announcements weren't being tested

Author: Billy Clark

README.md

@@ -81,6 +81,17 @@ content of that announcement.  HTML is supported.
 12. Login as an idp2 user, e.g., username=distant_future & password=a
 13. Click **Logout**
 
+### Announcements
+1. Goto [http://ssp-hub2.local:8081](http://ssp-hub2.local:8081)
+2. The announcement should be displayed
+3. Login as hub2 administrator, e.g., username=admin & password=abc123
+4. Click **Authentication** tab
+5. Click **Test configured authentication sources**
+6. Click **hub-discovery**
+7. The announcement should be displayed
+8. Click **Login with idp3**
+9. The announcement should be displayed
+
 ### Expiry
 
 #### About to expire

development/hub2/authsources.php

@@ -0,0 +1,11 @@
+<?php
+$config = [
+    'admin' => [
+        'core:AdminPassword',
+    ],
+    'hub-discovery' => [
+        'saml:SP',
+        'entityID' => 'ssp-hub2.local',
+        'discoURL'  => 'http://ssp-hub2.local:8081/module.php/sildisco/disco.php',
+    ],
+];

development/hub2/saml20-idp-hosted.php

@@ -0,0 +1,5 @@
+<?php
+$metadata['ssp-hub2.local'] = [
+	'host' => 'ssp-hub2.local',
+	'auth' => 'hub-discovery',
+];

development/hub2/saml20-idp-remote.php

@@ -0,0 +1,84 @@
+<?php
+$metadata['http://ssp-hub-idp3.local:8087'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'http://ssp-hub-idp3.local:8087',
+    'name' => [
+        'en' => 'IdP 3'
+    ],
+    'SingleSignOnService'  => 'http://ssp-hub-idp3.local:8087/saml2/idp/SSOService.php',
+    'SingleLogoutService'  => 'http://ssp-hub-idp3.local:8087/saml2/idp/SingleLogoutService.php',
+    'certData' => 'MIIDzzCCAregAwIBAgIJAPlZYTAQSIbHMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTQ1WhcNMjYxMDE3MTIzMTQ1WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArssOaeKbdOQFpN6bBolwSJ/6QFBXA73Sotg60anx9v6aYdUTmi+b7SVtvOmHDgsD5X8pN/6Z11QCZfTYg2nW3ZevGZsj8W/R6C8lRLHzWUr7e7DXKfj8GKZptHlUs68kn0ndNVt9r/+irJe9KBdZ+4kAihykomNdeZg06bvkklxVcvpkOfLTQzEqJAmISPPIeOXes6hXORdqLuRNTuIKarcZ9rstLnpgAs2TE4XDOrSuUg3XFnM05eDpFQpUb0RXWcD16mLCPWw+CPrGoCfoftD5ZGfll+W2wZ7d0kQ4TbCpNyxQH35q65RPVyVNPgSNSsFFkmdcqP9DsFqjJ8YC6wIDAQABo1AwTjAdBgNVHQ4EFgQUD6oyJKOPPhvLQpDCC3027QcuQwUwHwYDVR0jBBgwFoAUD6oyJKOPPhvLQpDCC3027QcuQwUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA6tCLHJQGfXGdFerQ3J0wUu8YDSLb0WJqPtGdIuyeiywR5ooJf8G/jjYMPgZArepLQSSi6t8/cjEdkYWejGnjMG323drQ9M1sKMUhOJF4po9R3t7IyvGAL3fSqjXA8JXH5MuGuGtChWxaqhduA0dBJhFAtAXQ61IuIQF7vSFxhTwCvJnaWdWD49sG5OqjCfgIQdY/mw70e45rLnR/bpfoigL67sTJxy+Kx2ogbvMR6lITByOEQFMt7BYpMtXrwvKUM7k9NOo1jREmJacC8PTx//jRhCWwzUj1RsfIri24BuITrawwqMsYl8DZiiwMpjUf9m4NPaf4E7+QRpzo+MCcg==',
+];
+$metadata['jaars-idp'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'jaars-idp',
+    'name' => [
+        'en' => 'jaars'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/jaars-logo.png'
+];
+$metadata['sil-idp'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'sil-idp',
+    'name' => [
+        'en' => 'sil'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/sil-logo.png'
+];
+$metadata['usa-idp'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'usa-idp',
+    'name' => [
+        'en' => 'usa'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/usa-logo.png'
+];
+$metadata['wga-idp'] = [
+    'enabled' => true,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'wga-idp',
+    'name' => [
+        'en' => 'wga'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/wga-logo.png'
+];
+$metadata['mock-jaars-idp'] = [
+    'enabled' => false,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'mock-jaars-idp',
+    'name' => [
+        'en' => 'jaars'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/jaars-logo.png'
+];
+$metadata['mock-sil-idp'] = [
+    'enabled' => false,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'mock-sil-idp',
+    'name' => [
+        'en' => 'sil'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/sil-logo.png'
+];
+$metadata['mock-usa-idp'] = [
+    'enabled' => false,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'mock-usa-idp',
+    'name' => [
+        'en' => 'usa'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/usa-logo.png'
+];
+$metadata['mock-wga-idp'] = [
+    'enabled' => false,
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'mock-wga-idp',
+    'name' => [
+        'en' => 'wga'
+    ],
+    'logoURL' => 'https://static.gtis.guru/idp-logo/wga-logo.png'
+];

development/idp3/announcement.php

@@ -0,0 +1,4 @@
+<?php
+$citation = '<a href="http://www.lipsum.com" target="_blank">lipsum.com</a>';
+
+return "On the other hand, we denounce with righteous indignation and dislike men who are so beguiled and demoralized by the charms of pleasure of the moment, so blinded by desire, that they cannot foresee the pain and trouble that are bound to ensue; and equal blame belongs to those who fail in their duty through weakness of will, which is the same as saying through shrinking from toil and pain. These cases are perfectly simple and easy to distinguish. In a free hour, when our power of choice is untrammelled and when nothing prevents our being able to do what we like best, every pleasure is to be welcomed and every pain avoided. But in certain circumstances and owing to the claims of duty or the obligations of business it will frequently occur that pleasures have to be repudiated and annoyances accepted. The wise man therefore always holds in these matters to this principle of selection: he rejects pleasures to secure other greater pleasures, or else he endures pains to avoid worse pains.  More info at $citation";

development/idp3/authsources.php

@@ -0,0 +1,6 @@
+<?php
+$config = [
+    'admin' => [
+        'core:AdminPassword',
+    ],
+];

development/idp3/cert/ssp-hub-idp3.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCuyw5p4pt05AWk
+3psGiXBIn/pAUFcDvdKi2DrRqfH2/pph1ROaL5vtJW286YcOCwPlfyk3/pnXVAJl
+9NiDadbdl68ZmyPxb9HoLyVEsfNZSvt7sNcp+PwYpmm0eVSzrySfSd01W32v/6Ks
+l70oF1n7iQCKHKSiY115mDTpu+SSXFVy+mQ58tNDMSokCYhI88h45d6zqFc5F2ou
+5E1O4gpqtxn2uy0uemACzZMThcM6tK5SDdcWczTl4OkVClRvRFdZwPXqYsI9bD4I
++sagJ+h+0PlkZ+WX5bbBnt3SRDhNsKk3LFAffmrrlE9XJU0+BI1KwUWSZ1yo/0Ow
+WqMnxgLrAgMBAAECggEBAJkLtIAj6WgM66AzRVwQ5R7B7JV5gucEwzTQzZedDP7u
+aPC2Z+Z+PzICrrZVZ2p1XKEKmWWs6LjwlvT80MMn3fnCgY+TFoKlHQ8GkMQ4Z9HM
+ZKwl6A+ZMerHcxCRmAeImDFctHKuvDtpQt+KMRa0c5ZZm/5SHBkPld4M1m+9k+JN
+wheR6xVd82R04cLyJNKPdjuZnVLlNaUn44g4PX/BHVbYXISiORIT/apsOWfwkzLJ
+ZBSTZBTRjNN/U+yzqQ+UlyKrABJiLF6INSSmLEfSnVh0EyoMc249k0D9JSbm0tZR
+gn0U5Gdr+hEUdNn7I2INRwROvGiptasgj76HZQsj3QkCgYEA0+2BQeovteYZj8zf
+nq0gT5UhoFFVvKK0sKONk3LFBoFEJ5HtcmA+Oi/IkHPXDaMHdXNkGw6Rilwhjt9z
+7vXia9P8+/Ent5p+kqzCFvYd5UfDz1NMEb5jrrjLpQtPgA5+mUhURyL9chQHeIMO
+ZyckyJGap0kcbaV/+HkZOx/0q68CgYEA0ySZ/PzKqgnZNhjQTgvR7xuvQPuSvakB
+KJoqHoThN1v3WciFzoXi9aU4idkYKe5vupXUu8scqvUMfpTvaazye9IPrjuxebo1
+hzhkRwMfMZ7k480zhOQt4YyYZSTkZIflAiP/fP2pel/KPDemuA/QPjR5begeAL5P
+pfGkOZmTf4UCgYEAk4ClDGmg12vVsr6XjetVp85WXyz9DZP5S1Aqg8vH0iU6eIga
+yhauePU1FUVrErS7xkWQETzsk25YdQaVvGYrN32OgRRx3lqLai8Pz8dxO1ndsXl6
+Yocu/jbklnTu2mQ8PReYgQKbgEDsijY9WhJmiaq+B1zdins8PIacxwgQ1UUCgYEA
+rgnJdCLa2nXruQ+TBAHyNWlYd/Pl7LdV4SXR+f4Fth/0Lul+gdESVvCtPdLYfBex
+uNav12uAYdpDRkN1ZGHOLgnkKvXBQFkgrijpXy9PkxMqECugf7Wlq/i71QMnz0XE
+mpMZkOl1vQ0gIaqtnaJLQDr4rINb17kG5f3cJC5WyhECgYAejIBSfk4ty9SRwbBM
+GQaCuQMmWxh1mIi2XBWpUna5Si719QOPNIqI3oAZQf1eE9jTFHZwB3IlbdrJ9HAf
+yszwVJTPbMBA/Q8uNyElcLku0wtY3fskSCgw5UQshO+6zzL2Wo0O2ftIxc7+hdf0
+8reJ9MfI2kYx3cdR7//py10Wtw==
+-----END PRIVATE KEY-----

development/idp3/saml20-idp-hosted.php

@@ -0,0 +1,6 @@
+<?php
+$metadata['http://ssp-hub-idp3.local:8087'] = [
+	'host' => '__DEFAULT__',
+	'privatekey' => 'ssp-hub-idp3.pem',
+	'auth' => 'admin',
+];

development/idp3/saml20-sp-remote.php

@@ -0,0 +1,5 @@
+<?php
+$metadata['ssp-hub2.local'] = [
+	'AssertionConsumerService' => 'http://ssp-hub2.local:8081/module.php/saml/sp/saml2-acs.php/hub-discovery',
+	'SingleLogoutService' => 'http://ssp-hub2.local:8081/module.php/saml/sp/saml2-logout.php/hub-discovery',
+];

docker-compose.yml

@@ -3,7 +3,6 @@ services:
   hub:
     image: silintl/ssp-base:develop
     volumes:
-      - ./development/hub/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
       - ./development/hub/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
       - ./development/hub/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
       - ./development/hub/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php
@@ -62,3 +61,44 @@ services:
       IDP_NAME: "Idp 2"
       ANALYTICS_ID: "UA-XXXX-Y"
       CHANGE_PWD_URL: "http://example.org"
+  hub2:
+    image: silintl/ssp-base:develop
+    volumes:
+      - ./development/hub2/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
+      - ./development/hub2/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
+      - ./development/hub2/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php
+      - ./www/default-logo.png:/data/vendor/simplesamlphp/simplesamlphp/www/logo.png
+      - ./:/data/vendor/simplesamlphp/simplesamlphp/modules/material
+      - ./development/idp3/announcement.php:/data/vendor/simplesamlphp/simplesamlphp/announcement/announcement.php
+    ports:
+      - '8081:80'
+    environment:
+      ADMIN_PASS: "abc123"
+      SECURE_COOKIE: "false"
+      SHOW_SAML_ERRORS: "true"
+      THEME_USE: "material:material"
+      HUB_MODE: "true"
+      ADMIN_EMAIL: "[email protected]"
+      SECRET_SALT: "QthhmKnsmC7X/+2bv3CgzBWaFR68J3fP6QgmZhM1L7M="
+      IDP_NAME: "The Hub2"
+  idp3:
+    image: silintl/ssp-base:develop
+    volumes:
+      - ./development/idp3/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
+      - ./development/idp3/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
+      - ./development/idp3/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php
+      - ./development/idp3/saml20-sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-remote.php
+      - ./www/default-logo.png:/data/vendor/simplesamlphp/simplesamlphp/www/logo.png
+      - ./:/data/vendor/simplesamlphp/simplesamlphp/modules/material
+      - ./development/idp3/announcement.php:/data/vendor/simplesamlphp/simplesamlphp/announcement/announcement.php
+    ports:
+      - '8087:80'
+    environment:
+      ADMIN_PASS: "a"
+      SECURE_COOKIE: "false"
+      SHOW_SAML_ERRORS: "true"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
+      THEME_USE: "material:material"
+      ADMIN_EMAIL: "[email protected]"
+      SECRET_SALT: "xbcCMIHHzsgE8yYC6OIBjsp+ruZYghHn1k5Bv/IGbrg="
+      IDP_NAME: "Idp 3"