Skip to content
This repository has been archived by the owner on Mar 23, 2018. It is now read-only.

feideconnect/feideconnect-authengine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,237 Commits
bin
bin
 
 
dictionaries
dictionaries
 
 
docs
docs
 
 
etc
etc
 
 
lib
lib
 
 
templates
templates
 
 
test-config
test-config
 
 
testenv
testenv
 
 
tests
tests
 
 
www
www
 
 
.bowerrc
.bowerrc
 
 
.dockerignore
.dockerignore
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Gruntfile.js
Gruntfile.js
 
 
Jenkinsfile
Jenkinsfile
 
 
README.md
README.md
 
 
bower.json
bower.json
 
 
build.xml
build.xml
 
 
composer.json
composer.json
 
 
docker-compose.yml
docker-compose.yml
 
 
entrypoint.sh
entrypoint.sh
 
 
package.json
package.json
 
 
phpcsrules.xml
phpcsrules.xml
 
 
phpunit-ci.xml
phpunit-ci.xml
 
 
phpunit.xml
phpunit.xml
 
 
run-tests.sh
run-tests.sh
 
 
setup-container.sh
setup-container.sh
 
 

Repository files navigation

Feide Connect Auth Engine

Code Climate Test Coverage

Kubernetes

bin/build.sh publish        # Build docker image and upload to private gce repository

kubectl create namespace dataporten
kubectl --namespace dataporten apply -f etc/kubernetes/secrets.yaml
kubectl --namespace dataporten apply -f etc/kubernetes/deployments.yaml
kubectl --namespace dataporten apply -f etc/kubernetes/service.yaml
kubectl --namespace dataporten apply -f etc/kubernetes/ingress.yaml

Initialize cassandra schema:

kubectl --namespace dataporten delete job cassandra-schema-main
kubectl --namespace dataporten delete job cassandra-schema-session
kubectl --namespace dataporten apply -f etc/kubernetes/job-schema.yaml
kubectl --namespace dataporten exec -i dataporten-cassandra-3112224070-njkaq cqlsh < ../metadata-import/etc/init.cql

Load eduGAIN metadata

kubectl --namespace dataporten delete job metadata-import
kubectl --namespace dataporten apply -f etc/kubernetes/job-metadata-import.yaml

Useful commands

Access cassandra with CQLSH

Through local client

kubectl --namespace dataporten port-forward dataporten-cassandra-3112224070-u98j9 9042:9042
cqlsh

Directly on cassandra container:

kubectl --namespace dataporten exec -ti dataporten-cassandra-3112224070-u98j9 cqlsh

Inspect

kubectl --namespace dataporten get pods --show-all
kubectl --namespace dataporten get secrets

Run for development

Run a local docker container with mounted directories for the content that you would like to work on.

bin/build.sh
bin/rundev.sh

Access the service on:

Docker

Build docker image

docker build -t dataporten-authengine .

Runnning docker image

docker run -p 8080:80 --env-file ENV dataporten-authengine

Configuration

Main configuration of Auth engine:

etc/config.json   - Main configuration
etc/scopedef.json -

SimpleSAMLphp configuration

etc/simplesamlphp-config
etc/simplesamlphp-metadata

Mount these additional configuration files:

/conf/saml.pem
/conf/saml.crt

Enrivonment variables Auth engine

Used by both auth engine and apache

AE_SERVER_NAME=auth.dataporten.no
[email protected]
FC_CASSANDRA_CONTACTPOINTS=cassandra
FC_CASSANDRA_KEYSPACE=dataporten
FC_CASSANDRA_USESSL=false

Used by auth engine

CASSANDRA_USERNAME=dataporten
CASSANDRA_PASSWORD=xxx
AE_DEBUG=true
AE_SALT=xxx
FC_ENDPOINT_GROUPS=https://groups-api.dataporten.no
FC_ENDPOINT_CORE=https://api.dataporten.no
AE_TESTUSERSFILE=testusers.json
FEIDE_IDP=https://idp.feide.no

AE_TESTUSERSFILE points to a json file in etc that contains test users that will override config content.

Unspecified

AE_AS_TWITTER_KEY=xxx
AE_AS_TWITTER_SECRET=xxx
AE_AS_LINKEDIN_KEY=xxx
AE_AS_LINKEDIN_SECRET=xxx
AE_AS_FACEBOOK_KEY=xxx
AE_AS_FACEBOOK_SECRET=xxx

Used by SimpleSAMLphp config

AE_SAML_ADMINPASSWORD=xxx
AE_SAML_SECRETSALT=xxx
AE_SAML_TECHNICALCONTACT_NAME=UNINETT AS
FC_CASSANDRA_SESSION_KEYSPACE=sessionstore
FC_CASSANDRA_SESSION_USESSL=false

To run development version on http (insecure):

AE_SERVER_NAME=localhost:8080
AE_DEBUG=true
HTTPS_ON=off
HTTPS_PROTO=http

Running tests

There is a shell script that simplifies automation of running tests. Used in CI.

./runtests.sh

If you would like to setup the test environment more manually, you can run:

docker-compose up -d cassandra
# Wait some time, until cassandra is up.
docker-compose run dataportenschemas
docker-compose run metadataschemas
docker-compose run testenv ant

For testing a specific unit test, you can run:

docker-compose run testenv vendor/phpunit/phpunit/phpunit tests/ConfigTest

Managing translations

To update main dictionary content, upload dictionaries/dictionary.en.json to transifex.

To download translations run:

grunt lang

About

Dataporten AuthEngine

docs.dataporten.no

Topics

oauth authentication authorization openid

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages