1393121 – [Docs][RFE] Integrate Python / HTTPD with Red Hat SSO

Bug 1393121 - [Docs][RFE] Integrate Python / HTTPD with Red Hat SSO [NEEDINFO]

Summary: [Docs][RFE] Integrate Python / HTTPD with Red Hat SSO

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Documentation
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Gaurav Nelson
QA Contact:	Tomas Schlosser
Docs Contact:	Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-08 22:01 UTC by Brennan Vincello
Modified:	2020-09-10 09:56 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-12-06 01:59:56 UTC
Target Upstream Version:
Flags:	vigoyal: needinfo? (bvincell)

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Brennan Vincello 2016-11-08 22:01:24 UTC

Document URL: 
https://docs.openshift.com/enterprise/3.1/using_images/xpaas_images/sso.html

Section Number and Name: 
Red Hat Single Sign-On (SSO) xPaaS Image

Describe the issue: 
Need documentation on how to integrate Python / HTTPD with Red Hat SSO

Suggestions for improvement: 
There are docs on how to get SSO working with JBoss EAP.   https://docs.openshift.com/enterprise/3.1/using_images/xpaas_images/sso.html.  Requesting docs to be created for SSO working with HTTPD / python S2I image.

Additional information: 
Submitted on behalf of client

Comment 2 Gaurav Nelson 2016-12-06 01:59:56 UTC

Since, this is not doable at the moment, I am closing this bug (not a docs issue).

Please see comments from Graham Dumpleton below:
-------------------------------------------------------------------------------
It cannot be done at this time.

The current Python S2I builder image for OpenShift includes the wrong Apache httpd packages. It needs to use the SCL version and not the default RHEL/Centos versions.

An issue and PR have been raised to have the S2I builder updated:

https://github.com/sclorg/s2i-python-container/issues/161
https://github.com/sclorg/s2i-python-container/pull/162

If this is important to you, please comment on the PR so the developers of the Python S2I builder know there is interest in this.

Once the Python S2I builder is updated, if you need SSO for a Python WSGI application, you will need to use md_wsgi-express in conjunction with the Python S2I builder. The mod_wsgi-express package wraps up Apache/mod_wsgi, automatically creating an Apache configuration for you. An additional configuration snipper would then need to be supplied for mod_wsgi-express to set up the SSO component. Your options for SSO would be LDAP, Kerberos, or a custom scripted solution which uses the Apache mod_session module.

If you can’t wait for the Python S2I builder to be updated, then one could use Docker build strategy in OpenShift to create your own custom builder image direct from the changes in the PR.

If need be I can explain how to do that, and if can get more details on what authentication/authorisation mechanism they are able to use out of the options available, can then indicate how to use mod_wsgi-express to do it.

------------------------------------------------------------------------------

Note You need to log in before you can comment on or make changes to this bug.