add a Vagrantfile with a simple testing environment

vagrant/Vagrantfile

+API_VERSION = "2"
+
+Vagrant.configure(API_VERSION) do |config|
+  config.vm.box = "debian-wheezy-64"
+  config.vm.box_url = "http://basebox.libera.cc/debian-wheezy-64.box"
+
+  config.vm.provision "shell" do |s|
+    s.path = "setup.sh"
+  end
+end
+

vagrant/apache_config

+<VirtualHost *:80>
+	ServerName localhost
+	RewriteEngine On
+	RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [L]
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName www.sso.net
+	SSLEngine On
+	SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+	DocumentRoot /var/www/default
+	<Directory /var/www/default>
+		Order allow,deny
+		Allow from all
+	</Directory>
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName app.sso.net
+	SSLEngine On
+	SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+	SSODomain sso.net
+	SSOLoginServer login.sso.net
+
+	DocumentRoot /var/www/app
+	<Directory /var/www/app>
+		Order allow,deny
+		Allow from all
+	</Directory>
+
+	<Location />
+		AuthType SSO
+		SSOService app.sso.net/
+		require valid-user
+	</Location>
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName login.sso.net
+	SSLEngine On
+	SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+	<Proxy *>
+		Order allow,deny
+		Allow from all
+	</Proxy>
+
+	ProxyPass / http://127.0.0.1:5002/
+	ProxyPassReverse / http://127.0.0.1:5002/
+</VirtualHost>

vagrant/setup.sh

+#!/bin/sh
+
+# Install our Debian repository.
+echo 'deb http://deb.autistici.org/debian unstable main' \
+  > /etc/apt/sources.list.d/ai.list
+wget -nv -O- http://deb.autistici.org/repo.key | apt-key add -
+apt-get -qq update
+
+PKG="ai-sso ai-sso-server apache2-mpm-worker libapache2-mod-sso python-gevent"
+DEBIAN_FRONTEND=noninteractive apt-get install -q -y $PKG
+
+# Edit the hosts file.
+ip=$(hostname -I)
+cat >> /etc/hosts <<EOF
+${ip} login.sso.net www.sso.net app.sso.net
+EOF
+
+# Generate keys.
+ssotool --gen-keys --output /etc/sso/public.key --secret-key /etc/sso/secret.key
+chmod 0400 /etc/sso/secret.key
+chown ai-sso /etc/sso/secret.key
+
+# Setup the SSO server.
+cp /vagrant/sso_config /etc/sso/config
+cat >/etc/default/ai-sso-server <<EOF
+NO_START=0
+SSO_PORT=5002
+EOF
+service ai-sso-server start
+
+# Setup Apache and create website content.
+cp /vagrant/apache_config /etc/apache2/sites-available/default
+a2enmod rewrite proxy_http ssl sso
+mkdir -p /var/www/default /var/www/app
+echo '<h1>This is the default website</h1>' > /var/www/default/index.html
+echo '<h1>This is the protected app</h1>' > /var/www/app/index.html
+cat >/etc/apache2/ports.conf <<EOF
+NameVirtualHost *:80
+Listen 80
+NameVirtualHost *:443
+Listen 443
+EOF
+apache2ctl restart
+

vagrant/sso_config

+# Flask application secret key.
+SECRET_KEY = 'abracadabra'
+
+SSO_DOMAIN = 'sso.net'
+SSO_AUTH_MODULE = 'sso_server.auth.auth_test'
+SSO_SECRET_KEY = '/etc/sso/secret.key'
+SSO_PUBLIC_KEY = '/etc/sso/public.key'
+LOGIN_TICKET_TTL = 86400
+SERVICE_TICKET_TTL = 1800
+
+# Regexp that should match all services for which SSO is allowed.
+ALLOWED_SERVICES = ['.*\.sso\.net$']
+