Versions Compared

Old Version 2

changes.mady.by.user Niels van Dijk

Saved on

compared with

New Version 3

changes.mady.by.user Niels van Dijk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
├── build_svs.sh
├── config
│   ├── cdb
│   │   ├── cdb.json
│   │   └── cdb.json.example
│   └──├── production
│       ├── attributemaps
│       │   ├── adfs_v1x.py
│       │   ├── adfs_v20.py
│       │   ├── basic.py
│       │   ├── __init__.py
│       │   ├── saml_uri.py
│       │   └── shibboleth_uri.py
│       ├── backend.xml
│       ├── certs
│       │   ├── saml_metadata_backend.crt
│       │   └── saml_metadata_backend.key
│       ├── dhparams.txt
│       ├── entityids.json
│       ├── idp.xml
│       ├── inAcademia.key -> certs/saml_metadata_backend.key
│       ├── inAcademia.pub -> certs/saml_metadata_backend.crt
│       ├── info.log
│       ├── internal_attributes.yaml
│       ├── metadata.crt -> certs/saml_metadata_backend.crt
│       ├── metadata.key -> certs/saml_metadata_backend.key
│       ├── plugins
│       │   ├── attribute_processor.yaml
│       │   ├── custom_logging.yaml
│       │   ├── inacademia_backend.yaml
│       │   ├── inacademia_frontend.yaml
│       │   └── user_consent.yaml
│       └── proxy_conf.yaml
├── Dockerfile
│   └── rsyslog
│       ├── inacademia.conf
│       └── rsyslog.conf
├── Dockerfile
├── LICENSE
├── NOTICE
├── README.md
├── rsyslog.conf
├── run_svs.sh
├──└── start.sh
└── svs-1.0.1-py3-none-any.whl

The Dockerfile is the basis for the docker to be build. The build_svs.sh and run_svs.sh scripts will build and run the docker image respectively. The run_svs.sh script will test if the image exists, and if not, try to build it before running it.

...

  • cdb contains the client database, the RPs that are allowed to connect to InAcademia and which scopes and claims they are allowed to query
  • production contains a set of directiries and files that describe the InAcademia setup.
    • attributemaps configures how SaToSa maps various protocols from and to its internal state. This needs no changes for InAcademia. 
    • certs contains the certificates needed for SAML and OIDC (but NOT for https). 
    • plugins contain the InAcademia frontend, backend and microservices needed by SaToSa for InAcademia.For more info on the syntax used, see the SaToSa documentation https://github.com/IdentityPython/SATOSA/tree/master/doc
    • backend.xml contains Frontend SAML metadata and gets autogenerated when InAcademia docker starts.
    • entityids.json contains a list of all IdPs that are allowed to use the InAcademia service.
    • idp.xml contains the SAML metadata of the IdPs that connect to InAcademia. In production thi sis typically not used and a MDQ is used instead.
    • for historic reasons teh certificates neede by SatoSa for the SAML endpoint and the OIDC endpoint are named differently. This is resolved by the use of the symlinks inAcademia* and metadata* who all point to the certificates in the certs directory
    • info.log is the InAcademia logfile.

Typically neither of these files need changes for a deploy.
The metadata directory contains the SAML metadata that the IdP needs to be able to talk to the SPs involved, in this case the InAcademia SaToSa based proxy.Docker file

The docker file is completely self contained, so it will build the IdP SVS based on the condig and by pulling relevant repositories if needed

Code Block
FROM ubuntu:16.04

EXPOSE 443MAINTAINER InAcademia Team, tech@inacademia.org

RUN apt -yget update && apt-get install -y full-upgrade && apt -y autoremove && apt install -y sudo dnsutils git software-properties-common
RUN apt-add-repository -y ppa:ansible/ansible && apt install -y ansible

RUN git clone https--no-install-recommends \
    git \
    python3-dev \
    build-essential \
    python3-pip \
    libffi-dev \
    libssl-dev \
    xmlsec1 \
    libyaml-dev \ 
    rsyslog
RUN apt clean

RUN pip3 install --upgrade pip setuptools
RUN pip3 install git+git://github.com/surfnet-niels/simplesaml-idp.git /tmp/ansible/simplesaml-idpInAcademia/SATOSA.git@svs-1.0.1#egg=SATOSA
RUN pip3 install git+git://github.com/InAcademia/svs.git#egg=svs
RUN pip3 install pystache

COPY config/ansiblersyslog/inventoryrsyslog.conf /tmp/ansible/simplesaml-idp/etc/rsyslog.conf
COPY config/ansiblersyslog/idpinacademia.ymlconf /tmpetc/ansible/simplesaml-idp/group_vars/

RUN  ansible-playbook -i /tmp/ansible/simplesaml-idp/inventoryrsyslog.d/inacademia.conf
COPY start.sh /tmp/inacademia/start.sh
COPY config/production/attributemaps /tmp/ansible/simplesaml-idp/simplesaml-idp.yml

inacademia/attributemaps
COPY config/metadata/cdb/cdb.json.example /varetc/www/simplesamlphp/metadata cdb/cdb.json

ENTRYPOINT service apache2 start && /bin/bash

Now run the run script to build and run our docker based IdP

Image Removed

Using the IdP

Assuming your deploy went withput errors It should now have available trough: https://idp.inacademia.local/ and a login screen should be awaiting you

Image Removed

You can login with admin and the default password is "inac2play" as configured in the idp.yml file

To test the IdP itself is working you can now use the test authsources feature of simplesamlphp as is shown in the subsquent screens

Image Removed

Image Removed

Image Removed

Image Removed

Use one of the default users to login, e.g. "student1" with password "student1"

["/tmp/inacademia/start.sh"]

Deploying & Starting SVS

Run build_svs.sh to build a new docker.

Image Added

Assuming your build went without errors you can now run the docker image trough run_svs.sh

Image AddedImage Removed

Success, you now have a working SAML2 IdPSVS component.