From Fedora Project Wiki

No edit summary
No edit summary
 
Line 81: Line 81:
MELLON_e_mail=ttest@example.com
MELLON_e_mail=ttest@example.com
MELLON_e_mail_0=ttest@example.com
MELLON_e_mail_0=ttest@example.com
MELLON_fullname=Tim Test
MELLON_fullname=Timmy Test
MELLON_fullname_0=Tim Test
MELLON_fullname_0=Timmy Test
MELLON_givenname=Timmy
MELLON_givenname=Timmy
MELLON_givenname_0=Timmy
MELLON_givenname_0=Timmy

Latest revision as of 03:52, 12 March 2015

Description

Info plugin testing.

Setup

  1. The IDP and at least one SP is required

How to test

Installation

Pick one of the SP's to use for testing. It doesn't matter which one. I will refer to it as sp.example.com.

Create a CGI program that will echo the environment, /var/www/cgi-bin/printenv.pl with the contents:

#!/usr/bin/perl

binmode(STDOUT);
binmode(STDIN);

print "Content-Type: text/plain\r\n";
print "\r\n";


foreach $key (sort (keys (%ENV))) {
    print "$key=$ENV{$key}\n";
}

Make it executable

# chmod 755 /var/www/cgi-bin/printenv.pl

Ensure that perl is installed:

# dnf install perl

You can run it to test it if you'd like:

# /var/www/cgi-bin/printenv.pl

You should see a slew of environment variables and their values.

Protect /cgi-bin with SAML

Edit /etc/httpd/conf.d/ipsilon-saml.conf

Append these lines to the end of the file:

<Location /cgi-bin>
    MellonEnable "auth"
    Header append Cache-Control "no-cache"
</Location>

Restart Apache:

# systemctl restart httpd

Verify the basics

By default Ipsilon configures the sssd info plugin to retrieve name, address and telephone information from the information provider (IPA in our case).

This is most easily seen in the CGI as environment variables will be set.

In your browser, go to https://sp.example.com/cgi-bin/printenv.pl

If you are already authenticated or you still have a Kerberos ticket then you should see a long list of environment variables.

If not then you'll need to authenticate as the ttest user.

The variables you'll be looking for are toward the top and they should include something like:

MELLON_IDP=https://idp.example.com/idp/saml2/metadata
MELLON_IDP_0=https://idp.example.com/idp/saml2/metadata
MELLON_NAME_ID=ttest
MELLON_NAME_ID_0=ttest
MELLON__auth_type=password
MELLON__auth_type_0=password
MELLON__groups=ipausers
MELLON__groups_0=ipausers
MELLON_e_mail=ttest@example.com
MELLON_e_mail_0=ttest@example.com
MELLON_fullname=Timmy Test
MELLON_fullname_0=Timmy Test
MELLON_givenname=Timmy
MELLON_givenname_0=Timmy
MELLON_state=Anytown
MELLON_state_0=Anytown
MELLON_street=123 Main St
MELLON_street_0=123 Main St
MELLON_surname=Test
MELLON_surname_0=Test

Expected Results

All the test steps should end with the specified results.