From 5a4fcc06aa849aa8d54fa93d66cb3bca4e2746c4 Mon Sep 17 00:00:00 2001 From: John Hsu Date: Sun, 21 Jul 2024 20:36:25 -0700 Subject: [PATCH] FIX puid not being stored in cwl data The OID used for the puid was wrong. So I've set it to the right one. I've also updated the dev IDP so that it'll send out the puid attribute on that OID. I've also changed the eduPersonAffiliation to values that I see in staging. I noticed that the dev IDP doesn't have the SP metadata checked in, so I've added it in. Also noticed that nodeservices is probably very outdated, although it still seems to work. Added comments that it might not be necessary in the next LTS due to deprecations. --- LocalSettings.php | 5 ++-- docker-compose.yml | 3 ++ .../simplesamlphp/idp/config/authsources.php | 14 ++++----- .../idp/metadata/saml20-sp-remote.php | 30 +++++++++++++++++++ 4 files changed, 42 insertions(+), 10 deletions(-) create mode 100644 docker/simplesamlphp/idp/metadata/saml20-sp-remote.php diff --git a/LocalSettings.php b/LocalSettings.php index 1786c13..241683b 100644 --- a/LocalSettings.php +++ b/LocalSettings.php @@ -643,9 +643,8 @@ function loadenv($envName, $default = "") { # UBCAuth required attributes: # eduPersonAffiliation, an array of (staff, student, faculty, etc) 'eduPersonAffiliationAttribute' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', - # non-standard attributes, uncertain OIDs - # ubc's puid - 'puidAttribute' => 'ubcEduCwlPuid', + # ubc's puid, non-standard attribute/OID + 'puidAttribute' => 'urn:mace:dir:attribute-def:ubcEduCwlPuid', ] ]; diff --git a/docker-compose.yml b/docker-compose.yml index f869b4d..960d0de 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -159,6 +159,9 @@ services: # - MEDIAWIKI_API_URL=http://web/w/api.php # - PARSOID_DOMAIN=localhost # - PARSOID_URL=http://parsoid:8000 +# parsoid is now integrated into mediawiki since 1.35 +# restbase is being deprecated +# TODO: we might not need nodeservices anymore in the next lts nodeservices: image: ubcctlt/mediawiki-node-services ports: diff --git a/docker/simplesamlphp/idp/config/authsources.php b/docker/simplesamlphp/idp/config/authsources.php index 3d31e21..48c21d3 100644 --- a/docker/simplesamlphp/idp/config/authsources.php +++ b/docker/simplesamlphp/idp/config/authsources.php @@ -100,30 +100,30 @@ 'student01:student01' => [ 'uid' => ['student01'], 'displayName' => 'Student 01', - 'ubcEduCwlPuid' => 'PUIDST01', - 'eduPersonAffiliation' => ['member', 'student'], + 'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDST01', + 'eduPersonAffiliation' => ['student'], 'mail' => 'student01@example.edu' ], 'instructor01:instructor01' => [ 'uid' => ['instructor01'], 'displayName' => 'Instructor 01', - 'ubcEduCwlPuid' => 'PUIDIN01', + 'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDIN01', 'alt' => '51092d7f-2f38-4a91-bfb0-13a021c02df3', - 'eduPersonAffiliation' => ['member', 'student'], + 'eduPersonAffiliation' => ['faculty', 'student'], 'mail' => 'instructor01@example.edu' ], 'employee:employeepass' => [ 'uid' => ['employee'], 'displayName' => 'Employee 00', - 'ubcEduCwlPuid' => 'PUIDEM00', - 'eduPersonAffiliation' => ['member', 'employee'], + 'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDEM00', + 'eduPersonAffiliation' => ['staff', 'alumni'], 'mail' => 'employee@example.edu' ], # intended to simulate a basic CWL account 'blockme01:blockme01' => [ 'uid' => ['blockme01'], 'displayName' => 'Block Me01', - 'ubcEduCwlPuid' => 'PUIDBM01', + 'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDBM01', 'eduPersonAffiliation' => [], 'mail' => 'blockme01@example.edu' ], diff --git a/docker/simplesamlphp/idp/metadata/saml20-sp-remote.php b/docker/simplesamlphp/idp/metadata/saml20-sp-remote.php new file mode 100644 index 0000000..0106a05 --- /dev/null +++ b/docker/simplesamlphp/idp/metadata/saml20-sp-remote.php @@ -0,0 +1,30 @@ + [ + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + 'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-logout.php/wiki-sp', + ], + ], + 'AssertionConsumerService' => [ + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + 'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-acs.php/wiki-sp', + 'index' => 0, + ], + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', + 'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-acs.php/wiki-sp', + 'index' => 1, + ], + ], + 'contacts' => [ + [ + 'emailAddress' => 'lt.hub@ubc.ca', + 'givenName' => 'UBC LT Hub', + 'contactType' => 'technical', + ], + ], + 'certData' => 'MIIEcTCCAtmgAwIBAgIUWmBx+tf9d7hKrFe9sjuhClKXFZ8wDQYJKoZIhvcNAQELBQAwSDELMAkGA1UEBhMCQ0ExEjAQBgNVBAcMCVZhbmNvdXZlcjEMMAoGA1UECgwDVUJDMRcwFQYDVQQDDA5zcC53aWtpLmRvY2tlcjAeFw0yNDA3MDQwOTA4MzZaFw0zNDA3MDQwOTA4MzZaMEgxCzAJBgNVBAYTAkNBMRIwEAYDVQQHDAlWYW5jb3V2ZXIxDDAKBgNVBAoMA1VCQzEXMBUGA1UEAwwOc3Aud2lraS5kb2NrZXIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDCEa0f5ZJhpSU+Xc0WNohbxTzpmDkqgI0rtWCmL5vqJakPCHnWnq0icCX2/zwh6//WP+9UPgO1ifHUhNC/NEJhBKGJjtNNKaV+AwUzj43IiLMqgkhMEvkqNePuKNBh/lvzjLl3KYMrLAEZKx+AluMaS7us5CmR9lyhY9nHZS0P1FRjwJ6SJ1o0HEuXHkH5eRotaRtrd8L+L93R9SaIBpgAy0XMkgFDqGmX7NbVAMT6cPNEVmj63J5veMtpCN5mQRXpZFPCSbmXOGlyy7S3cilpSk8QA8QOkt4EB+I6G5W/aaG8hNs4QHKkKMReJ/oHQbQXIJ2d4oMsQaEXk3FtTIbl4l7fKS+LvhCHvB9z8q/ueh3bAIcpSxGzg3oTScZM5ZZAqzjYxCMYdI+3h44FPUtDsZdwezFN/B+JsITQouaYzuRxjUV6uNGhZXSRb+st3VYIBg0+mIvowDyBHgQvOaAZ8/UuSqcfrMH/AwTVY2Ej2YzerKDCwchHmpv5sXRY+o8CAwEAAaNTMFEwHQYDVR0OBBYEFIUt4n/0ouPzNfRNonY/EtJhHXPfMB8GA1UdIwQYMBaAFIUt4n/0ouPzNfRNonY/EtJhHXPfMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAAK5QNOmFjLmQZdfWURK+hyCN08RIB6qOgKxuMG6j6u4brKOhktRAx+8hwrgVH96+fW3DkELsNGTTjUzxJvXM01cDDn2lUNMhLA2InHTsFe2zbmKG5sSl0wOFhi0kBnkGL8di3FgnqJJs8sTcQWajoFiEPa0yW3Gad/S6JSPgrHMlPkMPgZ8Vw8aYVprronbj9eiGWzRO5vFrE6YMn2l9es/pVJKzsb362EPhFekJA6f+6Ek2rfPRd0KiF5+Pln8KSooRmXpOZkM2CUfgOmb3lT9mwel2wemnXjUj0sjN5luotbK6YVhnwuq9d1O1a8Lhx8HLLasV7bR1hg9rjz+K2nv1XqWYsiFJelkgD4DOcFP68I/eiUiAf6jqh5+YJuqFXkXS9P6ohOXn5sbiV69+VV64JXG31emPgX/mm/41Bq2j5ESYak1I4RCPdLPpsjPWUMUKAXrRjbj8UZBf5w3Uv7tc4SY+Sc8mcBw0/14Ossz5h2ZLBW0j1QKqDWwSyWn5A==', +];