Merge d37d020 into e5e82c1

composer.json

@@ -14,6 +14,7 @@
     "prefer-stable": true,
     "require": {
         "php": "~7.2",
+        "ext-json": "*",
         "guzzlehttp/guzzle": "^6",
         "incenteev/composer-parameter-handler": "~2.0",
         "jms/translation-bundle": "^1.3.0",

config/legacy/parameters.yaml.dist

@@ -62,6 +62,8 @@ parameters:
 
     # remote vetting
 
+    remote_vetting_entity_id: https://selfservice.stepup.example.com/rv/metadata
+
     # For each remote vetting IdP we require some parameters.
     remote_vetting_idps:
           # The display name
@@ -82,7 +84,6 @@ parameters:
           ssoUrl: https://selfservice.stepup.example.com/second-factor/mock/sso
           # Certificates for the remote vetting IdP
           certificateFile: "%saml_rv_publickey%"
-          privateKey: "%saml_rv_privatekey%"
           # The attribute mapping should map the institute IdP attributes with the ones received from the remote vetting
           # IdP.
           attributeMapping:
@@ -97,7 +98,6 @@ parameters:
           entityId: https://selfservice.stepup.example.com/mock/metadata
           ssoUrl: https://selfservice.stepup.example.com/second-factor/mock/sso
           certificateFile: "%saml_rv_publickey%"
-          privateKey: "%saml_rv_privatekey%"
           attributeMapping:
             givenName: firstName
             surname: lastName
@@ -110,16 +110,21 @@ parameters:
           entityId: https://selfservice.stepup.example.com/mock/metadata
           ssoUrl: https://selfservice.stepup.example.com/second-factor/mock/sso
           certificateFile: '%saml_rv_publickey%'
-          privateKey: '%saml_rv_privatekey%'
           attributeMapping:
             givenName: firstName
             surname: lastName
-    # SelfService acts as the remote vetting SP, this metadata is used by the remote vetting IdP's to post their SAML
-    # responses to
-    remote_vetting_sp:
-      entityId: https://selfservice.stepup.example.com/saml/metadata
-      assertionConsumerUrl: https://selfservice.stepup.example.com/second-factor/acs
-      privateKey: '%saml_rv_privatekey%'
+        - slug: mock
+          name: 'Mock IDP'
+          logo: /images/remote-vetting/mock.png
+          description:
+              nl_NL: 'This is an integration test IdP.'
+              en_GB: 'This is an integration test IdP.'
+          entityId: 'https://selfservice.stepup.example.com/mock/metadata'
+          ssoUrl: 'https://selfservice.stepup.example.com/second-factor/mock/sso'
+          certificateFile: '%saml_rv_publickey%'
+          attributeMapping:
+              givenName: firstName
+              surname: lastName
 
     identity_encryption_configuration:
       # The public key used to encrypt the remote vetting user data. The private key matching this is used to decrypt,
@@ -147,6 +152,8 @@ parameters:
       # The location on disk where the encrypted remote vetting user data is stored
       storage_location: '%kernel.project_dir%/var/rv'
 
-    # For test, we use a mock remote vetting IdP, these certificates are used for that.
-    saml_rv_publickey: /src/Stepup-SelfService/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.crt
-    saml_rv_privatekey: /src/Stepup-SelfService/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.key
+
+    # Saml Remote Vetting SP public key
+    saml_rv_publickey: '%kernel.project_dir%/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.crt'
+    # Saml Remote Vetting Mock IdP private key (used for development and testing, this value should be omitted in production)
+    saml_rv_privatekey: '%kernel.project_dir%/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.key'

config/legacy/samlstepupproviders.yaml

@@ -7,108 +7,6 @@ surfnet_stepup_self_service_saml_stepup_provider:
         metadata: ss_registration_gssf_saml_metadata
 
     providers:
-        tiqr:
-            hosted:
-                service_provider:
-                    public_key: "%gssp_tiqr_sp_publickey%"
-                    private_key: "%gssp_tiqr_sp_privatekey%"
-                metadata:
-                    public_key: "%gssp_tiqr_metadata_publickey%"
-                    private_key: "%gssp_tiqr_metadata_privatekey%"
-            remote:
-                entity_id: "%gssp_tiqr_remote_entity_id%"
-                sso_url: "%gssp_tiqr_remote_sso_url%"
-                certificate: "%gssp_tiqr_remote_certificate%"
-            view_config:
-                loa: "%gssp_tiqr_loa%"
-                logo: "%gssp_tiqr_logo%"
-                alt: "%gssp_tiqr_alt%"
-                title: "%gssp_tiqr_title%"
-                description: "%gssp_tiqr_description%"
-                button_use: "%gssp_tiqr_button_use%"
-                initiate_title: "%gssp_tiqr_initiate_title%"
-                initiate_button: "%gssp_tiqr_initiate_button%"
-                explanation: "%gssp_tiqr_explanation%"
-                authn_failed: "%gssp_tiqr_authn_failed%"
-                pop_failed: "%gssp_tiqr_pop_failed%"
-                app_android_url: "%gssp_tiqr_app_android_url%"
-                app_ios_url: "%gssp_tiqr_app_ios_url%"
-        biometric:
-          hosted:
-            service_provider:
-              public_key: "%gssp_biometric_sp_publickey%"
-              private_key: "%gssp_biometric_sp_privatekey%"
-            metadata:
-              public_key: "%gssp_biometric_metadata_publickey%"
-              private_key: "%gssp_biometric_metadata_privatekey%"
-          remote:
-            entity_id: "%gssp_biometric_remote_entity_id%"
-            sso_url: "%gssp_biometric_remote_sso_url%"
-            certificate: "%gssp_biometric_remote_certificate%"
-          view_config:
-            loa: "%gssp_biometric_loa%"
-            logo: "%gssp_biometric_logo%"
-            alt: "%gssp_biometric_alt%"
-            title: "%gssp_biometric_title%"
-            description: "%gssp_biometric_description%"
-            button_use: "%gssp_biometric_button_use%"
-            initiate_title: "%gssp_biometric_initiate_title%"
-            initiate_button: "%gssp_biometric_initiate_button%"
-            explanation: "%gssp_biometric_explanation%"
-            authn_failed: "%gssp_biometric_authn_failed%"
-            pop_failed: "%gssp_biometric_pop_failed%"
-        webauthn:
-            hosted:
-                service_provider:
-                    public_key: "%gssp_webauthn_sp_publickey%"
-                    private_key: "%gssp_webauthn_sp_privatekey%"
-                metadata:
-                    public_key: "%gssp_webauthn_metadata_publickey%"
-                    private_key: "%gssp_webauthn_metadata_privatekey%"
-            remote:
-                entity_id: "%gssp_webauthn_remote_entity_id%"
-                sso_url: "%gssp_webauthn_remote_sso_url%"
-                certificate: "%gssp_webauthn_remote_certificate%"
-            view_config:
-                loa: 3
-                logo: "%gssp_webauthn_logo%"
-                alt: "%gssp_webauthn_alt%"
-                title: "%gssp_webauthn_title%"
-                description: "%gssp_webauthn_description%"
-                button_use: "%gssp_webauthn_button_use%"
-                initiate_title: "%gssp_webauthn_initiate_title%"
-                initiate_button: "%gssp_webauthn_initiate_button%"
-                explanation: "%gssp_webauthn_explanation%"
-                authn_failed: "%gssp_webauthn_authn_failed%"
-                pop_failed: "%gssp_webauthn_pop_failed%"
-                app_android_url: "%gssp_webauthn_app_android_url%"
-                app_ios_url: "%gssp_webauthn_app_ios_url%"
-        azuremfa:
-            hosted:
-                service_provider:
-                    public_key: "%gssp_azuremfa_sp_publickey%"
-                    private_key: "%gssp_azuremfa_sp_privatekey%"
-                metadata:
-                    public_key: "%gssp_azuremfa_metadata_publickey%"
-                    private_key: "%gssp_azuremfa_metadata_privatekey%"
-            remote:
-                entity_id: "%gssp_azuremfa_remote_entity_id%"
-                sso_url: "%gssp_azuremfa_remote_sso_url%"
-                certificate: "%gssp_azuremfa_remote_certificate%"
-            view_config:
-                loa: 2
-                logo: "%gssp_azuremfa_logo%"
-                alt: "%gssp_azuremfa_alt%"
-                title: "%gssp_azuremfa_title%"
-                description: "%gssp_azuremfa_description%"
-                button_use: "%gssp_azuremfa_button_use%"
-                initiate_title: "%gssp_azuremfa_initiate_title%"
-                initiate_button: "%gssp_azuremfa_initiate_button%"
-                explanation: "%gssp_azuremfa_explanation%"
-                authn_failed: "%gssp_azuremfa_authn_failed%"
-                pop_failed: "%gssp_azuremfa_pop_failed%"
-                app_android_url: "%gssp_azuremfa_app_android_url%"
-                app_ios_url: "%gssp_azuremfa_app_ios_url%"
         demo_gssp:
             hosted:
                 service_provider:

config/services_dev.yaml

@@ -0,0 +1,28 @@
+# Use this service definition file to override services and parameters in the dev environment.
+# For example to mock certain services, or override a password for test.
+services:
+  # A remote vetting mock IdP is used in order to mock the attributes released from a remote RV (Remote Vetting) IdP.
+  # This IdP is utilized as a drop in replacement to test the attribute matching between a remote IdP to vet with and the local
+  # OpenConext IdP.
+  Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration:
+    arguments:
+      $privateKey: '%saml_rv_privatekey%'
+      $configurationSettings: '%identity_encryption_configuration%'
+      $remoteVettingIdpConfig: '%remote_vetting_idps%'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration:
+    arguments:
+      $identityProviderEntityId: 'https://selfservice.stepup.example.com/mock/idp/metadata'
+      $serviceProviderEntityId: 'https://selfservice.stepup.example.com/rv/metadata'
+      $privateKeyPath: '%saml_rv_privatekey%'
+      $publicCertPath: '%saml_rv_publickey%'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockRemoteVetController:
+    public: true
+    arguments:
+      - '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway'
+      - '@twig'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway:
+    arguments:
+      - '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration'

config/services_test.yaml

@@ -4,10 +4,6 @@
 parameters:
   middleware_credentials_password: secret
 
-  saml_rv_publickey: '%kernel.project_dir%/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.crt'
-  saml_rv_privatekey: '%kernel.project_dir%/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.key'
-
-
 services:
   surfnet_stepup_self_service_self_service.service.sms_second_factor:
     class: Surfnet\StepupSelfService\SelfServiceBundle\Tests\TestDouble\Service\SmsSecondFactorService
@@ -35,8 +31,28 @@ services:
         - "%middleware_url_command_api%"
 
 
-  Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Encryption\IdentityEncrypter:
-    class: \Surfnet\StepupSelfService\SelfServiceBundle\Tests\Service\RemoteVetting\Encryption\FakeIdentityEncrypter
+  # A remote vetting mock IdP is used in order to mock the attributes released from a remote RV (Remote Vetting) IdP.
+  # This IdP is utilized as a drop in replacement to test the attribute matching between a remote IdP to vet with and the local
+  # OpenConext IdP.
+  Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration:
+    arguments:
+      $privateKey: '%saml_rv_privatekey%'
+      $configurationSettings: '%identity_encryption_configuration%'
+      $remoteVettingIdpConfig: '%remote_vetting_idps%'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration:
+    arguments:
+      $identityProviderEntityId: 'https://selfservice.stepup.example.com/mock/idp/metadata'
+      $serviceProviderEntityId: 'https://selfservice.stepup.example.com/rv/metadata'
+      $privateKeyPath: '%saml_rv_privatekey%'
+      $publicCertPath: '%saml_rv_publickey%'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockRemoteVetController:
+    public: true
+    arguments:
+      - '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway'
+      - '@twig'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway:
     arguments:
-      $configuration: '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration'
-      $writer: '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Encryption\IdentityFilesystemWriter'
+      - '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration'

src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/config/remote_vetting.yml

@@ -1,15 +1,21 @@
 services:
   Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\IdentityProviderFactory:
+    public: true
     arguments:
-      - '%remote_vetting_idps%'
+      $configuration: '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration'
 
   Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\ServiceProviderFactory:
     arguments:
-      - '%remote_vetting_sp%'
+      $router: '@router'
+      $entityId: "%remote_vetting_entity_id%"
+      $assertionConsumerUrlSlug: "ss_second_factor_remote_vet_acs"
+      $privateKey: "%saml_rv_privatekey%"
 
   Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration:
     arguments:
+      $privateKey: '%saml_rv_privatekey%'
       $configurationSettings: '%identity_encryption_configuration%'
+      $remoteVettingIdpConfig: '%remote_vetting_idps%'
 
   Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\RemoteVettingContext:
     arguments:
@@ -23,7 +29,7 @@ services:
     $logger: '@logger'
 
   Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\AttributeMapper:
-    $identityProviderFactory: '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\IdentityProviderFactory'
+    $configuration: '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration'
 
   Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVettingService:
     public: true
@@ -43,31 +49,14 @@ services:
       - '@surfnet_stepup.registration_expiration_helper'
       - '@logger'
 
-  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration:
-    arguments:
-      $identityProviderEntityId: 'https://selfservice.stepup.example.com/mock/idp/metadata'
-      $serviceProviderEntityId: 'https://selfservice.stepup.example.com/saml/metadata'
-      $privateKeyPath: '%saml_rv_privatekey%'
-      $publicCertPath: '%saml_rv_publickey%'
-
-  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockRemoteVetController:
-    public: true
-    arguments:
-      - '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway'
-      - '@twig'
-
-  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway:
-    arguments:
-      - '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration'
-
   Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Encryption\IdentityFilesystemWriter:
     arguments:
       - '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration'
 
   Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\RemoteVettingViewHelper:
     public: true
     arguments:
-      $remoteVettingIdpConfig: "%remote_vetting_idps%"
+      $configuration: '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration'
 
   Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Encryption\IdentityEncrypter:
     arguments:

src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/config/services.yml

@@ -82,7 +82,7 @@ services:
     self_service.service.application:
         class: Surfnet\StepupSelfService\SelfServiceBundle\Service\ApplicationHelper
         arguments:
-            $kernelRootDir: "%kernel.root_dir%"
+            $kernelProjectDir: "%kernel.project_dir%"
 
     self_service.service.identity:
         class: Surfnet\StepupSelfService\SelfServiceBundle\Service\IdentityService

src/Surfnet/StepupSelfService/SelfServiceBundle/Service/ApplicationHelper.php

@@ -22,15 +22,15 @@
 
 class ApplicationHelper
 {
-    private $kernelRootDir;
+    private $kernelProjectDir;
 
     /**
-     * @param string $kernelRootDir
+     * @param string $kernelProjectDir
      */
-    public function __construct($kernelRootDir)
+    public function __construct($kernelProjectDir)
     {
-        Assert::string($kernelRootDir, 'Kernel root directory must have a string value');
-        $this->kernelRootDir = $kernelRootDir;
+        Assert::string($kernelProjectDir, 'Kernel project directory must have a string value');
+        $this->kernelProjectDir = $kernelProjectDir;
     }
 
     /**
@@ -44,7 +44,7 @@ public function __construct($kernelRootDir)
     public function getApplicationVersion()
     {
         // The buildPath (version string) is the installation directory of the project. And is derived from the
-        // kernel.root_dir (which is the app folder).
-        return basename(realpath($this->kernelRootDir . '/../'));
+        // kernel.project_dir (which is the app folder).
+        return basename(realpath($this->kernelProjectDir));
     }
 }