Upgrade to upstream 0.11.0 release.
Includes ECP support, see NEWS for all changes. Update mellon_create_metadata.sh to match internally generated metadata, includes AssertionConsumerService for postResponse, artifactResponse & paosResponse.
This commit is contained in:
John Dennis
parent
781ae1c943
commit
5d207147c3
1
.gitignore
vendored
1
.gitignore
vendored
@ -2,3 +2,4 @@
|
||||
/mod_auth_mellon-0.8.0.tar.gz
|
||||
/mod_auth_mellon-0.9.1.tar.gz
|
||||
/mod_auth_mellon-0.10.0.tar.gz
|
||||
/mod_auth_mellon-0.11.0.tar.gz
|
||||
|
||||
@ -38,14 +38,17 @@ BASEURL="$(echo "$BASEURL" | sed 's#/$##')"
|
||||
|
||||
OUTFILE="$(echo "$ENTITYID" | sed 's/[^A-Za-z.]/_/g' | sed 's/__*/_/g')"
|
||||
echo "Output files:"
|
||||
echo "Private key: $OUTFILE.key"
|
||||
echo "Certificate: $OUTFILE.cert"
|
||||
echo "Metadata: $OUTFILE.xml"
|
||||
echo "Host: $HOST"
|
||||
echo "Private key: $OUTFILE.key"
|
||||
echo "Certificate: $OUTFILE.cert"
|
||||
echo "Metadata: $OUTFILE.xml"
|
||||
echo "Host: $HOST"
|
||||
echo
|
||||
echo "Endpoints:"
|
||||
echo "SingleLogoutService: $BASEURL/logout"
|
||||
echo "AssertionConsumerService: $BASEURL/postResponse"
|
||||
echo "SingleLogoutService (SOAP): $BASEURL/logout"
|
||||
echo "SingleLogoutService (HTTP-Redirect): $BASEURL/logout"
|
||||
echo "AssertionConsumerService (HTTP-POST): $BASEURL/postResponse"
|
||||
echo "AssertionConsumerService (HTTP-Artifact): $BASEURL/artifactResponse"
|
||||
echo "AssertionConsumerService (PAOS): $BASEURL/paosResponse"
|
||||
echo
|
||||
|
||||
# No files should not be readable by the rest of the world.
|
||||
@ -72,18 +75,49 @@ rm -f "$TEMPLATEFILE"
|
||||
CERT="$(grep -v '^-----' "$OUTFILE.cert")"
|
||||
|
||||
cat >"$OUTFILE.xml" <<EOF
|
||||
<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<KeyDescriptor use="signing">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>$CERT</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
|
||||
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
|
||||
</SPSSODescriptor>
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<EntityDescriptor
|
||||
entityID="$ENTITYID"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
|
||||
<SPSSODescriptor
|
||||
AuthnRequestsSigned="true"
|
||||
WantAssertionsSigned="true"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<KeyDescriptor use="signing">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>$CERT</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<KeyDescriptor use="encryption">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>$CERT</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="$BASEURL/logout" />
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="$BASEURL/logout" />
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
||||
<AssertionConsumerService
|
||||
index="0"
|
||||
isDefault="true"
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
Location="$BASEURL/postResponse" />
|
||||
<AssertionConsumerService
|
||||
index="1"
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
|
||||
Location="$BASEURL/artifactResponse" />
|
||||
<AssertionConsumerService
|
||||
index="2"
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
|
||||
Location="$BASEURL/paosResponse" />
|
||||
</SPSSODescriptor>
|
||||
</EntityDescriptor>
|
||||
EOF
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: A SAML 2.0 authentication module for the Apache Httpd Server
|
||||
Name: mod_auth_mellon
|
||||
Version: 0.10.0
|
||||
Release: 2%{?dist}
|
||||
Version: 0.11.0
|
||||
Release: 1%{?dist}
|
||||
Group: System Environment/Daemons
|
||||
Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: auth_mellon.conf
|
||||
@ -48,7 +48,7 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc README COPYING
|
||||
%doc README COPYING NEWS
|
||||
%config(noreplace) %{_httpd_modconfdir}/10-auth_mellon.conf
|
||||
%config(noreplace) %{_httpd_confdir}/auth_mellon.conf
|
||||
%{_httpd_moddir}/mod_auth_mellon.so
|
||||
@ -57,6 +57,13 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
|
||||
%dir /run/%{name}/
|
||||
|
||||
%changelog
|
||||
* Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-1
|
||||
- Upgrade to upstream 0.11.0 release.
|
||||
- Includes ECP support, see NEWS for all changes.
|
||||
- Update mellon_create_metadata.sh to match internally generated metadata,
|
||||
includes AssertionConsumerService for postResponse, artifactResponse &
|
||||
paosResponse.
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user