tiqr idp for stepup authentication
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ansible
app
bin
build
docs
src
tests/AppBundle/Controller
var
web
.docheader
.gitignore
.travis.php.ini
.travis.yml
CHANGELOG.md
README.md
Vagrantfile
behat.yml
composer.json
composer.lock
jest.config.js
package.json
phpcs.xml
phpcs_tests.xml
phpmd.xml
phpunit.xml
phpunit.xml.dist
travis-ci-apache.conf
tsconfig.json
tslint.json
webpack.config.js
yarn.lock

README.md

Stepup-tiqr

build:

GSSP implementation of Tiqr. https://tiqr.org/documentation/

Project is based on example GSSP project https://github.com/OpenConext/Stepup-gssp-example

Locale user preference

The default locale is based on the user agent. When the user switches its locale the selected preference is stored inside a browser cookie (stepup_locale). The cookie is set on naked domain of the requested domain (for tiqr.example.com this is example.com).

Authentication and registration flows

The application provides internal (SpBundle) and a remote service provider. Instructions for this are given on the homepage of this Tiqr project Homepage.

flow

Tiqr registration

flow

Development environment

To get started, first setup the development environment. The dev env is a virtual machine. Every task described here is required to run from that machine.

Requirements

  • ansible 2.x
  • vagrant 1.9.x
  • vagrant-hostsupdater
  • Virtualbox
  • ansible-galaxy

Install

ansible-galaxy install -r ansible/requirements.yml -p ansible/roles/

Using the -c flag can be used to disable ssl verification on the install command.

vagrant up

Go to the directory inside the VM:

vagrant ssh

cd /vagrant

Install composer dependencies:

composer install

Build frontend assets:

composer encore dev or composer encore production for production

If everything goes as planned you can go to:

https://tiqr.example.com

You might need to add your IP address to the list of allowed remote address in web/app_dev.php.

Debugging

Xdebug is configured when provisioning your development Vagrant box. It's configured with auto connect IDE_KEY=phpstorm.

Demo sp is available on https://tiqr.example.com/app_dev.php/demo/sp

Tests and metrics

To run all required test you can run the following commands from the dev env:

    composer test 
    composer behat

Every part can be run separately. Check "scripts" section of the composer.json file for the different options.

Test Tiqr Api's

Demo sp is available on https://tiqr.example.com/app_dev.php/demo/sp

Fetch registration link automatically from /app_dev.php/registration/qr/dev

./bin/console test:registration <./qr_file.png>

./bin/console test:authentication <./qr_file.png>

Authentication can also be done in 'offline' mode, so you need to fill in your 'one time password'.

./bin/console test:authentication --offline=true ./<qr_file.png>

User storage

Currently we support three user storage solutions. Which are file system storage, ldap and database storage. The filesystem storage is used by default and stores the registered users in the /var/userdb.json file.

Database storage

To use the database storage you will need to change some settings:

In the parametes.yml, in the tiqr_library_options.storage.userstorage section configure:

tiqr_library_options:        
    storage:
        userstorage:
            type: pdo
            arguments:
                table: user
                dsn: 'mysql:host=tiqr.example.com;dbname=tiqr'
                username: tiqr-user
                password: tiqr-secret

The database schema can be found here: app/Resources/db/mysql-create-tables.sql

Filesystem storage

Or if you want to use the filesystem storage use this:

tiqr_library_options:        
    storage:
        userstorage:
            type: 'file'
            arguments:
              path: '/tmp'
              encryption: 'dummy' # mcrypt is also supported, dummy will not encrypt the entries in the user storage file

LDAP storage

Finally to use the LDAP backend provide the following options:

tiqr_library_options:        
    storage:
        userstorage:
            type: 'ldap'
            # The argument values equal the default values set when the arguments are omitted. So all arguments are
            # optional.
            arguments:
                userClass: 'tiqrPerson'
                dnPattern: '%s'
                idAttr: 'dn'
                displayNameAttr: 'sn'
                secretAttr: 'tiqrSecret'
                notificationTypeAttr: 'tiqrNotificationType'        
                notificationAddressAttr: 'tiqrNotificationAddress'        
                isBlockedAttr: 'tiqrIsBlocked'
                loginAttemptsAttr: 'tiqrLoginAttempts'  
                temporaryBlockAttemptsAttr: 'tiqrTemporaryBlockAttempts'
                temporaryBlockTimestampAttr: 'tiqrTemporaryBlockTimestamp'
                attributes: null

Release strategy

Please read: https://github.com/OpenConext/Stepup-Deploy/wiki/Release-Management fro more information on the release strategy used in Stepup projects.

Other resources