add flow class for WebAuth custom flows

22b174a6 · Adam Lewenberg · 0195676a · 22b174a6 · 22b174a6 · 22b174a6
Commit 22b174a6 authored 8 years ago by Adam Lewenberg
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -174,24 +174,11 @@ class shibb_idp3::config (
    require => Package['shibboleth-identity-provider'],
  }

-  file { '/etc/shibboleth-idp/conf/authn/twostepremoteuser-authn-config.xml':
-    source  => 'puppet:///modules/shibb_idp3/etc/shibboleth-idp/conf/authn/twostepremoteuser-authn-config.xml',
-    require => Package['shibboleth-identity-provider'],
-  }

-  #   twostepremoteuser-authn-flow.xml
-  file { '/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-beans.xml':
-    source  => 'puppet:///modules/shibb_idp3/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-beans.xml',
-    require => File['/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/'],
-  }
+  # Install the custom flow files
+  shibb_idp3::config::flow { 'TwoStepRemoteUser': }
+  shibb_idp3::config::flow { 'RemoteUserForceReAuth': }
+  shibb_idp3::config::flow { 'TwoStepRemoteUserForceReAuth': }

-  file {
-    '/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/':
-      ensure => directory,
-      require => Package['shibboleth-identity-provider'];
-    '/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-flow.xml':
-      source  => 'puppet:///modules/shibb_idp3/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-flow.xml',
-      require => Package['shibboleth-identity-provider'];
-  }

 }
--- a/manifests/config/flow.pp
+++ b/manifests/config/flow.pp
+#
+# Installs:
+#  /opt/shibboleth-idp/flows/authn/FLOWNAME/flowname-authn-beans.xml
+#  /opt/shibboleth-idp/flows/authn/FLOWNAME/flowname-authn-flow.xml
+#  /etc/shibboleth-idp/conf/authn/flowname-authn-config.xml
+#
+# Edit these files manually:
+#
+# * conf/authn/general-authn.xml
+# * webapp/WEB-INF/web.xml
+
+define shibb_idp3::config::flow (
+  $flow_base_dir = '/opt/shibboleth-idp/flows/authn',
+) {
+
+  $flow_name_lc = downcase($name)
+  $flow_dir     = "${flow_base_dir}/${name}"
+
+  $beans_file = "${flow_dir}/${flow_name_lc}-authn-beans.xml"
+  $flow_file  = "${flow_dir}/${flow_name_lc}-authn-flow.xml"
+  $conf_file  = "/etc/shibboleth-idp/conf/authn/${flow_name_lc}-authn-config.xml"
+
+  # Create the flow directory
+  file { $flow_dir:
+    ensure => directory,
+    require => Package['shibboleth-identity-provider'];
+  }
+
+  file { $beans_file:
+    source  => "puppet:///modules/shibb_idp3/${beans_file}",
+    require => File[$flow_dir],
+  }
+
+  file { $flow_file:
+    source  => "puppet:///modules/shibb_idp3/${flow_file}",
+    require => Package['shibboleth-identity-provider'];
+  }
+
+  file { $conf_file:
+    source  => "puppet:///modules/shibb_idp3/${conf_file}",
+    require => Package['shibboleth-identity-provider'],
+  }
+
+}
--- a/templates/etc/shibboleth-idp/conf/idp.properties.template.erb
+++ b/templates/etc/shibboleth-idp/conf/idp.properties.template.erb
@@ -107,7 +107,7 @@ idp.session.StorageService = shibboleth.ClientSessionStorageService
 #  * TwoStepRemoteUser: used with timesynctoken for sites that require
 #    two-step authentication
 #  * RemoteUserInternal: used for the ECP authentication flow
-idp.authn.flows= RemoteUser|TwoStepRemoteUser|RemoteUserInternal
+idp.authn.flows= RemoteUser|TwoStepRemoteUser|RemoteUserForceReAuth|TwoStepRemoteUserForceReAuth|RemoteUserInternal

 # Regular expression of forced "initial" methods when no session exists,
 # usually in conjunction with the idp.authn.resolveAttribute property below.