From e010368b9c11de5caf5003a67450944ebddf54fe Mon Sep 17 00:00:00 2001
From: Robin Sonnabend <robin@fsmpi.rwth-aachen.de>
Date: Sun, 23 Feb 2020 19:14:51 +0100
Subject: [PATCH] Add SSO for vampir

---
 uwsgi-python/handlers/main.yml                  |  3 +++
 ...-locations.conf => sso-locations-fsmpi.conf} |  0
 .../files/snippets/sso-locations-vampir.conf    | 17 +++++++++++++++++
 webserver/templates/sites/tlsproxy.conf         |  2 +-
 4 files changed, 21 insertions(+), 1 deletion(-)
 rename webserver/files/snippets/{sso-locations.conf => sso-locations-fsmpi.conf} (100%)
 create mode 100644 webserver/files/snippets/sso-locations-vampir.conf

diff --git a/uwsgi-python/handlers/main.yml b/uwsgi-python/handlers/main.yml
index 783684a..909b259 100644
--- a/uwsgi-python/handlers/main.yml
+++ b/uwsgi-python/handlers/main.yml
@@ -23,6 +23,9 @@
 - name: restart uwsgi instance sso
   service: name="uwsgi@sso" state=restarted
 
+- name: restart uwsgi instance sso-vampir
+  service: name="uwsgi@sso-vampir" state=restarted
+
 - name: restart uwsgi instance migration-webapp
   service: name="uwsgi@migration-webapp" state=restarted
 
diff --git a/webserver/files/snippets/sso-locations.conf b/webserver/files/snippets/sso-locations-fsmpi.conf
similarity index 100%
rename from webserver/files/snippets/sso-locations.conf
rename to webserver/files/snippets/sso-locations-fsmpi.conf
diff --git a/webserver/files/snippets/sso-locations-vampir.conf b/webserver/files/snippets/sso-locations-vampir.conf
new file mode 100644
index 0000000..98d2e44
--- /dev/null
+++ b/webserver/files/snippets/sso-locations-vampir.conf
@@ -0,0 +1,17 @@
+location = /sso {
+    internal;
+    proxy_pass https://sso.vampir.rwth-aachen.de/backend?group=$sso_group;
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+    proxy_set_header X-Original-URI $request_uri;
+}
+
+location @sso {
+    add_header Cache-Control no-store;
+    return 302 https://sso.vampir.rwth-aachen.de?next=https://$server_name$request_uri;
+}
+
+location @sso_logout {
+    add_header Cache-Control no-store;
+    return 302 https://sso.vampir.rwth-aachen.de/logout?next=https://$server_name$request_uri;
+}
diff --git a/webserver/templates/sites/tlsproxy.conf b/webserver/templates/sites/tlsproxy.conf
index e0427ab..bb31ed7 100644
--- a/webserver/templates/sites/tlsproxy.conf
+++ b/webserver/templates/sites/tlsproxy.conf
@@ -39,7 +39,7 @@ server {
     {% endfor %}
     {% if server.use_sso is defined and server.use_sso %}
 
-    include /etc/nginx/snippets/sso-locations.conf;
+    include /etc/nginx/snippets/sso-locations-{{server.sso_domain|default("fsmpi")}}.conf;
     {% else %}
 
     {% endif %}
-- 
GitLab