Begin of Eole-SSO replacement work

We need to provide what EoleSSO provides. For me this 3 new template have to be placed in a dedicated package like eole-sso-client, this templates are not necessary for the server only usefull for the clients.
2018-03-21 14:13:15 +01:00
parent 19fc15c324
commit d3897f1e4a
5 changed files with 84 additions and 1 deletions
--- a/tmpl/cas.inc.php.tmpl
+++ b/tmpl/cas.inc.php.tmpl
@ -0,0 +1,27 @@
+<?php
+define("__CAS_SERVER", "%%authWebName");
+define("__CAS_VERSION", "2.0");
+define("__CAS_FOLDER", "%%casFolder");
+define("__CAS_PORT", %%eolesso_port);
+define("__CAS_PROTO", "https");
+%if %%cas_send_logout == 'oui'
+define("__CAS_LOGOUT", true);
+%else
+define("__CAS_LOGOUT", false);
+%end if
+%if %%getVar('activer_web_valider_ca', 'non') == 'oui'
+define("__CAS_VALIDER_CA", true);
+%else
+define("__CAS_VALIDER_CA", false);
+%end if
+%if %%is_empty(%%getVar('ssoCALocation', ''))
+define("__CAS_CA_LOCATION", "/etc/ssl/certs/ca.crt");
+%else
+define("__CAS_CA_LOCATION", "%%ssoCALocation");
+%end if
+%if %%getVar("ssoDebug", 'non') == "oui"
+define("__CAS_DEBUG", true);
+%else
+define("__CAS_DEBUG", false);
+%end if
+?>
--- a/tmpl/eoleCASConfig.php.tmpl
+++ b/tmpl/eoleCASConfig.php.tmpl
@ -0,0 +1,7 @@
+<?php
+%if %%mode_conteneur_actif != "non"
+define("__CAS_IP", "%%adresse_ip_br0");
+%else
+define("__CAS_IP", "false");
+%end if
+?>
--- a/tmpl/lmConf-1.js
+++ b/tmpl/lmConf-1.js
@ -25,7 +25,7 @@
    "timeoutActivity": 0,
    "oidcRPMetaDataExportedVars": {},
    "issuerDBSAMLActivation": 0,
-    "issuerDBCASPath": "^/cas/",
+    "issuerDBCASPath": "^/%%casFolder/",
    "randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
    "samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
    "samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
--- a/tmpl/pam_cas_auth.conf
+++ b/tmpl/pam_cas_auth.conf
@ -0,0 +1,35 @@
+# sample pam_cas config
+
+# host from CAS server. mandatory
+host %%authWebName
+
+# port from CAS server. Default to 80 or 443, depends from ssl instruction
+port 443
+
+# uri to validate ticket. Default to /proxyValidate
+uriValidate /proxyValidate
+
+# https or no. values on or off. Default to on.
+ssl on
+
+# debug (on) or no (off). debug in syslog, level LOG_DEBUG. Default to off
+debug off
+
+# proxy or proxies who deliver Proxy Ticket.
+# If no proxy, pam_cas doesn't control it
+# It may be several proxy instructions
+#proxy https://%%eolesso_adresse/proxycas/casimap.php
+#proxy https://imp.its.yale.edu/cas/casProxy.php
+#proxy https://uportal1.its.yale.edu/CasProxyServlet
+#proxy https://uportal2.its.yale.edu/CasProxyServlet
+
+# trusted_ca. mandatory if ssl on.
+# It a file in pem format. It can contents several certificates
+# If the CAS server certificate is auto-signed, the file must content the certificate
+# If the certificate is trusted by an Certificate Autority, The file must content
+#    certificate from high level CA
+%if not %%is_empty(%%getVar('ssoCALocation', ''))
+trusted_ca %%eolessoCALocation
+%else
+trusted_ca /etc/ssl/certs/ca.crt
+%end if