From Fedora Project Wiki

Revision as of 15:45, 7 March 2015 by Nkinder (talk | contribs)

Description

Service Provider Installation testing.

Setup

  1. For testing purposes, a machine (or VM) with 1GB of RAM and 4 GB of free disk space for binaries, data and logs should be plenty.
  2. The machine needs to be enrolled as an IPA client.

How to test

Installation

First, install the IPA-client packages:

# yum install freeipa-client

If you installed IPA with DNS then configure /etc/resolv.conf to point to it

nameserver xx.xx.xx.xx

Enroll the machine against your IPA master

# ipa-client-install

If you are using the IPA DNS server then it should discover the IPA master and prompt you for credentials to enroll. Use admin and the admin password selected during IPA install.

Install the Ipsilon packages:

# yum install ipsilon-tools ipsilon-saml2

Configure the SP:

# ipsilon-client-install --saml-idp-metadata https://ipa.example.com/idp/saml2/metadata --saml-auth /sp

The metadata will be downloaded from your IDP and since the IDP is on our IPA master, we use that name.

Add the SP to the IDP:

On the IDP launch firefox and authenticate to the IDP as the admin user, http://ipa.example.com/idp/

Select Identity Providers -> SAML2 -> New

Get the metadata from the SP

# cat /etc/httpd/saml2/sp.example.com/metadata.xml

Copy and paste this into the form. The name you give the SP isn't important.

Configure Apache to tell the browser to never cache the contents of /sp:

  1. edit /etc/httpd/conf.d/ipsilon-saml.conf
  2. find the Location section for /sp
  3. add Header append Cache-Control "no-cache"

It should look like:

<Location /wiki>
    Header append Cache-Control "no-cache"
    MellonEnable "auth"
</Location>

Restart Apache on the SP

# systemctl restart httpd

Create Content

The installer automatically configures Apache to protect /sp/ so all we need to do is create the directory and add some content.

Create the secure directory and add some content

# mkdir /var/www/html/sp

Create /var/www/html/sp/index.html with these contents:

<html>

Congratulations, you're authenticated!

<a href="/saml2/logout?ReturnTo=https://sp.example.com.com/logged_out.html">Log out</a>

</html>

Create /var/www/html/logged_out.html with these contents:

<html>
<title>Logout</title>

You've been logged out!

Now try to <a href="/sp/">log back in</a>

</html>

We'll verify that everything is working in the next test case.

Expected Results

All the test steps should end with the specified results.