Re: [Freeipa-users] FreeIPA, Ipsilon, Duo Security integration
On Thu, 2016-12-01 at 11:37 -0800, Mike Jacobacci wrote: > Hi, > > As of now, we have FreeIPA/FreeRadius with OTP and Ipsilon working > perfectly. Now, I am looking at possibly integrating Duo security instead > of FreeIPA's 2FA. I am concerned about how it will fit in with Ipsilon and > FreeIPA... Has anyone else tried this before? If so, are there any > pitfalls or problems you have encountered or any general advise? I think there are issues with the workflow Duo requires and the latency (sending token via SMS and waiting for user to input). Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
On Thu, 2014-08-07 at 17:49 +0200, Luca Tartarini wrote:
> Hi,
>
> thanks for the reply, with Cherrypy 3.2.2 it works. Unfortunately now when
> I try to login with 'admin' account ('admin' user created previously during
> the installation of ipa-server) I can't see the Administration tab.
> Basically this condition (in /usr/share/ipsilon/templates/index.html) is
> not satisfied:
>
> {% if user.is_admin %}
> Administration |
> {% endif %}
>
> For ipsilon-server installation I run:
>
> ipsilon-server-install --secure=no --ipa=yes --krb=yes
>
> because I read that 'admin' is default.
> When I login with 'admin' in IPA Identity Management it is all ok (I login
> as administrator), with IPSILON I can login but not as administrator.
Is this using kerberos authentication ? Or username/password ?
If Kerberos SSO then do you have KrbLocalUserMapping On in the
section in the file
/etc/httpd/conf.g/ipsilon-idp.conf ?
If not then the user will be seen as admin@REALM and not considered the
same as the user "admin" by ipsilon.
Simo.
> I used the last version of jinja2 (jinja2 2.7.2).
>
> Log of ipsilon-server-install:
>
> [2014-08-07 17:48:11,242] Intallation arguments:
> [2014-08-07 17:48:11,242] admin_user: admin
> [2014-08-07 17:48:11,242] config_profile: None
> [2014-08-07 17:48:11,242] hostname: ltartari3.cern.ch
> [2014-08-07 17:48:11,242] instance: idp
> [2014-08-07 17:48:11,242] ipa: yes
> [2014-08-07 17:48:11,243] krb: yes
> [2014-08-07 17:48:11,243] krb_httpd_keytab: /etc/httpd/conf/http.keytab
> [2014-08-07 17:48:11,243] krb_realms: None
> [2014-08-07 17:48:11,243] lm_order: ['krb']
> [2014-08-07 17:48:11,243] pam: no
> [2014-08-07 17:48:11,243] pam_service: remote
> [2014-08-07 17:48:11,243] saml2: yes
> [2014-08-07 17:48:11,243] secure: no
> [2014-08-07 17:48:11,243] server_debugging: False
> [2014-08-07 17:48:11,244] system_user: ipsilon
> [2014-08-07 17:48:11,244] testauth: no
> [2014-08-07 17:48:11,244] uninstall: False
> [2014-08-07 17:48:11,244] Installation initiated
> [2014-08-07 17:48:11,244] Installing default config files
> [2014-08-07 17:48:11,461] Configuring environment helpers
> Searching for keytab in: /etc/httpd/conf/http.keytab ... Found!
> Searching for keytab in: /etc/httpd/conf/ipa.keytab ... Found!
> [2014-08-07 17:48:11,486] Configuring login managers
> Cannot set persistent booleans without managed policy.
> [2014-08-07 17:48:12,126] Configuring Authentication Providers
> Generating a 2048 bit RSA private key
> .+++
> ..+++
> writing new private key to '/var/lib/ipsilon/idp/saml2/idp.key'
> -
> Installation complete.
> Please restart HTTPD to enable the IdP instance.
>
>
> Thanks in advance.
>
> Luca Tartarini
>
>
> 2014-08-06 17:37 GMT+02:00 Simo Sorce :
>
> > On Wed, 2014-08-06 at 17:20 +0200, Luca Tartarini wrote:
> > > Hi,
> > >
> > > Thanks for the replies. I updated the line with:
> > >
> > > plugins_by_name = dict((p.name, p) for p in
> > self._site[FACILITY]['enabled'])
> > >
> > > and it works (the installation is completed succesfully).
> > >
> > > But now when I try to connect to:
> > >
> > > https://myidp.example.com/idp
> > >
> > > or I try to configure ipsilon-client (ipsilon-client-install ...) I got
> > > HTTP 500 Internal Error (with ipsilon background). I put "debug = True"
> > > in /etc/ipsilon/idp/ipsilon.conf and I got this (in
> > > /var/log/httpd/error_log):
> > >
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Available
> > > providers: ['saml2']
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > > storage path: /var/lib/ipsilon/idp/saml2
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > > metadata file: metadata.xml
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > > storage path: /var/lib/ipsilon/idp/saml2
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > key
> > > file: /var/lib/ipsilon/idp/saml2/idp.key
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > > storage path: /var/lib/ipsilon/idp/saml2
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > > certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
> > > registered: saml2
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2]
> > enabled:
> > > 1
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
> > > enabled: saml2
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
> > > plugin: krb
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
> > > plugin: pam
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] username
> > > text: Username
> > > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] password
> > > text: Password
> > > [Wed Aug 06 16:22:09 2014
Re: [Freeipa-users] FreeIPA + Ipsilon
Hi,
thanks for the reply, with Cherrypy 3.2.2 it works. Unfortunately now when
I try to login with 'admin' account ('admin' user created previously during
the installation of ipa-server) I can't see the Administration tab.
Basically this condition (in /usr/share/ipsilon/templates/index.html) is
not satisfied:
{% if user.is_admin %}
Administration |
{% endif %}
For ipsilon-server installation I run:
ipsilon-server-install --secure=no --ipa=yes --krb=yes
because I read that 'admin' is default.
When I login with 'admin' in IPA Identity Management it is all ok (I login
as administrator), with IPSILON I can login but not as administrator.
I used the last version of jinja2 (jinja2 2.7.2).
Log of ipsilon-server-install:
[2014-08-07 17:48:11,242] Intallation arguments:
[2014-08-07 17:48:11,242] admin_user: admin
[2014-08-07 17:48:11,242] config_profile: None
[2014-08-07 17:48:11,242] hostname: ltartari3.cern.ch
[2014-08-07 17:48:11,242] instance: idp
[2014-08-07 17:48:11,242] ipa: yes
[2014-08-07 17:48:11,243] krb: yes
[2014-08-07 17:48:11,243] krb_httpd_keytab: /etc/httpd/conf/http.keytab
[2014-08-07 17:48:11,243] krb_realms: None
[2014-08-07 17:48:11,243] lm_order: ['krb']
[2014-08-07 17:48:11,243] pam: no
[2014-08-07 17:48:11,243] pam_service: remote
[2014-08-07 17:48:11,243] saml2: yes
[2014-08-07 17:48:11,243] secure: no
[2014-08-07 17:48:11,243] server_debugging: False
[2014-08-07 17:48:11,244] system_user: ipsilon
[2014-08-07 17:48:11,244] testauth: no
[2014-08-07 17:48:11,244] uninstall: False
[2014-08-07 17:48:11,244] Installation initiated
[2014-08-07 17:48:11,244] Installing default config files
[2014-08-07 17:48:11,461] Configuring environment helpers
Searching for keytab in: /etc/httpd/conf/http.keytab ... Found!
Searching for keytab in: /etc/httpd/conf/ipa.keytab ... Found!
[2014-08-07 17:48:11,486] Configuring login managers
Cannot set persistent booleans without managed policy.
[2014-08-07 17:48:12,126] Configuring Authentication Providers
Generating a 2048 bit RSA private key
.+++
..+++
writing new private key to '/var/lib/ipsilon/idp/saml2/idp.key'
-
Installation complete.
Please restart HTTPD to enable the IdP instance.
Thanks in advance.
Luca Tartarini
2014-08-06 17:37 GMT+02:00 Simo Sorce :
> On Wed, 2014-08-06 at 17:20 +0200, Luca Tartarini wrote:
> > Hi,
> >
> > Thanks for the replies. I updated the line with:
> >
> > plugins_by_name = dict((p.name, p) for p in
> self._site[FACILITY]['enabled'])
> >
> > and it works (the installation is completed succesfully).
> >
> > But now when I try to connect to:
> >
> > https://myidp.example.com/idp
> >
> > or I try to configure ipsilon-client (ipsilon-client-install ...) I got
> > HTTP 500 Internal Error (with ipsilon background). I put "debug = True"
> > in /etc/ipsilon/idp/ipsilon.conf and I got this (in
> > /var/log/httpd/error_log):
> >
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Available
> > providers: ['saml2']
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > storage path: /var/lib/ipsilon/idp/saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > metadata file: metadata.xml
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > storage path: /var/lib/ipsilon/idp/saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> key
> > file: /var/lib/ipsilon/idp/saml2/idp.key
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > storage path: /var/lib/ipsilon/idp/saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> > certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
> > registered: saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2]
> enabled:
> > 1
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
> > enabled: saml2
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
> > plugin: krb
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
> > plugin: pam
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] username
> > text: Username
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] password
> > text: Password
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] service
> > name: remote
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] help
> text:
> > Insert your Username and Password and then submit.
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
> > plugin: testauth
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
> > username text: Username
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
> > password text: Password
> > [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
> help
> > tex
Re: [Freeipa-users] FreeIPA + Ipsilon
On Wed, 2014-08-06 at 17:20 +0200, Luca Tartarini wrote:
> Hi,
>
> Thanks for the replies. I updated the line with:
>
> plugins_by_name = dict((p.name, p) for p in self._site[FACILITY]['enabled'])
>
> and it works (the installation is completed succesfully).
>
> But now when I try to connect to:
>
> https://myidp.example.com/idp
>
> or I try to configure ipsilon-client (ipsilon-client-install ...) I got
> HTTP 500 Internal Error (with ipsilon background). I put "debug = True"
> in /etc/ipsilon/idp/ipsilon.conf and I got this (in
> /var/log/httpd/error_log):
>
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Available
> providers: ['saml2']
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> storage path: /var/lib/ipsilon/idp/saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> metadata file: metadata.xml
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> storage path: /var/lib/ipsilon/idp/saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp key
> file: /var/lib/ipsilon/idp/saml2/idp.key
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> storage path: /var/lib/ipsilon/idp/saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
> registered: saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] enabled:
> 1
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
> enabled: saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
> plugin: krb
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
> plugin: pam
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] username
> text: Username
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] password
> text: Password
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] service
> name: remote
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] help text:
> Insert your Username and Password and then submit.
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
> plugin: testauth
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
> username text: Username
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
> password text: Password
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth] help
> text: Insert your Username and Password and then submit.
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin provider
> plugin: saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
> allowed nameids: ['persistent', 'transient', 'email', 'kerberos', 'x509']
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> metadata file: metadata.xml
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
> email domain: example.com
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] allow
> self registration: True
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp key
> file: /var/lib/ipsilon/idp/saml2/idp.key
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
> storage path: /var/lib/ipsilon/idp/saml2
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
> nameid: persistent
> [Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Traceback (most
> recent call last):
> [Wed Aug 06 16:22:09 2014] [error] File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> line 104, in run
> [Wed Aug 06 16:22:09 2014] [error] hook()
> [Wed Aug 06 16:22:09 2014] [error] File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
> line 63, in __call__
> [Wed Aug 06 16:22:09 2014] [error] return self.callback(**self.kwargs)
> [Wed Aug 06 16:22:09 2014] [error] File
> "/usr/lib/python2.6/site-packages/ipsilon/util/page.py", line 37, in protect
> [Wed Aug 06 16:22:09 2014] [error] UserSession().remote_login()
> [Wed Aug 06 16:22:09 2014] [error] File
> "/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 103, in
> __init__
> [Wed Aug 06 16:22:09 2014] [error] self.user = self.get_data('user',
> 'name')
> [Wed Aug 06 16:22:09 2014] [error] File
> "/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 147, in
> get_data
> [Wed Aug 06 16:22:09 2014] [error] if facility not in cherrypy.session:
> [Wed Aug 06 16:22:09 2014] [error] File
> "/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/__init__.py",
> line 258, in __contains__
> [Wed Aug 06 16:22:09 2014] [error] return key i
Re: [Freeipa-users] FreeIPA + Ipsilon
Hi,
Thanks for the replies. I updated the line with:
plugins_by_name = dict((p.name, p) for p in self._site[FACILITY]['enabled'])
and it works (the installation is completed succesfully).
But now when I try to connect to:
https://myidp.example.com/idp
or I try to configure ipsilon-client (ipsilon-client-install ...) I got
HTTP 500 Internal Error (with ipsilon background). I put "debug = True"
in /etc/ipsilon/idp/ipsilon.conf and I got this (in
/var/log/httpd/error_log):
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Available
providers: ['saml2']
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
metadata file: metadata.xml
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp key
file: /var/lib/ipsilon/idp/saml2/idp.key
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
registered: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] enabled:
1
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] IdP Provider
enabled: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: krb
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: pam
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] username
text: Username
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] password
text: Password
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] service
name: remote
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [pam] help text:
Insert your Username and Password and then submit.
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin login
plugin: testauth
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
username text: Username
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth]
password text: Password
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [testauth] help
text: Insert your Username and Password and then submit.
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Admin provider
plugin: saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
allowed nameids: ['persistent', 'transient', 'email', 'kerberos', 'x509']
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
metadata file: metadata.xml
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
email domain: example.com
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
certificate file: /var/lib/ipsilon/idp/saml2/idp.pem
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] allow
self registration: True
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp key
file: /var/lib/ipsilon/idp/saml2/idp.key
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] idp
storage path: /var/lib/ipsilon/idp/saml2
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] [saml2] default
nameid: persistent
[Wed Aug 06 16:22:09 2014] [error] [06/Aug/2014:16:22:09] Traceback (most
recent call last):
[Wed Aug 06 16:22:09 2014] [error] File
"/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
line 104, in run
[Wed Aug 06 16:22:09 2014] [error] hook()
[Wed Aug 06 16:22:09 2014] [error] File
"/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/_cprequest.py",
line 63, in __call__
[Wed Aug 06 16:22:09 2014] [error] return self.callback(**self.kwargs)
[Wed Aug 06 16:22:09 2014] [error] File
"/usr/lib/python2.6/site-packages/ipsilon/util/page.py", line 37, in protect
[Wed Aug 06 16:22:09 2014] [error] UserSession().remote_login()
[Wed Aug 06 16:22:09 2014] [error] File
"/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 103, in
__init__
[Wed Aug 06 16:22:09 2014] [error] self.user = self.get_data('user',
'name')
[Wed Aug 06 16:22:09 2014] [error] File
"/usr/lib/python2.6/site-packages/ipsilon/util/user.py", line 147, in
get_data
[Wed Aug 06 16:22:09 2014] [error] if facility not in cherrypy.session:
[Wed Aug 06 16:22:09 2014] [error] File
"/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/__init__.py",
line 258, in __contains__
[Wed Aug 06 16:22:09 2014] [error] return key in child
[Wed Aug 06 16:22:09 2014] [error] File
"/usr/lib/python2.6/site-packages/CherryPy-3.5.0-py2.6.egg/cherrypy/lib/sessions.py",
line 335, in __contains__
[Wed Aug 06 16:22:09 2014] [error] self.load()
[Wed Aug 06 16:22:09 2014] [error] File
"/us
Re: [Freeipa-users] FreeIPA + Ipsilon
On 08/05/2014 07:48 PM, Simo Sorce wrote:
On Tue, 2014-08-05 at 17:47 +0200, Luca Tartarini wrote:
[...]
with HTTP 500 Internal Server Error ("GET /idp HTTP/1.1" 500 619)
The line is this one (in
/usr/lib/python2.6/site-packages/ipsilon/admin/login.py):
plugins_by_name = {p.name: p for p in self._site[FACILITY]['enabled']}
Uhmm python 2.6, I think it does not support dict comprehension.
You can replace this line with:
dict([p.name, p for p in self._site[FACILITY]['enabled']])
dict((p.name, p) for p in self._site[FACILITY]['enabled'])
(You need the parens around (p.name, p))
--
PetrĀ³
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
On Tue, 2014-08-05 at 17:47 +0200, Luca Tartarini wrote:
> Hi, thanks for the replies.
>
> I am finally managed to install lasso correctly (without lasso-python) but
> after the installation of ipsilon-server (ipsilon-server-install --ipa=yes
> --secure=no) when I try to connet via browser to:
>
> https://myidp.example.com/idp
>
> I had this error:
>
> [error] mod_wsgi (pid=22357): Target WSGI script '/usr/sbin/ipsilon' cannot
> be loaded as Python module.
> [error] mod_wsgi (pid=22357): Exception occurred processing WSGI script
> '/usr/sbin/ipsilon'.
> [error] Traceback (most recent call last):
> [error] File "/usr/sbin/ipsilon", line 28, in
> [error] from ipsilon.root import Root
> [error] File "/usr/lib/python2.6/site-packages/ipsilon/root.py", line 26,
> in
> [error] from ipsilon.admin.login import LoginPlugins
> [error] File "/usr/lib/python2.6/site-packages/ipsilon/admin/login.py",
> line 48
> [error] plugins_by_name = {p.name: p for p in
> self._site[FACILITY]['enabled']}
> [error] ^
> [error] SyntaxError: invalid syntax
>
> with HTTP 500 Internal Server Error ("GET /idp HTTP/1.1" 500 619)
>
> The line is this one (in
> /usr/lib/python2.6/site-packages/ipsilon/admin/login.py):
>
> plugins_by_name = {p.name: p for p in self._site[FACILITY]['enabled']}
Uhmm python 2.6, I think it does not support dict comprehension.
You can replace this line with:
dict([p.name, p for p in self._site[FACILITY]['enabled']])
Let me know if that helps.
Simo.
> The same thing if I try:
>
> ipsilon-client-install --saml-idp-metadata
> https://myidp.example.org/idp/saml2/metadata --debug
>
> Thanks in advance.
>
> Luca Tartarini
>
>
>
> 2014-07-31 13:11 GMT+02:00 Simo Sorce :
>
> > On Thu, 2014-07-31 at 09:53 +0200, Luca Tartarini wrote:
> > > Hi,
> > >
> > > Thanks for the reply, unfortunately I can not find the package on
> > > Scientific Linux, is there a workaround?
> >
> > I saw from the lasso mailing list that you built the lasso package
> > yourself, make sure you built the python bindings, they are part of the
> > same source tree.
> >
> > Attached find a .spec file you can use top build lasso on EL6 platforms,
> > until it will become available "officially".
> >
> > This will build and install the python binding correctly.
> >
> > Simo.
> >
> > > Thanks.
> > >
> > > Luca Tartarini
> > >
> > >
> > > 2014-07-30 15:00 GMT+02:00 Simo Sorce :
> > >
> > > > On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote:
> > > > > On 07/29/2014 03:47 PM, Luca Tartarini wrote:
> > > > > > Hi everyone,
> > > > > >
> > > > > > I am new in FreeIPA, I am trying to configure FreeIPA with
> > Ipsilon. The
> > > > > > configuration is the following: Service Provider (host with
> > Scientific
> > > > > > Linux 6) with ipsilon-client and Identity Provider (another host
> > with
> > > > > > Scientific Linux 6) with FreeIPA and ipsilon-server, is the
> > > > configuration
> > > > > > feasible and/or correct?
> > > > > > If it is, then I am stuck in the installation of ipsilon-client
> > because
> > > > > > after I installed lasso-2.3.6 and all the ipsilon-client
> > prerequisites,
> > > > > > when I finally run:
> > > > > >
> > > > > > ipsilon-client-install --saml-idp-metadata
> > > > > > https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki
> > > > > >
> > > > > > I get this error about lasso:
> > > > > >
> > > > > > Traceback (most recent call last):
> > > > > > File "/usr/bin/ipsilon-client-install", line 20, in
> > > > > > from ipsilon.tools.saml2metadata import Metadata
> > > > > > File
> > > > "/usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py",
> > > > > > line 22, in
> > > > > > import lasso
> > > > > > File "/usr/lib/python2.6/site-packages/lasso.py", line 3, in
> >
> > > > > > import _lasso
> > > > > > ImportError: No module named _lasso
> > > > > >
> > > > > > Does anyone know if it's a problem about lasso's configuration or I
> > > > forgot
> > > > > > something about ipsilon-client?
> > > > > >
> > > > > > Thanks in advance.
> > > > > >
> > > > > > Luca Tartarini
> > > > >
> > > > > Not sure, _lasso.so should be provided by lasso-python package:
> > > > >
> > > > > # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so
> > > > > lasso-python-2.4.0-4.el6.x86_64
> > > > >
> > > > > CCing Simo to advise.
> > > >
> > > > Sounds like lasso-python is missing indeed.
> > > >
> > > > Simo.
> > > >
> > > >
> > > >
> >
> >
> >
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
Hi, thanks for the replies.
I am finally managed to install lasso correctly (without lasso-python) but
after the installation of ipsilon-server (ipsilon-server-install --ipa=yes
--secure=no) when I try to connet via browser to:
https://myidp.example.com/idp
I had this error:
[error] mod_wsgi (pid=22357): Target WSGI script '/usr/sbin/ipsilon' cannot
be loaded as Python module.
[error] mod_wsgi (pid=22357): Exception occurred processing WSGI script
'/usr/sbin/ipsilon'.
[error] Traceback (most recent call last):
[error] File "/usr/sbin/ipsilon", line 28, in
[error] from ipsilon.root import Root
[error] File "/usr/lib/python2.6/site-packages/ipsilon/root.py", line 26,
in
[error] from ipsilon.admin.login import LoginPlugins
[error] File "/usr/lib/python2.6/site-packages/ipsilon/admin/login.py",
line 48
[error] plugins_by_name = {p.name: p for p in
self._site[FACILITY]['enabled']}
[error] ^
[error] SyntaxError: invalid syntax
with HTTP 500 Internal Server Error ("GET /idp HTTP/1.1" 500 619)
The line is this one (in
/usr/lib/python2.6/site-packages/ipsilon/admin/login.py):
plugins_by_name = {p.name: p for p in self._site[FACILITY]['enabled']}
The same thing if I try:
ipsilon-client-install --saml-idp-metadata
https://myidp.example.org/idp/saml2/metadata --debug
Thanks in advance.
Luca Tartarini
2014-07-31 13:11 GMT+02:00 Simo Sorce :
> On Thu, 2014-07-31 at 09:53 +0200, Luca Tartarini wrote:
> > Hi,
> >
> > Thanks for the reply, unfortunately I can not find the package on
> > Scientific Linux, is there a workaround?
>
> I saw from the lasso mailing list that you built the lasso package
> yourself, make sure you built the python bindings, they are part of the
> same source tree.
>
> Attached find a .spec file you can use top build lasso on EL6 platforms,
> until it will become available "officially".
>
> This will build and install the python binding correctly.
>
> Simo.
>
> > Thanks.
> >
> > Luca Tartarini
> >
> >
> > 2014-07-30 15:00 GMT+02:00 Simo Sorce :
> >
> > > On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote:
> > > > On 07/29/2014 03:47 PM, Luca Tartarini wrote:
> > > > > Hi everyone,
> > > > >
> > > > > I am new in FreeIPA, I am trying to configure FreeIPA with
> Ipsilon. The
> > > > > configuration is the following: Service Provider (host with
> Scientific
> > > > > Linux 6) with ipsilon-client and Identity Provider (another host
> with
> > > > > Scientific Linux 6) with FreeIPA and ipsilon-server, is the
> > > configuration
> > > > > feasible and/or correct?
> > > > > If it is, then I am stuck in the installation of ipsilon-client
> because
> > > > > after I installed lasso-2.3.6 and all the ipsilon-client
> prerequisites,
> > > > > when I finally run:
> > > > >
> > > > > ipsilon-client-install --saml-idp-metadata
> > > > > https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki
> > > > >
> > > > > I get this error about lasso:
> > > > >
> > > > > Traceback (most recent call last):
> > > > > File "/usr/bin/ipsilon-client-install", line 20, in
> > > > > from ipsilon.tools.saml2metadata import Metadata
> > > > > File
> > > "/usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py",
> > > > > line 22, in
> > > > > import lasso
> > > > > File "/usr/lib/python2.6/site-packages/lasso.py", line 3, in
>
> > > > > import _lasso
> > > > > ImportError: No module named _lasso
> > > > >
> > > > > Does anyone know if it's a problem about lasso's configuration or I
> > > forgot
> > > > > something about ipsilon-client?
> > > > >
> > > > > Thanks in advance.
> > > > >
> > > > > Luca Tartarini
> > > >
> > > > Not sure, _lasso.so should be provided by lasso-python package:
> > > >
> > > > # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so
> > > > lasso-python-2.4.0-4.el6.x86_64
> > > >
> > > > CCing Simo to advise.
> > >
> > > Sounds like lasso-python is missing indeed.
> > >
> > > Simo.
> > >
> > >
> > >
>
>
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
On Thu, 2014-07-31 at 09:53 +0200, Luca Tartarini wrote:
> Hi,
>
> Thanks for the reply, unfortunately I can not find the package on
> Scientific Linux, is there a workaround?
I saw from the lasso mailing list that you built the lasso package
yourself, make sure you built the python bindings, they are part of the
same source tree.
Attached find a .spec file you can use top build lasso on EL6 platforms,
until it will become available "officially".
This will build and install the python binding correctly.
Simo.
> Thanks.
>
> Luca Tartarini
>
>
> 2014-07-30 15:00 GMT+02:00 Simo Sorce :
>
> > On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote:
> > > On 07/29/2014 03:47 PM, Luca Tartarini wrote:
> > > > Hi everyone,
> > > >
> > > > I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The
> > > > configuration is the following: Service Provider (host with Scientific
> > > > Linux 6) with ipsilon-client and Identity Provider (another host with
> > > > Scientific Linux 6) with FreeIPA and ipsilon-server, is the
> > configuration
> > > > feasible and/or correct?
> > > > If it is, then I am stuck in the installation of ipsilon-client because
> > > > after I installed lasso-2.3.6 and all the ipsilon-client prerequisites,
> > > > when I finally run:
> > > >
> > > > ipsilon-client-install --saml-idp-metadata
> > > > https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki
> > > >
> > > > I get this error about lasso:
> > > >
> > > > Traceback (most recent call last):
> > > > File "/usr/bin/ipsilon-client-install", line 20, in
> > > > from ipsilon.tools.saml2metadata import Metadata
> > > > File
> > "/usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py",
> > > > line 22, in
> > > > import lasso
> > > > File "/usr/lib/python2.6/site-packages/lasso.py", line 3, in
> > > > import _lasso
> > > > ImportError: No module named _lasso
> > > >
> > > > Does anyone know if it's a problem about lasso's configuration or I
> > forgot
> > > > something about ipsilon-client?
> > > >
> > > > Thanks in advance.
> > > >
> > > > Luca Tartarini
> > >
> > > Not sure, _lasso.so should be provided by lasso-python package:
> > >
> > > # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so
> > > lasso-python-2.4.0-4.el6.x86_64
> > >
> > > CCing Simo to advise.
> >
> > Sounds like lasso-python is missing indeed.
> >
> > Simo.
> >
> >
> >
%global with_java 0
%global with_php 0
%global with_perl 0
%global with_python 1
%global with_wsf 0
%if %{with_php}
%{!?__pecl: %{expand: %%global __pecl %{_bindir}/pecl}}
%endif
Summary: Liberty Alliance Single Sign On
Name: lasso
Version: 2.4.0
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Libraries
Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
%if %{with_wsf}
BuildRequires: cyrus-sasl-devel
%endif
BuildRequires: gtk-doc, libtool-ltdl-devel
BuildRequires: glib2-devel, swig
BuildRequires: libxml2-devel, xmlsec1-devel, openssl-devel, xmlsec1-openssl-devel
Url: http://lasso.entrouvert.org/
%description
Lasso is a library that implements the Liberty Alliance Single Sign On
standards, including the SAML and SAML2 specifications. It allows to handle
the whole life-cycle of SAML based Federations, and provides bindings
for multiple languages.
%package devel
Summary: Lasso development headers and documentation
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
This package contains the header files, static libraries and development
documentation for Lasso.
%if %{with_perl}
%package perl
Summary: Liberty Alliance Single Sign On (lasso) Perl bindings
Group: Development/Libraries
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(Test::More)
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: %{name}%{?_isa} = %{version}-%{release}
%description perl
Perl language bindings for the lasso (Liberty Alliance Single Sign On) library.
%endif
%if %{with_java}
%package java
Summary: Liberty Alliance Single Sign On (lasso) Java bindings
Group: Development/Libraries
BuildRequires: java-devel
BuildRequires: jpackage-utils
Requires: java-headless
Requires: jpackage-utils
Requires: %{name}%{?_isa} = %{version}-%{release}
%description java
Java language bindings for the lasso (Liberty Alliance Single Sign On) library.
%endif
%if %{with_php}
%package php
Summary: Liberty Alliance Single Sign On (lasso) PHP bindings
Group: Development/Libraries
BuildRequires: php-devel, expat-devel
BuildRequires: python2
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires(post): %{__pecl}
Requires(postun): %{__pecl}
Requires: php(zend-abi) = %{php_zend_api}
Requires: php(api) = %{php_core_api}
%description php
PHP language bindings for the lasso (Liberty Alliance Single Sign On) library.
%endif
%if %{with_python}
%package python
Summary: Liberty Alliance Single Sign On (lasso) Python bindings
Group: Development/Libraries
BuildRequires: p
Re: [Freeipa-users] FreeIPA + Ipsilon
Without this package for your platform, you cannot move further. So you would either need to switch to some platform that has this package available (RHEL, CentOS, Fedora) or take the source bits and build it for your platform yourselves. Maybe you would get lucky with rebuilding the source RPM from Fedora 20 (http://koji.fedoraproject.org/koji/buildinfo?buildID=489924), but there might be some build dependencies that are not available on Scientific Linux... HTH, Martin On 07/31/2014 09:53 AM, Luca Tartarini wrote: > Hi, > > Thanks for the reply, unfortunately I can not find the package on > Scientific Linux, is there a workaround? > > Thanks. > > Luca Tartarini > > > 2014-07-30 15:00 GMT+02:00 Simo Sorce : > >> On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote: >>> On 07/29/2014 03:47 PM, Luca Tartarini wrote: Hi everyone, I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The configuration is the following: Service Provider (host with Scientific Linux 6) with ipsilon-client and Identity Provider (another host with Scientific Linux 6) with FreeIPA and ipsilon-server, is the >> configuration feasible and/or correct? If it is, then I am stuck in the installation of ipsilon-client because after I installed lasso-2.3.6 and all the ipsilon-client prerequisites, when I finally run: ipsilon-client-install --saml-idp-metadata https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki I get this error about lasso: Traceback (most recent call last): File "/usr/bin/ipsilon-client-install", line 20, in from ipsilon.tools.saml2metadata import Metadata File >> "/usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py", line 22, in import lasso File "/usr/lib/python2.6/site-packages/lasso.py", line 3, in import _lasso ImportError: No module named _lasso Does anyone know if it's a problem about lasso's configuration or I >> forgot something about ipsilon-client? Thanks in advance. Luca Tartarini >>> >>> Not sure, _lasso.so should be provided by lasso-python package: >>> >>> # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so >>> lasso-python-2.4.0-4.el6.x86_64 >>> >>> CCing Simo to advise. >> >> Sounds like lasso-python is missing indeed. >> >> Simo. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
Hi, Thanks for the reply, unfortunately I can not find the package on Scientific Linux, is there a workaround? Thanks. Luca Tartarini 2014-07-30 15:00 GMT+02:00 Simo Sorce : > On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote: > > On 07/29/2014 03:47 PM, Luca Tartarini wrote: > > > Hi everyone, > > > > > > I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The > > > configuration is the following: Service Provider (host with Scientific > > > Linux 6) with ipsilon-client and Identity Provider (another host with > > > Scientific Linux 6) with FreeIPA and ipsilon-server, is the > configuration > > > feasible and/or correct? > > > If it is, then I am stuck in the installation of ipsilon-client because > > > after I installed lasso-2.3.6 and all the ipsilon-client prerequisites, > > > when I finally run: > > > > > > ipsilon-client-install --saml-idp-metadata > > > https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki > > > > > > I get this error about lasso: > > > > > > Traceback (most recent call last): > > > File "/usr/bin/ipsilon-client-install", line 20, in > > > from ipsilon.tools.saml2metadata import Metadata > > > File > "/usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py", > > > line 22, in > > > import lasso > > > File "/usr/lib/python2.6/site-packages/lasso.py", line 3, in > > > import _lasso > > > ImportError: No module named _lasso > > > > > > Does anyone know if it's a problem about lasso's configuration or I > forgot > > > something about ipsilon-client? > > > > > > Thanks in advance. > > > > > > Luca Tartarini > > > > Not sure, _lasso.so should be provided by lasso-python package: > > > > # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so > > lasso-python-2.4.0-4.el6.x86_64 > > > > CCing Simo to advise. > > Sounds like lasso-python is missing indeed. > > Simo. > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
On Tue, 2014-07-29 at 15:58 +0200, Martin Kosek wrote: > On 07/29/2014 03:47 PM, Luca Tartarini wrote: > > Hi everyone, > > > > I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The > > configuration is the following: Service Provider (host with Scientific > > Linux 6) with ipsilon-client and Identity Provider (another host with > > Scientific Linux 6) with FreeIPA and ipsilon-server, is the configuration > > feasible and/or correct? > > If it is, then I am stuck in the installation of ipsilon-client because > > after I installed lasso-2.3.6 and all the ipsilon-client prerequisites, > > when I finally run: > > > > ipsilon-client-install --saml-idp-metadata > > https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki > > > > I get this error about lasso: > > > > Traceback (most recent call last): > > File "/usr/bin/ipsilon-client-install", line 20, in > > from ipsilon.tools.saml2metadata import Metadata > > File "/usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py", > > line 22, in > > import lasso > > File "/usr/lib/python2.6/site-packages/lasso.py", line 3, in > > import _lasso > > ImportError: No module named _lasso > > > > Does anyone know if it's a problem about lasso's configuration or I forgot > > something about ipsilon-client? > > > > Thanks in advance. > > > > Luca Tartarini > > Not sure, _lasso.so should be provided by lasso-python package: > > # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so > lasso-python-2.4.0-4.el6.x86_64 > > CCing Simo to advise. Sounds like lasso-python is missing indeed. Simo. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA + Ipsilon
On 07/29/2014 03:47 PM, Luca Tartarini wrote: > Hi everyone, > > I am new in FreeIPA, I am trying to configure FreeIPA with Ipsilon. The > configuration is the following: Service Provider (host with Scientific > Linux 6) with ipsilon-client and Identity Provider (another host with > Scientific Linux 6) with FreeIPA and ipsilon-server, is the configuration > feasible and/or correct? > If it is, then I am stuck in the installation of ipsilon-client because > after I installed lasso-2.3.6 and all the ipsilon-client prerequisites, > when I finally run: > > ipsilon-client-install --saml-idp-metadata > https://myidp.example.org/idp/saml2/metadata --saml-auth /wiki > > I get this error about lasso: > > Traceback (most recent call last): > File "/usr/bin/ipsilon-client-install", line 20, in > from ipsilon.tools.saml2metadata import Metadata > File "/usr/lib/python2.6/site-packages/ipsilon/tools/saml2metadata.py", > line 22, in > import lasso > File "/usr/lib/python2.6/site-packages/lasso.py", line 3, in > import _lasso > ImportError: No module named _lasso > > Does anyone know if it's a problem about lasso's configuration or I forgot > something about ipsilon-client? > > Thanks in advance. > > Luca Tartarini Not sure, _lasso.so should be provided by lasso-python package: # rpm -qf /usr/lib64/python2.6/site-packages/_lasso.so lasso-python-2.4.0-4.el6.x86_64 CCing Simo to advise. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
