Skip to content
Snippets Groups Projects
Commit 21df9fac authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

allow per-service configuration override

parent accd73fd
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bin/account-manager.pl.in
+ 6
3
View file @ 21df9fac
...@@ -96,10 +96,13 @@ sub add_account { ...@@ -96,10 +96,13 @@ sub add_account {
die "Failed to create test account\n" die "Failed to create test account\n"
unless $test_account; unless $test_account;
my $entity = $options{sp_entityid};
my $validity_period =
$configuration->{$entity}->{account_validity_period} ||
$configuration->{service}->{account_validity_period};
die "Failed to save test account\n" die "Failed to save test account\n"
unless $test_account->save( unless $test_account->save(accounts_validity_period => $validity_period);
accounts_validity_period => $configuration->{service}->{account_validity_period}
);
printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n", printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n",
$test_account->id(), $test_account->password(); $test_account->id(), $test_account->password();
......
conf/manager.conf.in
+ 7
0
View file @ 21df9fac
...@@ -37,6 +37,7 @@ entityid = https://my.fqdn/simplesaml/saml2/idp/metadata.php ...@@ -37,6 +37,7 @@ entityid = https://my.fqdn/simplesaml/saml2/idp/metadata.php
displayname = eduGAIN Access Check displayname = eduGAIN Access Check
accounts_file = @sysconfdir@/accounts.php accounts_file = @sysconfdir@/accounts.php
# default parameters for all services
[service] [service]
# validity period of test accounts, in days # validity period of test accounts, in days
account_validity_period = 7 account_validity_period = 7
...@@ -44,3 +45,9 @@ account_validity_period = 7 ...@@ -44,3 +45,9 @@ account_validity_period = 7
account_profiles = fullset1, limitedset1, generic1, student1, student2, teacher1, teacher2, alumni1, librarywalkin1, employee1, researcher1 account_profiles = fullset1, limitedset1, generic1, student1, student2, teacher1, teacher2, alumni1, librarywalkin1, employee1, researcher1
# override contacts defined in metadata if defined # override contacts defined in metadata if defined
contacts = john@my.fqdn, sarah@my.fqdn contacts = john@my.fqdn, sarah@my.fqdn
# service-specific parameters
[https://my.service.fqdn]
account_validity_period = 90
account_profiles = student1, teacher1
contacts = john@my.fqdn
lib/IdPAccountManager/WebRequest.pm
+ 23
17
View file @ 21df9fac
...@@ -258,12 +258,12 @@ sub req_select_sp { ...@@ -258,12 +258,12 @@ sub req_select_sp {
} }
} }
if ($self->{configuration}->{service}->{contacts}) { # replace metadata contacts from configuration contacts if defined
# replace SP contacts my $entity = $self->{in}->{sp_entityid};
$provider->contacts( my $contacts =
split(/, */, $self->{configuration}->{service}->{contacts}) $self->{configuration}->{$entity}->{contacts} ||
); $self->{configuration}->{service}->{contacts};
} $provider->contacts(split(/, */, $contacts)) if $contacts;
$self->{out}->{provider} = $provider; $self->{out}->{provider} = $provider;
$self->{out}->{subtitle} = 'Select your Service Provider'; $self->{out}->{subtitle} = 'Select your Service Provider';
...@@ -299,12 +299,12 @@ sub req_generate_token { ...@@ -299,12 +299,12 @@ sub req_generate_token {
return; return;
} }
if ($self->{configuration}->{service}->{contacts}) { # replace metadata contacts from configuration contacts if defined
# replace SP contacts my $entity = $self->{in}->{sp_entityid};
$provider->contacts( my $contacts =
split(/, */, $self->{configuration}->{service}->{contacts}) $self->{configuration}->{$entity}->{contacts} ||
); $self->{configuration}->{service}->{contacts};
} $provider->contacts(split(/, */, $contacts)) if $contacts;
## Check that email_address is a known contact for this SP ## Check that email_address is a known contact for this SP
unless ($provider->is_contact($self->{in}->{email_address})) unless ($provider->is_contact($self->{in}->{email_address}))
...@@ -464,17 +464,23 @@ sub req_validate_token { ...@@ -464,17 +464,23 @@ sub req_validate_token {
## create test accounts ## create test accounts
my @accounts; my @accounts;
foreach my $profile (split(/, */, $self->{configuration}->{service}->{account_profiles})) { my $entity = $self->{in}->{sp_entityid};
my $profiles =
$self->{configuration}->{$entity}->{account_profiles} ||
$self->{configuration}->{service}->{account_profiles};
my $validity_period =
$self->{configuration}->{$entity}->{account_validity_period} ||
$self->{configuration}->{service}->{account_validity_period};
foreach my $profile (split(/, */, $profiles)) {
my $account = IdPAccountManager::TestAccount->new( my $account = IdPAccountManager::TestAccount->new(
db => $self->{db}, db => $self->{db},
profile => $profile, profile => $profile,
sp_entityid => $self->{in}->{sp_entityid}, sp_entityid => $entity,
scope => $self->{configuration}->{idp}->{scope}, scope => $self->{configuration}->{idp}->{scope},
); );
next unless $account; next unless $account;
next unless $account->save( next unless $account->save(accounts_validity_period => $validity_period);
accounts_validity_period => $self->{configuration}->{service}->{account_validity_period}
);
push @accounts, $account; push @accounts, $account;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment