refactoring

roles/karaage3.1.17/tasks/karaage.yml

@@ -95,6 +95,13 @@
   template: src=karaage3-wsgi.conf.j2 dest=/etc/apache2/conf-available/karaage3-wsgi.conf
   sudo: true
 
+- name: install karaage3-wsgi.conf
+  template: src=index.html.j2 dest=/var/www/index.html
+  sudo: true
+
+- name: install karaage3-wsgi.conf
+  template: src=kg-idps.j2 dest=/usr/bin/kg-idps
+  sudo: true
 -
  name: "enabling Karaage configuration"
  shell: a2enconf karaage3-wsgi
@@ -152,4 +159,7 @@
  sudo: true
  when: ansible_os_family == "RedHat"
 
+- name: "Start cron job for creating idps"
+  cron: name=idps job=/usr/bin/kg-idps user=root day=*/1 state=present
+  sudo: true
 

roles/karaage3.1.17/templates/index.html.j2

+<html><body><h3>HPC identity management</h3>
+<p>To log in via AAF authentication, connect to URL: https://{{ ansible_fqdn }}/aafbootstrap</p>
+<p>To log in without AAF authentication, connect to URL: https://{{ ansible_fqdn }}/users</p>
+</body></html>

roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2

@@ -12,6 +12,7 @@ WSGIScriptAlias /karaage /etc/karaage3/karaage.wsgi
 # support old URLs.
 Redirect permanent /kgadmin /karaage
 Redirect permanent /users /karaage
+Redirect permanent /aafbootstrap /karaage/aafbootstrap
 
 Alias /kgstatic "/var/lib/karaage3/static"
 <Location "/kgstatic">
@@ -29,7 +30,7 @@ Alias /kgfiles "/var/cache/karaage3/files"
     </IfVersion>
 </Location>
 
-<Location /karaage>
+<Location /karaage/aafbootstrap>
 AuthType Shibboleth
 ShibRequireSession On
 ShibUseHeaders On

roles/karaage3.1.17/templates/kg-idps.j2

+import os
+import django
+os.environ['DJANGO_SETTINGS_MODULE'] = "karaage.conf.settings"
+
+def get_idps_from_metadata():
+    import xml.etree.ElementTree as ET
+    tree = ET.parse('/var/cache/shibboleth/metadata.aaf.xml')
+    root=tree.getroot()
+    idps=[]
+    for entity in root.findall("{urn:oasis:names:tc:SAML:2.0:metadata}EntityDescriptor"):
+        idp=False
+        # %s"%entity.attrib['entityID']
+        for idp in entity.findall('{urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor'):
+            idp=True
+        if idp:
+            for o in entity.findall('{urn:oasis:names:tc:SAML:2.0:metadata}Organization'):
+                for c in o.findall('{urn:oasis:names:tc:SAML:2.0:metadata}OrganizationDisplayName'):
+                    idps.append({'entityID':entity.attrib['entityID'],'name':c.text})
+        
+    return idps
+
+def get_next_idp_group():
+    from karaage.people.models import Group
+    i=-1
+    available=False
+    nextgroup=None
+    groupname='idpgroup{idx}'
+    while not available:
+        i=i+1
+        try:
+            group =Group.objects.get(name=groupname.format(idx=i))
+        except Group.DoesNotExist:
+            available=True
+            nextgroup=groupname.format(idx=i)
+    return nextgroup
+
+
+def get_or_create_idp(entityID,name):
+    print "get_or_create %s"%name
+    from karaage.institutes.forms import InstituteForm
+    from karaage.institutes.models import Institute
+    from karaage.people.models import Group
+    try:
+        Institute.objects.get(saml_entityid=entityID)
+        return
+    except Institute.DoesNotExist:
+        print "does not exists, creating"
+        groupname=get_next_idp_group()
+        group, _ =Group.objects.get_or_create(name=groupname)
+        institute=Institute(name=name,group=group,saml_entityid=entityID,is_active=True)
+        institute.save()
+#
+#        d={}
+#        d['name']=name
+#        d['group_id']=group
+#        d['saml_entityid']=entityID
+#        d['is_active']=True
+#        form=InstituteForm(d)
+#        if form.is_valid():
+#            print "tying to save"
+#            form.save()
+#        else:
+#            print "form not valid"
+#            print dir(form)
+#            #print "not actually saving my form"
+
+django.setup()
+idps = get_idps_from_metadata()
+for idp in idps:
+    try:
+        get_or_create_idp(entityID=idp['entityID'],name=idp['name'])
+    except:
+        pass
+