made shibboleth file also work off domain envvar

dlareau · Feb 29, 2020 · b5ae14a · b5ae14a
1 parent 9c5036c
commit b5ae14a
Show file tree

Hide file tree

Showing 7 changed files with 7 additions and 38 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -24,6 +24,7 @@ services:
       - static:/static
       - media:/media
     environment:
+      - DOMAIN
       - DJANGO_SECRET_KEY
       - DJANGO_ENABLE_DEBUG
       - DJANGO_EMAIL_USER

diff --git a/docker/apacheShibDockerfile b/docker/apacheShibDockerfile
@@ -20,6 +20,7 @@ COPY configs/shibboleth2.xml /etc/shibboleth/shibboleth2.xml
 COPY configs/puzzlehunt_apache_shib.conf /etc/apache2/sites-available/puzzlehunt.conf
 RUN rm /etc/apache2/sites-enabled/* && \
     sed -i -e "s/REPLACE_DOMAIN_STR/$DOMAIN/g" /etc/apache2/sites-available/puzzlehunt.conf && \
+    sed -i -e "s/REPLACE_DOMAIN_STR/$DOMAIN/g" /etc/shibboleth/shibboleth2.xml && \
     apt-get install -y libapache2-mod-xsendfile libapache2-mod-shib && \
     a2enmod proxy proxy_http proxy_html xsendfile shib && \
     a2ensite puzzlehunt && \

diff --git a/docker/configs/shibboleth2.xml b/docker/configs/shibboleth2.xml
@@ -20,7 +20,7 @@
     -->
 
     <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
-    <ApplicationDefaults entityID="https://puzzlehunt.club.cc.cmu.edu/shibboleth"
+    <ApplicationDefaults entityID="https://REPLACE_DOMAIN_STR/shibboleth"
                          REMOTE_USER="eppn persistent-id targeted-id">
 
         <!--
@@ -34,8 +34,8 @@
         -->
         <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
                   checkAddress="false" handlerSSL="true"
-                  handlerURL="https://puzzlehunt.club.cc.cmu.edu/Shibboleth.sso" 
-                  cookieProps="; domain=puzzlehunt.club.cc.cmu.edu; path=/; secure">
+                  handlerURL="https://REPLACE_DOMAIN_STR/Shibboleth.sso"
+                  cookieProps="; domain=REPLACE_DOMAIN_STR; path=/; secure">
 
             <!--
             Configures SSO for a default IdP. To allow for >1 IdP, remove

diff --git a/hosts_private.yaml b/hosts_private.yaml
diff --git a/hosts_public.yaml b/hosts_public.yaml
diff --git a/huntserver/templatetags/hunt_tags.py b/huntserver/templatetags/hunt_tags.py
@@ -31,7 +31,7 @@ def shib_login_url(context, entityID, next_path):
         protocol = "https://"
     else:
         protocol = "http://"
-    shib_str = "https://puzzlehunt.club.cc.cmu.edu/Shibboleth.sso/Login"
+    shib_str = "https://" + settings.SHIB_DOMAIN + "/Shibboleth.sso/Login"
     entity_str = "entityID=" + entityID
     target_str = "target=" + protocol + context['request'].get_host() + "/shib/login"
     next_str = "next=" + next_path

diff --git a/puzzlehunt_server/settings/base_settings.py b/puzzlehunt_server/settings/base_settings.py
@@ -90,6 +90,7 @@
 
 # Shibboleth settings
 USE_SHIBBOLETH = os.getenv("DJANGO_USE_SHIBBOLETH", default="False").lower() == "true"
+SHIB_DOMAIN = os.getenv("DOMAIN", default="")
 
 SHIB_ATTRIBUTE_MAP = {
     "Shib-Identity-Provider": (True, "idp"),