shibboleths_lil_helper 1.0.4 → 1.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.markdown +10 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +1 -1
- data/README.markdown +12 -5
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/lib/slh/cli/verify_metadata_encryption.rb +9 -4
- data/lib/slh/cli.rb +19 -16
- data/lib/slh/templates/shibboleth2.xml.erb +0 -1
- data/lib/slh.rb +0 -1
- data/shibboleths_lil_helper.gemspec +9 -8
- metadata +31 -52
data/CHANGELOG.markdown
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
1.0.5
|
2
|
+
=====
|
3
|
+
* Relaxed dependency on ActiveSupport from ~> 3.0.9 to >= 3.0.9
|
4
|
+
* Made verify_metadata not exit on fatal error if Shibboleth.sso does
|
5
|
+
not exist
|
6
|
+
* Moved documentation into its own string Slh::Cli.documentation
|
7
|
+
* Specified shibboleth-2.4.3 is installed on your target hosts in README
|
8
|
+
* Made all github links about this project point to http://github.com/umn-asr/shibboleths_lil_helper, its final resting point.
|
9
|
+
|
1
10
|
1.0.4
|
2
11
|
=====
|
3
12
|
* Fixed an evil bug in Slh.clone_strategy_for_new_idp that
|
@@ -23,3 +32,4 @@
|
|
23
32
|
1.0.0
|
24
33
|
=====
|
25
34
|
* Initial release
|
35
|
+
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
data/README.markdown
CHANGED
@@ -2,15 +2,19 @@ About
|
|
2
2
|
=====
|
3
3
|
Shibboleth's Lil Helper (slh) is a tool that automates the generation of Apache/IIS Shibboleth Native Service Provider configuration & metadata files. It provides several benefits over manually configuring each NativeSp instance/server by:
|
4
4
|
|
5
|
-
* __Providing a consistent configuration approach__
|
6
|
-
|
5
|
+
* __Providing a consistent configuration approach__ applied uniformly across all servers in your organization.
|
6
|
+
|
7
|
+
* __Providing conceptually simple linear process__ that distills the main steps associated with Shibboleth integration.
|
8
|
+
|
9
|
+
* __Verifying metadata consistency__ across sites & hosts associated with particular Shibboletht SP entity_id.
|
7
10
|
|
8
11
|
* __Dividing high level auth specs from actual NativeSp configuration__
|
9
12
|
* Programmers can focus on high level goals like "protect files underneath the '/secure' directory on 'somewebsite.com'" rather than grappeling with the bewildering complexity of the NativeSp's interrelated XML files, the Shibboleth protocal, SAML, etc.
|
10
13
|
|
11
|
-
|
14
|
+
__This code is under active development as of 11/12/2011__.
|
15
|
+
Please watch this Github repo or periodically check CHANGLOG.markdown to stay to up-to-date.
|
12
16
|
|
13
|
-
|
17
|
+
Use `gem update shibboleths_lil_helper` to get the most current version.
|
14
18
|
|
15
19
|
Why another tool?
|
16
20
|
-----------------
|
@@ -85,7 +89,10 @@ requirement, slh will help you with this later too)
|
|
85
89
|
Assumptions
|
86
90
|
-----------
|
87
91
|
* Each host integrates with a single Identity Provider, not multiple.
|
88
|
-
* (for Apache) The Shibboleth apache module is loaded globally for all
|
92
|
+
* (for Apache) The Shibboleth apache module is loaded globally for all
|
93
|
+
vHosts. (This doesn't mean that it requires auth globally--just available).
|
94
|
+
* shibboleth-2.4.3 is installed on your target hosts. Versions greater than this should
|
95
|
+
work too, but have not been tested.
|
89
96
|
|
90
97
|
Concept
|
91
98
|
-------
|
data/Rakefile
CHANGED
@@ -15,7 +15,7 @@ require 'jeweler'
|
|
15
15
|
Jeweler::Tasks.new do |gem|
|
16
16
|
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
17
17
|
gem.name = "shibboleths_lil_helper"
|
18
|
-
gem.homepage = "http://github.com/
|
18
|
+
gem.homepage = "http://github.com/umn-asr/shibboleths_lil_helper"
|
19
19
|
gem.license = "MIT"
|
20
20
|
gem.summary = %Q{A ruby gem to streamline the setup, deployment, and ongoing management of Apache & IIS web-servers running the Shibboleth Native Service Provider implementations.}
|
21
21
|
gem.description = %Q{See the summary text.}
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.5
|
@@ -8,10 +8,15 @@ class Slh::Cli::VerifyMetadataEncryption < Slh::Cli::HostFilterableBase
|
|
8
8
|
next if @options[:filter].kind_of?(String) && !host.name.match(@options[:filter])
|
9
9
|
Slh::Cli.instance.output "Iterating sites for host #{host.name}"
|
10
10
|
host.sites.each do |site|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
11
|
+
begin
|
12
|
+
if key_originator_site.x509_certificate_string == site.x509_certificate_string
|
13
|
+
Slh::Cli.instance.output " X509Certificate matches for #{site.name} ", :highlight => :green
|
14
|
+
else
|
15
|
+
Slh::Cli.instance.output " Mismatching X509Certificate for #{site.name}, WILL NOT WORK", :highlight => :red
|
16
|
+
broken = true
|
17
|
+
end
|
18
|
+
rescue Slh::Models::Site::CouldNotGetMetadata => e
|
19
|
+
Slh::Cli.instance.output " Could not get metadata from #{site.name}, Slh::Models::Site::CouldNotGetMetadata exception thrown, message=#{e.message}, this site will not work", :highlight => :red
|
15
20
|
broken = true
|
16
21
|
end
|
17
22
|
end
|
data/lib/slh/cli.rb
CHANGED
@@ -14,21 +14,9 @@ module Slh
|
|
14
14
|
autoload :DescribeConfig
|
15
15
|
|
16
16
|
attr_reader :args,:action
|
17
|
-
|
18
|
-
def
|
19
|
-
|
20
|
-
end
|
21
|
-
|
22
|
-
def parse_options_and_delegate(args)
|
23
|
-
if args.nil?
|
24
|
-
@args = []
|
25
|
-
else
|
26
|
-
@args = args.dup
|
27
|
-
end
|
28
|
-
$stdout.sync = true # no output buffering
|
29
|
-
case @args.first
|
30
|
-
when nil
|
31
|
-
puts <<-'EOS'
|
17
|
+
|
18
|
+
def self.documentation
|
19
|
+
<<-'EOS'
|
32
20
|
|
33
21
|
This is Shibboleth's Lil Helper.
|
34
22
|
He'll help you create consistent
|
@@ -98,7 +86,22 @@ OTHER DOCUMENTATION SOURCES (not just this tool)
|
|
98
86
|
(within this project--the doc folder)
|
99
87
|
There are lots of short little developer oriented tips we used while creating this tool.
|
100
88
|
|
101
|
-
|
89
|
+
EOS
|
90
|
+
end
|
91
|
+
def output(msg,*args)
|
92
|
+
Slh.command_line_output(msg,*args)
|
93
|
+
end
|
94
|
+
|
95
|
+
def parse_options_and_delegate(args)
|
96
|
+
if args.nil?
|
97
|
+
@args = []
|
98
|
+
else
|
99
|
+
@args = args.dup
|
100
|
+
end
|
101
|
+
$stdout.sync = true # no output buffering
|
102
|
+
case @args.first
|
103
|
+
when nil
|
104
|
+
puts self.class.documentation
|
102
105
|
exit
|
103
106
|
when 'initialize'
|
104
107
|
klass = Slh::Cli::Initialize
|
@@ -1,7 +1,6 @@
|
|
1
1
|
<!--
|
2
2
|
DO NOT MODIFY!
|
3
3
|
Auto-generated on <%= Time.now.to_s %> by Shibboleth's Lil Helper:
|
4
|
-
https://github.com/joegoggins/shibboleths_lil_helper
|
5
4
|
Changes should not be made directly to this file. Instead, modify your slh config.rb file, re-generate, and re-deploy
|
6
5
|
This template was originally created by taking the default /etc/shibboleth/shibboleth2.xml and modifying/templating it
|
7
6
|
to accommodate multiple vhosts (for both IIS and Apache) for the shibboleth-2.4.3-2.1.el5 RPM on RHEL 5
|
data/lib/slh.rb
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{shibboleths_lil_helper}
|
8
|
-
s.version = "1.0.
|
8
|
+
s.version = "1.0.5"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Joe Goggins"]
|
12
|
-
s.date = %q{2011-11-
|
12
|
+
s.date = %q{2011-11-17}
|
13
13
|
s.default_executable = %q{slh}
|
14
14
|
s.description = %q{See the summary text.}
|
15
15
|
s.email = %q{goggins@umn.edu}
|
@@ -69,17 +69,18 @@ Gem::Specification.new do |s|
|
|
69
69
|
"test/helper.rb",
|
70
70
|
"test/test_shibboleths_lil_helper.rb"
|
71
71
|
]
|
72
|
-
s.homepage = %q{http://github.com/
|
72
|
+
s.homepage = %q{http://github.com/umn-asr/shibboleths_lil_helper}
|
73
73
|
s.licenses = ["MIT"]
|
74
74
|
s.require_paths = ["lib"]
|
75
|
-
s.rubygems_version = %q{1.
|
75
|
+
s.rubygems_version = %q{1.3.6}
|
76
76
|
s.summary = %q{A ruby gem to streamline the setup, deployment, and ongoing management of Apache & IIS web-servers running the Shibboleth Native Service Provider implementations.}
|
77
77
|
|
78
78
|
if s.respond_to? :specification_version then
|
79
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
79
80
|
s.specification_version = 3
|
80
81
|
|
81
|
-
if Gem::Version.new(Gem::
|
82
|
-
s.add_runtime_dependency(%q<activesupport>, ["
|
82
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
83
|
+
s.add_runtime_dependency(%q<activesupport>, [">= 3.0.9"])
|
83
84
|
s.add_runtime_dependency(%q<nokogiri>, [">= 0"])
|
84
85
|
s.add_runtime_dependency(%q<i18n>, [">= 0"])
|
85
86
|
s.add_development_dependency(%q<shoulda>, [">= 0"])
|
@@ -88,7 +89,7 @@ Gem::Specification.new do |s|
|
|
88
89
|
s.add_development_dependency(%q<rcov>, [">= 0"])
|
89
90
|
s.add_development_dependency(%q<ruby-debug>, [">= 0"])
|
90
91
|
else
|
91
|
-
s.add_dependency(%q<activesupport>, ["
|
92
|
+
s.add_dependency(%q<activesupport>, [">= 3.0.9"])
|
92
93
|
s.add_dependency(%q<nokogiri>, [">= 0"])
|
93
94
|
s.add_dependency(%q<i18n>, [">= 0"])
|
94
95
|
s.add_dependency(%q<shoulda>, [">= 0"])
|
@@ -98,7 +99,7 @@ Gem::Specification.new do |s|
|
|
98
99
|
s.add_dependency(%q<ruby-debug>, [">= 0"])
|
99
100
|
end
|
100
101
|
else
|
101
|
-
s.add_dependency(%q<activesupport>, ["
|
102
|
+
s.add_dependency(%q<activesupport>, [">= 3.0.9"])
|
102
103
|
s.add_dependency(%q<nokogiri>, [">= 0"])
|
103
104
|
s.add_dependency(%q<i18n>, [">= 0"])
|
104
105
|
s.add_dependency(%q<shoulda>, [">= 0"])
|
metadata
CHANGED
@@ -1,13 +1,12 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: shibboleths_lil_helper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
4
|
+
prerelease: false
|
6
5
|
segments:
|
7
6
|
- 1
|
8
7
|
- 0
|
9
|
-
-
|
10
|
-
version: 1.0.
|
8
|
+
- 5
|
9
|
+
version: 1.0.5
|
11
10
|
platform: ruby
|
12
11
|
authors:
|
13
12
|
- Joe Goggins
|
@@ -15,127 +14,111 @@ autorequire:
|
|
15
14
|
bindir: bin
|
16
15
|
cert_chain: []
|
17
16
|
|
18
|
-
date: 2011-11-
|
17
|
+
date: 2011-11-17 00:00:00 -06:00
|
19
18
|
default_executable: slh
|
20
19
|
dependencies:
|
21
20
|
- !ruby/object:Gem::Dependency
|
22
|
-
|
23
|
-
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
-
none: false
|
21
|
+
version_requirements: &id001 !ruby/object:Gem::Requirement
|
25
22
|
requirements:
|
26
|
-
- -
|
23
|
+
- - ">="
|
27
24
|
- !ruby/object:Gem::Version
|
28
|
-
hash: 21
|
29
25
|
segments:
|
30
26
|
- 3
|
31
27
|
- 0
|
32
28
|
- 9
|
33
29
|
version: 3.0.9
|
30
|
+
requirement: *id001
|
31
|
+
prerelease: false
|
34
32
|
name: activesupport
|
35
33
|
type: :runtime
|
36
|
-
version_requirements: *id001
|
37
34
|
- !ruby/object:Gem::Dependency
|
38
|
-
|
39
|
-
requirement: &id002 !ruby/object:Gem::Requirement
|
40
|
-
none: false
|
35
|
+
version_requirements: &id002 !ruby/object:Gem::Requirement
|
41
36
|
requirements:
|
42
37
|
- - ">="
|
43
38
|
- !ruby/object:Gem::Version
|
44
|
-
hash: 3
|
45
39
|
segments:
|
46
40
|
- 0
|
47
41
|
version: "0"
|
42
|
+
requirement: *id002
|
43
|
+
prerelease: false
|
48
44
|
name: nokogiri
|
49
45
|
type: :runtime
|
50
|
-
version_requirements: *id002
|
51
46
|
- !ruby/object:Gem::Dependency
|
52
|
-
|
53
|
-
requirement: &id003 !ruby/object:Gem::Requirement
|
54
|
-
none: false
|
47
|
+
version_requirements: &id003 !ruby/object:Gem::Requirement
|
55
48
|
requirements:
|
56
49
|
- - ">="
|
57
50
|
- !ruby/object:Gem::Version
|
58
|
-
hash: 3
|
59
51
|
segments:
|
60
52
|
- 0
|
61
53
|
version: "0"
|
54
|
+
requirement: *id003
|
55
|
+
prerelease: false
|
62
56
|
name: i18n
|
63
57
|
type: :runtime
|
64
|
-
version_requirements: *id003
|
65
58
|
- !ruby/object:Gem::Dependency
|
66
|
-
|
67
|
-
requirement: &id004 !ruby/object:Gem::Requirement
|
68
|
-
none: false
|
59
|
+
version_requirements: &id004 !ruby/object:Gem::Requirement
|
69
60
|
requirements:
|
70
61
|
- - ">="
|
71
62
|
- !ruby/object:Gem::Version
|
72
|
-
hash: 3
|
73
63
|
segments:
|
74
64
|
- 0
|
75
65
|
version: "0"
|
66
|
+
requirement: *id004
|
67
|
+
prerelease: false
|
76
68
|
name: shoulda
|
77
69
|
type: :development
|
78
|
-
version_requirements: *id004
|
79
70
|
- !ruby/object:Gem::Dependency
|
80
|
-
|
81
|
-
requirement: &id005 !ruby/object:Gem::Requirement
|
82
|
-
none: false
|
71
|
+
version_requirements: &id005 !ruby/object:Gem::Requirement
|
83
72
|
requirements:
|
84
73
|
- - ~>
|
85
74
|
- !ruby/object:Gem::Version
|
86
|
-
hash: 23
|
87
75
|
segments:
|
88
76
|
- 1
|
89
77
|
- 0
|
90
78
|
- 0
|
91
79
|
version: 1.0.0
|
80
|
+
requirement: *id005
|
81
|
+
prerelease: false
|
92
82
|
name: bundler
|
93
83
|
type: :development
|
94
|
-
version_requirements: *id005
|
95
84
|
- !ruby/object:Gem::Dependency
|
96
|
-
|
97
|
-
requirement: &id006 !ruby/object:Gem::Requirement
|
98
|
-
none: false
|
85
|
+
version_requirements: &id006 !ruby/object:Gem::Requirement
|
99
86
|
requirements:
|
100
87
|
- - ~>
|
101
88
|
- !ruby/object:Gem::Version
|
102
|
-
hash: 7
|
103
89
|
segments:
|
104
90
|
- 1
|
105
91
|
- 6
|
106
92
|
- 4
|
107
93
|
version: 1.6.4
|
94
|
+
requirement: *id006
|
95
|
+
prerelease: false
|
108
96
|
name: jeweler
|
109
97
|
type: :development
|
110
|
-
version_requirements: *id006
|
111
98
|
- !ruby/object:Gem::Dependency
|
112
|
-
|
113
|
-
requirement: &id007 !ruby/object:Gem::Requirement
|
114
|
-
none: false
|
99
|
+
version_requirements: &id007 !ruby/object:Gem::Requirement
|
115
100
|
requirements:
|
116
101
|
- - ">="
|
117
102
|
- !ruby/object:Gem::Version
|
118
|
-
hash: 3
|
119
103
|
segments:
|
120
104
|
- 0
|
121
105
|
version: "0"
|
106
|
+
requirement: *id007
|
107
|
+
prerelease: false
|
122
108
|
name: rcov
|
123
109
|
type: :development
|
124
|
-
version_requirements: *id007
|
125
110
|
- !ruby/object:Gem::Dependency
|
126
|
-
|
127
|
-
requirement: &id008 !ruby/object:Gem::Requirement
|
128
|
-
none: false
|
111
|
+
version_requirements: &id008 !ruby/object:Gem::Requirement
|
129
112
|
requirements:
|
130
113
|
- - ">="
|
131
114
|
- !ruby/object:Gem::Version
|
132
|
-
hash: 3
|
133
115
|
segments:
|
134
116
|
- 0
|
135
117
|
version: "0"
|
118
|
+
requirement: *id008
|
119
|
+
prerelease: false
|
136
120
|
name: ruby-debug
|
137
121
|
type: :development
|
138
|
-
version_requirements: *id008
|
139
122
|
description: See the summary text.
|
140
123
|
email: goggins@umn.edu
|
141
124
|
executables:
|
@@ -196,7 +179,7 @@ files:
|
|
196
179
|
- test/helper.rb
|
197
180
|
- test/test_shibboleths_lil_helper.rb
|
198
181
|
has_rdoc: true
|
199
|
-
homepage: http://github.com/
|
182
|
+
homepage: http://github.com/umn-asr/shibboleths_lil_helper
|
200
183
|
licenses:
|
201
184
|
- MIT
|
202
185
|
post_install_message:
|
@@ -205,27 +188,23 @@ rdoc_options: []
|
|
205
188
|
require_paths:
|
206
189
|
- lib
|
207
190
|
required_ruby_version: !ruby/object:Gem::Requirement
|
208
|
-
none: false
|
209
191
|
requirements:
|
210
192
|
- - ">="
|
211
193
|
- !ruby/object:Gem::Version
|
212
|
-
hash: 3
|
213
194
|
segments:
|
214
195
|
- 0
|
215
196
|
version: "0"
|
216
197
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
217
|
-
none: false
|
218
198
|
requirements:
|
219
199
|
- - ">="
|
220
200
|
- !ruby/object:Gem::Version
|
221
|
-
hash: 3
|
222
201
|
segments:
|
223
202
|
- 0
|
224
203
|
version: "0"
|
225
204
|
requirements: []
|
226
205
|
|
227
206
|
rubyforge_project:
|
228
|
-
rubygems_version: 1.
|
207
|
+
rubygems_version: 1.3.6
|
229
208
|
signing_key:
|
230
209
|
specification_version: 3
|
231
210
|
summary: A ruby gem to streamline the setup, deployment, and ongoing management of Apache & IIS web-servers running the Shibboleth Native Service Provider implementations.
|