Bug 1343228
| Summary: | Add keycloak-httpd-client-install package to OSP9 | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Nathan Kinder <nkinder> |
| Component: | keycloak-httpd-client-install | Assignee: | John Dennis <jdennis> |
| Status: | CLOSED ERRATA | QA Contact: | Rodrigo Duarte <rduartes> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 9.0 (Mitaka) | CC: | apevec, ddomingo, jdennis, jjoyce, jschluet, lhh, markmc, nkinder, oblaut, rhos-maint, srevivo |
| Target Milestone: | ga | ||
| Target Release: | 9.0 (Mitaka) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | keycloak-httpd-client-install-0.3-1.el7ost | Doc Type: | Technology Preview |
| Doc Text: |
This release now includes a Technology Preview version of the keycloak-httpd-client-install package. This package provides a command-line tool that helps configure the Apache mod_auth_mellon SAML Service Provider as a client of the Keycloak SAML IdP.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-08-11 12:24:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1350590 | ||
| Bug Blocks: | |||
|
Description
Nathan Kinder
2016-06-06 20:54:53 UTC
Please upgrade the package in OSP, currently you have keycloak-httpd-client-install-0.3-1 pulled from Fedora, please upgrade it to the next version keycloak-httpd-client-install-0.4-1 (can be located in Fedora rawhide, F24 & F23) verified for keycloak-httpd-client-install-0.3-1.el7ost.noarch
in a RHEL 7.2 deployment of OSP 9 using OSPd 9:
[stack@undercloud ~]$ sudo yum install keycloak-httpd-client-install -y
...
[stack@undercloud ~]$ rpm --query keycloak-httpd-client-install
keycloak-httpd-client-install-0.3-1.el7ost.noarch
[stack@undercloud ~]$ keycloak-httpd-client-install --help
usage: keycloak-httpd-client-install [-h] [--no-root-check] [-v] [-d]
[--show-traceback] [--log-file LOG_FILE]
--app-name APP_NAME [--force]
[--permit-insecure-transport]
[--template-dir TEMPLATE_DIR]
[--httpd-dir HTTPD_DIR] -r KEYCLOAK_REALM
-s KEYCLOAK_SERVER_URL
[-a {root-admin,realm-admin,anonymous}]
[-u KEYCLOAK_ADMIN_USERNAME]
[-p KEYCLOAK_ADMIN_PASSWORD]
[--keycloak-admin-realm KEYCLOAK_ADMIN_REALM]
[--initial-access-token INITIAL_ACCESS_TOKEN]
[--client-originate-method {descriptor,registration}]
[--mellon-key-file MELLON_KEY_FILE]
[--mellon-cert-file MELLON_CERT_FILE]
[--mellon-hostname MELLON_HOSTNAME]
[--mellon-https-port MELLON_HTTPS_PORT]
[--mellon-root MELLON_ROOT]
[--mellon-endpoint MELLON_ENDPOINT]
[--mellon-entity-id MELLON_ENTITY_ID]
[--mellon-idp-attr-name MELLON_IDP_ATTR_NAME]
[--mellon-organization-name MELLON_ORGANIZATION_NAME]
[--mellon-organization-display-name MELLON_ORGANIZATION_DISPLAY_NAME]
[--mellon-organization-url MELLON_ORGANIZATION_URL]
[-l MELLON_PROTECTED_LOCATIONS]
Configure mod_auth_mellon as Keycloak client
optional arguments:
-h, --help show this help message and exit
--no-root-check permit running by non-root (default: True)
-v, --verbose be chatty (default: False)
-d, --debug turn on debug info (default: False)
--show-traceback exceptions print traceback in addition to error
message (default: False)
--log-file LOG_FILE log file pathname (default: /var/log/python-keycloak-
httpd-client/keycloak-httpd-client-install.log)
--app-name APP_NAME name of the web app being protected by mellon
(default: None)
--force forcefully override safety checks (default: False)
--permit-insecure-transport
Normally secure transport such as TLS is required,
defeat this check (default: False)
Program Configuration:
--template-dir TEMPLATE_DIR
Template location (default: /usr/share/keycloak-httpd-
client-install/templates)
--httpd-dir HTTPD_DIR
Template location (default: /etc/httpd)
Keycloak IdP:
-r KEYCLOAK_REALM, --keycloak-realm KEYCLOAK_REALM
realm name (default: None)
-s KEYCLOAK_SERVER_URL, --keycloak-server-url KEYCLOAK_SERVER_URL
Keycloak server URL (default: None)
-a {root-admin,realm-admin,anonymous}, --keycloak-auth-role {root-admin,realm-admin,anonymous}
authenticating as what type of user (default: root-
admin) (default: root-admin)
-u KEYCLOAK_ADMIN_USERNAME, --keycloak-admin-username KEYCLOAK_ADMIN_USERNAME
admin user name (default: admin) (default: admin)
-p KEYCLOAK_ADMIN_PASSWORD, --keycloak-admin-password KEYCLOAK_ADMIN_PASSWORD
admin password (use - to read from stdin) (default:
None)
--keycloak-admin-realm KEYCLOAK_ADMIN_REALM
realm admin belongs to (default: master)
--initial-access-token INITIAL_ACCESS_TOKEN
realm initial access token for client registeration
(default: None)
--client-originate-method {descriptor,registration}
select Keycloak method for creating SAML client
(default: descriptor)
Mellon SP:
--mellon-key-file MELLON_KEY_FILE
certficate key file (default: None)
--mellon-cert-file MELLON_CERT_FILE
certficate file (default: None)
--mellon-hostname MELLON_HOSTNAME
Machine's fully qualified host name (default:
undercloud.redhat.local)
--mellon-https-port MELLON_HTTPS_PORT
SSL/TLS port on mellon-hostname (default: 443)
--mellon-root MELLON_ROOT
common root ancestor for all mellon endpoints
(default: /)
--mellon-endpoint MELLON_ENDPOINT
Used to form the MellonEndpointPath, e.g.
{mellon_root}/{mellon_endpoint}. (default: mellon)
--mellon-entity-id MELLON_ENTITY_ID
SP SAML Entity ID (default: None)
--mellon-idp-attr-name MELLON_IDP_ATTR_NAME
name of the attribute Mellon adds which will contain
the IdP entity id (default: IDP)
--mellon-organization-name MELLON_ORGANIZATION_NAME
Add SAML OrganizationName to SP metadata (default:
None)
--mellon-organization-display-name MELLON_ORGANIZATION_DISPLAY_NAME
Add SAML OrganizationDisplayName to SP metadata
(default: None)
--mellon-organization-url MELLON_ORGANIZATION_URL
Add SAML OrganizationURL to SP metadata (default:
None)
-l MELLON_PROTECTED_LOCATIONS, --mellon-protected-locations MELLON_PROTECTED_LOCATIONS
Web location to protect with Mellon. May be specified
multiple times (default: [])
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-1597.html |