-
Notifications
You must be signed in to change notification settings - Fork 987
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Apache and Signo SSO reworked to a new general SSO concept. You can use SSO service that comes with Katello for loggin in. It's based on OpenID protocol with slightly customized provider.
- Loading branch information
Showing
19 changed files
with
362 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
group :openid do | ||
gem 'rack-openid' | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
begin | ||
require 'rack/openid' | ||
Rails.configuration.middleware.use Rack::OpenID | ||
rescue LoadError | ||
nil | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
module SSO | ||
METHODS = [Apache, Signo] | ||
|
||
def self.get_available(controller) | ||
all_methods = all.map { |method| method.new(controller) } | ||
all_methods.select(&:available?).first | ||
end | ||
|
||
def self.all | ||
METHODS | ||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
module SSO | ||
class Apache < Base | ||
CAS_USERNAME = 'REMOTE_USER' | ||
def available? | ||
return false unless Setting['authorize_login_delegation'] | ||
return false if controller.api_request? and not Setting['authorize_login_delegation_api'] | ||
true | ||
end | ||
|
||
# If REMOTE_USER is provided by the web server then | ||
# authenticate the user without using password. | ||
def authenticated? | ||
(self.user = request.env[CAS_USERNAME]).present? | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
module SSO | ||
class Base | ||
attr_reader :controller | ||
attr_accessor :user | ||
delegate :request, :to => :controller | ||
|
||
def initialize(controller) | ||
@controller = controller | ||
end | ||
|
||
def support_login? | ||
false | ||
end | ||
|
||
def support_logout? | ||
false | ||
end | ||
|
||
def authenticated? | ||
raise NotImplemented, 'authenticated? not implemented for this authentication method' | ||
end | ||
|
||
def authenticate! | ||
raise NotImplemented, 'authenticate! not implemented for this authentication method' | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
module SSO | ||
class Signo < Base | ||
attr_reader :env, :headers | ||
delegate :env, :to => :request | ||
delegate :headers, :to => :controller | ||
|
||
def available? | ||
Setting['signo_sso'] && defined?(Rack::OpenID) | ||
end | ||
|
||
def support_login? | ||
true | ||
end | ||
|
||
def support_logout? | ||
true | ||
end | ||
|
||
def logout_path | ||
"#{Setting['signo_url']}/logout?return_url=" | ||
end | ||
|
||
def authenticated? | ||
if (response = env[Rack::OpenID::RESPONSE]) | ||
parse_open_id(response) | ||
else | ||
false | ||
end | ||
end | ||
|
||
def authenticate! | ||
if (username = request.cookies['username']) | ||
# we already have cookie | ||
identifier = "#{Setting['signo_url']}/user/#{username}" | ||
headers['WWW-Authenticate'] = Rack::OpenID.build_header({ :identifier => identifier }) | ||
controller.render :text => '', :status => 401 | ||
else | ||
# we have no cookie yet so we plain redirect to OpenID provider to login | ||
controller.redirect_to "#{Setting['signo_url']}?return_url=#{URI.escape(request.url)}" | ||
end | ||
end | ||
|
||
private | ||
|
||
def parse_open_id(response) | ||
case response.status | ||
when :success | ||
self.user = response.identity_url.split('/').last | ||
return true | ||
else | ||
Rails.logger.debug response.respond_to?(:message) ? response.message : "OpenID authentication failed: #{response.status}" | ||
return false | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
require 'test_helper' | ||
|
||
class DummyMethod < SSO::Base | ||
def initialize(*args) | ||
end | ||
end | ||
|
||
class DummyTrueMethod < DummyMethod | ||
def available? | ||
true | ||
end | ||
end | ||
|
||
class DummyFalseMethod < DummyMethod | ||
def available? | ||
false | ||
end | ||
end | ||
|
||
class SSOTest < ActiveSupport::TestCase | ||
def test_get_available_should_find_first_available_method | ||
stub(SSO).all { [ DummyFalseMethod, DummyTrueMethod, DummyFalseMethod ] } | ||
available = SSO.get_available(Object.new) | ||
assert_present available | ||
end | ||
end |
Oops, something went wrong.