class HttpdConfigmapGenerator::Saml

Constants

AUTH
IDP_METADATA_FILE
MELLON_CREATE_METADATA_COMMAND
SAML2_CONFIG_DIRECTORY
SP_METADATA_FILE

Public Instance Methods

configure(opts) click to toggle source
# File lib/httpd_configmap_generator/saml.rb, line 37
def configure(opts)
  update_hostname(opts[:host])
  Dir.mkdir(SAML2_CONFIG_DIRECTORY)
  Dir.chdir(SAML2_CONFIG_DIRECTORY) do
    command_run!(MELLON_CREATE_METADATA_COMMAND,
                 :params => [
                   "https://#{opts[:host]}",
                   "https://#{opts[:host]}/saml2"
                 ])
    rename_mellon_configfiles
    fetch_idp_metadata
  end
  config_map = ConfigMap.new(opts)
  config_map.generate(AUTH[:type], realm, persistent_files)
  config_map.save(opts[:output])
rescue => err
  log_command_error(err)
  raise err
end
configured?() click to toggle source
# File lib/httpd_configmap_generator/saml.rb, line 57
def configured?
  File.exist?(SP_METADATA_FILE)
end
optional_options() click to toggle source
# File lib/httpd_configmap_generator/saml.rb, line 18
def optional_options
  super.merge(
    :keycloak_add_metadata => { :description => "Download and add the Keycloak metadata file",
                                :default     => false },
    :keycloak_server       => { :description => "Keycloak Server FQDN or IP" },
    :keycloak_realm        => { :description => "Keycloak Realm for this client"}
  )
end
persistent_files() click to toggle source
# File lib/httpd_configmap_generator/saml.rb, line 27
def persistent_files
  file_list = %w(
    /etc/httpd/saml2/sp-key.key
    /etc/httpd/saml2/sp-cert.cert
    /etc/httpd/saml2/sp-metadata.xml
  )
  file_list += [IDP_METADATA_FILE] if opts[:keycloak_add_metadata]
  file_list
end
required_options() click to toggle source
# File lib/httpd_configmap_generator/saml.rb, line 12
def required_options
  super.merge(
    :host => { :description => "Application Domain", :short => "-h" },
  )
end
unconfigure() click to toggle source
# File lib/httpd_configmap_generator/saml.rb, line 61
def unconfigure
  return unless configured?
  FileUtils.rm_rf(SAML2_CONFIG_DIRECTORY) if Dir.exist?(SAML2_CONFIG_DIRECTORY)
end

Private Instance Methods

fetch_idp_metadata() click to toggle source
# File lib/httpd_configmap_generator/saml.rb, line 98
def fetch_idp_metadata
  if opts[:keycloak_add_metadata]
    source_file  = "http://#{opts[:keycloak_server]}:8080"
    source_file += "/auth/realms/#{opts[:keycloak_realm]}/protocol/saml/descriptor"
    fetch_network_file(source_file, IDP_METADATA_FILE)
  end
end
rename_mellon_configfiles() click to toggle source
# File lib/httpd_configmap_generator/saml.rb, line 77
def rename_mellon_configfiles
  info_msg("Renaming mellon config files")
  Dir.chdir(SAML2_CONFIG_DIRECTORY) do
    Dir.glob("https_*.*") do |mellon_file|
      saml2_file = nil
      case mellon_file
      when /^https_.*\.key$/
        saml2_file = "sp-key.key"
      when /^https_.*\.cert$/
        saml2_file = "sp-cert.cert"
      when /^https_.*\.xml$/
        saml2_file = "sp-metadata.xml"
      end
      if saml2_file
        debug_msg("- renaming #{mellon_file} to #{saml2_file}")
        File.rename(mellon_file, saml2_file)
      end
    end
  end
end
validate_options(options) click to toggle source
# File lib/httpd_configmap_generator/saml.rb, line 68
def validate_options(options)
  super(options)
  if options[:keycloak_add_metadata]
    if options[:keycloak_server] == "" || options[:keycloak_realm] == ""
      raise "Must specify both keycloak-server and keycloak-realm for fetching the IdP metadata file"
    end
  end
end