add saml auth notes for lab, and a secondary test script
This commit is contained in:
Chris Hammer
85
notes/saml_auth_notes.txt
Normal file
85
notes/saml_auth_notes.txt
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
SAML Service Provider Organization Info
|
||||||
|
=======================================
|
||||||
|
{
|
||||||
|
"en-US": {
|
||||||
|
"displayname": "The Zen Garden SSO",
|
||||||
|
"name": "TZGSSO",
|
||||||
|
"url": "https://sso.thezengarden.net"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
SAML Service Provider Technical Contact
|
||||||
|
SAML Service Provider Support Contact
|
||||||
|
=======================================
|
||||||
|
{
|
||||||
|
"emailAddress": "chris.hammer@redhat.com",
|
||||||
|
"givenName": "Chris Hammer"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
SAML Enabled Identity Providers
|
||||||
|
===============================
|
||||||
|
{
|
||||||
|
"TZGSSO": {
|
||||||
|
"attr_groups": "http://schemas.xmlsoap.org/claims/Group",
|
||||||
|
"x509cert": "MIIFBDCCAuygAwIBAgIQCC1O5qRJT5elCDxSvDIJLzANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJhdXRoZW50aWsgMjAyMi4zLjMwHhcNMjIwMzIxMjIxMDMwWhcNMjMwMzIyMjIxMDMwWjA5MQ0wCwYDVQQDDARnZW4xMRIwEAYDVQQKDAlhdXRoZW50aWsxFDASBgNVBAsMC1NlbGYtc2lnbmVkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtemfR4nnGxM9igtZg9S+3sAlhoWAPIkMEgqTp8IXTauCIBsVqEILeIbSymTwwd7uEUBUWTerQtUNiuCobywrrL3jan/PVQWN50VD3ItBl7pRtvvnP6iyPpNUCoBRBi8nTMoeCA/8QjFqYGiuBSkVriOyS3my+IVYNA6adLKs3Rz8SEzEf2w+zZUx7WY/zk2/5g2SYbLTXfYp3OBYbudI7JZbN6PSJwddWfZMaRiU4gvCoBOFW1Fo6BE19TEdVcjwohTbAC1PtAqWvfhFmDTT+dr2/DgMhPaj7Mywejr9pAqleRNTUljiC91kZb/q+G5JAywdyFTBdjDp39MfKFI3LD59NTBCdasEdZBB6pd/k5a4NoxjHJwQ26Ai4MPby4wzKGslkzlgNbce1fC4eqqUyguvhg+VAiYQkxIg682N6u4y/5cBkCSKY54CiXdPtE76Zbq1gD20T/amvy+pTXIU/E5F5JaTvwxfkV2rGNVVwMWHPDAwPLT3Xe8g++lDW+U3BuT7BVWUIgMeI3YAuoASfQLvFZJAu5wjAfTS1R/USKjthVTzJwDNnFqlE+9dqt1HZz2UtvioCddKlDTMT/1XehAZD7AtT3gH+J+8xgDd03A1HO7LUVwDysdj4ZPSKeFLUo3lS0Lu/rHiealNnHocZEdEIxDVqJcvepoCaVQQ1xUCAwEAAaMkMCIwIAYDVR0RAQH/BBYwFIISKi50aGV6ZW5nYXJkZW4ubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQAOy5mD//NWutV9m73FGJfOIn2IcoF8jhpedvEALZrT0vIClW/ESVpyrp9hTmY6ZwUi+aRq5wzsiMnoXhKgf6phuAiHw4OQe0LPuRcmugiaNLjuUoI0AYc1thJpuDQqxkG0JcDb8uh/Q58+k/+tSoyRqk1WD4/CtgbGKE1sqR7/VsPUDRVADy17z5FLNnRgvpMO3A292qPyyCyG+kjU4VsTzjmxo3BIEAhwcf4czZACHGj71KMuGCxwz+AeQUStVPH23egAl37ze4pXlrvQB79mbmQjm0wLuoMrr8/6AeJKOOnzOJAUe3pcLkbZ2r+yfSq3umdX1B4u+QooEdYvj/KcO7413AeJwqSGYyt2eDbzJRQn8Vr4BXSUrB5VYeJap9MMRWSFuOcL/kHRphKBKEAXxTzVL3Y4dLH0XBd8uAVjhl57tzDloF9B9WDMBiGaC7LqaU1jQCjdeJjLJGPTk8wU5TozMuhJsbWu36Ca/YxQfuVHTTmM5mF+vZrOLoSAkpS2JD8fPMcdzIfcRf7iqb6lIsXcd0f2VlQs62hgexLxWKmAPPrtFknTOPVEAjt9+rF6y+g17NTwoxD2DKgPzJNH2xen9nonhbMBJqrIaMo/w62hyt+s2FDYWKWvdACk6xaUelwzYNw5+dqtuN6uw8Bu4a4V1jWR7Otm1Uqi4oN5VA==",
|
||||||
|
"attr_username": "http://schemas.goauthentik.io/2021/02/saml/username",
|
||||||
|
"attr_email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
|
||||||
|
"attr_user_permanent_id": "http://schemas.goauthentik.io/2021/02/saml/uid",
|
||||||
|
"entity_id": "https://tower2.thezengarden.net/sso/metadata/saml/",
|
||||||
|
"url": "https://sso.thezengarden.net/application/saml/aap/sso/binding/redirect/",
|
||||||
|
"attr_first_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
SAML Organization Map
|
||||||
|
=====================
|
||||||
|
{
|
||||||
|
"Red Hat Consulting": {
|
||||||
|
"admins": [
|
||||||
|
"/^[^@].*?@redhat\\.com$/",
|
||||||
|
"chris@thezengarden.net"
|
||||||
|
],
|
||||||
|
"users": false,
|
||||||
|
"remove_users": true,
|
||||||
|
"remove_admins": true
|
||||||
|
},
|
||||||
|
"Cloud": {
|
||||||
|
"admins": [
|
||||||
|
"/^[^@].*?@redhat\\.com$/",
|
||||||
|
"chris@thezengarden.net"
|
||||||
|
],
|
||||||
|
"users": true,
|
||||||
|
"remove_users": false,
|
||||||
|
"remove_admins": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
SAML Team Attribute Mapping
|
||||||
|
===========================
|
||||||
|
{
|
||||||
|
"remove": false,
|
||||||
|
"saml_attr": "http://schemas.xmlsoap.org/claims/Group",
|
||||||
|
"team_org_map": [
|
||||||
|
{
|
||||||
|
"team": "aap_lab_users",
|
||||||
|
"team_alias": "Engineering",
|
||||||
|
"organization": "Cloud"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"team": "aap_lab_admins",
|
||||||
|
"team_alias": "Operations",
|
||||||
|
"organization": "Cloud"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
SAML Security Config
|
||||||
|
====================
|
||||||
|
{
|
||||||
|
"requestedAuthnContext": false
|
||||||
|
}
|
||||||
24
utils/dev_tower_test.sh
Normal file
24
utils/dev_tower_test.sh
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
CONC="50"
|
||||||
|
REQU="100"
|
||||||
|
|
||||||
|
BASE_URL="10.1.1.51"
|
||||||
|
AAP_JOB_ID="10"
|
||||||
|
POST_PAYLOAD_PATH="empty.post"
|
||||||
|
#POST_PAYLOAD_PATH="provision.post"
|
||||||
|
POST_PAYLOAD_TYPE="application/json"
|
||||||
|
|
||||||
|
TOWER_USER="admin"
|
||||||
|
TOWER_PASS="redhat"
|
||||||
|
|
||||||
|
|
||||||
|
printf "\n%s\n" \
|
||||||
|
"# Running test - ${REQU} requests / ${CONC} concurrency"
|
||||||
|
ab -c "${CONC}" \
|
||||||
|
-n ${REQU} \
|
||||||
|
-A ${TOWER_USER}:${TOWER_PASS} \
|
||||||
|
-T "${POST_PAYLOAD_TYPE}" \
|
||||||
|
-v1 \
|
||||||
|
-p ${POST_PAYLOAD_PATH} "https://${BASE_URL}/api/v2/job_templates/${AAP_JOB_ID}/launch/" | \
|
||||||
|
grep "Failed requests\|Time taken for tests"
|
||||||
Reference in New Issue
Block a user