Capomastro

Merge lp:~ce-infrastructure/capomastro/charm-sso into lp:~ubuntuone-hackers/capomastro/charm

  1. charm-sso
  2. Merge into charm
Proposed by Caio Begotti
Status: Merged
Merged at revision: 55
Proposed branch: lp:~ce-infrastructure/capomastro/charm-sso
Merge into: lp:~ubuntuone-hackers/capomastro/charm
Diff against target: 38 lines (+20/-1)
1 file modified
templates/http_virtualhost.tmpl (+20/-1)
To merge this branch: bzr merge lp:~ce-infrastructure/capomastro/charm-sso
Reviewer Review Type Date Requested Status
Daniel Manrique (community) Approve
Review via email: mp+242104@code.launchpad.net

Description of the change

I have worked out a few changes to the original OpenID charm available via jujucharms.com and this merge request uses it to have finally SSO support when deploying Capomastro. No need to manually log into the Apache box to create the store directory and authorization lists. When this is more mature (i.e. reviewed by IS) perhaps we could keep the OpenID charm inside Capomastro's repository to reduce bus factor even further.

To post a comment you must log in.
Revision history for this message
Daniel Manrique (roadmr) wrote :

Ohh, I see now the "don't proxypass /openid" to avoid the loop.

Other than that this looks very close to the template we've been using so +1 from me. Thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'templates/http_virtualhost.tmpl'
2--- templates/http_virtualhost.tmpl 2014-11-06 16:24:52 +0000
3+++ templates/http_virtualhost.tmpl 2014-11-18 18:36:20 +0000
4@@ -25,7 +25,25 @@
5 #
6 # RequestHeader set X-FORWARDED-SSL "on"
7 # RequestHeader set X-FORWARDED_PROTO "https"
8-
9+
10+ <Location "/">
11+ PythonAccessHandler apache_openid::protect
12+ PythonOption handler openidteams
13+ PythonOption authorized-teams-list-url "file:///etc/apache2/openid/teams.txt"
14+ PythonOption action-path "/openid/"
15+ </Location>
16+
17+ <Location "/openid/">
18+ Allow from All
19+ SetHandler mod_python
20+ PythonOption handler openidteams
21+ PythonOption store-type file
22+ PythonOption store-directory /etc/apache2/openid
23+ PythonOption allowed-op-list-url "file:///etc/apache2/openid/providers.txt"
24+ PythonOption authorized-teams-list-url "file:///etc/apache2/openid/teams.txt"
25+ PythonOption action-path "/openid/"
26+ </Location>
27+
28 ProxyRequests off
29 ProxyPreserveHost on
30
31@@ -34,6 +52,7 @@
32 Allow from All
33 </Proxy>
34
35+ ProxyPass /openid !
36 ProxyPass / http://{{ capomastro }}/
37 ProxyPassReverse / http://{{ capomastro }}/
38 </VirtualHost>

Subscribers

People subscribed via source and target branches