shibboleths_lil_helper 1.0.2 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/README.markdown +135 -58
- data/TODOS.txt +8 -1
- data/VERSION +1 -1
- data/lib/slh/cli.rb +1 -1
- data/lib/slh/cli/generate.rb +14 -0
- data/lib/slh/models/site.rb +3 -0
- data/lib/slh/templates/config.rb.erb +85 -29
- data/shibboleths_lil_helper.gemspec +2 -2
- data/test/fixtures/dummy1.rb +4 -4
- data/test/test_shibboleths_lil_helper.rb +3 -11
- metadata +3 -3
data/README.markdown
CHANGED
@@ -10,15 +10,7 @@ Shibboleth's Lil Helper (slh) is a tool that automates the generation of Apache/
|
|
10
10
|
|
11
11
|
* __Providing conceptually simple linear process__ that distills the main steps associated with Shibboleth integration.
|
12
12
|
|
13
|
-
*
|
14
|
-
particular Shibboletht SP entity_id.
|
15
|
-
|
16
|
-
DISCLAIMER
|
17
|
-
-------------------------
|
18
|
-
All you see here on Github is the readme, no code yet.
|
19
|
-
|
20
|
-
This is released as a RubyGem right now, we hope to push the source up
|
21
|
-
here once things stabilize further
|
13
|
+
* __Verifying metadata consistency__ across sites & hosts associated with particular Shibboletht SP entity_id.
|
22
14
|
|
23
15
|
Why another tool?
|
24
16
|
-----------------
|
@@ -32,83 +24,152 @@ configuration consistently with minimal manual work for:
|
|
32
24
|
* each running the Apache/IIS Native Service Provider
|
33
25
|
|
34
26
|
Installation
|
35
|
-
|
36
|
-
* Pre-requisites
|
27
|
+
------------
|
28
|
+
* Pre-requisites
|
29
|
+
* Ruby: http://www.ruby-lang.org/en/downloads/
|
37
30
|
* Rubygems: http://rubygems.org/pages/download
|
38
31
|
|
39
32
|
* Via Ruby Gems:
|
40
|
-
* gem install shibboleths_lil_helper
|
33
|
+
* `gem install shibboleths_lil_helper`
|
41
34
|
* Then type `slh` -- this provides more detailed/actionable
|
42
35
|
documentation
|
43
36
|
|
37
|
+
* Via Git: (requires bundler gem)
|
38
|
+
* this is how developers/contributors should install the tool
|
39
|
+
* `git clone ...git://thisrepo... slh`
|
40
|
+
* `cd slh`
|
41
|
+
* `bundle install`
|
42
|
+
* then add a symlink to bin/slh (something like below)
|
43
|
+
* `ln -s bin/slh ~/slh`
|
44
|
+
* make sure the slh binary is the right one (not a gem one)
|
45
|
+
* `which slh`
|
46
|
+
|
47
|
+
* Install notes:
|
48
|
+
* Tool requires nokogiri gem which in-turn requires libxml2, you may
|
49
|
+
run into difficulties there: See http://nokogiri.org/tutorials/installing_nokogiri.html if you have problems.
|
50
|
+
|
51
|
+
Before using this tool
|
52
|
+
----------------------
|
53
|
+
For each host you want to integrate with Shibboleth, do the following and have answers for the questions below.
|
54
|
+
|
55
|
+
__Don't try to use this tool until you have followed these instructions for at least one host.__
|
56
|
+
|
57
|
+
For each host:
|
58
|
+
|
59
|
+
* __Install Shibboleth Native Service Provider Apache/IIS__
|
60
|
+
https://wiki.shibboleth.net/confluence/display/SHIB2/Installation
|
61
|
+
Ideally, you should be able to hit a URL like "Shibboleth.ss/Metadata" for each site
|
62
|
+
on the host and have it cough out some XML goo. (not a strict
|
63
|
+
requirement, slh will help you with this later too)
|
64
|
+
|
65
|
+
* What web server is it? IIS or Apache
|
66
|
+
|
67
|
+
* If IIS, what is the site ID?
|
68
|
+
You can find this my clicking "Websites" in IIS and looking at the "Identifier" column for myshinynewwebsite.umn.edu.
|
69
|
+
|
70
|
+
* What is the host name of the computer? (e.g. somehost.com)
|
71
|
+
|
72
|
+
* What is the site name? (e.g. myshinynewwebsite.umn.edu)
|
73
|
+
|
74
|
+
* Is authentication required for the entire site or particular directories?
|
75
|
+
|
76
|
+
* Is this URL available for your site? myshinynewwebsite.umn.edu/Shibboleth.sso/Metadata
|
77
|
+
|
78
|
+
* What is the error support contact email?
|
79
|
+
|
80
|
+
* What is the Service Provider entity ID you'd like to use?
|
81
|
+
A simple convention is to have a dev entity for "development" or "staging" apps and one for production stuff.
|
82
|
+
You might consider https://YOUR_ORG.umn.edu/shibboleth/dev_default or https://YOUR_ORG.umn.edu/shibboleth/prod_default
|
83
|
+
|
84
|
+
|
44
85
|
Assumptions
|
45
|
-
|
46
|
-
*
|
47
|
-
*
|
48
|
-
* The Shibboleth apache module is loaded globally for all vHosts.
|
49
|
-
* You are integrating with a single Identity Provider.
|
86
|
+
-----------
|
87
|
+
* Each host integrates with a single Identity Provider, not multiple.
|
88
|
+
* (for Apache) The Shibboleth apache module is loaded globally for all vHosts.
|
50
89
|
|
51
90
|
Concept
|
52
|
-
|
91
|
+
-------
|
53
92
|
|
54
|
-
All configuration and authentication specs for all Shibboleth SP instances are specified in a single ruby parseable
|
93
|
+
All configuration and authentication specs for all Shibboleth SP instances are specified in a single ruby parseable `shibboleths_lil_helper/config.rb` file. From these specs, slh is capable of generating all of the required XML files you will need to integrate with a Shibboleth Identify Provider (Idp). The following breaks down the essential steps.
|
55
94
|
|
56
|
-
The generation of these XML files happens through a command line tool
|
57
|
-
called "slh". Each particular task is broken into sub-commands such as
|
58
|
-
"initialize", "generate", "verify_metadata", or "generate_metadata" that perform various tasks.
|
59
95
|
|
60
|
-
|
96
|
+
### Initialization
|
97
|
+
It all starts with
|
61
98
|
|
62
99
|
mkdir shibboleth_deployer
|
63
100
|
cd shibboleth_deployer
|
64
101
|
slh initialize
|
65
102
|
|
66
|
-
|
103
|
+
This creates a config file with example code you'll need to change to work.
|
104
|
+
|
105
|
+
### SP configuration
|
106
|
+
Edit `shibboleths_lil_helper/config.rb` to reflect your setup:
|
67
107
|
|
68
|
-
* Go in and edit shibboleths_lil_helper/config.rb to reflect your setup,
|
69
|
-
adding
|
70
108
|
* entity id
|
71
109
|
* idp metadata url
|
72
110
|
* hosts, sites, and paths to protect for each for each site
|
73
111
|
|
74
|
-
|
75
|
-
* From here you type:
|
112
|
+
From here you type:
|
76
113
|
|
77
114
|
slh generate
|
78
115
|
|
79
|
-
|
80
|
-
|
116
|
+
This creates:
|
117
|
+
|
118
|
+
* shibboleth2.xml
|
119
|
+
* idp_metadata.xml
|
120
|
+
* shib_apache.conf (if using apache)
|
81
121
|
|
82
|
-
|
83
|
-
access to specified paths you have
|
122
|
+
for each host for each entity_id. shibboleth2.xml contains RequestMap, AssertionConsumer server "endpoints" and other goo needed to integrate with an Shib IDP.
|
84
123
|
|
124
|
+
Go deploy these config files to you hosts. (the tool provides more details)
|
85
125
|
|
86
|
-
|
87
|
-
|
126
|
+
### Metadata verification
|
127
|
+
Verify your metadata data across all hosts:
|
88
128
|
|
89
129
|
slh verify_metadata
|
90
130
|
|
91
|
-
|
92
|
-
your setup and how to fix it. (like copying the sp-key.pem and sp-cert.pem keys associated with the
|
131
|
+
Which will tell some of the things that are probably incorrect with
|
132
|
+
your setup and how to fix it. (like copying the sp-key.pem and sp-cert.pem keys associated with the `:is_key_originator` site to all of the other hosts)
|
93
133
|
|
94
|
-
|
134
|
+
### Metadata generation
|
135
|
+
Once verify_metadata is showing all green:
|
95
136
|
|
96
137
|
slh generate_metadata
|
97
138
|
|
98
|
-
|
139
|
+
which generates a metadata file for each strategy/entity id you have
|
99
140
|
that you can give you your IDP.
|
100
141
|
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
142
|
+
Once the IDP has added your metadata, then each site should be able to
|
143
|
+
respond to
|
144
|
+
|
145
|
+
Shibboleth.sso/Login
|
146
|
+
|
147
|
+
and be happily prompted for login.
|
148
|
+
|
149
|
+
|
150
|
+
Deployment automation
|
151
|
+
---------------------
|
152
|
+
Once you have the basic stuff working, you may want to automate
|
153
|
+
deployment:
|
154
|
+
|
155
|
+
slh capistrano_deploy
|
156
|
+
|
157
|
+
will create a config/deploy.rb
|
158
|
+
|
159
|
+
See https://github.com/capistrano/capistrano/wiki/ for more details
|
105
160
|
|
106
|
-
|
161
|
+
This requires some initial setup per host and only works well if your
|
162
|
+
target hosts run SSH (aka default not-IIS setup)
|
163
|
+
|
164
|
+
deployment automation example
|
165
|
+
-----------------------------
|
166
|
+
We have a private repo called shibboleth\_deployer that includes the shibboleths\_lil\_helper generated config files and uses Capistrano to push these files out target servers and restarts shibd and httpd. It's usage looks like:
|
107
167
|
|
108
168
|
cap deploy HOST=asr-web-dev4.oit.umn.edu
|
109
169
|
|
170
|
+
### Initial setup
|
110
171
|
For each of our target servers we setup Capistrano to have a clone of
|
111
|
-
this
|
172
|
+
this shibboleth\_deployer repo structured in the standard way:
|
112
173
|
|
113
174
|
ls /etc/shibboleth_deployer
|
114
175
|
current
|
@@ -116,33 +177,49 @@ this shibboleth_deployer repo structured in the standard way, e.g:
|
|
116
177
|
shared
|
117
178
|
|
118
179
|
Setup symlinks to the appropriate config files within
|
119
|
-
|
180
|
+
shibboleth\_deployer from the places the Native Shibboleth SP expects
|
120
181
|
files to be, e.g:
|
121
182
|
|
122
|
-
|
183
|
+
from the /etc/shibboleth dir
|
184
|
+
|
123
185
|
ln -s /etc/shibboleth_deployer/current/shibboleths_lil_helper/generated/apache_shib_test_server/asr-web-dev4.oit.umn.edu/shibboleth2.xml shibboleth2.xml
|
124
186
|
|
125
187
|
ln -s /etc/shibboleth_deployer/current/shibboleths_lil_helper/generated/apache_shib_test_server/asr-web-dev4.oit.umn.edu/idp_metadata.xml idp_metadata.xml
|
126
188
|
|
127
|
-
|
128
|
-
ln -s /etc/shibboleth_deployer/current/shibboleths_lil_helper/generated/apache_shib_test_server/asr-web-dev4.oit.umn.edu/shib_apache.conf shib_apache.conf
|
189
|
+
from the /etc/httpd/conf.d dir
|
129
190
|
|
130
|
-
|
131
|
-
===============
|
132
|
-
* See the stuff in /doc in this project
|
191
|
+
ln -s /etc/shibboleth_deployer/current/shibboleths_lil_helper/generated/apache_shib_test_server/asr-web-dev4.oit.umn.edu/shib_apache.conf shib_apache.conf
|
133
192
|
|
134
193
|
How to Help
|
135
|
-
|
194
|
+
-----------
|
195
|
+
* Let us know the issues you are having with the tool via Github Issues.
|
136
196
|
|
137
|
-
|
197
|
+
* Improve the documentation! The whole purpose of this tool is to
|
198
|
+
provide a straight-forward path to setting up a Shibboleth SP.
|
199
|
+
|
200
|
+
How to contribute
|
138
201
|
----------------------
|
139
|
-
*
|
202
|
+
* Fork, implement, issue a pull request for small changes.
|
140
203
|
|
141
|
-
*
|
204
|
+
* Email us for big ideas or API changes--we'd like to keep this tool
|
205
|
+
stable and want to collaborate to identify the right way of
|
206
|
+
accommodating new features while maintaining backward compatibility.
|
142
207
|
|
143
|
-
|
144
|
-
|
208
|
+
Contributors
|
209
|
+
------------
|
145
210
|
* Joe Goggins, Academic Support Resources, goggins@umn.edu
|
146
211
|
* Chris Dinger, Academic Support Resources, ding0057@umn.edu
|
147
212
|
|
148
|
-
|
213
|
+
Acknowledgements
|
214
|
+
----------------
|
215
|
+
Thanks to these folks for providing feedback and willingness to pilot
|
216
|
+
the tool.
|
217
|
+
|
218
|
+
* David Peterson, Office of Institutional Research
|
219
|
+
* Debbie Gillespie, Computer Science and Engineering
|
220
|
+
* Eva Young, Office of Institional Compliance
|
221
|
+
* Josh Buysse, CLA Office of Information Technology
|
222
|
+
* Aaron Zirbes, Environmental Health Sciences
|
223
|
+
|
224
|
+
|
225
|
+
Copyright (c) Regents of the University of Minnesota
|
data/TODOS.txt
CHANGED
@@ -1,7 +1,14 @@
|
|
1
|
-
|
1
|
+
TODOS
|
2
|
+
|
3
|
+
|
2
4
|
|
3
5
|
|
4
6
|
DONE
|
7
|
+
* Added note in readme: Broke because of libxml2 lacking http://nokogiri.org/tutorials/installing_nokogiri.html
|
8
|
+
* after slh generate, tell the user exactly where they should put the files.
|
9
|
+
* Blowup gracefully when no protect statements
|
10
|
+
* config.rb.erb: specify what must be specified and what is optional
|
11
|
+
* Release as gem
|
5
12
|
* Incorporate FAQ stuff somehow https://www.pivotaltracker.com/story/show/19256223
|
6
13
|
* Add something that warns LOUDLY to use slh with source control
|
7
14
|
* Rejigger the default config.rb.erb--simplify and reference documentation
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.3
|
data/lib/slh/cli.rb
CHANGED
@@ -107,7 +107,7 @@ OTHER DOCUMENTATION SOURCES (not just this tool)
|
|
107
107
|
when 'verify_metadata'
|
108
108
|
klass = [Slh::Cli::FetchMetadata, Slh::Cli::CompareMetadata, Slh::Cli::VerifyMetadataEncryption]
|
109
109
|
when 'generate_metadata'
|
110
|
-
klass =
|
110
|
+
klass = Slh::Cli::GenerateMetadata
|
111
111
|
when "generate_capistrano"
|
112
112
|
klass = Slh::Cli::GenerateCapistranoDeploy
|
113
113
|
when "copy_templates_to_override"
|
data/lib/slh/cli/generate.rb
CHANGED
@@ -12,9 +12,23 @@ class Slh::Cli::Generate < Slh::Cli::HostFilterableBase
|
|
12
12
|
FileUtils.mkdir_p(host.config_dir)
|
13
13
|
File.open(strategy.config_file_path(cf,host), 'w') {|f| f.write(strategy.generate_config_file_content(cf,host)) }
|
14
14
|
Slh::Cli.instance.output " Wrote #{strategy.config_file_path(cf,host)}"
|
15
|
+
if cf == 'shib_apache.conf'
|
16
|
+
Slh::Cli.instance.output " copy this into /etc/httpd/conf.d or somewhere apache can read it are target host", :highlight => :green
|
17
|
+
else
|
18
|
+
if host.shib_prefix.nil?
|
19
|
+
Slh::Cli.instance.output " copy this into /etc/shibboleth for this host on target host", :highlight => :green
|
20
|
+
else
|
21
|
+
Slh::Cli.instance.output " copy this into #{host.prefixed_filepath_for(cf)} on target host", :highlight => :green
|
22
|
+
end
|
23
|
+
end
|
15
24
|
end
|
16
25
|
end
|
26
|
+
|
27
|
+
originator_host = strategy.key_originator_site.parent_host
|
28
|
+
Slh::Cli.instance.output "\ncopy sp-key.pem sp-cert.pem from host #{originator_host.name} to ALL target hosts.", :highlight => :green
|
29
|
+
Slh::Cli.instance.output " This makes the X509Certificate stuff in all metadata for all sites associated with an entity_id match"
|
17
30
|
end
|
31
|
+
|
18
32
|
Slh::Cli.instance.output "You MUST deploy these files your web servers and restart httpd and shibd for subsequent commands to work", :highlight => true
|
19
33
|
end
|
20
34
|
end
|
data/lib/slh/models/site.rb
CHANGED
@@ -28,6 +28,9 @@ class Slh::Models::Site < Slh::Models::Base
|
|
28
28
|
if block_given?
|
29
29
|
self.instance_eval(&block)
|
30
30
|
end
|
31
|
+
if self.paths.empty?
|
32
|
+
raise "No protect statements for site #{site_name}, you must protect at least 1 path for every site. Adding a \"protect\" statement should make this error go away"
|
33
|
+
end
|
31
34
|
end
|
32
35
|
|
33
36
|
def metadata
|
@@ -1,40 +1,96 @@
|
|
1
|
+
# ABOUT
|
2
|
+
# =====
|
3
|
+
# This file is the basis for your shibboleth config for
|
4
|
+
# all entities, hosts, sites, and url paths you want to protect for your organization.
|
5
|
+
#
|
6
|
+
# All slh commands utilize this file to do its thing.
|
7
|
+
#
|
8
|
+
# To get started:
|
9
|
+
# * fill in the REQUIRED items
|
10
|
+
# * run slh generate
|
11
|
+
# * deploy the files our to your server to the appropriate place
|
12
|
+
# * fight with your server to get somesite.com/Shibboleth.sso/Metadata spitting out XML
|
13
|
+
# for each host
|
14
|
+
#
|
15
|
+
# Then:
|
16
|
+
# * run slh verify_metadata
|
17
|
+
# * copy sp-key, sp-cert, etc
|
18
|
+
# * re-run command until you aren't seeing any errors
|
19
|
+
# Then:
|
20
|
+
# * run slh generate_metadata
|
21
|
+
# * give the metadata to your IDP folks
|
22
|
+
#
|
23
|
+
# Verify:
|
24
|
+
# * Goto somesite.com/Shibboleth.sso/Login
|
25
|
+
# * You should be prompted to login
|
26
|
+
#
|
27
|
+
# A strategy
|
28
|
+
# has one entity
|
29
|
+
# has a metadata url
|
30
|
+
# has many hosts
|
31
|
+
# a host has many sites
|
32
|
+
# a site has many protected paths
|
33
|
+
# a protected path can require auth, optionally use auth, or restrict to a
|
34
|
+
# particular set of users
|
35
|
+
#
|
1
36
|
Slh.for_strategy :test_idp do
|
2
|
-
set :sp_entity_id, 'YOUR_ENTITY_ID'
|
3
|
-
set :idp_metadata_url, 'YOUR_IDP_METADATA_URL'
|
4
|
-
set :error_support_contact, 'YOUR_ERROR_SUPPORT_EMAIL_ADDRESS'
|
37
|
+
set :sp_entity_id, 'YOUR_ENTITY_ID' # REQUIRED, https://yourorg.umn.edu/shibboleth/default
|
5
38
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
39
|
+
set :idp_metadata_url, 'YOUR_IDP_METADATA_URL' # REQUIRED, https://idp-test.shib.umn.edu/metadata.xml
|
40
|
+
set :error_support_contact, 'YOUR_ERROR_SUPPORT_EMAIL_ADDRESS' # OPTIONAL
|
41
|
+
|
42
|
+
# Can be either
|
43
|
+
# for_apache_host
|
44
|
+
# or
|
45
|
+
# for_iis_host
|
46
|
+
for_apache_host 'SOMEHOSTNAME.COM' do # REQUIRED
|
47
|
+
# uncomment if your shib stuff lives in a non-standard location
|
48
|
+
# set :shib_prefix, '/swadm/etc/shibboleth' # OPTIONAL
|
49
|
+
|
50
|
+
# uncomment if and fill-in if you are using IIS
|
51
|
+
# set :site_id, "YOU_MUST_SET_THE_SITE_ID_HERE" # REQUIRED if for_iis_host
|
52
|
+
#
|
53
|
+
# replace with the host name of your server
|
54
|
+
for_site 'SOMESITENAME1.COM' do # REQUIRED
|
10
55
|
# Each strategy must set this for exactly one site
|
11
56
|
# its used as the authoritative source to from which all other
|
12
57
|
# sites metadata's X509Certificate should match
|
13
58
|
# the sp-key.pem and sp-cert.pem files from this host should be
|
14
59
|
# copied to all other hosts underneath the strategy
|
15
|
-
#
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
60
|
+
set :is_key_originator, true # REQUIRED, see instructions
|
61
|
+
protect '/' do # REQUIRED
|
62
|
+
# delete this line if you want to require auth for the whole site
|
63
|
+
set :flavor, :authentication_optional # OPTIONAL
|
64
|
+
# There are three "flavors":
|
65
|
+
# authentication_required: defaults to this if unspecified
|
66
|
+
# i.e. (no do-end block required)
|
67
|
+
# protect 'secure'
|
68
|
+
#
|
69
|
+
# authentication_optional: Makes it possible for
|
70
|
+
# the app layer to redirect to Shibboleth.sso/Login
|
71
|
+
# i.e.
|
72
|
+
# protect 'lazy_auth' do
|
73
|
+
# set :flavor, :authentication_optional
|
74
|
+
# end
|
75
|
+
# authentication_required_for_specific_users: Require auth and restrict to
|
76
|
+
# a particular set of users (not-tested extensively)
|
77
|
+
# i.e.
|
78
|
+
# protect 'specific_users' do
|
79
|
+
# set :flavor, :authentication_required_for_specific_users
|
80
|
+
# set :specific_users, %w(SOMEUSER@SOME.DOMAIN.COM ANOTHERUSER@SOME.DOMAIN.COM)
|
81
|
+
# end
|
22
82
|
end
|
83
|
+
# ... for each protected dir for this site ...
|
23
84
|
end
|
24
|
-
|
25
|
-
protect 'SOME_PATH_YOU_WANT_TO_RESTRICTED_TO_PARTICULAR_USERS' do
|
26
|
-
set :flavor, :authentication_required_for_specific_users
|
27
|
-
set :specific_users, %w(SOMEUSER@SOME.DOMAIN.COM ANOTHERUSER@SOME.DOMAIN.COM)
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
for_iis_host 'SOMEIISHOSTNAME.COM' do
|
32
|
-
for_site 'SOMEIISSITENAME1.COM' do
|
33
|
-
set :site_id, "YOU_MUST_SET_THE_SITE_ID_HERE"
|
34
|
-
protect 'SOME_PATH_YOU_WANT_TO_REQUIRE_AUTH'
|
35
|
-
end
|
85
|
+
# ... for each site on this host ...
|
36
86
|
end
|
87
|
+
# ... for each host within this strategy (using this entity_id)
|
37
88
|
end
|
38
|
-
|
39
|
-
|
40
|
-
|
89
|
+
# ... for each strategy/aka entity_id ...
|
90
|
+
#
|
91
|
+
# Uncomment this line if you want to create a new strategy that is identical
|
92
|
+
# an existing one but points at a different IDP entity URL
|
93
|
+
#
|
94
|
+
# Slh.clone_strategy_for_new_idp :test_idp, # OPTIONAL
|
95
|
+
# :production_idp,
|
96
|
+
# 'THE_PRODUCTION_IDP_METADATA_URL'
|
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{shibboleths_lil_helper}
|
8
|
-
s.version = "1.0.
|
8
|
+
s.version = "1.0.3"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Joe Goggins"]
|
12
|
-
s.date = %q{2011-11-
|
12
|
+
s.date = %q{2011-11-08}
|
13
13
|
s.default_executable = %q{slh}
|
14
14
|
s.description = %q{See the summary text.}
|
15
15
|
s.email = %q{goggins@umn.edu}
|
data/test/fixtures/dummy1.rb
CHANGED
@@ -2,14 +2,14 @@
|
|
2
2
|
# Slh.define_idp_meta_data :default, 'https://idp-test.shib.umn.edu/metadata.xml'
|
3
3
|
# Slh.define_error_support_contact :default, 'goggins@umn.edu'
|
4
4
|
#
|
5
|
-
Slh.
|
5
|
+
Slh.for_strategy :dummy1,
|
6
6
|
:sp_entity_id => 'https://shib-local-vm1.asr.umn.edu/rhel5_sp1',
|
7
7
|
:idp_metadata_url => 'https://idp-test.shib.umn.edu/metadata.xml',
|
8
8
|
:error_support_contact => 'goggins@umn.edu' do
|
9
9
|
for_host 'shib-local-vm1.asr.umn.edu' do
|
10
|
-
|
11
|
-
|
12
|
-
|
10
|
+
for_site 'https://shib-local-vm1.asr.umn.edu' do
|
11
|
+
protect '/secure'
|
12
|
+
protect '/lazy', :flavor => :authentication_optional
|
13
13
|
end
|
14
14
|
end
|
15
15
|
end
|
@@ -1,17 +1,9 @@
|
|
1
1
|
require 'helper'
|
2
2
|
|
3
3
|
class TestShibbolethsLilHelper < Test::Unit::TestCase
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
# should "provides class representing core shibboleth model-ish ideas" do
|
8
|
-
# assert Slh::Models::App.class == Class
|
9
|
-
# assert Slh::Models::Host.class == Class
|
10
|
-
# # TODO add more
|
11
|
-
# end
|
12
|
-
# should "provide some top level methods for using the tool" do
|
13
|
-
# # TODO add more
|
14
|
-
# end
|
4
|
+
should "have a Slh namespace that will contain all classes contained" do
|
5
|
+
assert Slh.class == Module
|
6
|
+
end
|
15
7
|
|
16
8
|
# context "with :dummy1 strategy" do
|
17
9
|
# setup do
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 1
|
7
7
|
- 0
|
8
|
-
-
|
9
|
-
version: 1.0.
|
8
|
+
- 3
|
9
|
+
version: 1.0.3
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Joe Goggins
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2011-11-
|
17
|
+
date: 2011-11-08 00:00:00 -06:00
|
18
18
|
default_executable: slh
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|