class ManageIQ::ApplianceConsole::SamlAuthentication
Constants
- IDP_METADATA_FILE
- MELLON_CREATE_METADATA_COMMAND
- SAML2_CONFIG_DIRECTORY
Attributes
host[RW]
options[RW]
Public Class Methods
new(options)
click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 13 def initialize(options) @options = options end
Public Instance Methods
configure(host)
click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 17 def configure(host) @host = host validate_saml_idp_metadata_option say("Configuring SAML Authentication for https://#{host} ...") copy_apache_saml_configfiles FileUtils.mkdir_p(SAML2_CONFIG_DIRECTORY) AwesomeSpawn.run!(MELLON_CREATE_METADATA_COMMAND, :chdir => SAML2_CONFIG_DIRECTORY, :params => ["https://#{host}", "https://#{host}/saml2"]) rename_mellon_configfiles fetch_idp_metadata configure_auth_settings_saml restart_httpd true rescue AwesomeSpawn::CommandResultError => e log_command_error(e) say("Failed to Configure SAML Authentication - #{e}") false rescue => e say("Failed to Configure SAML Authentication - #{e}") false end
unconfigure()
click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 41 def unconfigure raise "Appliance is not currently configured for SAML" unless configured? say("Unconfiguring SAML Authentication ...") remove_apache_saml_configfiles configure_auth_settings_database restart_httpd true rescue AwesomeSpawn::CommandResultError => e log_command_error(e) say("Failed to Unconfigure SAML Authentication - #{e}") false rescue => e say("Failed to Unconfigure SAML Authentication - #{e}") false end
Private Instance Methods
configure_auth_settings_saml()
click to toggle source
Appliance Settings
# File lib/manageiq/appliance_console/saml_authentication.rb, line 130 def configure_auth_settings_saml say("Setting Appliance Authentication Settings to SAML ...") configure_auth_settings(:mode => "httpd", :httpd_role => true, :saml_enabled => true, :oidc_enabled => false, :sso_enabled => options[:saml_enable_sso] ? true : false, :provider_type => "saml") end
configured?()
click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 103 def configured? HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf").exist? end
copy_apache_saml_configfiles()
click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 91 def copy_apache_saml_configfiles debug_msg("Copying Apache SAML Config files ...") copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user.conf") copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-external-auth-saml.conf") end
download_network_file(source_file_url, target_file)
click to toggle source
File Management
# File lib/manageiq/appliance_console/saml_authentication.rb, line 118 def download_network_file(source_file_url, target_file) require "net/http" say("Downloading #{source_file_url} ...") result = Net::HTTP.get_response(URI(source_file_url)) raise "Failed to download file from #{source_file_url}" unless result.kind_of?(Net::HTTPSuccess) File.write(target_file, result.body) end
fetch_idp_metadata()
click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 80 def fetch_idp_metadata idp_metadata = options[:saml_idp_metadata] if path_is_file?(idp_metadata) && idp_metadata != IDP_METADATA_FILE debug_msg("Copying IDP metadata file #{idp_metadata} to #{IDP_METADATA_FILE} ...") FileUtils.cp(idp_metadata, IDP_METADATA_FILE) elsif path_is_url?(idp_metadata) debug_msg("Downloading IDP metadata file from #{idp_metadata}") download_network_file(idp_metadata, IDP_METADATA_FILE) end end
remove_apache_saml_configfiles()
click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 97 def remove_apache_saml_configfiles debug_msg("Removing Apache SAML Config files ...") remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-remote-user.conf")) remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf")) end
rename_mellon_configfiles()
click to toggle source
Apache SAML Configuration
# File lib/manageiq/appliance_console/saml_authentication.rb, line 62 def rename_mellon_configfiles debug_msg("Renaming mellon config files ...") Dir.chdir(SAML2_CONFIG_DIRECTORY) do Dir.glob("https_*.*") do |mellon_file| saml2_file = case mellon_file when /^https_.*\.key$/ then "miqsp-key.key" when /^https_.*\.cert$/ then "miqsp-cert.cert" when /^https_.*\.xml$/ then "miqsp-metadata.xml" end if saml2_file debug_msg("Renaming #{mellon_file} to #{saml2_file}") File.rename(mellon_file, saml2_file) end end end end
validate_saml_idp_metadata_option()
click to toggle source
SAML IDP Metadata
# File lib/manageiq/appliance_console/saml_authentication.rb, line 109 def validate_saml_idp_metadata_option idp_metadata = options[:saml_idp_metadata] raise "Must specify the SAML IDP metadata file or URL via --saml-idp-metadata" if idp_metadata.blank? raise "Missing SAML IDP metadata file #{idp_metadata}" if path_is_file?(idp_metadata) && !File.exist?(idp_metadata) end