SSO proxy fixes

2024-11-20 09:08:20 +01:00 · 2024-11-20 09:08:20 +01:00 · 39ce2fd0e7
commit 39ce2fd0e7
parent 160a4b880f
4 changed files with 4 additions and 2 deletions
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -19,6 +19,7 @@
    satosa: true
    satosa_certbot: false
    proxy: 'https://test-sso-proxy1.cert.sunet.se/idp'
+    entityID: 'https://test-sso-proxy.cert.sunet.se/idp'

 test-sso-proxy1.cert.sunet.se:
  sunet::dockerhost2:
--- a/global/overlay/etc/puppet/modules/soc/files/sso/frontend.xml
+++ b/global/overlay/etc/puppet/modules/soc/files/sso/frontend.xml
@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:ns2="urn:oasis:names:tc:SAML:metadata:algsupport" entityID="https://test-sso-proxy1.cert.sunet.se/idp" ID="id-fQprzzBaKC28YHbhN"><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ns1:Reference URI="#id-fQprzzBaKC28YHbhN"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ns1:DigestValue>ZqwJCbHnSlUSiKB2w0hoaUuhBQc=</ns1:DigestValue></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue>bi9wDKY5SbE47zpXcshvQoVF20mWeBqqftEfiLpDGar0GtEzgAdZ3k1CbIbu5rHH
+<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:ns2="urn:oasis:names:tc:SAML:metadata:algsupport" entityID="https://test-sso-proxy.cert.sunet.se/idp" ID="id-fQprzzBaKC28YHbhN"><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ns1:Reference URI="#id-fQprzzBaKC28YHbhN"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ns1:DigestValue>ZqwJCbHnSlUSiKB2w0hoaUuhBQc=</ns1:DigestValue></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue>bi9wDKY5SbE47zpXcshvQoVF20mWeBqqftEfiLpDGar0GtEzgAdZ3k1CbIbu5rHH
 8UgIg0o1c1ZbB4oi815Ioj+YU1/MyVAXl97AV0cPCtVYEnd/nUZ5LIArIn9KcKh0
 zg1pijMYP1VFL09WPuGSIYhG4fc+jMgzCqtE9t/brtPwWMOKfUeB3ZIqSlxsaVGF
 2n8pskrI021l7r0kCqyxxF8wIo75Hy8+21UgUuIZ+R3Fsu05FYiVDt5gHpqMmDP2
--- a/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
@ -36,6 +36,7 @@ class soc::sso(
  $satosa_certbot = false,
  $translog = 'INFO',
  $proxy = 'https://shared-sso-proxy1.cert.sunet.se/idp',
+  entityID = $proxy,
  $norpan = false,
 ) {

--- a/global/overlay/etc/puppet/modules/soc/templates/sso/shibboleth2.xml.erb
+++ b/global/overlay/etc/puppet/modules/soc/templates/sso/shibboleth2.xml.erb
@ -42,7 +42,7 @@
            <Logout>SAML2 Local</Logout>
 <% if @satosa -%>
            <SessionInitiator type="Chaining" Location="/satosa" id="satosa"
-                    entityID="<%= @proxy %>">
+                    entityID="<%= @entityID %>">
                <SessionInitiator type="SAML2" template="bindingTemplate.html"/>
            </SessionInitiator>
 <% else -%>