#141 ipsilon-client-install: fix --saml-secure-setup; generate apache conf snippet
Closed: Invalid None Opened 4 years ago by rmeggins.

For Keystone wsgi, it would be nice if ipsilon-client-install could generate something that would be suitable for inclusion in a VirtualHost section.

  • no way to turn off security - Keystone wants to manage secure connections - need to generate an apache conf snippet without ssl stuff - however, --saml-secure-setup is True by default and no way to set it to False
  • specify file name to use instead of hard-coded /etc/httpd/conf.d/ipsilon-saml.conf - maybe --http-file $file or something like that

Fields changed

summary: ipsilon-client-install generate apache conf snippet => ipsilon-client-install: fix --saml-secure-setup; generate apache conf snippet

0001-ipsilon-client-install-fix-saml-secure-setup-generat.patch
0001-ipsilon-client-install-fix-saml-secure-setup-generat.patch

Fields changed

patch_available: 0 => 1

Hitting me too. argparse's store_true sets the value to true if the flag is present. Defaulting the value to true means there is no way to actually turn the value to false.

rhbz: =>

richm: maybe try proposing this via prague instead of a patch on the ticket.

The plan is to remove this option, as it was only intended to be used for soem of the in-tree tests. If Ipsilon configures httpd, we want it to enforce security. Closing this.

resolution: => wontfix
status: new => closed

Login to comment on this ticket.

Metadata