test saml idp #6

Supports: bionic focal groovy
Add to new model

Description

This charm will setup a dummy php-based IDP using the SimpleSAMLphp project. This is NOT recommended to be used in production. It should be used only for testing purposes.


SimpleSAMLphp Juju Charm

This Juju charm will configure a local SAML-based IDP instance using the SimpleSAMLphp project.

Deployment

The charm can be deployed with:

juju deploy cs:~ionutbalutoiu/test-saml-idp

After it is deployed, it will stay in blocked state with the message:

sp-metadata resource is not a well-formed xml file

until a valid XML SP metadata file is attached via:

juju attach-resource test-saml-idp sp-metadata=./sp-metadata.xml

The charm has a Juju action, called get-idp-metadata, used to fetch the IdP metadata.xml. This needs to be exchanged with the SP.

For example, the IdP metadata.xml can be used in conjunction with the keystone-saml-mellon charm, and it can be attached as a resource:

juju attach-resource keystone-saml-mellon idp-metadata=./idp-metadata.xml

The IdP web interface can be accessed at http://<UNIT_ADDRESS>/simplesaml.

For authentication, there is a fixed set of a user/password credentials defined in the charm config via auth-user-name and auth-user-password. Or, you can use the default admin with the password given in the charm config as admin-password.


Configuration

admin-password
(string) The default admin user password.
Password123!
auth-user-name
(string) The auth user name.
user1
auth-user-password
(string) The auth user password.
user1pass
http-port
(int) The IDP http port.
80
https-port
(int) The IDP https port.
443
idp-name
(string) Identity provider name to use for URL generation. Must match the one that will be configured via OS-FEDERATION API.
myidp
protocol-name
(string) Protocol name to use for URL and generation. Must match the one that will be configured via OS-FEDERATION API.
mapped
simple-saml-php-version
(string) The release version of the SimpleSAMLphp.
1.18.8