idp names for local testing were a little confusing

Billy Clark · Billy Clark · commit 6943a09fbbb8 · 2017-10-27T15:32:54.000-04:00
diff --git a/README.md b/README.md
@@ -56,7 +56,7 @@ If configured, an alert will be shown to the user filled with the content of tha
 
 ### Setup 
 
-1. Setup `localhost` (or `192.168.62.54`, if using Vagrant) aliases for `ssp-hub.local`, `ssp-hub2.local`, `ssp-hub-idp1.local`, `ssp-hub-idp2.local` and `ssp-hub-idp3.local`.  This is typically done in `/etc/hosts`.
+1. Setup `localhost` (or `192.168.62.54`, if using Vagrant) aliases for `ssp-hub.local`, `ssp-hub2.local`, `ssp-idp1.local`, `ssp-idp2.local`, `ssp-idp3.local` and `ssp-idp4.local`.  This is typically done in `/etc/hosts`.
 2. Start test environment, i.e., `make` from the command line.
 
 ### Hub page
@@ -129,6 +129,61 @@ If configured, an alert will be shown to the user filled with the content of tha
 6. Click **idp2**
 7. Login as an an "expired" user: `username=`**already_past** `password=`**c**
 
+### Multi-factor authentication (MFA) functionality
+#### Nag about missing MFA setup
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. TODO: add username and remaining steps
+
+#### Force MFA setup
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. TODO: add username and remaining steps
+
+#### Backup code
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. TODO: add username and remaining steps
+
+#### TOTP code
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. TODO: add username and remaining steps
+
+#### Key (U2F)
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. TODO: add username and remaining steps
+
+#### Multiple options
+1. Goto [http://ssp-hub.local](http://ssp-hub.local)
+2. Login as hub administrator: `username=`**admin** `password=`**abc123**
+3. Click **Authentication** tab
+4. Click **Test configured authentication sources**
+5. Click **hub-discovery**
+6. Click **idp4**
+7. TODO: add username and remaining steps
+
 ### Announcements functionality
 1. Goto [http://ssp-hub2.local:8081](http://ssp-hub2.local:8081)
 2. The announcement should be displayed
diff --git a/development/hub/saml20-idp-remote.php b/development/hub/saml20-idp-remote.php
@@ -1,35 +1,35 @@
 <?php
-$metadata['http://ssp-hub-idp1.local:8085'] = [
+$metadata['http://ssp-idp1.local:8085'] = [
     'enabled' => true,
     'metadata-set' => 'saml20-idp-remote',
-    'entityid' => 'http://ssp-hub-idp1.local:8085',
+    'entityid' => 'http://ssp-idp1.local:8085',
     'name' => [
         'en' => 'IdP 1'
     ],
-    'SingleSignOnService'  => 'http://ssp-hub-idp1.local:8085/saml2/idp/SSOService.php',
-    'SingleLogoutService'  => 'http://ssp-hub-idp1.local:8085/saml2/idp/SingleLogoutService.php',
+    'SingleSignOnService'  => 'http://ssp-idp1.local:8085/saml2/idp/SSOService.php',
+    'SingleLogoutService'  => 'http://ssp-idp1.local:8085/saml2/idp/SingleLogoutService.php',
     'certData' => 'MIIDzzCCAregAwIBAgIJAPlZYTAQSIbHMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTQ1WhcNMjYxMDE3MTIzMTQ1WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArssOaeKbdOQFpN6bBolwSJ/6QFBXA73Sotg60anx9v6aYdUTmi+b7SVtvOmHDgsD5X8pN/6Z11QCZfTYg2nW3ZevGZsj8W/R6C8lRLHzWUr7e7DXKfj8GKZptHlUs68kn0ndNVt9r/+irJe9KBdZ+4kAihykomNdeZg06bvkklxVcvpkOfLTQzEqJAmISPPIeOXes6hXORdqLuRNTuIKarcZ9rstLnpgAs2TE4XDOrSuUg3XFnM05eDpFQpUb0RXWcD16mLCPWw+CPrGoCfoftD5ZGfll+W2wZ7d0kQ4TbCpNyxQH35q65RPVyVNPgSNSsFFkmdcqP9DsFqjJ8YC6wIDAQABo1AwTjAdBgNVHQ4EFgQUD6oyJKOPPhvLQpDCC3027QcuQwUwHwYDVR0jBBgwFoAUD6oyJKOPPhvLQpDCC3027QcuQwUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA6tCLHJQGfXGdFerQ3J0wUu8YDSLb0WJqPtGdIuyeiywR5ooJf8G/jjYMPgZArepLQSSi6t8/cjEdkYWejGnjMG323drQ9M1sKMUhOJF4po9R3t7IyvGAL3fSqjXA8JXH5MuGuGtChWxaqhduA0dBJhFAtAXQ61IuIQF7vSFxhTwCvJnaWdWD49sG5OqjCfgIQdY/mw70e45rLnR/bpfoigL67sTJxy+Kx2ogbvMR6lITByOEQFMt7BYpMtXrwvKUM7k9NOo1jREmJacC8PTx//jRhCWwzUj1RsfIri24BuITrawwqMsYl8DZiiwMpjUf9m4NPaf4E7+QRpzo+MCcg==',
 ];
-$metadata['http://ssp-hub-idp2.local:8086'] = [
+$metadata['http://ssp-idp2.local:8086'] = [
     'enabled' => true,
     'metadata-set' => 'saml20-idp-remote',
-    'entityid' => 'http://ssp-hub-idp2.local:8086',
+    'entityid' => 'http://ssp-idp2.local:8086',
     'name' => [
         'en' => 'IdP 2'
     ],
-    'SingleSignOnService'  => 'http://ssp-hub-idp2.local:8086/saml2/idp/SSOService.php',
-    'SingleLogoutService'  => 'http://ssp-hub-idp2.local:8086/saml2/idp/SingleLogoutService.php',
+    'SingleSignOnService'  => 'http://ssp-idp2.local:8086/saml2/idp/SSOService.php',
+    'SingleLogoutService'  => 'http://ssp-idp2.local:8086/saml2/idp/SingleLogoutService.php',
     'certData' => 'MIIDzzCCAregAwIBAgIJALBaUrvz1X5DMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE4MTQwMDUxWhcNMjYxMDE4MTQwMDUxWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5mZNwjEnakJho+5etuFyx+2g9rs96iLX/LDC24aBAsdNxTNuIc1jJ7pxBxGrepEND4LkietLNBlOr1q50nq2+ddTrCfmoJB+9BqBOxcm9qWeqWbp8/arUjaxPzK3DfZrxJxIVFjzqFF7gI91y9yvEW/fqLRMhvnH1ns+N1ne59zr1y6h9mmHfBffGr1YXAfyEAuV1ich4AfTfjqhdwFwxhFLLCVnxA0bDbNw/0eGCSiA13N7a013xTurLeJu0AQaZYssMqvc/17UphH4gWDMEZAwy0EfRSBOsDOYCxeNxVajnWX1834VDpBDfpnZj996Gh8tzRQxQgT9/plHKhGiwIDAQABo1AwTjAdBgNVHQ4EFgQUApxlUQg26GrG3eH8lEG3SkqbH/swHwYDVR0jBBgwFoAUApxlUQg26GrG3eH8lEG3SkqbH/swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANhbm8WgIqBDlF7DIRVUbq04TEA9nOJG8wdjJYdoKrPX9f/E9slkFuD2StcK99RTcowa8Z2OmW7tksa+onyH611Lq21QXh4aHzQUAm2HbsmPQRZnkByeYoCJ/1tuEho+x+VGanaUICSBVWYiebAQVKHR6miFypRElibNBizm2nqp6Q9B87V8COzyDVngR1DlWDduxYaNOBgvht3Rk9Y2pVHqym42dIfN+pprcsB1PGBkY/BngIuS/aqTENbmoC737vcb06e8uzBsbCpHtqUBjPpL2psQZVJ2Y84JmHafC3B7nFQrjdZBbc9eMHfPo240Rh+pDLwxdxPqRAZdeLaUkCQ==',
 ];
-$metadata['http://ssp-hub-idp4.local:8088'] = [
+$metadata['http://ssp-idp4.local:8088'] = [
     'enabled' => true,
     'metadata-set' => 'saml20-idp-remote',
-    'entityid' => 'http://ssp-hub-idp4.local:8088',
+    'entityid' => 'http://ssp-idp4.local:8088',
     'name' => [
         'en' => 'IdP 4'
     ],
-    'SingleSignOnService'  => 'http://ssp-hub-idp4.local:8088/saml2/idp/SSOService.php',
-    'SingleLogoutService'  => 'http://ssp-hub-idp4.local:8088/saml2/idp/SingleLogoutService.php',
+    'SingleSignOnService'  => 'http://ssp-idp4.local:8088/saml2/idp/SSOService.php',
+    'SingleLogoutService'  => 'http://ssp-idp4.local:8088/saml2/idp/SingleLogoutService.php',
     'certData' => 'MIIDzzCCAregAwIBAgIJALBaUrvz1X5DMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE4MTQwMDUxWhcNMjYxMDE4MTQwMDUxWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5mZNwjEnakJho+5etuFyx+2g9rs96iLX/LDC24aBAsdNxTNuIc1jJ7pxBxGrepEND4LkietLNBlOr1q50nq2+ddTrCfmoJB+9BqBOxcm9qWeqWbp8/arUjaxPzK3DfZrxJxIVFjzqFF7gI91y9yvEW/fqLRMhvnH1ns+N1ne59zr1y6h9mmHfBffGr1YXAfyEAuV1ich4AfTfjqhdwFwxhFLLCVnxA0bDbNw/0eGCSiA13N7a013xTurLeJu0AQaZYssMqvc/17UphH4gWDMEZAwy0EfRSBOsDOYCxeNxVajnWX1834VDpBDfpnZj996Gh8tzRQxQgT9/plHKhGiwIDAQABo1AwTjAdBgNVHQ4EFgQUApxlUQg26GrG3eH8lEG3SkqbH/swHwYDVR0jBBgwFoAUApxlUQg26GrG3eH8lEG3SkqbH/swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANhbm8WgIqBDlF7DIRVUbq04TEA9nOJG8wdjJYdoKrPX9f/E9slkFuD2StcK99RTcowa8Z2OmW7tksa+onyH611Lq21QXh4aHzQUAm2HbsmPQRZnkByeYoCJ/1tuEho+x+VGanaUICSBVWYiebAQVKHR6miFypRElibNBizm2nqp6Q9B87V8COzyDVngR1DlWDduxYaNOBgvht3Rk9Y2pVHqym42dIfN+pprcsB1PGBkY/BngIuS/aqTENbmoC737vcb06e8uzBsbCpHtqUBjPpL2psQZVJ2Y84JmHafC3B7nFQrjdZBbc9eMHfPo240Rh+pDLwxdxPqRAZdeLaUkCQ==',
 ];
 $metadata['jaars-idp'] = [
diff --git a/development/hub2/saml20-idp-remote.php b/development/hub2/saml20-idp-remote.php
@@ -1,13 +1,13 @@
 <?php
-$metadata['http://ssp-hub-idp3.local:8087'] = [
+$metadata['http://ssp-idp3.local:8087'] = [
     'enabled' => true,
     'metadata-set' => 'saml20-idp-remote',
-    'entityid' => 'http://ssp-hub-idp3.local:8087',
+    'entityid' => 'http://ssp-idp3.local:8087',
     'name' => [
         'en' => 'IdP 3'
     ],
-    'SingleSignOnService'  => 'http://ssp-hub-idp3.local:8087/saml2/idp/SSOService.php',
-    'SingleLogoutService'  => 'http://ssp-hub-idp3.local:8087/saml2/idp/SingleLogoutService.php',
+    'SingleSignOnService'  => 'http://ssp-idp3.local:8087/saml2/idp/SSOService.php',
+    'SingleLogoutService'  => 'http://ssp-idp3.local:8087/saml2/idp/SingleLogoutService.php',
     'certData' => 'MIIDzzCCAregAwIBAgIJAPlZYTAQSIbHMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTQ1WhcNMjYxMDE3MTIzMTQ1WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArssOaeKbdOQFpN6bBolwSJ/6QFBXA73Sotg60anx9v6aYdUTmi+b7SVtvOmHDgsD5X8pN/6Z11QCZfTYg2nW3ZevGZsj8W/R6C8lRLHzWUr7e7DXKfj8GKZptHlUs68kn0ndNVt9r/+irJe9KBdZ+4kAihykomNdeZg06bvkklxVcvpkOfLTQzEqJAmISPPIeOXes6hXORdqLuRNTuIKarcZ9rstLnpgAs2TE4XDOrSuUg3XFnM05eDpFQpUb0RXWcD16mLCPWw+CPrGoCfoftD5ZGfll+W2wZ7d0kQ4TbCpNyxQH35q65RPVyVNPgSNSsFFkmdcqP9DsFqjJ8YC6wIDAQABo1AwTjAdBgNVHQ4EFgQUD6oyJKOPPhvLQpDCC3027QcuQwUwHwYDVR0jBBgwFoAUD6oyJKOPPhvLQpDCC3027QcuQwUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAA6tCLHJQGfXGdFerQ3J0wUu8YDSLb0WJqPtGdIuyeiywR5ooJf8G/jjYMPgZArepLQSSi6t8/cjEdkYWejGnjMG323drQ9M1sKMUhOJF4po9R3t7IyvGAL3fSqjXA8JXH5MuGuGtChWxaqhduA0dBJhFAtAXQ61IuIQF7vSFxhTwCvJnaWdWD49sG5OqjCfgIQdY/mw70e45rLnR/bpfoigL67sTJxy+Kx2ogbvMR6lITByOEQFMt7BYpMtXrwvKUM7k9NOo1jREmJacC8PTx//jRhCWwzUj1RsfIri24BuITrawwqMsYl8DZiiwMpjUf9m4NPaf4E7+QRpzo+MCcg==',
 ];
 $metadata['jaars-idp'] = [
diff --git a/development/idp1/cert/ssp-idp1.pem b/development/idp1/cert/ssp-idp1.pem
diff --git a/development/idp1/saml20-idp-hosted.php b/development/idp1/saml20-idp-hosted.php
@@ -1,6 +1,6 @@
 <?php
-$metadata['http://ssp-hub-idp1.local:8085'] = [
+$metadata['http://ssp-idp1.local:8085'] = [
 	'host' => '__DEFAULT__',
-	'privatekey' => 'ssp-hub-idp1.pem',
+	'privatekey' => 'ssp-idp1.pem',
 	'auth' => 'admin',
 ];
diff --git a/development/idp2/cert/ssp-idp2.pem b/development/idp2/cert/ssp-idp2.pem
diff --git a/development/idp2/saml20-idp-hosted.php b/development/idp2/saml20-idp-hosted.php
@@ -2,9 +2,9 @@
 use Sil\PhpEnv\Env;
 use Sil\Psr3Adapters\Psr3SamlLogger;
 
-$metadata['http://ssp-hub-idp2.local:8086'] = [
+$metadata['http://ssp-idp2.local:8086'] = [
 	'host' => '__DEFAULT__',
-	'privatekey' => 'ssp-hub-idp2.pem',
+	'privatekey' => 'ssp-idp2.pem',
 	'auth' => 'example-userpass',
     'authproc' => [
         10 => [
diff --git a/development/idp3/cert/ssp-idp3.pem b/development/idp3/cert/ssp-idp3.pem
diff --git a/development/idp3/saml20-idp-hosted.php b/development/idp3/saml20-idp-hosted.php
@@ -1,6 +1,6 @@
 <?php
-$metadata['http://ssp-hub-idp3.local:8087'] = [
+$metadata['http://ssp-idp3.local:8087'] = [
 	'host' => '__DEFAULT__',
-	'privatekey' => 'ssp-hub-idp3.pem',
+	'privatekey' => 'ssp-idp3.pem',
 	'auth' => 'admin',
 ];
diff --git a/development/idp4/cert/ssp-idp4.pem b/development/idp4/cert/ssp-idp4.pem
diff --git a/development/idp4/saml20-idp-hosted.php b/development/idp4/saml20-idp-hosted.php
@@ -2,9 +2,9 @@
 use Sil\PhpEnv\Env;
 use Sil\Psr3Adapters\Psr3SamlLogger;
 
-$metadata['http://ssp-hub-idp4.local:8088'] = [
+$metadata['http://ssp-idp4.local:8088'] = [
     'host' => '__DEFAULT__',
-    'privatekey' => 'ssp-hub-idp4.pem',
+    'privatekey' => 'ssp-idp4.pem',
     'auth' => 'silauth',
     'authproc' => [
         10 => [
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,6 +1,5 @@
 version: '2.0'
-#TODO: update README with new idp and local mfa testing (also need a reference in /etc/hosts to idp4)
-#TODO: change names to idp's to exclude hub, e.g., ssp-hub-idp4.local is misleading...ssp-idp4.local would be better
+#TODO: update README with local mfa testing steps
 
 services:
   hub:
