From 84dffc1b2056ef73544fc1f2e9a47b339c3e4041 Mon Sep 17 00:00:00 2001 From: gregcorbett Date: Thu, 23 Nov 2023 15:40:20 +0000 Subject: [PATCH] Update ShibToken for Keycloak based EGI Check In - this has included: - switching to aai-demo.egi.eu for preproduction, on the advice of EGI Check In team - updating the expected IdPs from subdomain/proxy/saml2/idp/metadata.php to subdomain/auth/realms/egi - moving from using epuid to voPersonID - related ticket: https://ggus.eu/index.php?mode=ticket_info&ticket_id=164026 --- .../AuthTokens/ShibAuthToken.php | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/Authentication/AuthTokens/ShibAuthToken.php b/lib/Authentication/AuthTokens/ShibAuthToken.php index 7408ee0ce..3361b5cc8 100644 --- a/lib/Authentication/AuthTokens/ShibAuthToken.php +++ b/lib/Authentication/AuthTokens/ShibAuthToken.php @@ -96,9 +96,9 @@ private function getAttributesInitToken(){ $this->userDetails = array('AuthenticationRealm' => array('UK_ACCESS_FED')); return; } - else if($idp == 'https://aai.egi.eu/proxy/saml2/idp/metadata.php'){ + else if($idp == 'https://aai.egi.eu/auth/realms/egi'){ // assurance is the old way EGI checkIn used to pass LoA attributes - /*if( empty($_SERVER['epuid'])){// || empty($_SERVER['displayName']) ){ + /*if( empty($_SERVER['voPersonID'])){// || empty($_SERVER['displayName']) ){ die('Did not recieve required attributes from the EGI Proxy Identity Provider to complete authentication, please contact gocdb-admins'); } if(empty($_SERVER['assurance'])){ @@ -112,16 +112,16 @@ private function getAttributesInitToken(){ echo ($HTML); die(); } - $this->principal = $_SERVER['epuid']; + $this->principal = $_SERVER['voPersonID']; $this->userDetails = array('AuthenticationRealm' => array('EGI Proxy IdP')); return; */ - if( empty($_SERVER['epuid'])){// || empty($_SERVER['displayName']) ){ + if( empty($_SERVER['voPersonID'])){// || empty($_SERVER['displayName']) ){ die('Did not recieve required attributes from the EGI Proxy Identity Provider to complete authentication, please contact gocdb-admins'); } if(empty($_SERVER['entitlement'])){ - //die('Did not recieve the required entitlement attribute from the EGI Dev Proxy IdP, please contact gocdb-admins'); + //die('Did not recieve the required entitlement attribute from the EGI Proxy IdP, please contact gocdb-admins'); $HTML = ''; $HTML .= "
"; $HTML .= 'Logout'; @@ -139,28 +139,28 @@ private function getAttributesInitToken(){ echo ($HTML); die(); } - $this->principal = $_SERVER['epuid']; + $this->principal = $_SERVER['voPersonID']; $this->userDetails = array('AuthenticationRealm' => array('EGI Proxy IdP')); return; } - else if($idp == 'https://aai-dev.egi.eu/proxy/saml2/idp/metadata.php'){ - if( empty($_SERVER['epuid'])){ - die('Did not receive required ePUID attributes from the EGI Dev Proxy Identity Provider to complete authentication, please contact gocdb-admins'); + else if($idp == 'https://aai-demo.egi.eu/auth/realms/egi'){ + if( empty($_SERVER['voPersonID'])){ + die('Did not receive required voPersonID attributes from the EGI Demo Proxy Identity Provider to complete authentication, please contact gocdb-admins'); } if(empty($_SERVER['entitlement'])){ - die('Did not receive the required entitlement attribute from the EGI Dev Proxy IdP, please contact gocdb-admins'); - } - $entitlementValuesArray = explode(';', $_SERVER['entitlement']); + die('Did not receive the required entitlement attribute from the EGI Demo Proxy IdP, please contact gocdb-admins'); + } + $entitlementValuesArray = explode(';', $_SERVER['entitlement']); if( !in_array('urn:mace:egi.eu:res:gocdb#aai.egi.eu', $entitlementValuesArray) ){ - $HTML = ''; + $HTML = ''; $HTML .= "
"; $HTML .= 'Logout'; $HTML .= "
"; echo ($HTML); die(); } - $this->principal = $_SERVER['epuid']; + $this->principal = $_SERVER['voPersonID']; $this->userDetails = array('AuthenticationRealm' => array('EGI Proxy IdP')); return; }