You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Test environment is set up with several docker containers with reverse proxy in front of them, all on a single virtual machine (VM).

Main domain is maiv1.incubator.geant.org, also with registered wildcard domain *.maiv1.incubator.geant.org, which enables having any number of subdomain virtual hosts.

Virtual host certificates are obtained using acme.sh: https://github.com/acmesh-official/acme.sh

Git repo of the whole setup is internally available here (expect heavy changes during Incubator activity): https://gitlab.software.geant.org/TI_Incubator/saml-signature-validation-test-env

Test IdP

Test IdP is SimpleSAMLphp v2.1 instance with configured IdP and installed 'conformance' module (authentication processing filter) which can modify SAML Responses sent to the trusted SPs, with per-configured trust for several test SPs.

IdP metadata: https://conformance-idp.maiv1.incubator.geant.org/module.php/saml/idp/metadata

Admin dashboard: https://conformance-idp.maiv1.incubator.geant.org/module.php/admin/

Conformance module repo: https://github.com/cicnavi/simplesamlphp-module-conformance

Test modification endpoints

Endpoint to define next test for particular SP

URI: https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/test/setup

HTTP method: GET

Parameters:

  • testId
    • valid values: standardResponse|noSignature|invalidSignature
    • example: noSignature
  • spEntityId
    • valid values: any trusted SP Entity ID
    • example: urn:x-simplesamlphp:geant:incubator:simplesamlphp-sp:good-sp


For example, to define that the next test for SP 'urn:x-simplesamlphp:geant:incubator:simplesamlphp-sp:good-sp' should be the one which doesn't sign SAML Response:

https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/test/setup?testId=noSignature&spEntityId=urn:x-simplesamlphp:geant:incubator:simplesamlphp-sp:good-sp

Sample SPs and Related Apps

SimpleSAMLphp

SimpleSAMLphp v2.1 instance with configured SPs listed below. It has a code modification to skip signature checks for 'bad' SP, for simulation purposes.

Admin dashboard: https://simplesamlphp-sp.maiv1.incubator.geant.org/simplesaml/module.php/admin/

List of apps: https://simplesamlphp-sp.maiv1.incubator.geant.org/

Good SP / App

Metadata: https://simplesamlphp-sp.maiv1.incubator.geant.org/simplesaml/module.php/saml/sp/metadata/good-sp

App: https://simplesamlphp-sp.maiv1.incubator.geant.org/php-app-good-ssp-sp/

Bad SP / App

Metadata: https://simplesamlphp-sp.maiv1.incubator.geant.org/simplesaml/module.php/saml/sp/metadata/bad-sp

App: https://simplesamlphp-sp.maiv1.incubator.geant.org/php-app-bad-ssp-sp/

KeyCloak

Instance available here: https://keycloak.maiv1.incubator.geant.org/

TODO configuration

Shibboleth

TODO


  • No labels