Fixes with auth..

2024-11-20 13:45:47 +01:00 · 2024-11-20 13:45:47 +01:00 · 6cf7a3d590
commit 6cf7a3d590
parent 4d4311f4f2
3 changed files with 15 additions and 10 deletions
--- a/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp
@ -4,6 +4,7 @@ class soc::intelmq(
  Optional[String]    $tls_key    = undef,
  String              $servername = $facts['networking']['fqdn'],
  Boolean             $use_snakeoil = false,
  String              $apache_group = 'sunet-cert',
 ) {
  include sunet::systemd_reload
--- a/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
@ -31,9 +31,9 @@
 #   Default set to value of proxy.
 class soc::sso(
-  String            $ssotype          = "docker",
+  String            $ssotype          = 'docker',
-  Optional[String]  $hostname         = undef,
+  String            $hostname         = $facts['networking']['fqdn'],
-  String            $email            = "cert@cert.sunet.se",
+  String            $email            = 'cert@cert.sunet.se',
  Optional[String]  $service_endpoint = undef,
  Array             $groups           = ['PLACEHOLDER'],
  Array             $passthrough      = [],
--- a/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb
+++ b/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb
@ -33,6 +33,17 @@
        SSLSessionTickets       off
        Header                  always set Strict-Transport-Security "max-age=63072000"
        <IfModule mod_shib.c>
          <Location />
            AuthType shibboleth
            ShibRequestSetting requireSession On
            ShibUseHeaders On
            AuthGroupFile /etc/apache2/groups.txt
            Require group <%= @apache_group %>
          </Location>
        </IfModule>
        <IfModule mod_proxy.c>
                ProxyRequests   Off
                <Location "/api">
@ -58,13 +69,6 @@
        Alias /intelmq-manager /opt/intelmq/www/intelmq-manager
        <Directory /opt/intelmq/www/intelmq-manager> 
 #                AuthType                Basic
 #                AuthName                "IntelMQ"
 #                AuthBasicProvider       file
 #                AuthUserFile            /etc/apache2/htpasswd
 #                Require                 user sunetcert
            Require all granted
            <IfModule mod_headers.c>
                    Header set Content-Security-Policy "script-src 'self'"
                    Header set X-Content-Security-Policy "script-src 'self'"