I4788 ezproxy test shibuser #6366
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kayiwa
force-pushed
the
i4788_ezproxy_test_shibuser
branch
4 times, most recently
from
e605937 to
1378563
Compare
VickieKarasic
force-pushed
the
i4788_ezproxy_test_shibuser
branch
from
1378563 to
3c9428c
Compare
kayiwa
force-pushed
the
i4788_ezproxy_test_shibuser
branch
2 times, most recently
from
3af58ca to
f1a0863
Compare
VickieKarasic
force-pushed
the
i4788_ezproxy_test_shibuser
branch
from
f1a0863 to
bbde833
Compare
kayiwa
force-pushed
the
i4788_ezproxy_test_shibuser
branch
from
843415b to
7060ca0
Compare
VickieKarasic
force-pushed
the
i4788_ezproxy_test_shibuser
branch
from
948e121 to
935b3c7
Compare
kayiwa
force-pushed
the
i4788_ezproxy_test_shibuser
branch
2 times, most recently
from
c46656d to
0913b52
Compare
kayiwa
force-pushed
the
i4788_ezproxy_test_shibuser
branch
7 times, most recently
from
9b8e472 to
efbc30f
Compare
we want to install ezproxy and ensure it runs as a standalone first once this is accomplished cap deployment for the lifecycle can be run Co-authored-by: Vickie Karasic <[email protected]>
Co-authored-by: Vickie Karasic <[email protected]>
add user.txt file for auth Co-authored-by: Vickie Karasic <[email protected]>
make the idp point to entra infrastructure and make it a little more legible to folks who don't live on ezproxy-land Co-authored-by: Vickie Karasic <[email protected]>
we move all of the files to be in place before we run the ezproxy install command We create a break glass user that we will need to configure TLS upon completion we added the ezproxy admin with a strong password Our shib template will add the admin users needed when this step is complete Co-authored-by: Vickie Karasic <[email protected]>
the hostname and inventory name are not the same thing
Co-authored-by: Francis Kayiwa <[email protected]>
the unitfile needs to be forking instead of simple we remove the alias. ensure the ezproxy directory is owned by the user Co-authored-by: Vickie Karasic <[email protected]>
Co-authored-by: Vickie Karasic <[email protected]>
we cannot - yet - run this as the ezproxy user
enable ezproxy to start on boot Co-authored-by: Vickie Karasic <[email protected]>
from `man systemd` and grep for AmbientCapabilities Co-authored-by: Vickie Karasic <[email protected]>
edit the Group +default line add Debug comment out Deny unaffiliated.html add last line
we have two locations for the AllowUsers legacy vms place them at `/etc/ssh/ssh_config` and newer ones have them at /etc/ssh/ssh_config.d/99-allow we make the deploy role continue to work the same way in both make sure the app and idp uuids for testing are included
a brand new VM will need TLS setup and proper authn/authz configured for SAML to work. We comment it out to allow configuration Co-authored-by: Vickie Karasic <[email protected]>
OCLC documentation asks to look at the MetadataFile and we found ClaimTypesOffered and could the answers on entra ID
…the role fail idempotence
kayiwa
force-pushed
the
i4788_ezproxy_test_shibuser
branch
from
93fc722 to
3cc77dc
Compare
in order to be idempotent the last set of permissions must match what we have used before Co-authored-by: Vickie Karasic <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes #4788