-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial Remote Vetting cleanup #220
Changes from all commits
468d6f4
512eef1
ef7a1a1
3aae359
04cd408
4b0fbd0
31ec0aa
c49e1c1
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,56 +7,6 @@ surfnet_stepup_self_service_saml_stepup_provider: | |
metadata: ss_registration_gssf_saml_metadata | ||
|
||
providers: | ||
tiqr: | ||
hosted: | ||
service_provider: | ||
public_key: "%gssp_tiqr_sp_publickey%" | ||
private_key: "%gssp_tiqr_sp_privatekey%" | ||
metadata: | ||
public_key: "%gssp_tiqr_metadata_publickey%" | ||
private_key: "%gssp_tiqr_metadata_privatekey%" | ||
remote: | ||
entity_id: "%gssp_tiqr_remote_entity_id%" | ||
sso_url: "%gssp_tiqr_remote_sso_url%" | ||
certificate: "%gssp_tiqr_remote_certificate%" | ||
view_config: | ||
loa: "%gssp_tiqr_loa%" | ||
logo: "%gssp_tiqr_logo%" | ||
alt: "%gssp_tiqr_alt%" | ||
title: "%gssp_tiqr_title%" | ||
description: "%gssp_tiqr_description%" | ||
button_use: "%gssp_tiqr_button_use%" | ||
initiate_title: "%gssp_tiqr_initiate_title%" | ||
initiate_button: "%gssp_tiqr_initiate_button%" | ||
explanation: "%gssp_tiqr_explanation%" | ||
authn_failed: "%gssp_tiqr_authn_failed%" | ||
pop_failed: "%gssp_tiqr_pop_failed%" | ||
app_android_url: "%gssp_tiqr_app_android_url%" | ||
app_ios_url: "%gssp_tiqr_app_ios_url%" | ||
biometric: | ||
hosted: | ||
service_provider: | ||
public_key: "%gssp_biometric_sp_publickey%" | ||
private_key: "%gssp_biometric_sp_privatekey%" | ||
metadata: | ||
public_key: "%gssp_biometric_metadata_publickey%" | ||
private_key: "%gssp_biometric_metadata_privatekey%" | ||
remote: | ||
entity_id: "%gssp_biometric_remote_entity_id%" | ||
sso_url: "%gssp_biometric_remote_sso_url%" | ||
certificate: "%gssp_biometric_remote_certificate%" | ||
view_config: | ||
loa: "%gssp_biometric_loa%" | ||
logo: "%gssp_biometric_logo%" | ||
alt: "%gssp_biometric_alt%" | ||
title: "%gssp_biometric_title%" | ||
description: "%gssp_biometric_description%" | ||
button_use: "%gssp_biometric_button_use%" | ||
initiate_title: "%gssp_biometric_initiate_title%" | ||
initiate_button: "%gssp_biometric_initiate_button%" | ||
explanation: "%gssp_biometric_explanation%" | ||
authn_failed: "%gssp_biometric_authn_failed%" | ||
pop_failed: "%gssp_biometric_pop_failed%" | ||
webauthn: | ||
hosted: | ||
service_provider: | ||
|
@@ -83,32 +33,58 @@ surfnet_stepup_self_service_saml_stepup_provider: | |
pop_failed: "%gssp_webauthn_pop_failed%" | ||
app_android_url: "%gssp_webauthn_app_android_url%" | ||
app_ios_url: "%gssp_webauthn_app_ios_url%" | ||
azuremfa: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This might lead to issues when building the dev environment. The application provisioning first composer-installs with scripts using the VCS provided parameters. It then dumps the StepupDeploy specific parameters. And again composer installs them. IIRC the first run requires the azuremfa gssp to be in config. I do not have time to re-provision my SelfService at this moment. But maybe this warning rings a bell with you? It might well be, I'm mistaken here. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I had to change the config in order to get my dedicated RV Stepup-VM up and running with the config in the remote-vetting branch in Deploy. Not all GSSP's were and will be configured for RV so this was done to just reflect that config. This indeed should be addressed to reflect develop in Deploy but I think this should be addressed just before (and only if) RV lands back in develop. But because that could happen in a while and a lot of Deploy's config could have been changed in the meantime I'll prefer to keep this config in sync with the RV branch in Deploy. |
||
demo_gssp_2: | ||
hosted: | ||
service_provider: | ||
public_key: "%gssp_azuremfa_sp_publickey%" | ||
private_key: "%gssp_azuremfa_sp_privatekey%" | ||
public_key: "%gssp_demo_gssp_2_sp_publickey%" | ||
private_key: "%gssp_demo_gssp_2_sp_privatekey%" | ||
metadata: | ||
public_key: "%gssp_azuremfa_metadata_publickey%" | ||
private_key: "%gssp_azuremfa_metadata_privatekey%" | ||
public_key: "%gssp_demo_gssp_2_metadata_publickey%" | ||
private_key: "%gssp_demo_gssp_2_metadata_privatekey%" | ||
remote: | ||
entity_id: "%gssp_azuremfa_remote_entity_id%" | ||
sso_url: "%gssp_azuremfa_remote_sso_url%" | ||
certificate: "%gssp_azuremfa_remote_certificate%" | ||
entity_id: "%gssp_demo_gssp_2_remote_entity_id%" | ||
sso_url: "%gssp_demo_gssp_2_remote_sso_url%" | ||
certificate: "%gssp_demo_gssp_2_remote_certificate%" | ||
view_config: | ||
loa: 3 | ||
logo: "%gssp_demo_gssp_2_logo%" | ||
alt: "%gssp_demo_gssp_2_alt%" | ||
title: "%gssp_demo_gssp_2_title%" | ||
description: "%gssp_demo_gssp_2_description%" | ||
button_use: "%gssp_demo_gssp_2_button_use%" | ||
initiate_title: "%gssp_demo_gssp_2_initiate_title%" | ||
initiate_button: "%gssp_demo_gssp_2_initiate_button%" | ||
explanation: "%gssp_demo_gssp_2_explanation%" | ||
authn_failed: "%gssp_demo_gssp_2_authn_failed%" | ||
pop_failed: "%gssp_demo_gssp_2_pop_failed%" | ||
app_android_url: "%gssp_demo_gssp_2_app_android_url%" | ||
app_ios_url: "%gssp_demo_gssp_2_app_ios_url%" | ||
tiqr: | ||
hosted: | ||
service_provider: | ||
public_key: "%gssp_tiqr_sp_publickey%" | ||
private_key: "%gssp_tiqr_sp_privatekey%" | ||
metadata: | ||
public_key: "%gssp_tiqr_metadata_publickey%" | ||
private_key: "%gssp_tiqr_metadata_privatekey%" | ||
remote: | ||
entity_id: "%gssp_tiqr_remote_entity_id%" | ||
sso_url: "%gssp_tiqr_remote_sso_url%" | ||
certificate: "%gssp_tiqr_remote_certificate%" | ||
view_config: | ||
loa: 2 | ||
logo: "%gssp_azuremfa_logo%" | ||
alt: "%gssp_azuremfa_alt%" | ||
title: "%gssp_azuremfa_title%" | ||
description: "%gssp_azuremfa_description%" | ||
button_use: "%gssp_azuremfa_button_use%" | ||
initiate_title: "%gssp_azuremfa_initiate_title%" | ||
initiate_button: "%gssp_azuremfa_initiate_button%" | ||
explanation: "%gssp_azuremfa_explanation%" | ||
authn_failed: "%gssp_azuremfa_authn_failed%" | ||
pop_failed: "%gssp_azuremfa_pop_failed%" | ||
app_android_url: "%gssp_azuremfa_app_android_url%" | ||
app_ios_url: "%gssp_azuremfa_app_ios_url%" | ||
logo: "%gssp_tiqr_logo%" | ||
alt: "%gssp_tiqr_alt%" | ||
title: "%gssp_tiqr_title%" | ||
description: "%gssp_tiqr_description%" | ||
button_use: "%gssp_tiqr_button_use%" | ||
initiate_title: "%gssp_tiqr_initiate_title%" | ||
initiate_button: "%gssp_tiqr_initiate_button%" | ||
explanation: "%gssp_tiqr_explanation%" | ||
authn_failed: "%gssp_tiqr_authn_failed%" | ||
pop_failed: "%gssp_tiqr_pop_failed%" | ||
app_android_url: "%gssp_tiqr_app_android_url%" | ||
app_ios_url: "%gssp_tiqr_app_ios_url%" | ||
demo_gssp: | ||
hosted: | ||
service_provider: | ||
|
@@ -135,29 +111,3 @@ surfnet_stepup_self_service_saml_stepup_provider: | |
pop_failed: "%gssp_demo_gssp_pop_failed%" | ||
app_android_url: "%gssp_demo_gssp_app_android_url%" | ||
app_ios_url: "%gssp_demo_gssp_app_ios_url%" | ||
demo_gssp_2: | ||
hosted: | ||
service_provider: | ||
public_key: "%gssp_demo_gssp_2_sp_publickey%" | ||
private_key: "%gssp_demo_gssp_2_sp_privatekey%" | ||
metadata: | ||
public_key: "%gssp_demo_gssp_2_metadata_publickey%" | ||
private_key: "%gssp_demo_gssp_2_metadata_privatekey%" | ||
remote: | ||
entity_id: "%gssp_demo_gssp_2_remote_entity_id%" | ||
sso_url: "%gssp_demo_gssp_2_remote_sso_url%" | ||
certificate: "%gssp_demo_gssp_2_remote_certificate%" | ||
view_config: | ||
loa: 3 | ||
logo: "%gssp_demo_gssp_2_logo%" | ||
alt: "%gssp_demo_gssp_2_alt%" | ||
title: "%gssp_demo_gssp_2_title%" | ||
description: "%gssp_demo_gssp_2_description%" | ||
button_use: "%gssp_demo_gssp_2_button_use%" | ||
initiate_title: "%gssp_demo_gssp_2_initiate_title%" | ||
initiate_button: "%gssp_demo_gssp_2_initiate_button%" | ||
explanation: "%gssp_demo_gssp_2_explanation%" | ||
authn_failed: "%gssp_demo_gssp_2_authn_failed%" | ||
pop_failed: "%gssp_demo_gssp_2_pop_failed%" | ||
app_android_url: "%gssp_demo_gssp_2_app_android_url%" | ||
app_ios_url: "%gssp_demo_gssp_2_app_ios_url%" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Use this service definition file to override services and parameters in the dev environment. | ||
# For example to mock certain services, or override a password for test. | ||
services: | ||
# A remote vetting mock IdP is used in order to mock the attributes released from a remote RV (Remote Vetting) IdP. | ||
# This IdP is utilized as a drop in replacement to test the attribute matching between a remote IdP to vet with and the local | ||
# OpenConext IdP. | ||
Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\Configuration\RemoteVettingConfiguration: | ||
arguments: | ||
$privateKey: '%saml_rv_privatekey%' | ||
$configurationSettings: '%identity_encryption_configuration%' | ||
$remoteVettingIdpConfig: '%remote_vetting_idps%' | ||
|
||
Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration: | ||
arguments: | ||
$identityProviderEntityId: 'https://selfservice.stepup.example.com/mock/idp/metadata' | ||
$serviceProviderEntityId: 'https://selfservice.stepup.example.com/rv/metadata' | ||
$privateKeyPath: '%saml_rv_privatekey%' | ||
$publicCertPath: '%saml_rv_publickey%' | ||
|
||
Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockRemoteVetController: | ||
public: true | ||
arguments: | ||
- '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway' | ||
- '@twig' | ||
|
||
Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockGateway: | ||
arguments: | ||
- '@Surfnet\StepupSelfService\SelfServiceBundle\Mock\RemoteVetting\MockConfiguration' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe I lack context, but isn't the RV configuration not still configurable? Albeit it became less pronounced, but you can still configure the entitiy id in parameters.yml.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only the entityid and keys, but not the endpoint anymore, that seemed to be confusing because of the multiple acs endpoints that exist.