Merge pull request #23 from silinternational/develop

Get announcements working properly

Author: longrunningprocess

Makefile

@@ -1,11 +1,11 @@
-start: 
+start:
 	docker-compose up -d
 
-errors: 
+errors:
 	docker-compose exec hub cat /var/log/apache2/error.log
 	docker-compose exec idp1 cat /var/log/apache2/error.log
 	docker-compose exec idp2 cat /var/log/apache2/error.log
 
 clean:
 	docker-compose kill
-	docker-compose rm -f
+	docker system prune -f

README.md

@@ -14,6 +14,8 @@ Update `/simplesamlphp/config/config.php`:
 'theme.use' => 'material:material'
 ```
 
+_[ssp-base](https://github.com/silinternational/ssp-base) provides a convenience by loading this config with whatever is in the environment variable `THEME_USE`._
+
 ### Google reCAPTCHA
 If a site key has been provided in `$this->data['recaptcha.siteKey']`, the 
 username/password page may require the user prove his/her humanity.
@@ -25,8 +27,7 @@ Update `/simplesamlphp/config/config.php`:
 'theme.color-scheme' => ['indigo-purple'|'blue_grey-teal'|'red-teal'|'orange-light_blue']
 ```
 
-The login page will get its images from `/simplesamlphp/www/favicon.ico` and 
-`/simplesamlphp/www/logo.png` which are **NOT** provided by default.
+The login page looks for `/simplesamlphp/www/logo.png` which is **NOT** provided by default.
 
 ### Analytics
 Update `/simplesamlphp/config/config.php`:
@@ -35,9 +36,18 @@ Update `/simplesamlphp/config/config.php`:
 'analytics.trackingId' => 'UA-some-unique-id-for-your-site'
 ```
 
+_[ssp-base](https://github.com/silinternational/ssp-base) provides a convenience by loading this config with whatever is in the environment variable `ANALYTICS_ID`._
+
 ### Announcements
-If something is found in `$this->data['announcement']` an alert will be shown to the user filled with the 
-content of that announcement.  HTML is supported.
+Update `/simplesamlphp/config/config.php`:
+
+```
+'announcement' => 'Some <strong>important</strong> announcement'
+```
+
+_[ssp-base](https://github.com/silinternational/ssp-base) provides a convenience by loading this config with whatever is returned by `/simplesamlphp/announcement/announcement.php`._
+
+If configured, an alert will be shown to the user filled with the content of that announcement.  HTML is supported.
 
 ## Testing theme
 
@@ -46,61 +56,87 @@ content of that announcement.  HTML is supported.
 
 ### Setup 
 
-1. Setup `localhost` aliases for `ssp-hub.local`, `ssp-hub-idp1.local`, and `ssp-hub-idp2.local`.  This is typically done in `/etc/hosts`.
+1. Setup `localhost` aliases for `ssp-hub.local`, `ssp-hub2.local`, `ssp-hub-idp1.local`, and `ssp-hub-idp2.local`.  This is typically done in `/etc/hosts`.
 2. Start test environment, e.g., `make` from the command line.
-3. Goto [http://ssp-hub.local](http://ssp-hub.local).
-4. Login as hub administrator, e.g., username=admin & password=abc123
-
-### Hub
-1. Click **Authentication** tab
-2. Click **Test configured authentication sources**
-3. Click **hub-discovery**
-
-### Error
-1. Click **Federation** tab
-2. Click either **Show metadata** link
-
-### Logout
-1. Click **Authentication** tab
-2. Click **Test configured authentication sources**
-3. Click **admin**
-4. Click **Logout**
-
-### Login
-1. Click **Authentication** tab
-2. Click **Test configured authentication sources**
-3. Click **hub-discovery**
-4. Click **Login with idp1** (NOTE: login page should NOT have material design)
-5. Login as idp1 administrator, e.g., username=admin & password=a
-6. Click **Logout**
-7. Goto [http://ssp-hub.local](http://ssp-hub.local)
-8. Click **Authentication** tab
-9. Click **Test configured authentication sources**
-10. Click **hub-discovery**
-11. Click **Login with idp2** (NOTE: login page should have material design)
-12. Login as an idp2 user, e.g., username=distant_future & password=a
-13. Click **Logout**
 
-### Expiry
+### Hub page
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator, e.g., username=admin & password=abc123
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
 
-#### About to expire
+### Error page
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)
-2. Click **Authentication** tab
-3. Click **Test configured authentication sources**
-4. Click **hub-discovery**
-5. Click **Login with idp2**
-6. Login as an an "about to expire" user, e.g., username=near_future & password=b
-7. Click **Maybe later**
-8. Click **Logout**
+2. Login as hub administrator, e.g., username=admin & password=abc123
+3. Click **Federation** tab
+4. Click either **Show metadata** link
 
-#### Expired
+### Logout page
 1. Goto [http://ssp-hub.local](http://ssp-hub.local)
-2. Click **Authentication** tab
-3. Click **Test configured authentication sources**
-4. Click **hub-discovery**
-5. Click **Login with idp2**
-6. Login as an an "expired" user, e.g., username=already_past & password=c
+2. Login as hub administrator, e.g., username=admin & password=abc123
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **admin**
+6. Click **Logout**
 
+### Login page
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator, e.g., username=admin & password=abc123
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **Login with idp1** (NOTE: login page should NOT have material design)
+7. Login as idp1 administrator, e.g., username=admin & password=a
+8. Click **Logout**
+9. Goto [http://ssp-hub.local](http://ssp-hub.local)
+10. Click **Authentication** tab
+11. Click **Test configured authentication sources**
+12. Click **hub-discovery**
+13. Click **Login with idp2** (NOTE: login page should have material design)
+14. Login as an idp2 user, e.g., username=distant_future & password=a
+15. Click **Logout**
+
+### Forgot password functionality
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator, e.g., username=admin & password=abc123
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **Login with idp2**
+7. Forgot password link should be visible
+
+### Expiry functionality
+#### About to expire page
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator, e.g., username=admin & password=abc123
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **Login with idp2**
+7. Login as an an "about to expire" user, e.g., username=near_future & password=b
+8. Click **Later**
+9. Click **Logout**
+
+#### Expired page
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator, e.g., username=admin & password=abc123
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **Login with idp2**
+7. Login as an an "expired" user, e.g., username=already_past & password=c
+
+### Announcements functionality
+1. Goto [http://ssp-hub2.local:8081](http://ssp-hub2.local:8081)
+2. The announcement should be displayed
+3. Login as hub2 administrator, e.g., username=admin & password=abc123
+4. Click **Authentication** tab
+5. Click **Test configured authentication sources**
+6. Click **hub-discovery**
+7. The announcement should be displayed
+8. Click **Login with idp3**
+9. The announcement should be displayed
 
 ## i18n support
 Translations are categorized by page in definition files located in the `dictionaries` directory.

development/hub/cert/ssp-hub.crt

@@ -1,7 +1,5 @@
 <?php
 $metadata['ssp-hub.local'] = [
 	'host' => 'ssp-hub.local',
-	'privatekey' => 'ssp-hub.pem',
-	'certificate' => 'ssp-hub.crt',
 	'auth' => 'hub-discovery',
-];
+];

development/hub/cert/ssp-hub.pem

@@ -0,0 +1,11 @@
+<?php
+$config = [
+    'admin' => [
+        'core:AdminPassword',
+    ],
+    'hub-discovery' => [
+        'saml:SP',
+        'entityID' => 'ssp-hub2.local',
+        'discoURL'  => 'http://ssp-hub2.local:8081/module.php/sildisco/disco.php',
+    ],
+];

development/hub/saml20-idp-hosted.php

@@ -0,0 +1,5 @@
+<?php
+$metadata['ssp-hub2.local'] = [
+	'host' => 'ssp-hub2.local',
+	'auth' => 'hub-discovery',
+];

development/hub2/authsources.php

@@ -0,0 +1,84 @@
+<?php
+$metadata['http://ssp-hub-idp3.local:8087'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'http://ssp-hub-idp3.local:8087',
+    'name' => [
+        'en' => 'IdP 3'
+    ],
+    'SingleSignOnService'  => 'http://ssp-hub-idp3.local:8087/saml2/idp/SSOService.php',
+    'SingleLogoutService'  => 'http://ssp-hub-idp3.local:8087/saml2/idp/SingleLogoutService.php',
+    'certData' => 'MIIDzzCCAregAwIBAgIJAPlZYTAQSIbHMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTQ1WhcNMjYxMDE3MTIzMTQ1WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArssOaeKbdOQFpN6bBolwSJ/6QFBXA73Sotg60anx9v6aYdUTmi+b7SVtvOmHDgsD5X8pN/6Z11QCZfTYg2nW3ZevGZsj8W/R6C8lRLHzWUr7e7DXKfj8GKZptHlUs68kn0ndNVt9r/+irJe9KBdZ+4kAihykomNdeZg06bvkklxVcvpkOfLTQzEqJAmISPPIeOXes6hXORdqLuRNTuIKarcZ9rstLnpgAs2TE4XDOrSuUg3XFnM05eDpFQpUb0RXWcD16mLCPWw+CPrGoCfoftD5ZGfll+W2wZ7d0kQ4TbCpNyxQH35q65RPVyVNPgSNSsFFkmdcqP9DsFqjJ8YC6wIDAQABo1AwTjAdBgNVHQ4EFgQUD6oyJKOPPhvLQpDCC3027QcuQwUwHwYDVR0jBBgwFoAUD6oyJKOPPhvLQpDCC3027QcuQwUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA6tCLHJQGfXGdFerQ3J0wUu8YDSLb0WJqPtGdIuyeiywR5ooJf8G/jjYMPgZArepLQSSi6t8/cjEdkYWejGnjMG323drQ9M1sKMUhOJF4po9R3t7IyvGAL3fSqjXA8JXH5MuGuGtChWxaqhduA0dBJhFAtAXQ61IuIQF7vSFxhTwCvJnaWdWD49sG5OqjCfgIQdY/mw70e45rLnR/bpfoigL67sTJxy+Kx2ogbvMR6lITByOEQFMt7BYpMtXrwvKUM7k9NOo1jREmJacC8PTx//jRhCWwzUj1RsfIri24BuITrawwqMsYl8DZiiwMpjUf9m4NPaf4E7+QRpzo+MCcg==',
+];
+$metadata['jaars-idp'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'jaars-idp',
+    'name' => [
+        'en' => 'jaars'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/jaars-logo.png'
+];
+$metadata['sil-idp'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'sil-idp',
+    'name' => [
+        'en' => 'sil'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/sil-logo.png'
+];
+$metadata['usa-idp'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'usa-idp',
+    'name' => [
+        'en' => 'usa'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/usa-logo.png'
+];
+$metadata['wga-idp'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'wga-idp',
+    'name' => [
+        'en' => 'wga'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/wga-logo.png'
+];
+$metadata['mock-jaars-idp'] = [
+    'enabled' => false,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'mock-jaars-idp',
+    'name' => [
+        'en' => 'jaars'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/jaars-logo.png'
+];
+$metadata['mock-sil-idp'] = [
+    'enabled' => false,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'mock-sil-idp',
+    'name' => [
+        'en' => 'sil'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/sil-logo.png'
+];
+$metadata['mock-usa-idp'] = [
+    'enabled' => false,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'mock-usa-idp',
+    'name' => [
+        'en' => 'usa'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/usa-logo.png'
+];
+$metadata['mock-wga-idp'] = [
+    'enabled' => false,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'mock-wga-idp',
+    'name' => [
+        'en' => 'wga'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/wga-logo.png'
+];

development/hub2/saml20-idp-hosted.php

@@ -2,6 +2,5 @@
 $metadata['http://ssp-hub-idp1.local:8085'] = [
 	'host' => '__DEFAULT__',
 	'privatekey' => 'ssp-hub-idp1.pem',
-	'certificate' => 'ssp-hub-idp1.crt',
 	'auth' => 'admin',
-];
+];