Deploy GSSAPI for Ipsilon in stg
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
parent
673f85066b
commit
4a977b1c73
2 changed files with 29 additions and 1 deletions
|
@ -9,6 +9,18 @@ WSGIImportScript /usr/libexec/ipsilon process-group=ipsilon application-group=ip
|
|||
WSGIProcessGroup ipsilon
|
||||
</Location>
|
||||
|
||||
<Location /login/gssapi/negotiate>
|
||||
AuthName "GSSAPI Single Sign On Login"
|
||||
GssapiCredStore keytab:/etc/krb5.HTTP_id.stg.fedoraproject.org.keytab
|
||||
AuthType GSSAPI
|
||||
# This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
|
||||
GssapiSSLonly Off
|
||||
GssapiLocalName on
|
||||
Require valid-user
|
||||
ErrorDocument 401 /login/gssapi/unauthorized
|
||||
ErrorDocument 500 /login/gssapi/failed
|
||||
</Location>
|
||||
|
||||
<Directory /usr/libexec>
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
[login_config]
|
||||
{% if env == "staging" %}
|
||||
global enabled=gssapi,fas
|
||||
{% else %}
|
||||
global enabled=fas
|
||||
{% endif %}
|
||||
{% if env == 'staging' %}
|
||||
fas FAS url=https://admin.stg.fedoraproject.org/accounts/
|
||||
{% else %}
|
||||
|
@ -8,11 +12,23 @@ fas FAS url=https://admin.fedoraproject.org/accounts/
|
|||
fas FAS Proxy client user Agent=Fedora Ipsilon
|
||||
fas FAS Insecure Auth=False
|
||||
|
||||
[info_config]
|
||||
{% if env == "staging" %}
|
||||
global enabled=fas
|
||||
{% endif %}
|
||||
{% if env == 'staging' %}
|
||||
fas FAS url=https://admin.stg.fedoraproject.org/accounts/
|
||||
{% else %}
|
||||
fas FAS url=https://admin.fedoraproject.org/accounts/
|
||||
{% endif %}
|
||||
fas FAS Proxy client user Agent=Fedora Ipsilon
|
||||
fas FAS Insecure Auth=False
|
||||
fas Bind Username={{ fedoraDummyUser }}
|
||||
fas Bind Password={{ fedoraDummyUserPassword }}
|
||||
|
||||
[authz_config]
|
||||
global enabled=allow
|
||||
|
||||
|
||||
[provider_config]
|
||||
{% if env == "staging" %}
|
||||
global enabled=persona,openid,saml2,openidc
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue