Projects/nettsiden
8
3
Fork 0
Code Issues 18 Pull Requests Activity

Host both service provider and identity provider for local dev

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-12-17 14:18:30 +09:00
parent 3d07547f80
commit 19c49b4a00
15 changed files with 1573 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
dist/simplesaml-dev/authsources.php vendored Normal file
View File

@@ -0,0 +1,36 @@
<?php
declare(strict_types=1);
$config = [
// This is used by the service provider to contact the identity provider
'default-sp' => [
'saml:SP',
'entityID' => 'http://localhost:1080/simplesaml/sp',
'idp' => 'http://localhost:1080/simplesaml/idp',
],
// This is used by the identity provider to authenticate users
'example-userpass' => [
'exampleauth:UserPass',
'users' => [
'user:user' => [
'uid' => ['user'],
'group' => ['users'],
'cn' => '/home/pvv/d/user',
'mail' => 'user+test@pvv.ntnu.no',
],
'admin:admin' => [
'uid' => ['admin'],
'group' => ['admins'],
'cn' => '/home/pvv/d/admin',
'mail' => 'admin+test@pvv.ntnu.no',
],
],
],
// This is also used by the identity provider to authenticate IDP admins
// See http://localhost:1080/simplesaml/admin/
'admin' => [
'core:AdminPassword',
],
];

1416
dist/simplesaml-dev/config.php vendored Normal file
View File

File diff suppressed because it is too large Load Diff

10
dist/simplesaml-dev/saml20-idp-hosted.php vendored Normal file
View File

@@ -0,0 +1,10 @@
<?php
declare(strict_types=1);
$metadata['http://localhost:1080/simplesaml/idp'] = [
'host' => '__DEFAULT__',
'privatekey' => 'localhost.pem',
'certificate' => 'localhost.crt',
'auth' => 'example-userpass',
];

50
dist/simplesaml-dev/saml20-idp-remote.php vendored Normal file
View File

@@ -0,0 +1,50 @@
<?php
declare(strict_types=1);
$metadata['https://idp.pvv.ntnu.no/'] = [
'metadata-set' => 'saml20-idp-remote',
'entityid' => 'https://idp.pvv.ntnu.no/',
'SingleSignOnService' => [
0 => [
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SSOService.php',
],
],
'SingleLogoutService' => [
0 => [
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SingleLogoutService.php',
],
],
'certData' => 'MIIDpTCCAo2gAwIBAgIJAJIgibrB7NvsMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNVBAYTAk5PMR4wHAYDVQQKDBVQcm9ncmFtdmFyZXZlcmtzdGVkZXQxGDAWBgNVBAMMD2lkcC5wdnYubnRudS5ubzEgMB4GCSqGSIb3DQEJARYRZHJpZnRAcHZ2Lm50bnUubm8wHhcNMTcxMTEzMjI0NTQyWhcNMjcxMTEzMjI0NTQyWjBpMQswCQYDVQQGEwJOTzEeMBwGA1UECgwVUHJvZ3JhbXZhcmV2ZXJrc3RlZGV0MRgwFgYDVQQDDA9pZHAucHZ2Lm50bnUubm8xIDAeBgkqhkiG9w0BCQEWEWRyaWZ0QHB2di5udG51Lm5vMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveLujCsgVCRA360y5yezy8FcSPhaqodggDqY12UTkYOMQLBFaph6uUL4oCUlXZqxScrAYVRt9yw+7BYpcm0p51VZzVCsfMxRVkn+O1eUvsaXq3f13f87QHKYP2f0uqkGf5PvnKIdSaI/ix8WJhD8XT+h0OkHEcaBvUtSG7zbEhvG21WPHwgw2rvZSneArQ8tOitZC0u8VXSfdhtf6ynRseo0xC95634UwQAZivhQ2v4A6Tp57QG5DCXIJ9/z3PkINx3KB/hOeh0EP6Dpbp+7V0/t9778E3whpm4llrH144kzROhA7EgUgkZOjAVjxGCYlcj3xQPnnItihVOZ5B5qLwIDAQABo1AwTjAdBgNVHQ4EFgQUPLhrB+Qb/Kzz7Car9GJkKmEkz6swHwYDVR0jBBgwFoAUPLhrB+Qb/Kzz7Car9GJkKmEkz6swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAd+4E6t0j8/p8rbZE8y/gZ9GsiRhxkR4l6JbMRUfEpqHKi415qstChRcP2Lo3Yd5qdmj9tLDWoPsqet1QgyTTmQTgUmPhhMOQDqSh90LuqEJseKWafXGS/SfWLH6MWVmzDV5YofJEw2ThPiU58GiS06OLS2poq1eAesa2LQ22J8yYisXM4sxImIFte+LYQ1+1evfBWcvU1vrGsQ0VLJHdef9WoXp1swUFhq4Zk0c7gjHiB1CFVlExAAlk9L6W3CVXmKIYlf4eUnEBGkC061Ir42+uhAMWO9Y/L1NEuboTyd2KAI/6JdKdzpmfk7zPVxWlNxNCZ7OPNuvOKp6VlpB2EA==',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
];
function getCertData(string $path): string
{
$cert = file_get_contents($path);
$cert = str_replace("-----BEGIN CERTIFICATE-----", "", $cert);
$cert = str_replace("-----END CERTIFICATE-----", "", $cert);
$cert = str_replace(["\r", "\n"], "", $cert);
return $cert;
}
$metadata['http://localhost:1080/simplesaml/idp'] = [
'metadata-set' => 'saml20-idp-remote',
'entityid' => 'https://localhost:1080/simplesaml/idp',
'SingleSignOnService' => [
0 => [
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://localhost:1080/simplesaml/saml2/idp/SSOService.php',
],
],
'SingleLogoutService' => [
0 => [
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://localhost:1080/simplesaml/saml2/idp/SingleLogoutService.php',
],
],
'certData' => getCertData(__DIR__ . '/../cert/localhost.crt'),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
];

16
dist/simplesaml-dev/saml20-sp-remote.php vendored Normal file
View File

@@ -0,0 +1,16 @@
<?php
$metadata['http://localhost:1080/simplesaml/sp'] = [
'AssertionConsumerService' => [
[
'Location' => 'http://localhost:1080/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
],
],
'SingleLogoutService' => [
[
'Location' => 'http://localhost:1080/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
],
],
];

0
dist/simplesamlphp-authsources.php → dist/simplesaml-prod/authsources.php vendored
View File

0
dist/simplesamlphp-config.php → dist/simplesaml-prod/config.php vendored
View File

0
dist/simplesamlphp-idp.php → dist/simplesaml-prod/saml20-idp-remote.php vendored
View File

0
dist/pvv_mysql.sql → dist/sql/pvv_mysql.sql vendored
View File

0
dist/pvv_sqlite.sql → dist/sql/pvv_sqlite.sql vendored
View File

27
nix/package.nix
View File

@@ -4,7 +4,22 @@
}: }:
php.buildComposerProject rec { php.buildComposerProject rec {
src = ./..; src = lib.fileset.toSource {
root = ./..;
fileset = lib.fileset.difference
(lib.fileset.unions [
../dist
../inc
../src
../www
../composer.json
../composer.lock
])
(lib.fileset.unions [
(lib.fileset.maybeMissing ../www/simplesaml)
(lib.fileset.maybeMissing ../www/simplesaml-idp)
]);
};
pname = "pvv-nettsiden"; pname = "pvv-nettsiden";
version = "0.0.1"; version = "0.0.1";
vendorHash = "sha256-7I7Fdp5DvCwCdYY66Mv0hZ+a8xRzQt+WMUKG544k7Fc="; vendorHash = "sha256-7I7Fdp5DvCwCdYY66Mv0hZ+a8xRzQt+WMUKG544k7Fc=";
@@ -12,15 +27,15 @@ php.buildComposerProject rec {
passthru.simplesamlphpPath = "share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp"; passthru.simplesamlphpPath = "share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";
postInstall = '' postInstall = ''
install -Dm644 dist/simplesamlphp-config.php $out/${passthru.simplesamlphpPath}/config/config.php install -Dm644 dist/simplesaml-prod/config.php "$out"/${passthru.simplesamlphpPath}/config/config.php
install -Dm644 dist/simplesamlphp-authsources.php $out/${passthru.simplesamlphpPath}/config/authsources.php install -Dm644 dist/simplesaml-prod/authsources.php "$$out/${passthru.simplesamlphpPath}/config/authsources.php
install -Dm644 dist/simplesamlphp-idp.php $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php install -Dm644 dist/simplesaml-prod/saml20-idp-remote.php "$$out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php
install -Dm644 dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php install -Dm644 dist/config.source-env.php "$$out/share/php/pvv-nettsiden/config.php
${lib.pipe extra_files [ ${lib.pipe extra_files [
(lib.mapAttrsToList (target_path: source_path: '' (lib.mapAttrsToList (target_path: source_path: ''
mkdir -p $(dirname "$out/${target_path}") mkdir -p $(dirname "$out/${target_path}")
cp -r "${source_path}" "$out/${target_path}" cp -r "${source_path}" "$out/${target_path}"
'')) ''))
(lib.concatStringsSep "\n") (lib.concatStringsSep "\n")
]} ]}

25
nix/shell.nix
View File

@@ -12,6 +12,7 @@ pkgs.mkShellNoCC {
php84Packages.php-cs-fixer php84Packages.php-cs-fixer
sqlite-interactive sqlite-interactive
sql-formatter sql-formatter
openssl
]; ];
# Prepare dev environment with sqlite and config files # Prepare dev environment with sqlite and config files
@@ -21,16 +22,32 @@ pkgs.mkShellNoCC {
declare -a PROJECT_ROOT="$("${lib.getExe pkgs.git}" rev-parse --show-toplevel)" declare -a PROJECT_ROOT="$("${lib.getExe pkgs.git}" rev-parse --show-toplevel)"
mkdir -p "$PROJECT_ROOT/www/galleri/bilder/slideshow" mkdir -p "$PROJECT_ROOT/www/galleri/bilder/slideshow"
test -e "$PROJECT_ROOT/pvv.sqlite" || sqlite3 "$PROJECT_ROOT/pvv.sqlite" < "$PROJECT_ROOT/dist/pvv_sqlite.sql" test -e "$PROJECT_ROOT/pvv.sqlite" || sqlite3 "$PROJECT_ROOT/pvv.sqlite" < "$PROJECT_ROOT/dist/sql/pvv_sqlite.sql"
test -e "$PROJECT_ROOT/config.php" || cp -v "$PROJECT_ROOT/dist/config.local.php" "$PROJECT_ROOT/config.php" test -e "$PROJECT_ROOT/config.php" || cp -v "$PROJECT_ROOT/dist/config.local.php" "$PROJECT_ROOT/config.php"
if [ ! -d "$PROJECT_ROOT/vendor" ] ; then if [ ! -d "$PROJECT_ROOT/vendor" ] ; then
pushd "$PROJECT_ROOT" pushd "$PROJECT_ROOT"
composer install || exit $? composer install || exit $?
cp dist/simplesamlphp-authsources.php vendor/simplesamlphp/simplesamlphp/config/authsources.php # Set up SimpleSAMLphp identity provider (for local testing)
cp dist/simplesamlphp-idp.php vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php install -m644 dist/simplesaml-dev/authsources.php -t vendor/simplesamlphp/simplesamlphp/config/
cp dist/simplesamlphp-config.php vendor/simplesamlphp/simplesamlphp/config/config.php install -m644 dist/simplesaml-dev/config.php -t vendor/simplesamlphp/simplesamlphp/config/
install -m644 dist/simplesaml-dev/saml20-idp-remote.php -t vendor/simplesamlphp/simplesamlphp/metadata/
install -m644 dist/simplesaml-dev/saml20-idp-hosted.php -t vendor/simplesamlphp/simplesamlphp/metadata/
install -m644 dist/simplesaml-dev/saml20-sp-remote.php -t vendor/simplesamlphp/simplesamlphp/metadata/
# See session.phpsession.savepath in config.php
mkdir -p vendor/simplesamlphp/simplesamlphp/sessions/
openssl req \
-newkey rsa:4096 \
-new \
-x509 \
-days 3652 \
-nodes \
-out vendor/simplesamlphp/simplesamlphp/cert/localhost.crt \
-keyout vendor/simplesamlphp/simplesamlphp/cert/localhost.pem \
-subj "/C=NO/ST=Trondheim/L=Trondheim/O=Programvareverkstedet/CN=localhost"
cp dist/config.local.php config.php cp dist/config.local.php config.php

2
www/admin/aktiviteter/delete.php
View File

@@ -25,4 +25,4 @@ $statement->execute();
header('Location: ' . $_SERVER['HTTP_REFERER']); header('Location: ' . $_SERVER['HTTP_REFERER']);
?> ?>
<a href=".?page=1">Om du ikke ble omdirigert tilbake klikk her</a> <a href=".?page=1">Om du ikke ble omdirigert tilbake klikk her</a>

2
www/admin/prosjekter/delete.php
View File

@@ -25,4 +25,4 @@ $statement->execute();
header('Location: ' . $_SERVER['HTTP_REFERER']); header('Location: ' . $_SERVER['HTTP_REFERER']);
?> ?>
<a href=".?page=1">Om du ikke ble omdirigert tilbake klikk her</a> <a href=".?page=1">Om du ikke ble omdirigert tilbake klikk her</a>

2
www/admin/prosjekter/update.php
View File

@@ -77,4 +77,4 @@ if ($id == 0) {
header('Location: .'); header('Location: .');
?> ?>
<a href=".?page=1">Om du ikke ble automatisk omdirigert tilbake klikk her</a> <a href=".?page=1">Om du ikke ble automatisk omdirigert tilbake klikk her</a>