def populate_sso_public_cert(options, properties): if not options.sso_public_cert_file: cert = get_value_from_dictionary(properties, SSO_CERTIFICATE) get_cert = True if not cert else get_YN_input("The SSO provider's public certificate has already set. Do you want to change it [y/n] (n): ", False) if get_cert: cert_string = get_multi_line_input("Public Certificate PEM") properties[SSO_CERTIFICATE] = ensure_complete_cert(cert_string) if cert_string else "" else: cert_path = options.sso_public_cert_file with open(cert_path) as cert_file: cert_string = cert_file.read() properties[SSO_CERTIFICATE] = ensure_complete_cert(cert_string) if cert_string else ""
def populate_sso_public_cert(options, properties): if not options.sso_public_cert_file: cert_path = properties.get_property(JWT_PUBLIC_KEY) cert_string = get_multi_line_input( "Public Certificate pem ({0})".format( 'stored' if cert_path else 'empty')) store_new_cert = False if cert_string is not None: store_new_cert = True if store_new_cert: full_cert = JWT_PUBLIC_KEY_HEADER + cert_string + JWT_PUBLIC_KEY_FOOTER cert_path = store_password_file(full_cert, JWT_PUBLIC_KEY_FILENAME) else: cert_path = options.sso_public_cert_file properties.process_pair(JWT_PUBLIC_KEY, cert_path)
def setup_sso(args): logger.info("Setup SSO.") if not is_root(): err = 'ambari-server setup-sso should be run with ' \ 'root-level privileges' raise FatalException(4, err) if not get_silent(): properties = get_ambari_properties() must_setup_params = False store_new_cert = False sso_enabled = properties.get_property(JWT_AUTH_ENBABLED).lower() in [ 'true' ] if sso_enabled: if get_YN_input( "Do you want to disable SSO authentication [y/n] (n)?", False): properties.process_pair(JWT_AUTH_ENBABLED, "false") else: if get_YN_input( "Do you want to configure SSO authentication [y/n] (y)?", True): properties.process_pair(JWT_AUTH_ENBABLED, "true") must_setup_params = True else: return False if must_setup_params: provider_url = get_value_from_properties( properties, JWT_AUTH_PROVIDER_URL, JWT_AUTH_PROVIDER_URL_DEFAULT) provider_url = get_validated_string_input( "Provider URL [URL] ({0}):".format(provider_url), provider_url, REGEX_ANYTHING, "Invalid provider URL", False) properties.process_pair(JWT_AUTH_PROVIDER_URL, provider_url) cert_path = properties.get_property(JWT_PUBLIC_KEY) cert_string = get_multi_line_input( "Public Certificate pem ({0})".format( 'stored' if cert_path else 'empty')) if cert_string is not None: store_new_cert = True if get_YN_input( "Do you want to configure advanced properties [y/n] (n) ?", False): cookie_name = get_value_from_properties( properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT) cookie_name = get_validated_string_input( "JWT Cookie name ({0}):".format(cookie_name), cookie_name, REGEX_ANYTHING, "Invalid cookie name", False) properties.process_pair(JWT_COOKIE_NAME, cookie_name) audiences = properties.get_property(JWT_AUDIENCES) audiences = get_validated_string_input( "JWT audiences list (comma-separated), empty for any ({0}):" .format(audiences), audiences, REGEX_ANYTHING, "Invalid value", False) properties.process_pair(JWT_AUDIENCES, audiences) # TODO not required for now as we support Knox only # orig_query_param = get_value_from_properties(JWT_ORIGINAL_URL_QUERY_PARAM, JWT_ORIGINAL_URL_QUERY_PARAM_DEFAULT) # orig_query_param = get_validated_string_input("Original URL query parameter name ({}):".format(orig_query_param), # orig_query_param, # REGEX_ANYTHING, # "Invalid value", # False) # properties.process_pair(JWT_ORIGINAL_URL_QUERY_PARAM, orig_query_param) if store_new_cert: full_cert = JWT_PUBLIC_KEY_HEADER + cert_string + JWT_PUBLIC_KEY_FOOTER cert_path = store_password_file(full_cert, JWT_PUBLIC_KEY_FILENAME) properties.process_pair(JWT_PUBLIC_KEY, cert_path) update_properties(properties) pass else: warning = "setup-sso is not enabled in silent mode." raise NonFatalException(warning) pass