class ManageIQ::ApplianceConsole::SamlAuthentication

Constants

IDP_METADATA_FILE
MELLON_CREATE_METADATA_COMMAND
SAML2_CONFIG_DIRECTORY

Attributes

host[RW]
options[RW]

Public Class Methods

new(options) click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 13
def initialize(options)
  @options = options
end

Public Instance Methods

configure(host) click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 17
def configure(host)
  @host = host
  validate_saml_idp_metadata_option

  say("Configuring SAML Authentication for https://#{host} ...")
  copy_apache_saml_configfiles
  FileUtils.mkdir_p(SAML2_CONFIG_DIRECTORY)
  AwesomeSpawn.run!(MELLON_CREATE_METADATA_COMMAND,
                    :chdir  => SAML2_CONFIG_DIRECTORY,
                    :params => ["https://#{host}", "https://#{host}/saml2"])
  rename_mellon_configfiles
  fetch_idp_metadata
  configure_auth_settings_saml
  restart_httpd
  true
rescue AwesomeSpawn::CommandResultError => e
  log_command_error(e)
  say("Failed to Configure SAML Authentication - #{e}")
  false
rescue => e
  say("Failed to Configure SAML Authentication - #{e}")
  false
end
unconfigure() click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 41
def unconfigure
  raise "Appliance is not currently configured for SAML" unless configured?

  say("Unconfiguring SAML Authentication ...")
  remove_apache_saml_configfiles
  configure_auth_settings_database
  restart_httpd
  true
rescue AwesomeSpawn::CommandResultError => e
  log_command_error(e)
  say("Failed to Unconfigure SAML Authentication - #{e}")
  false
rescue => e
  say("Failed to Unconfigure SAML Authentication - #{e}")
  false
end

Private Instance Methods

configure_auth_settings_saml() click to toggle source

Appliance Settings

# File lib/manageiq/appliance_console/saml_authentication.rb, line 130
def configure_auth_settings_saml
  say("Setting Appliance Authentication Settings to SAML ...")
  configure_auth_settings(:mode          => "httpd",
                          :httpd_role    => true,
                          :saml_enabled  => true,
                          :oidc_enabled  => false,
                          :sso_enabled   => options[:saml_enable_sso] ? true : false,
                          :provider_type => "saml")
end
configured?() click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 103
def configured?
  HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf").exist?
end
copy_apache_saml_configfiles() click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 91
def copy_apache_saml_configfiles
  debug_msg("Copying Apache SAML Config files ...")
  copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user.conf")
  copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-external-auth-saml.conf")
end
download_network_file(source_file_url, target_file) click to toggle source

File Management

# File lib/manageiq/appliance_console/saml_authentication.rb, line 118
def download_network_file(source_file_url, target_file)
  require "net/http"

  say("Downloading #{source_file_url} ...")
  result = Net::HTTP.get_response(URI(source_file_url))
  raise "Failed to download file from #{source_file_url}" unless result.kind_of?(Net::HTTPSuccess)

  File.write(target_file, result.body)
end
fetch_idp_metadata() click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 80
def fetch_idp_metadata
  idp_metadata = options[:saml_idp_metadata]
  if path_is_file?(idp_metadata) && idp_metadata != IDP_METADATA_FILE
    debug_msg("Copying IDP metadata file #{idp_metadata} to #{IDP_METADATA_FILE} ...")
    FileUtils.cp(idp_metadata, IDP_METADATA_FILE)
  elsif path_is_url?(idp_metadata)
    debug_msg("Downloading IDP metadata file from #{idp_metadata}")
    download_network_file(idp_metadata, IDP_METADATA_FILE)
  end
end
remove_apache_saml_configfiles() click to toggle source
# File lib/manageiq/appliance_console/saml_authentication.rb, line 97
def remove_apache_saml_configfiles
  debug_msg("Removing Apache SAML Config files ...")
  remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-remote-user.conf"))
  remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf"))
end
rename_mellon_configfiles() click to toggle source

Apache SAML Configuration

# File lib/manageiq/appliance_console/saml_authentication.rb, line 62
def rename_mellon_configfiles
  debug_msg("Renaming mellon config files ...")
  Dir.chdir(SAML2_CONFIG_DIRECTORY) do
    Dir.glob("https_*.*") do |mellon_file|
      saml2_file =
        case mellon_file
        when /^https_.*\.key$/  then "miqsp-key.key"
        when /^https_.*\.cert$/ then "miqsp-cert.cert"
        when /^https_.*\.xml$/  then "miqsp-metadata.xml"
        end
      if saml2_file
        debug_msg("Renaming #{mellon_file} to #{saml2_file}")
        File.rename(mellon_file, saml2_file)
      end
    end
  end
end
validate_saml_idp_metadata_option() click to toggle source

SAML IDP Metadata

# File lib/manageiq/appliance_console/saml_authentication.rb, line 109
def validate_saml_idp_metadata_option
  idp_metadata = options[:saml_idp_metadata]
  raise "Must specify the SAML IDP metadata file or URL via --saml-idp-metadata" if idp_metadata.blank?

  raise "Missing SAML IDP metadata file #{idp_metadata}" if path_is_file?(idp_metadata) && !File.exist?(idp_metadata)
end