WIP: it works wahoo! and now for the cleanup

WIP: host both service provider and identity provider for local dev
2025-12-17 19:07:21 +09:00 · 2025-12-17 15:14:09 +09:00
32 changed files with 208 additions and 86 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@
 /test.sql
 /vendor/
 /www/simplesaml
+/www/simplesaml-idp
 composer.phar
--- a/dist/service-provider/authsources.php
+++ b/dist/service-provider/authsources.php
@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+$config = [
+    /* This is the name of this authentication source, and will be used to access it later. */
+    'default-sp' => [
+      'saml:SP',
+      'entityID' => 'https://www.pvv.ntnu.no/simplesaml/',
+      'idp' => 'https://idp.pvv.ntnu.no/',
+    ],
+
+    'dev-sp' => [
+      'saml:SP',
+      'entityID' => 'http://localhost:1080/simplesaml/sp',
+      'idp' => 'http://localhost:1080/simplesaml/idp',
+    ],
+
+    'example-userpass' => [
+        'exampleauth:UserPass',
+        'users' => [
+            'user:user' => [
+                'uid' => ['user'],
+                'eduPersonAffiliation' => ['member', 'student'],
+            ],
+            'admin:admin' => [
+                'uid' => ['admin'],
+                'eduPersonAffiliation' => ['member', 'employee'],
+            ],
+        ],
+    ],
+
+    'admin' => [
+      'core:AdminPassword',
+    ],
+];
--- a/dist/service-provider/config.php
+++ b/dist/service-provider/config.php
@@ -190,7 +190,7 @@ $config = [
     * A possible way to generate a random salt is by running the following command from a unix shell:
     * LC_ALL=C tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo
     */
-    'secretsalt' => $SAML_COOKIE_SALT,
+    'secretsalt' => 'supersecretandlongsaltvaluechangeit',

    /*
     * This password must be kept secret, and modified from the default value 123.
@@ -202,7 +202,7 @@ $config = [
     * ansible.builtin.password_hash(hashtype='blowfish', ident='2y', rounds=13)
     * to generate this hashed value.
     */
-    'auth.adminpassword' => $SAML_ADMIN_PASSWORD,
+    'auth.adminpassword' => '$argon2id$v=19$m=64,t=4,p=1$anU4QTExRXVDRzJNRkhqaw$VJ/LIKwUjH/9JJjdBbEQNXbTArli5Np9VkIlZx4A1aM',

    /*
     * Set this option to true if you want to require administrator password to access the metadata.
@@ -237,7 +237,7 @@ $config = [
     * Example:
     *   'trusted.url.domains' => ['sp.example.com', 'app.example.com'],
     */
-    'trusted.url.domains' => $SAML_TRUSTED_DOMAINS,
+    'trusted.url.domains' => [ 'localhost', 'localhost:1080' ],

    /*
     * Enable regular expression matching of trusted.url.domains.
@@ -336,9 +336,9 @@ $config = [
     * empty array.
     */
    'debug' => [
-        'saml' => false,
+        'saml' => true,
        'backtraces' => true,
-        'validatexml' => false,
+        'validatexml' => true,
    ],

    /*
@@ -348,7 +348,7 @@ $config = [
     * When 'errorreporting' is enabled, a form will be presented for the user to report
     * the error to 'technicalcontact_email'.
     */
-    'showerrors' => false,
+    'showerrors' => true,
    'errorreporting' => true,

    /*
@@ -440,8 +440,10 @@ $config = [
     * must exist and be writable for SimpleSAMLphp. If set to something else, set
     * loggingdir above to 'null'.
     */
-    'logging.level' => SimpleSAML\Logger::NOTICE,
-    'logging.handler' => 'syslog',
+    // 'logging.level' => SimpleSAML\Logger::NOTICE,
+    // 'logging.handler' => 'syslog',
+    'logging.level' => SimpleSAML\Logger::DEBUG,
+    'logging.handler' => 'stderr',

    /*
     * Specify the format of the logs. Its use varies depending on the log handler used (for instance, you cannot
@@ -610,7 +612,7 @@ $config = [
     * one of the functionalities below, but in some cases you could run multiple functionalities.
     * In example when you are setting up a federation bridge.
     */
-    'enable.saml20-idp' => false,
+    'enable.saml20-idp' => true,
    'enable.adfs-idp' => false,


@@ -631,6 +633,7 @@ $config = [
     * ],
     */
    'module.enable' => [
+        'exampleauth' => true,
        'core' => true,
        'admin' => true,
        'saml' => true,
@@ -692,7 +695,7 @@ $config = [
     * Example:
     *  'session.cookie.domain' => '.example.org',
     */
-    'session.cookie.domain' => '',
+    // 'session.cookie.domain' => 'localhost',

    /*
     * Set the secure flag in the cookie.
@@ -703,7 +706,7 @@ $config = [
     *
     * If unset, SimpleSAMLphp will try to automatically determine the right value
     */
-    'session.cookie.secure' => $SAML_COOKIE_SECURE,
+    'session.cookie.secure' => false,

    /*
     * Set the SameSite attribute in the cookie.
@@ -722,14 +725,15 @@ $config = [
     * Example:
     *  'session.cookie.samesite' => 'None',
     */
-    'session.cookie.samesite' => $httpUtils->canSetSameSiteNone() ? 'None' : null,
+    // 'session.cookie.samesite' => $httpUtils->canSetSameSiteNone() ? 'None' : null,
+    'session.cookie.samesite' => 'Lax',

    /*
     * Options to override the default settings for php sessions.
     */
    'session.phpsession.cookiename' => 'SimpleSAML',
-    'session.phpsession.savepath' => null,
-    'session.phpsession.httponly' => true,
+    // 'session.phpsession.savepath' => '/home/h7x4/pvv/nettsiden/sessionstate',
+    'session.phpsession.httponly' => false,

    /*
     * Option to override the default settings for the auth token cookie
@@ -912,7 +916,7 @@ $config = [
    'language.cookie.name' => 'language',
    'language.cookie.domain' => '',
    'language.cookie.path' => '/',
-    'language.cookie.secure' => true,
+    'language.cookie.secure' => false,
    'language.cookie.httponly' => false,
    'language.cookie.lifetime' => (60 * 60 * 24 * 900),
    'language.cookie.samesite' => $httpUtils->canSetSameSiteNone() ? 'None' : null,
@@ -988,7 +992,7 @@ $config = [
     *
     * Defaults to true.
     */
-    'production' => true,
+    'production' => false,

    /*
     * SimpleSAMLphp modules can host static resources which are served through PHP.
@@ -1302,7 +1306,7 @@ $config = [
     *
     * The default datastore is 'phpsession'.
     */
-    'store.type'                    => 'phpsession',
+    'store.type'                    => 'sql',

    /*
     * The DSN the sql datastore should connect to.
@@ -1310,7 +1314,7 @@ $config = [
     * See http://www.php.net/manual/en/pdo.drivers.php for the various
     * syntaxes.
     */
-    'store.sql.dsn'                 => 'sqlite:/path/to/sqlitedatabase.sq3',
+    'store.sql.dsn'                 => 'sqlite:/home/h7x4/pvv/nettsiden/session.sqlite',

    /*
     * The username and password to use when connecting to the database.
--- a/dist/service-provider/saml20-idp-hosted.php
+++ b/dist/service-provider/saml20-idp-hosted.php
@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+$metadata['http://localhost:1080/simplesaml/idp'] =  [
+    'host' => '__DEFAULT__',
+    'privatekey' => 'localhost.pem',
+    'certificate' => 'localhost.crt',
+    'auth' => 'example-userpass',
+];
--- a/dist/service-provider/saml20-idp-remote.php
+++ b/dist/service-provider/saml20-idp-remote.php
@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+$metadata['https://idp.pvv.ntnu.no/'] =  [
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'https://idp.pvv.ntnu.no/',
+    'SingleSignOnService' => [
+        0 => [
+            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+            'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SSOService.php',
+        ],
+    ],
+    'SingleLogoutService' => [
+        0 => [
+            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+            'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SingleLogoutService.php',
+        ],
+    ],
+    'certData' => 'MIIDpTCCAo2gAwIBAgIJAJIgibrB7NvsMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNVBAYTAk5PMR4wHAYDVQQKDBVQcm9ncmFtdmFyZXZlcmtzdGVkZXQxGDAWBgNVBAMMD2lkcC5wdnYubnRudS5ubzEgMB4GCSqGSIb3DQEJARYRZHJpZnRAcHZ2Lm50bnUubm8wHhcNMTcxMTEzMjI0NTQyWhcNMjcxMTEzMjI0NTQyWjBpMQswCQYDVQQGEwJOTzEeMBwGA1UECgwVUHJvZ3JhbXZhcmV2ZXJrc3RlZGV0MRgwFgYDVQQDDA9pZHAucHZ2Lm50bnUubm8xIDAeBgkqhkiG9w0BCQEWEWRyaWZ0QHB2di5udG51Lm5vMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveLujCsgVCRA360y5yezy8FcSPhaqodggDqY12UTkYOMQLBFaph6uUL4oCUlXZqxScrAYVRt9yw+7BYpcm0p51VZzVCsfMxRVkn+O1eUvsaXq3f13f87QHKYP2f0uqkGf5PvnKIdSaI/ix8WJhD8XT+h0OkHEcaBvUtSG7zbEhvG21WPHwgw2rvZSneArQ8tOitZC0u8VXSfdhtf6ynRseo0xC95634UwQAZivhQ2v4A6Tp57QG5DCXIJ9/z3PkINx3KB/hOeh0EP6Dpbp+7V0/t9778E3whpm4llrH144kzROhA7EgUgkZOjAVjxGCYlcj3xQPnnItihVOZ5B5qLwIDAQABo1AwTjAdBgNVHQ4EFgQUPLhrB+Qb/Kzz7Car9GJkKmEkz6swHwYDVR0jBBgwFoAUPLhrB+Qb/Kzz7Car9GJkKmEkz6swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAd+4E6t0j8/p8rbZE8y/gZ9GsiRhxkR4l6JbMRUfEpqHKi415qstChRcP2Lo3Yd5qdmj9tLDWoPsqet1QgyTTmQTgUmPhhMOQDqSh90LuqEJseKWafXGS/SfWLH6MWVmzDV5YofJEw2ThPiU58GiS06OLS2poq1eAesa2LQ22J8yYisXM4sxImIFte+LYQ1+1evfBWcvU1vrGsQ0VLJHdef9WoXp1swUFhq4Zk0c7gjHiB1CFVlExAAlk9L6W3CVXmKIYlf4eUnEBGkC061Ir42+uhAMWO9Y/L1NEuboTyd2KAI/6JdKdzpmfk7zPVxWlNxNCZ7OPNuvOKp6VlpB2EA==',
+    'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
+];
+
+function getCertData(string $path): string
+{
+    $cert = file_get_contents($path);
+    $cert = str_replace("-----BEGIN CERTIFICATE-----", "", $cert);
+    $cert = str_replace("-----END CERTIFICATE-----", "", $cert);
+    $cert = str_replace(["\r", "\n"], "", $cert);
+    return $cert;
+}
+
+$metadata['http://localhost:1080/simplesaml/idp'] =  [
+    'metadata-set' => 'saml20-idp-remote',
+    'entityid' => 'https://localhost:1080/simplesaml/idp',
+    'SingleSignOnService' => [
+        0 => [
+            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+            'Location' => 'http://localhost:1080/simplesaml/saml2/idp/SSOService.php',
+        ],
+    ],
+    'SingleLogoutService' => [
+        0 => [
+            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+            'Location' => 'http://localhost:1080/simplesaml/saml2/idp/SingleLogoutService.php',
+        ],
+    ],
+    'certData' => getCertData(__DIR__ . '/../cert/localhost.crt'),
+    'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
+];
--- a/dist/service-provider/saml20-sp-remote.php
+++ b/dist/service-provider/saml20-sp-remote.php
@@ -0,0 +1,16 @@
+<?php
+
+$metadata['http://localhost:1080/simplesaml/sp'] = [
+    'AssertionConsumerService' => [
+        [
+            'Location' => 'http://localhost:1080/simplesaml/module.php/saml/sp/saml2-acs.php/dev-sp',
+            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
+        ],
+    ],
+    'SingleLogoutService' => [
+        [
+            'Location' => 'http://localhost:1080/simplesaml/module.php/saml/sp/saml2-logout.php/dev-sp',
+            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+        ],
+    ],
+];
--- a/dist/simplesamlphp-authsources.php
+++ b/dist/simplesamlphp-authsources.php
@@ -1,12 +0,0 @@
-<?php
-
-declare(strict_types=1);
-$config = [
-
-  /* This is the name of this authentication source, and will be used to access it later. */
-  'default-sp' => [
-    'saml:SP',
-    'entityID' => 'https://www.pvv.ntnu.no/simplesaml/',
-    'idp' => 'https://idp.pvv.ntnu.no/',
-  ],
-];
--- a/dist/simplesamlphp-idp.php
+++ b/dist/simplesamlphp-idp.php
@@ -1,21 +0,0 @@
-<?php
-
-declare(strict_types=1);
-$metadata['https://idp.pvv.ntnu.no/'] =  [
-  'metadata-set' => 'saml20-idp-remote',
-  'entityid' => 'https://idp.pvv.ntnu.no/',
-  'SingleSignOnService' => [
-    0 => [
-      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
-      'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SSOService.php',
-    ],
-  ],
-  'SingleLogoutService' => [
-    0 => [
-      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
-      'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SingleLogoutService.php',
-    ],
-  ],
-  'certData' => 'MIIDpTCCAo2gAwIBAgIJAJIgibrB7NvsMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNVBAYTAk5PMR4wHAYDVQQKDBVQcm9ncmFtdmFyZXZlcmtzdGVkZXQxGDAWBgNVBAMMD2lkcC5wdnYubnRudS5ubzEgMB4GCSqGSIb3DQEJARYRZHJpZnRAcHZ2Lm50bnUubm8wHhcNMTcxMTEzMjI0NTQyWhcNMjcxMTEzMjI0NTQyWjBpMQswCQYDVQQGEwJOTzEeMBwGA1UECgwVUHJvZ3JhbXZhcmV2ZXJrc3RlZGV0MRgwFgYDVQQDDA9pZHAucHZ2Lm50bnUubm8xIDAeBgkqhkiG9w0BCQEWEWRyaWZ0QHB2di5udG51Lm5vMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveLujCsgVCRA360y5yezy8FcSPhaqodggDqY12UTkYOMQLBFaph6uUL4oCUlXZqxScrAYVRt9yw+7BYpcm0p51VZzVCsfMxRVkn+O1eUvsaXq3f13f87QHKYP2f0uqkGf5PvnKIdSaI/ix8WJhD8XT+h0OkHEcaBvUtSG7zbEhvG21WPHwgw2rvZSneArQ8tOitZC0u8VXSfdhtf6ynRseo0xC95634UwQAZivhQ2v4A6Tp57QG5DCXIJ9/z3PkINx3KB/hOeh0EP6Dpbp+7V0/t9778E3whpm4llrH144kzROhA7EgUgkZOjAVjxGCYlcj3xQPnnItihVOZ5B5qLwIDAQABo1AwTjAdBgNVHQ4EFgQUPLhrB+Qb/Kzz7Car9GJkKmEkz6swHwYDVR0jBBgwFoAUPLhrB+Qb/Kzz7Car9GJkKmEkz6swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAd+4E6t0j8/p8rbZE8y/gZ9GsiRhxkR4l6JbMRUfEpqHKi415qstChRcP2Lo3Yd5qdmj9tLDWoPsqet1QgyTTmQTgUmPhhMOQDqSh90LuqEJseKWafXGS/SfWLH6MWVmzDV5YofJEw2ThPiU58GiS06OLS2poq1eAesa2LQ22J8yYisXM4sxImIFte+LYQ1+1evfBWcvU1vrGsQ0VLJHdef9WoXp1swUFhq4Zk0c7gjHiB1CFVlExAAlk9L6W3CVXmKIYlf4eUnEBGkC061Ir42+uhAMWO9Y/L1NEuboTyd2KAI/6JdKdzpmfk7zPVxWlNxNCZ7OPNuvOKp6VlpB2EA==',
-  'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
-];
--- a/dist/sql/pvv_mysql.sql
+++ b/dist/sql/pvv_mysql.sql
--- a/dist/sql/pvv_sqlite.sql
+++ b/dist/sql/pvv_sqlite.sql
--- a/inc/include.php
+++ b/inc/include.php
@@ -19,7 +19,7 @@ $pdo = new PDO($DB_DSN, $DB_USER, $DB_PASS);
 $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

-$sp = 'default-sp';
+$sp = 'dev-sp';
 $as = new SimpleSAML\Auth\Simple($sp);

 use pvv\side\Agenda;
--- a/inc/navbar.php
+++ b/inc/navbar.php
@@ -35,7 +35,8 @@ function navbar($depth, $active = null) {

 function loginBar($sp = null, $pdo = null) {
  if (null === $sp) {
-    $sp = 'default-sp';
+    // $sp = 'dev-sp';
+    $sp = 'dev-sp';
  }
  $result = "\n";
  require_once __DIR__ . '/../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
--- a/nix/package.nix
+++ b/nix/package.nix
@@ -4,7 +4,22 @@
 }:

 php.buildComposerProject rec {
-  src = ./..;
+  src = lib.fileset.toSource {
+    root = ./..;
+    fileset = lib.fileset.difference
+      (lib.fileset.unions [
+        ../dist
+        ../inc
+        ../src
+        ../www
+        ../composer.json
+        ../composer.lock
+      ])
+      (lib.fileset.unions [
+        (lib.fileset.maybeMissing ../www/simplesaml)
+        (lib.fileset.maybeMissing ../www/simplesaml-idp)
+      ]);
+  };
  pname = "pvv-nettsiden";
  version = "0.0.1";
  vendorHash = "sha256-7I7Fdp5DvCwCdYY66Mv0hZ+a8xRzQt+WMUKG544k7Fc=";
@@ -12,9 +27,9 @@ php.buildComposerProject rec {
  passthru.simplesamlphpPath = "share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp";

  postInstall = ''
-    install -Dm644 dist/simplesamlphp-config.php      $out/${passthru.simplesamlphpPath}/config/config.php
-    install -Dm644 dist/simplesamlphp-authsources.php $out/${passthru.simplesamlphpPath}/config/authsources.php
-    install -Dm644 dist/simplesamlphp-idp.php         $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php
+    install -Dm644 dist/service-provider/config.php            $out/${passthru.simplesamlphpPath}/config/config.php
+    install -Dm644 dist/service-provider/authsources.php       $out/${passthru.simplesamlphpPath}/config/authsources.php
+    install -Dm644 dist/service-provider/saml20-idp-remote.php $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php
    install -Dm644 dist/config.source-env.php                  $out/share/php/pvv-nettsiden/config.php

    ${lib.pipe extra_files [
--- a/nix/shell.nix
+++ b/nix/shell.nix
@@ -12,6 +12,7 @@ pkgs.mkShellNoCC {
    php84Packages.php-cs-fixer
    sqlite-interactive
    sql-formatter
+    openssl
  ];

  # Prepare dev environment with sqlite and config files
@@ -21,20 +22,42 @@ pkgs.mkShellNoCC {
    declare -a PROJECT_ROOT="$("${lib.getExe pkgs.git}" rev-parse --show-toplevel)"

    mkdir -p "$PROJECT_ROOT/www/galleri/bilder/slideshow"
-    test -e "$PROJECT_ROOT/pvv.sqlite" || sqlite3 "$PROJECT_ROOT/pvv.sqlite" < "$PROJECT_ROOT/dist/pvv_sqlite.sql"
+    test -e "$PROJECT_ROOT/pvv.sqlite" || sqlite3 "$PROJECT_ROOT/pvv.sqlite" < "$PROJECT_ROOT/dist/sql/pvv_sqlite.sql"
    test -e "$PROJECT_ROOT/config.php" || cp -v "$PROJECT_ROOT/dist/config.local.php" "$PROJECT_ROOT/config.php"

    if [ ! -d "$PROJECT_ROOT/vendor" ] ; then
      pushd "$PROJECT_ROOT"
      composer install || exit $?

-      cp dist/simplesamlphp-authsources.php vendor/simplesamlphp/simplesamlphp/config/authsources.php
-      cp dist/simplesamlphp-idp.php vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
-      cp dist/simplesamlphp-config.php vendor/simplesamlphp/simplesamlphp/config/config.php
+      # cp -r vendor/simplesamlphp vendor/simplesamlphp-idp
+
+      # Set up SimpleSAMLphp service provider
+      install -m644 dist/service-provider/authsources.php -t vendor/simplesamlphp/simplesamlphp/config/
+      install -m644 dist/service-provider/config.php -t vendor/simplesamlphp/simplesamlphp/config/
+      install -m644 dist/service-provider/saml20-idp-remote.php -t vendor/simplesamlphp/simplesamlphp/metadata/
+      install -m644 dist/service-provider/saml20-idp-hosted.php -t vendor/simplesamlphp/simplesamlphp/metadata/
+      install -m644 dist/service-provider/saml20-sp-remote.php -t vendor/simplesamlphp/simplesamlphp/metadata/
+
+      # Set up SimpleSAMLphp identity provider (for local testing)
+      # install -m644 dist/identity-provider/authsources.php -t vendor/simplesamlphp-idp/simplesamlphp/config/
+      # install -m644 dist/identity-provider/config.php -t vendor/simplesamlphp-idp/simplesamlphp/config/
+      # install -m644 dist/identity-provider/saml20-idp-hosted.php -t vendor/simplesamlphp-idp/simplesamlphp/metadata/
+      # install -m644 dist/identity-provider/saml20-sp-remote.php -t vendor/simplesamlphp-idp/simplesamlphp/metadata/
+
+      openssl req \
+        -newkey rsa:4096 \
+        -new \
+        -x509 \
+        -days 3652 \
+        -nodes \
+        -out vendor/simplesamlphp/simplesamlphp/cert/localhost.crt \
+        -keyout vendor/simplesamlphp/simplesamlphp/cert/localhost.pem \
+        -subj "/C=NO/ST=Trondheim/L=Trondheim/O=Programvareverkstedet/CN=localhost"

      cp dist/config.local.php config.php

      ln -s ../vendor/simplesamlphp/simplesamlphp/public/ www/simplesaml
+      # ln -s ../vendor/simplesamlphp-idp/simplesamlphp/public/ www/simplesaml-idp
      popd
    fi
  '';
--- a/www/admin/aktiviteter/delete.php
+++ b/www/admin/aktiviteter/delete.php
@@ -6,7 +6,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/aktiviteter/edit.php
+++ b/www/admin/aktiviteter/edit.php
@@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/aktiviteter/index.php
+++ b/www/admin/aktiviteter/index.php
@@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/aktiviteter/update.php
+++ b/www/admin/aktiviteter/update.php
@@ -8,7 +8,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/brukere/index.php
+++ b/www/admin/brukere/index.php
@@ -7,7 +7,7 @@ require __DIR__ . '/../../../inc/navbar.php';
 require __DIR__ . '/../../../src/_autoload.php';
 require __DIR__ . '/../../../config.php';
 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $attrs = $as->getAttributes();

 $pdo = new PDO($DB_DSN, $DB_USER, $DB_PASS);
@@ -15,7 +15,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/brukere/update.php
+++ b/www/admin/brukere/update.php
@@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/index.php
+++ b/www/admin/index.php
@@ -5,7 +5,7 @@ $pdo = new PDO($DB_DSN, $DB_USER, $DB_PASS);
 $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/motd/index.php
+++ b/www/admin/motd/index.php
@@ -7,7 +7,7 @@ require __DIR__ . '/../../../inc/navbar.php';
 require __DIR__ . '/../../../src/_autoload.php';
 require __DIR__ . '/../../../config.php';
 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $attrs = $as->getAttributes();

 $pdo = new PDO($DB_DSN, $DB_USER, $DB_PASS);
@@ -15,7 +15,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/motd/update.php
+++ b/www/admin/motd/update.php
@@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/prosjekter/delete.php
+++ b/www/admin/prosjekter/delete.php
@@ -6,7 +6,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/prosjekter/edit.php
+++ b/www/admin/prosjekter/edit.php
@@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/prosjekter/index.php
+++ b/www/admin/prosjekter/index.php
@@ -10,7 +10,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/admin/prosjekter/update.php
+++ b/www/admin/prosjekter/update.php
@@ -8,7 +8,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $userManager = new pvv\admin\UserManager($pdo);

 require_once __DIR__ . '/../../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $uname = $attrs['uid'][0];
--- a/www/galleri/index.php
+++ b/www/galleri/index.php
@@ -7,7 +7,7 @@ $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

 $userManager = new pvv\admin\UserManager($pdo);

-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
 $loginname = $attrs['uid'][0];
--- a/www/prosjekt/edit.php
+++ b/www/prosjekt/edit.php
@@ -6,7 +6,7 @@ require __DIR__ . '/../../src/_autoload.php';
 require __DIR__ . '/../../config.php';

 require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();

--- a/www/prosjekt/info.php
+++ b/www/prosjekt/info.php
@@ -10,7 +10,7 @@ if (isset($_GET['id'])) {
 }

 require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $attrs = $as->getAttributes();

 $projectManager = new pvv\side\ProjectManager($pdo);
--- a/www/prosjekt/mine.php
+++ b/www/prosjekt/mine.php
@@ -6,7 +6,7 @@ require __DIR__ . '/../../src/_autoload.php';
 require __DIR__ . '/../../config.php';

 require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();

--- a/www/prosjekt/update.php
+++ b/www/prosjekt/update.php
@@ -12,7 +12,7 @@ if (!isset($_POST['title']) || !isset($_POST['desc']) || !isset($_POST['active']
 }

 require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
-$as = new SimpleSAML\Auth\Simple('default-sp');
+$as = new SimpleSAML\Auth\Simple('dev-sp');
 $as->requireAuth();
 $attrs = $as->getAttributes();
Author	SHA1	Message	Date
h7x4	e3ac9f7404	WIP: it works wahoo! and now for the cleanup	2025-12-17 19:07:21 +09:00
h7x4	2262438085	WIP: host both service provider and identity provider for local dev	2025-12-17 15:14:09 +09:00