi,
Thanks for the replies. I updated the line with:
plugins_by_name = dict((p.name, p) for p in
self._site[FACILITY]['enabled'])
and it works (the installation is completed succesfully).
But now when I try to connect to:
https://myidp.example.com/idp
or I try to configure ipsilon-client (ipsilon-client-install ...) I got
HTTP 500 Internal Error (with ipsilon background). I put debug = True
in /etc/ipsilon/idp/ipsilon.conf and I got this (in
/var/log/httpd/error_log):
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Available
providers: ['saml2']
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
metadata file: metadata.xml
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
key
file: /var/lib/ipsilon/idp/saml2/idp.key
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
registered: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2]
enabled:
1
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
enabled: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: krb
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: pam
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] username
text: Username
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] password
text: Password
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] service
name: remote
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] help
text:
Insert your Username and Password and then submit.
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: testauth
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
username text: Username
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
password text: Password
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
help
text: Insert your Username and Password and then submit.
[Wed Aug
Re: [Freeipa-users] FreeIPA + Ipsilon
Hi,
Thanks for the replies. I updated the line with:
plugins_by_name = dict((p.name, p) for p in self._site[FACILITY]['enabled'])
and it works (the installation is completed succesfully).
But now when I try to connect to:
https://myidp.example.com/idp
or I try to configure ipsilon-client (ipsilon-client-install ...) I got
HTTP 500 Internal Error (with ipsilon background). I put debug = True
in /etc/ipsilon/idp/ipsilon.conf and I got this (in
/var/log/httpd/error_log):
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Available
providers: ['saml2']
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
metadata file: metadata.xml
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp key
file: /var/lib/ipsilon/idp/saml2/idp.key
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
registered: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] enabled:
1
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
enabled: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: krb
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: pam
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] username
text: Username
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] password
text: Password
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] service
name: remote
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] help text:
Insert your Username and Password and then submit.
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: testauth
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
username text: Username
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
password text: Password
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth] help
text: Insert your Username and Password and then submit.
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin provider
plugin: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
allowed nameids: ['persistent', 'transient', 'email', 'kerberos', 'x509']
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
metadata file: metadata.xml
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
email domain: example.com
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] allow
self registration: True
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp key
file: /var/lib/ipsilon/idp/saml2/idp.key
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
nameid: persistent
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Traceback (most
recent call last):
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py,
line 104, in run
[Wed Aug 06 16:22:09 2014] [error] hook()
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py,
line 63, in __call__
[Wed Aug 06 16:22:09 2014] [error] return self.callback(**self.kwargs)
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/ipsilon/util/page.py, line 37, in protect
[Wed Aug 06 16:22:09 2014] [error] UserSession().remote_login()
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/ipsilon/util/user.py, line 103, in
__init__
[Wed Aug 06 16:22:09 2014] [error] self.user = self.get_data('user',
'name')
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/ipsilon/util/user.py, line 147, in
get_data
[Wed Aug 06 16:22:09 2014] [error] if facility not in cherrypy.session:
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/__init__.py,
line 258, in __contains__
[Wed Aug 06 16:22:09 2014] [error] return key in child
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py,
line 335, in __contains__
[Wed Aug 06 16:22:09 2014] [error] self.load()
[Wed Aug 06 16:22:09 2014] [error] File
Re: [Freeipa-users] FreeIPA + Ipsilon
On Wed, 2014-08-06 at 17:20 +0200, Luca Tartarini wrote:
Hi,
Thanks for the replies. I updated the line with:
plugins_by_name = dict((p.name, p) for p in self._site[FACILITY]['enabled'])
and it works (the installation is completed succesfully).
But now when I try to connect to:
https://myidp.example.com/idp
or I try to configure ipsilon-client (ipsilon-client-install ...) I got
HTTP 500 Internal Error (with ipsilon background). I put debug = True
in /etc/ipsilon/idp/ipsilon.conf and I got this (in
/var/log/httpd/error_log):
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Available
providers: ['saml2']
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
metadata file: metadata.xml
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp key
file: /var/lib/ipsilon/idp/saml2/idp.key
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
registered: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] enabled:
1
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
enabled: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: krb
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: pam
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] username
text: Username
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] password
text: Password
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] service
name: remote
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] help text:
Insert your Username and Password and then submit.
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: testauth
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
username text: Username
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
password text: Password
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth] help
text: Insert your Username and Password and then submit.
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin provider
plugin: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
allowed nameids: ['persistent', 'transient', 'email', 'kerberos', 'x509']
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
metadata file: metadata.xml
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
email domain: example.com
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] allow
self registration: True
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp key
file: /var/lib/ipsilon/idp/saml2/idp.key
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
nameid: persistent
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Traceback (most
recent call last):
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py,
line 104, in run
[Wed Aug 06 16:22:09 2014] [error] hook()
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py,
line 63, in __call__
[Wed Aug 06 16:22:09 2014] [error] return self.callback(**self.kwargs)
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/ipsilon/util/page.py, line 37, in protect
[Wed Aug 06 16:22:09 2014] [error] UserSession().remote_login()
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/ipsilon/util/user.py, line 103, in
__init__
[Wed Aug 06 16:22:09 2014] [error] self.user = self.get_data('user',
'name')
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/ipsilon/util/user.py, line 147, in
get_data
[Wed Aug 06 16:22:09 2014] [error] if facility not in cherrypy.session:
[Wed Aug 06 16:22:09 2014] [error] File
/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/__init__.py,
line 258, in __contains__
[Wed Aug 06 16:22:09 2014] [error] return key in child
[Wed Aug 06 16:22:09 2014] [error] File
Re: [Freeipa-users] FreeIPA + Ipsilon
Hi, thanks for the replies.
I am finally managed to install lasso correctly (without lasso-python) but
after the installation of ipsilon-server (ipsilon-server-install --ipa=yes
--secure=no) when I try to connet via browser to:
https://myidp.example.com/idp
I had this error:
[error] mod_wsgi (pid=22357): Target WSGI script '/usr/sbin/ipsilon' cannot
be loaded as Python module.
[error] mod_wsgi (pid=22357): Exception occurred processing WSGI script
'/usr/sbin/ipsilon'.
[error] Traceback (most recent call last):
[error] File /usr/sbin/ipsilon, line 28, in module
[error] from ipsilon.root import Root
[error] File /usr/lib/python2.6/site-packages/ipsilon/root.py, line 26,
in module
[error] from ipsilon.admin.login import LoginPlugins
[error] File /usr/lib/python2.6/site-packages/ipsilon/admin/login.py,
line 48
[error] plugins_by_name = {p.name: p for p in
self._site[FACILITY]['enabled']}
[error] ^
[error] SyntaxError: invalid syntax
with HTTP 500 Internal Server Error (GET /idp HTTP/1.1 500 619)
The line is this one (in
/usr/lib/python2.6/site-packages/ipsilon/admin/login.py):
plugins_by_name = {p.name: p for p in self._site[FACILITY]['enabled']}
The same thing if I try:
ipsilon-client-install --saml-idp-metadata
https://myidp.example.org/idp/saml2/metadata --debug
Thanks in advance.
Luca Tartarini
2014-07-31 13:11 GMT+02:00 Simo Sorce sso...@redhat.com:
On Thu, 2014-07-31 at 09:53 +0200, Luca Tartarini wrote:
Hi,
Thanks for the reply, unfortunately I can not find the package on
Scientific Linux, is there a workaround?
I saw from the lasso mailing list that you built the lasso package
yourself, make sure you built the python bindings, they are part of the
same source tree.
Attached find a .spec file you can use top build lasso on EL6 platforms,
until it will become available officially.
This will build and install the python binding correctly.
Simo.
Thanks.
Luca Tartarini
2014-07-30 15:00 GMT+02:00 Simo Sorce sso...@redhat.com:
On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote:
On 07/29/2014 03:47 PM, Luca Tartarini wrote:
Hi everyone,
I am new in FreeIPA, I am trying to configure FreeIPA with
Ipsilon. The
configuration is the following: Service Provider (host with
Scientific
Linux 6) with ipsilon-client and Identity Provider (another host
with
Scientific Linux 6) with FreeIPA and ipsilon-server, is the
configuration
feasible and/or correct?
If it is, then I am stuck in the installation of ipsilon-client
because
after I installed lasso-2.3.6 and all the ipsilon-client
prerequisites,
when I finally run:
ipsilon-client-install --saml-idp-metadata
https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki
I get this error about lasso:
Traceback (most recent call last):
File /usr/bin/ipsilon-client-install, line 20, in module
from ipsilon.tools.saml2metadata import Metadata
File
/usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py,
line 22, in module
import lasso
File /usr/lib/python2.6/site-packages/lasso.py, line 3, in
module
import _lasso
ImportError: No module named _lasso
Does anyone know if it's a problem about lasso's configuration or I
forgot
something about ipsilon-client?
Thanks in advance.
Luca Tartarini
Not sure, _lasso.so should be provided by lasso-python package:
# rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so
lasso-python-2.4.0-4.el6.x86_64
CCing Simo to advise.
Sounds like lasso-python is missing indeed.
Simo.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
On Tue, 2014-08-05 at 17:47 +0200, Luca Tartarini wrote:
Hi, thanks for the replies.
I am finally managed to install lasso correctly (without lasso-python) but
after the installation of ipsilon-server (ipsilon-server-install --ipa=yes
--secure=no) when I try to connet via browser to:
https://myidp.example.com/idp
I had this error:
[error] mod_wsgi (pid=22357): Target WSGI script '/usr/sbin/ipsilon' cannot
be loaded as Python module.
[error] mod_wsgi (pid=22357): Exception occurred processing WSGI script
'/usr/sbin/ipsilon'.
[error] Traceback (most recent call last):
[error] File /usr/sbin/ipsilon, line 28, in module
[error] from ipsilon.root import Root
[error] File /usr/lib/python2.6/site-packages/ipsilon/root.py, line 26,
in module
[error] from ipsilon.admin.login import LoginPlugins
[error] File /usr/lib/python2.6/site-packages/ipsilon/admin/login.py,
line 48
[error] plugins_by_name = {p.name: p for p in
self._site[FACILITY]['enabled']}
[error] ^
[error] SyntaxError: invalid syntax
with HTTP 500 Internal Server Error (GET /idp HTTP/1.1 500 619)
The line is this one (in
/usr/lib/python2.6/site-packages/ipsilon/admin/login.py):
plugins_by_name = {p.name: p for p in self._site[FACILITY]['enabled']}
Uhmm python 2.6, I think it does not support dict comprehension.
You can replace this line with:
dict([p.name, p for p in self._site[FACILITY]['enabled']])
Let me know if that helps.
Simo.
The same thing if I try:
ipsilon-client-install --saml-idp-metadata
https://myidp.example.org/idp/saml2/metadata --debug
Thanks in advance.
Luca Tartarini
2014-07-31 13:11 GMT+02:00 Simo Sorce sso...@redhat.com:
On Thu, 2014-07-31 at 09:53 +0200, Luca Tartarini wrote:
Hi,
Thanks for the reply, unfortunately I can not find the package on
Scientific Linux, is there a workaround?
I saw from the lasso mailing list that you built the lasso package
yourself, make sure you built the python bindings, they are part of the
same source tree.
Attached find a .spec file you can use top build lasso on EL6 platforms,
until it will become available officially.
This will build and install the python binding correctly.
Simo.
Thanks.
Luca Tartarini
2014-07-30 15:00 GMT+02:00 Simo Sorce sso...@redhat.com:
On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote:
On 07/29/2014 03:47 PM, Luca Tartarini wrote:
Hi everyone,
I am new in FreeIPA, I am trying to configure FreeIPA with
Ipsilon. The
configuration is the following: Service Provider (host with
Scientific
Linux 6) with ipsilon-client and Identity Provider (another host
with
Scientific Linux 6) with FreeIPA and ipsilon-server, is the
configuration
feasible and/or correct?
If it is, then I am stuck in the installation of ipsilon-client
because
after I installed lasso-2.3.6 and all the ipsilon-client
prerequisites,
when I finally run:
ipsilon-client-install --saml-idp-metadata
https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki
I get this error about lasso:
Traceback (most recent call last):
File /usr/bin/ipsilon-client-install, line 20, in module
from ipsilon.tools.saml2metadata import Metadata
File
/usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py,
line 22, in module
import lasso
File /usr/lib/python2.6/site-packages/lasso.py, line 3, in
module
import _lasso
ImportError: No module named _lasso
Does anyone know if it's a problem about lasso's configuration or I
forgot
something about ipsilon-client?
Thanks in advance.
Luca Tartarini
Not sure, _lasso.so should be provided by lasso-python package:
# rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so
lasso-python-2.4.0-4.el6.x86_64
CCing Simo to advise.
Sounds like lasso-python is missing indeed.
Simo.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
On 08/05/2014 07:48 PM, Simo Sorce wrote:
On Tue, 2014-08-05 at 17:47 +0200, Luca Tartarini wrote:
[...]
with HTTP 500 Internal Server Error (GET /idp HTTP/1.1 500 619)
The line is this one (in
/usr/lib/python2.6/site-packages/ipsilon/admin/login.py):
plugins_by_name = {p.name: p for p in self._site[FACILITY]['enabled']}
Uhmm python 2.6, I think it does not support dict comprehension.
You can replace this line with:
dict([p.name, p for p in self._site[FACILITY]['enabled']])
dict((p.name, p) for p in self._site[FACILITY]['enabled'])
(You need the parens around (p.name, p))
--
PetrĀ³
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
Hi, Thanks for the reply, unfortunately I can not find the package on Scientific Linux, is there a workaround? Thanks. Luca Tartarini 2014-07-30 15:00 GMT+02:00 Simo Sorce sso...@redhat.com: On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote: On 07/29/2014 03:47 PM, Luca Tartarini wrote: Hi everyone, I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The configuration is the following: Service Provider (host with Scientific Linux 6) with ipsilon-client and Identity Provider (another host with Scientific Linux 6) with FreeIPA and ipsilon-server, is the configuration feasible and/or correct? If it is, then I am stuck in the installation of ipsilon-client because after I installed lasso-2.3.6 and all the ipsilon-client prerequisites, when I finally run: ipsilon-client-install --saml-idp-metadata https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki I get this error about lasso: Traceback (most recent call last): File /usr/bin/ipsilon-client-install, line 20, in module from ipsilon.tools.saml2metadata import Metadata File /usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py, line 22, in module import lasso File /usr/lib/python2.6/site-packages/lasso.py, line 3, in module import _lasso ImportError: No module named _lasso Does anyone know if it's a problem about lasso's configuration or I forgot something about ipsilon-client? Thanks in advance. Luca Tartarini Not sure, _lasso.so should be provided by lasso-python package: # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so lasso-python-2.4.0-4.el6.x86_64 CCing Simo to advise. Sounds like lasso-python is missing indeed. Simo. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
Without this package for your platform, you cannot move further. So you would either need to switch to some platform that has this package available (RHEL, CentOS, Fedora) or take the source bits and build it for your platform yourselves. Maybe you would get lucky with rebuilding the source RPM from Fedora 20 (http://koji.fedoraproject.org/koji/buildinfo?buildID=489924), but there might be some build dependencies that are not available on Scientific Linux... HTH, Martin On 07/31/2014 09:53 AM, Luca Tartarini wrote: Hi, Thanks for the reply, unfortunately I can not find the package on Scientific Linux, is there a workaround? Thanks. Luca Tartarini 2014-07-30 15:00 GMT+02:00 Simo Sorce sso...@redhat.com: On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote: On 07/29/2014 03:47 PM, Luca Tartarini wrote: Hi everyone, I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The configuration is the following: Service Provider (host with Scientific Linux 6) with ipsilon-client and Identity Provider (another host with Scientific Linux 6) with FreeIPA and ipsilon-server, is the configuration feasible and/or correct? If it is, then I am stuck in the installation of ipsilon-client because after I installed lasso-2.3.6 and all the ipsilon-client prerequisites, when I finally run: ipsilon-client-install --saml-idp-metadata https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki I get this error about lasso: Traceback (most recent call last): File /usr/bin/ipsilon-client-install, line 20, in module from ipsilon.tools.saml2metadata import Metadata File /usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py, line 22, in module import lasso File /usr/lib/python2.6/site-packages/lasso.py, line 3, in module import _lasso ImportError: No module named _lasso Does anyone know if it's a problem about lasso's configuration or I forgot something about ipsilon-client? Thanks in advance. Luca Tartarini Not sure, _lasso.so should be provided by lasso-python package: # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so lasso-python-2.4.0-4.el6.x86_64 CCing Simo to advise. Sounds like lasso-python is missing indeed. Simo. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
On Thu, 2014-07-31 at 09:53 +0200, Luca Tartarini wrote:
Hi,
Thanks for the reply, unfortunately I can not find the package on
Scientific Linux, is there a workaround?
I saw from the lasso mailing list that you built the lasso package
yourself, make sure you built the python bindings, they are part of the
same source tree.
Attached find a .spec file you can use top build lasso on EL6 platforms,
until it will become available officially.
This will build and install the python binding correctly.
Simo.
Thanks.
Luca Tartarini
2014-07-30 15:00 GMT+02:00 Simo Sorce sso...@redhat.com:
On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote:
On 07/29/2014 03:47 PM, Luca Tartarini wrote:
Hi everyone,
I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The
configuration is the following: Service Provider (host with Scientific
Linux 6) with ipsilon-client and Identity Provider (another host with
Scientific Linux 6) with FreeIPA and ipsilon-server, is the
configuration
feasible and/or correct?
If it is, then I am stuck in the installation of ipsilon-client because
after I installed lasso-2.3.6 and all the ipsilon-client prerequisites,
when I finally run:
ipsilon-client-install --saml-idp-metadata
https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki
I get this error about lasso:
Traceback (most recent call last):
File /usr/bin/ipsilon-client-install, line 20, in module
from ipsilon.tools.saml2metadata import Metadata
File
/usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py,
line 22, in module
import lasso
File /usr/lib/python2.6/site-packages/lasso.py, line 3, in module
import _lasso
ImportError: No module named _lasso
Does anyone know if it's a problem about lasso's configuration or I
forgot
something about ipsilon-client?
Thanks in advance.
Luca Tartarini
Not sure, _lasso.so should be provided by lasso-python package:
# rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so
lasso-python-2.4.0-4.el6.x86_64
CCing Simo to advise.
Sounds like lasso-python is missing indeed.
Simo.
%global with_java 0
%global with_php 0
%global with_perl 0
%global with_python 1
%global with_wsf 0
%if %{with_php}
%{!?__pecl: %{expand: %%global __pecl %{_bindir}/pecl}}
%endif
Summary: Liberty Alliance Single Sign On
Name: lasso
Version: 2.4.0
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Libraries
Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
%if %{with_wsf}
BuildRequires: cyrus-sasl-devel
%endif
BuildRequires: gtk-doc, libtool-ltdl-devel
BuildRequires: glib2-devel, swig
BuildRequires: libxml2-devel, xmlsec1-devel, openssl-devel, xmlsec1-openssl-devel
Url: http://lasso.entrouvert.org/
%description
Lasso is a library that implements the Liberty Alliance Single Sign On
standards, including the SAML and SAML2 specifications. It allows to handle
the whole life-cycle of SAML based Federations, and provides bindings
for multiple languages.
%package devel
Summary: Lasso development headers and documentation
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
This package contains the header files, static libraries and development
documentation for Lasso.
%if %{with_perl}
%package perl
Summary: Liberty Alliance Single Sign On (lasso) Perl bindings
Group: Development/Libraries
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(Test::More)
Requires: perl(:MODULE_COMPAT_%(eval `%{__perl} -V:version`; echo $version))
Requires: %{name}%{?_isa} = %{version}-%{release}
%description perl
Perl language bindings for the lasso (Liberty Alliance Single Sign On) library.
%endif
%if %{with_java}
%package java
Summary: Liberty Alliance Single Sign On (lasso) Java bindings
Group: Development/Libraries
BuildRequires: java-devel
BuildRequires: jpackage-utils
Requires: java-headless
Requires: jpackage-utils
Requires: %{name}%{?_isa} = %{version}-%{release}
%description java
Java language bindings for the lasso (Liberty Alliance Single Sign On) library.
%endif
%if %{with_php}
%package php
Summary: Liberty Alliance Single Sign On (lasso) PHP bindings
Group: Development/Libraries
BuildRequires: php-devel, expat-devel
BuildRequires: python2
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires(post): %{__pecl}
Requires(postun): %{__pecl}
Requires: php(zend-abi) = %{php_zend_api}
Requires: php(api) = %{php_core_api}
%description php
PHP language bindings for the lasso (Liberty Alliance Single Sign On) library.
%endif
%if %{with_python}
%package python
Summary: Liberty Alliance Single Sign On (lasso) Python bindings
Group: Development/Libraries
BuildRequires: python2-devel
BuildRequires: python-lxml
Requires: python
Requires: %{name}%{?_isa} = %{version}-%{release}
%description python
Python language bindings for
Re: [Freeipa-users] FreeIPA + Ipsilon
On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote: On 07/29/2014 03:47 PM, Luca Tartarini wrote: Hi everyone, I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The configuration is the following: Service Provider (host with Scientific Linux 6) with ipsilon-client and Identity Provider (another host with Scientific Linux 6) with FreeIPA and ipsilon-server, is the configuration feasible and/or correct? If it is, then I am stuck in the installation of ipsilon-client because after I installed lasso-2.3.6 and all the ipsilon-client prerequisites, when I finally run: ipsilon-client-install --saml-idp-metadata https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki I get this error about lasso: Traceback (most recent call last): File /usr/bin/ipsilon-client-install, line 20, in module from ipsilon.tools.saml2metadata import Metadata File /usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py, line 22, in module import lasso File /usr/lib/python2.6/site-packages/lasso.py, line 3, in module import _lasso ImportError: No module named _lasso Does anyone know if it's a problem about lasso's configuration or I forgot something about ipsilon-client? Thanks in advance. Luca Tartarini Not sure, _lasso.so should be provided by lasso-python package: # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so lasso-python-2.4.0-4.el6.x86_64 CCing Simo to advise. Sounds like lasso-python is missing indeed. Simo. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] FreeIPA + Ipsilon
Hi everyone, I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The configuration is the following: Service Provider (host with Scientific Linux 6) with ipsilon-client and Identity Provider (another host with Scientific Linux 6) with FreeIPA and ipsilon-server, is the configuration feasible and/or correct? If it is, then I am stuck in the installation of ipsilon-client because after I installed lasso-2.3.6 and all the ipsilon-client prerequisites, when I finally run: ipsilon-client-install --saml-idp-metadata https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki I get this error about lasso: Traceback (most recent call last): File /usr/bin/ipsilon-client-install, line 20, in module from ipsilon.tools.saml2metadata import Metadata File /usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py, line 22, in module import lasso File /usr/lib/python2.6/site-packages/lasso.py, line 3, in module import _lasso ImportError: No module named _lasso Does anyone know if it's a problem about lasso's configuration or I forgot something about ipsilon-client? Thanks in advance. Luca Tartarini -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
On 07/29/2014 03:47 PM, Luca Tartarini wrote: Hi everyone, I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The configuration is the following: Service Provider (host with Scientific Linux 6) with ipsilon-client and Identity Provider (another host with Scientific Linux 6) with FreeIPA and ipsilon-server, is the configuration feasible and/or correct? If it is, then I am stuck in the installation of ipsilon-client because after I installed lasso-2.3.6 and all the ipsilon-client prerequisites, when I finally run: ipsilon-client-install --saml-idp-metadata https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki I get this error about lasso: Traceback (most recent call last): File /usr/bin/ipsilon-client-install, line 20, in module from ipsilon.tools.saml2metadata import Metadata File /usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py, line 22, in module import lasso File /usr/lib/python2.6/site-packages/lasso.py, line 3, in module import _lasso ImportError: No module named _lasso Does anyone know if it's a problem about lasso's configuration or I forgot something about ipsilon-client? Thanks in advance. Luca Tartarini Not sure, _lasso.so should be provided by lasso-python package: # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so lasso-python-2.4.0-4.el6.x86_64 CCing Simo to advise. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
