Merge b436890 into e5e82c1

composer.json

@@ -14,6 +14,7 @@
     "prefer-stable": true,
     "require": {
         "php": "~7.2",
+        "ext-json": "*",
         "guzzlehttp/guzzle": "^6",
         "incenteev/composer-parameter-handler": "~2.0",
         "jms/translation-bundle": "^1.3.0",

config/legacy/parameters.yaml.dist

@@ -62,6 +62,8 @@ parameters:
 
     # remote vetting
 
+    remote_vetting_entity_id: https://selfservice.stepup.example.com/rv/metadata
+
     # For each remote vetting IdP we require some parameters.
     remote_vetting_idps:
           # The display name
@@ -82,7 +84,6 @@ parameters:
           ssoUrl: https://selfservice.stepup.example.com/second-factor/mock/sso
           # Certificates for the remote vetting IdP
           certificateFile: "%saml_rv_publickey%"
-          privateKey: "%saml_rv_privatekey%"
           # The attribute mapping should map the institute IdP attributes with the ones received from the remote vetting
           # IdP.
           attributeMapping:
@@ -97,7 +98,6 @@ parameters:
           entityId: https://selfservice.stepup.example.com/mock/metadata
           ssoUrl: https://selfservice.stepup.example.com/second-factor/mock/sso
           certificateFile: "%saml_rv_publickey%"
-          privateKey: "%saml_rv_privatekey%"
           attributeMapping:
             givenName: firstName
             surname: lastName
@@ -110,16 +110,21 @@ parameters:
           entityId: https://selfservice.stepup.example.com/mock/metadata
           ssoUrl: https://selfservice.stepup.example.com/second-factor/mock/sso
           certificateFile: '%saml_rv_publickey%'
-          privateKey: '%saml_rv_privatekey%'
           attributeMapping:
             givenName: firstName
             surname: lastName
-    # SelfService acts as the remote vetting SP, this metadata is used by the remote vetting IdP's to post their SAML
-    # responses to
-    remote_vetting_sp:
-      entityId: https://selfservice.stepup.example.com/saml/metadata
-      assertionConsumerUrl: https://selfservice.stepup.example.com/second-factor/acs
-      privateKey: '%saml_rv_privatekey%'
+        - slug: mock
+          name: 'Mock IDP'
+          logo: /images/remote-vetting/mock.png
+          description:
+              nl_NL: 'This is an integration test IdP.'
+              en_GB: 'This is an integration test IdP.'
+          entityId: 'https://selfservice.stepup.example.com/mock/metadata'
+          ssoUrl: 'https://selfservice.stepup.example.com/second-factor/mock/sso'
+          certificateFile: '%saml_rv_publickey%'
+          attributeMapping:
+              givenName: firstName
+              surname: lastName
 
     identity_encryption_configuration:
       # The public key used to encrypt the remote vetting user data. The private key matching this is used to decrypt,
@@ -147,6 +152,8 @@ parameters:
       # The location on disk where the encrypted remote vetting user data is stored
       storage_location: '%kernel.project_dir%/var/rv'
 
-    # For test, we use a mock remote vetting IdP, these certificates are used for that.
-    saml_rv_publickey: /src/Stepup-SelfService/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.crt
-    saml_rv_privatekey: /src/Stepup-SelfService/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.key
+
+    # Saml Remote Vetting SP public key
+    saml_rv_publickey: '%kernel.project_dir%/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.crt'
+    # Saml Remote Vetting Mock IdP private key (used for development and testing, this value should be omitted in production)
+    saml_rv_privatekey: '%kernel.project_dir%/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.key'

config/legacy/samlstepupproviders.yaml

@@ -7,56 +7,6 @@ surfnet_stepup_self_service_saml_stepup_provider:
         metadata: ss_registration_gssf_saml_metadata
 
     providers:
-        tiqr:
-            hosted:
-                service_provider:
-                    public_key: "%gssp_tiqr_sp_publickey%"
-                    private_key: "%gssp_tiqr_sp_privatekey%"
-                metadata:
-                    public_key: "%gssp_tiqr_metadata_publickey%"
-                    private_key: "%gssp_tiqr_metadata_privatekey%"
-            remote:
-                entity_id: "%gssp_tiqr_remote_entity_id%"
-                sso_url: "%gssp_tiqr_remote_sso_url%"
-                certificate: "%gssp_tiqr_remote_certificate%"
-            view_config:
-                loa: "%gssp_tiqr_loa%"
-                logo: "%gssp_tiqr_logo%"
-                alt: "%gssp_tiqr_alt%"
-                title: "%gssp_tiqr_title%"
-                description: "%gssp_tiqr_description%"
-                button_use: "%gssp_tiqr_button_use%"
-                initiate_title: "%gssp_tiqr_initiate_title%"
-                initiate_button: "%gssp_tiqr_initiate_button%"
-                explanation: "%gssp_tiqr_explanation%"
-                authn_failed: "%gssp_tiqr_authn_failed%"
-                pop_failed: "%gssp_tiqr_pop_failed%"
-                app_android_url: "%gssp_tiqr_app_android_url%"
-                app_ios_url: "%gssp_tiqr_app_ios_url%"
-        biometric:
-          hosted:
-            service_provider:
-              public_key: "%gssp_biometric_sp_publickey%"
-              private_key: "%gssp_biometric_sp_privatekey%"
-            metadata:
-              public_key: "%gssp_biometric_metadata_publickey%"
-              private_key: "%gssp_biometric_metadata_privatekey%"
-          remote:
-            entity_id: "%gssp_biometric_remote_entity_id%"
-            sso_url: "%gssp_biometric_remote_sso_url%"
-            certificate: "%gssp_biometric_remote_certificate%"
-          view_config:
-            loa: "%gssp_biometric_loa%"
-            logo: "%gssp_biometric_logo%"
-            alt: "%gssp_biometric_alt%"
-            title: "%gssp_biometric_title%"
-            description: "%gssp_biometric_description%"
-            button_use: "%gssp_biometric_button_use%"
-            initiate_title: "%gssp_biometric_initiate_title%"
-            initiate_button: "%gssp_biometric_initiate_button%"
-            explanation: "%gssp_biometric_explanation%"
-            authn_failed: "%gssp_biometric_authn_failed%"
-            pop_failed: "%gssp_biometric_pop_failed%"
         webauthn:
             hosted:
                 service_provider:
@@ -83,32 +33,58 @@ surfnet_stepup_self_service_saml_stepup_provider:
                 pop_failed: "%gssp_webauthn_pop_failed%"
                 app_android_url: "%gssp_webauthn_app_android_url%"
                 app_ios_url: "%gssp_webauthn_app_ios_url%"
-        azuremfa:
+        demo_gssp_2:
             hosted:
                 service_provider:
-                    public_key: "%gssp_azuremfa_sp_publickey%"
-                    private_key: "%gssp_azuremfa_sp_privatekey%"
+                    public_key: "%gssp_demo_gssp_2_sp_publickey%"
+                    private_key: "%gssp_demo_gssp_2_sp_privatekey%"
                 metadata:
-                    public_key: "%gssp_azuremfa_metadata_publickey%"
-                    private_key: "%gssp_azuremfa_metadata_privatekey%"
+                    public_key: "%gssp_demo_gssp_2_metadata_publickey%"
+                    private_key: "%gssp_demo_gssp_2_metadata_privatekey%"
             remote:
-                entity_id: "%gssp_azuremfa_remote_entity_id%"
-                sso_url: "%gssp_azuremfa_remote_sso_url%"
-                certificate: "%gssp_azuremfa_remote_certificate%"
+                entity_id: "%gssp_demo_gssp_2_remote_entity_id%"
+                sso_url: "%gssp_demo_gssp_2_remote_sso_url%"
+                certificate: "%gssp_demo_gssp_2_remote_certificate%"
+            view_config:
+                loa: 3
+                logo: "%gssp_demo_gssp_2_logo%"
+                alt: "%gssp_demo_gssp_2_alt%"
+                title: "%gssp_demo_gssp_2_title%"
+                description: "%gssp_demo_gssp_2_description%"
+                button_use: "%gssp_demo_gssp_2_button_use%"
+                initiate_title: "%gssp_demo_gssp_2_initiate_title%"
+                initiate_button: "%gssp_demo_gssp_2_initiate_button%"
+                explanation: "%gssp_demo_gssp_2_explanation%"
+                authn_failed: "%gssp_demo_gssp_2_authn_failed%"
+                pop_failed: "%gssp_demo_gssp_2_pop_failed%"
+                app_android_url: "%gssp_demo_gssp_2_app_android_url%"
+                app_ios_url: "%gssp_demo_gssp_2_app_ios_url%"
+        tiqr:
+            hosted:
+                service_provider:
+                    public_key: "%gssp_tiqr_sp_publickey%"
+                    private_key: "%gssp_tiqr_sp_privatekey%"
+                metadata:
+                    public_key: "%gssp_tiqr_metadata_publickey%"
+                    private_key: "%gssp_tiqr_metadata_privatekey%"
+            remote:
+                entity_id: "%gssp_tiqr_remote_entity_id%"
+                sso_url: "%gssp_tiqr_remote_sso_url%"
+                certificate: "%gssp_tiqr_remote_certificate%"
             view_config:
                 loa: 2
-                logo: "%gssp_azuremfa_logo%"
-                alt: "%gssp_azuremfa_alt%"
-                title: "%gssp_azuremfa_title%"
-                description: "%gssp_azuremfa_description%"
-                button_use: "%gssp_azuremfa_button_use%"
-                initiate_title: "%gssp_azuremfa_initiate_title%"
-                initiate_button: "%gssp_azuremfa_initiate_button%"
-                explanation: "%gssp_azuremfa_explanation%"
-                authn_failed: "%gssp_azuremfa_authn_failed%"
-                pop_failed: "%gssp_azuremfa_pop_failed%"
-                app_android_url: "%gssp_azuremfa_app_android_url%"
-                app_ios_url: "%gssp_azuremfa_app_ios_url%"
+                logo: "%gssp_tiqr_logo%"
+                alt: "%gssp_tiqr_alt%"
+                title: "%gssp_tiqr_title%"
+                description: "%gssp_tiqr_description%"
+                button_use: "%gssp_tiqr_button_use%"
+                initiate_title: "%gssp_tiqr_initiate_title%"
+                initiate_button: "%gssp_tiqr_initiate_button%"
+                explanation: "%gssp_tiqr_explanation%"
+                authn_failed: "%gssp_tiqr_authn_failed%"
+                pop_failed: "%gssp_tiqr_pop_failed%"
+                app_android_url: "%gssp_tiqr_app_android_url%"
+                app_ios_url: "%gssp_tiqr_app_ios_url%"
         demo_gssp:
             hosted:
                 service_provider:
@@ -135,29 +111,3 @@ surfnet_stepup_self_service_saml_stepup_provider:
                 pop_failed: "%gssp_demo_gssp_pop_failed%"
                 app_android_url: "%gssp_demo_gssp_app_android_url%"
                 app_ios_url: "%gssp_demo_gssp_app_ios_url%"
-        demo_gssp_2:
-            hosted:
-                service_provider:
-                    public_key: "%gssp_demo_gssp_2_sp_publickey%"
-                    private_key: "%gssp_demo_gssp_2_sp_privatekey%"
-                metadata:
-                    public_key: "%gssp_demo_gssp_2_metadata_publickey%"
-                    private_key: "%gssp_demo_gssp_2_metadata_privatekey%"
-            remote:
-                entity_id: "%gssp_demo_gssp_2_remote_entity_id%"
-                sso_url: "%gssp_demo_gssp_2_remote_sso_url%"
-                certificate: "%gssp_demo_gssp_2_remote_certificate%"
-            view_config:
-                loa: 3
-                logo: "%gssp_demo_gssp_2_logo%"
-                alt: "%gssp_demo_gssp_2_alt%"
-                title: "%gssp_demo_gssp_2_title%"
-                description: "%gssp_demo_gssp_2_description%"
-                button_use: "%gssp_demo_gssp_2_button_use%"
-                initiate_title: "%gssp_demo_gssp_2_initiate_title%"
-                initiate_button: "%gssp_demo_gssp_2_initiate_button%"
-                explanation: "%gssp_demo_gssp_2_explanation%"
-                authn_failed: "%gssp_demo_gssp_2_authn_failed%"
-                pop_failed: "%gssp_demo_gssp_2_pop_failed%"
-                app_android_url: "%gssp_demo_gssp_2_app_android_url%"
-                app_ios_url: "%gssp_demo_gssp_2_app_ios_url%"

config/services_dev.yaml

@@ -0,0 +1,28 @@
+# Use this service definition file to override services and parameters in the dev environment.
+# For example to mock certain services, or override a password for test.
+services:
+  # A remote vetting mock IdP is used in order to mock the attributes released from a remote RV (Remote Vetting) IdP.
+  # This IdP is utilized as a drop in replacement to test the attribute matching between a remote IdP to vet with and the local
+  # OpenConext IdP.
+  Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration:
+    arguments:
+      $privateKey: '%saml_rv_privatekey%'
+      $configurationSettings: '%identity_encryption_configuration%'
+      $remoteVettingIdpConfig: '%remote_vetting_idps%'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration:
+    arguments:
+      $identityProviderEntityId: 'https://selfservice.stepup.example.com/mock/idp/metadata'
+      $serviceProviderEntityId: 'https://selfservice.stepup.example.com/rv/metadata'
+      $privateKeyPath: '%saml_rv_privatekey%'
+      $publicCertPath: '%saml_rv_publickey%'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockRemoteVetController:
+    public: true
+    arguments:
+      - '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway'
+      - '@twig'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway:
+    arguments:
+      - '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration'

config/services_test.yaml

@@ -4,10 +4,6 @@
 parameters:
   middleware_credentials_password: secret
 
-  saml_rv_publickey: '%kernel.project_dir%/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.crt'
-  saml_rv_privatekey: '%kernel.project_dir%/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Resources/test.key'
-
-
 services:
   surfnet_stepup_self_service_self_service.service.sms_second_factor:
     class: Surfnet\StepupSelfService\SelfServiceBundle\Tests\TestDouble\Service\SmsSecondFactorService
@@ -35,8 +31,28 @@ services:
         - "%middleware_url_command_api%"
 
 
-  Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Encryption\IdentityEncrypter:
-    class: \Surfnet\StepupSelfService\SelfServiceBundle\Tests\Service\RemoteVetting\Encryption\FakeIdentityEncrypter
+  # A remote vetting mock IdP is used in order to mock the attributes released from a remote RV (Remote Vetting) IdP.
+  # This IdP is utilized as a drop in replacement to test the attribute matching between a remote IdP to vet with and the local
+  # OpenConext IdP.
+  Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration:
+    arguments:
+      $privateKey: '%saml_rv_privatekey%'
+      $configurationSettings: '%identity_encryption_configuration%'
+      $remoteVettingIdpConfig: '%remote_vetting_idps%'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration:
+    arguments:
+      $identityProviderEntityId: 'https://selfservice.stepup.example.com/mock/idp/metadata'
+      $serviceProviderEntityId: 'https://selfservice.stepup.example.com/rv/metadata'
+      $privateKeyPath: '%saml_rv_privatekey%'
+      $publicCertPath: '%saml_rv_publickey%'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockRemoteVetController:
+    public: true
+    arguments:
+      - '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway'
+      - '@twig'
+
+  Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway:
     arguments:
-      $configuration: '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration'
-      $writer: '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Encryption\IdentityFilesystemWriter'
+      - '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration'