Step-up Gateway
This component is part of "Step-up Authentication as-a Service". See Stepup-Deploy for an overview and installation instructions for a complete Stepup system, including this component. The requirements and installation instructions below cover this component only.
Requirements
- PHP 7.2
- Composer
- A web server (Apache, Nginx)
- MariaDB 5.5+ (MySQL should work as well)
- syslog (or change the logging configuration in /app/config/logging.yml)
Installation
Clone the repository or download the archive to a directory. Install the dependencies by running composer install && yarn install and fill out the database credentials et cetera.
Make sure to run database migrations for u2f using bin/console u2f:migrations:migrate.
The Gateway is configured to only accept connections over SSL. Disable this under nelmio_security in config.yml or run the web server using a (self-signed) certificate.
Developer options
Mock Yubikey service
If you are not in possession of an actual Yubikey device, using the Mock Yubikey service might prove useful. This mock service was created for end to end test purposes, but could be utilized in this situation. To use the mock service:
- Update your
src/Surfnet/StepupGateway/ApiBundle/Resources/config/services.yml - Find the
surfnet_gateway_api.service.yubikeyservice - Update the service definition to point to this class:
class: Surfnet\StepupGateway\ApiBundle\Tests\TestDouble\Service\YubikeyService - Do not commit/push this change!
Release strategy
Please read: https://github.com/OpenConext/Stepup-Deploy/wiki/Release-Management fro more information on the release strategy used in Stepup projects.
Documentation
Documentation specific to this component is located in the docs directory in this repository:
- Gateway API
- Gateway State (diagrams of main flows and user session data)
- SAML Proxy with:
- SAML Example messages
Documentation for the Stepup system can be found in the
- Stepup-Deploy repository;
- and in the wiki of the Stepup-Deploy repository.