diff --git a/README.md b/README.md index 36509976ccf5fe4aec7ea0dba285f70c318b644c..11636fe9a458e1082b131d276c5f8c2c3d8bb4f0 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,8 @@ # Test_IdP -metadata/saml20-idp-hosted.php -``` -$metadata['__DYNAMIC:1__'] = [ - -+ 'auth' => 'custom-userpass', +This project consists of two separate parts for simpleSAMLphp. This README assumes you know your way around in simpleSAMLphp and know how to setup a working implementation. -``` +The authentication module is located in modules and is called customauth, and should be enabled like this: config/authsources.php ``` @@ -14,3 +10,22 @@ config/authsources.php + 'customauth:External', + ], ``` + +Don't forget to ```touch enable``` in the module directory to enable the module. + +The second part are the DB based *IdP Hosted* and *SP Remote* metadata files, found in metadata. These files enable database based configuration, based on the DB structure found in testidp.sql + +The Database consists of 3 tables: + + * options + * idps + * config + +**options** contains the definitions of the adjustable simpleSAMLPHP hosted IdP configuration options, this can be used to render a configuration interface. The options have a key, which is used in config to configure this option for a specific IdP. + +**idps** contains the vhost based configuration for an IdP and the most important part is the sp_metadata columns, which should contain the connected SP metadata so that this IdP trusts this SP. + +**config** contains the per-IdP-options values that are dynamically loaded into the IdP config. Most of them change the dynamically created metadata for this IdP. + + + diff --git a/test_idp_architecture.svg b/test_idp_architecture.svg new file mode 100644 index 0000000000000000000000000000000000000000..86536be08f3bd7baea0dc888f51f7fa8917c1925 --- /dev/null +++ b/test_idp_architecture.svg @@ -0,0 +1,433 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<svg + xmlns:dc="http://purl.org/dc/elements/1.1/" + xmlns:cc="http://creativecommons.org/ns#" + xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" + xmlns:svg="http://www.w3.org/2000/svg" + xmlns="http://www.w3.org/2000/svg" + xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" + xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" + width="297mm" + height="210mm" + viewBox="0 0 297 210" + version="1.1" + id="svg8" + inkscape:version="1.0.1 (3bc2e813f5, 2020-09-07)" + sodipodi:docname="test_idp_architecture.svg"> + <defs + id="defs2"> + <marker + style="overflow:visible" + id="marker1669" + refX="0" + refY="0" + orient="auto" + inkscape:stockid="Arrow1Lend" + inkscape:isstock="true"> + <path + transform="matrix(-0.8,0,0,-0.8,-10,0)" + style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1" + d="M 0,0 5,-5 -12.5,0 5,5 Z" + id="path1667" /> + </marker> + <marker + style="overflow:visible" + id="marker1569" + refX="0" + refY="0" + orient="auto" + inkscape:stockid="Arrow1Lend" + inkscape:isstock="true"> + <path + transform="matrix(-0.8,0,0,-0.8,-10,0)" + style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1" + d="M 0,0 5,-5 -12.5,0 5,5 Z" + id="path1567" /> + </marker> + <marker + style="overflow:visible" + id="marker1479" + refX="0" + refY="0" + orient="auto" + inkscape:stockid="Arrow1Lend" + inkscape:isstock="true" + inkscape:collect="always"> + <path + transform="matrix(-0.8,0,0,-0.8,-10,0)" + style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1" + d="M 0,0 5,-5 -12.5,0 5,5 Z" + id="path1477" /> + </marker> + <marker + style="overflow:visible" + id="marker1395" + refX="0" + refY="0" + orient="auto" + inkscape:stockid="Arrow1Lend" + inkscape:isstock="true" + inkscape:collect="always"> + <path + transform="matrix(-0.8,0,0,-0.8,-10,0)" + style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1" + d="M 0,0 5,-5 -12.5,0 5,5 Z" + id="path1393" /> + </marker> + <marker + style="overflow:visible" + id="marker1309" + refX="0" + refY="0" + orient="auto" + inkscape:stockid="Arrow1Lend" + inkscape:isstock="true" + inkscape:collect="always"> + <path + transform="matrix(-0.8,0,0,-0.8,-10,0)" + style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1" + d="M 0,0 5,-5 -12.5,0 5,5 Z" + id="path1307" /> + </marker> + <marker + style="overflow:visible" + id="marker1247" + refX="0" + refY="0" + orient="auto" + inkscape:stockid="Arrow1Lend" + inkscape:isstock="true" + inkscape:collect="always"> + <path + transform="matrix(-0.8,0,0,-0.8,-10,0)" + style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1" + d="M 0,0 5,-5 -12.5,0 5,5 Z" + id="path1245" /> + </marker> + <marker + style="overflow:visible" + id="marker1183" + refX="0" + refY="0" + orient="auto" + inkscape:stockid="Arrow1Lend" + inkscape:isstock="true" + inkscape:collect="always"> + <path + transform="matrix(-0.8,0,0,-0.8,-10,0)" + style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1" + d="M 0,0 5,-5 -12.5,0 5,5 Z" + id="path1181" /> + </marker> + <marker + style="overflow:visible" + id="Arrow1Lend" + refX="0" + refY="0" + orient="auto" + inkscape:stockid="Arrow1Lend" + inkscape:isstock="true" + inkscape:collect="always"> + <path + transform="matrix(-0.8,0,0,-0.8,-10,0)" + style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1" + d="M 0,0 5,-5 -12.5,0 5,5 Z" + id="path842" /> + </marker> + <marker + style="overflow:visible" + id="Arrow2Lend" + refX="0" + refY="0" + orient="auto" + inkscape:stockid="Arrow2Lend" + inkscape:isstock="true"> + <path + transform="matrix(-1.1,0,0,-1.1,-1.1,0)" + d="M 8.7185878,4.0337352 -2.2072895,0.01601326 8.7185884,-4.0017078 c -1.7454984,2.3720609 -1.7354408,5.6174519 -6e-7,8.035443 z" + style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:0.625;stroke-linejoin:round;stroke-opacity:1" + id="path860" /> + </marker> + </defs> + <sodipodi:namedview + id="base" + pagecolor="#ffffff" + bordercolor="#666666" + borderopacity="1.0" + inkscape:pageopacity="0.0" + inkscape:pageshadow="2" + inkscape:zoom="1.016756" + inkscape:cx="561.25984" + inkscape:cy="396.85039" + inkscape:document-units="mm" + inkscape:current-layer="layer1" + inkscape:document-rotation="0" + showgrid="false" + inkscape:snap-global="false" + inkscape:window-width="1920" + inkscape:window-height="1023" + inkscape:window-x="0" + inkscape:window-y="0" + inkscape:window-maximized="1" /> + <metadata + id="metadata5"> + <rdf:RDF> + <cc:Work + rdf:about=""> + <dc:format>image/svg+xml</dc:format> + <dc:type + rdf:resource="http://purl.org/dc/dcmitype/StillImage" /> + <dc:title></dc:title> + </cc:Work> + </rdf:RDF> + </metadata> + <g + inkscape:label="Layer 1" + inkscape:groupmode="layer" + id="layer1"> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="28.25012" + y="56.955173" + id="text835"><tspan + sodipodi:role="line" + id="tspan833" + x="28.25012" + y="56.955173" + style="stroke-width:0.264583">foobar.test-idp.geant.org</tspan></text> + <path + style="fill:none;stroke:#000000;stroke-width:0.6;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#Arrow1Lend)" + d="M 87.075871,60.751473 154.33407,76.294771" + id="path837" + sodipodi:nodetypes="cc" /> + <rect + style="opacity:0.999612;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.600001;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" + id="rect1141" + width="112.27538" + height="58.464077" + x="40.806423" + y="104.81395" /> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="162.02615" + y="83.626305" + id="text1159"><tspan + sodipodi:role="line" + id="tspan1157" + x="162.02615" + y="83.626305" + style="stroke-width:0.264583">*.test-idp.geant.org</tspan></text> + <path + style="fill:none;stroke:#000000;stroke-width:0.6;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker1183)" + d="M 161.53815,87.168473 127.23014,102.07538" + id="path1179" + sodipodi:nodetypes="cc" /> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="103.88889" + y="115.69539" + id="text1235"><tspan + sodipodi:role="line" + id="tspan1233" + x="103.88889" + y="115.69539" + style="stroke-width:0.264583">test-idp</tspan></text> + <path + style="fill:none;stroke:#000000;stroke-width:0.6;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker1247)" + d="M 100.06737,112.99074 56.577202,64.636636" + id="path1243" + sodipodi:nodetypes="cc" /> + <path + style="fill:none;stroke:#000000;stroke-width:0.6;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker1309)" + d="M 51.018506,64.572729 83.47271,132.53948" + id="path1305" + sodipodi:nodetypes="cc" /> + <rect + style="opacity:0.999612;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.600001;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" + id="rect1369" + width="37.068874" + height="52.583" + x="160.36746" + y="108.28088" /> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="181.10835" + y="118.71287" + id="text1373"><tspan + sodipodi:role="line" + id="tspan1371" + x="181.10835" + y="118.71287" + style="stroke-width:0.264583">DB</tspan></text> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="87.532883" + y="135.14799" + id="text1383"><tspan + sodipodi:role="line" + id="tspan1381" + x="87.532883" + y="135.14799" + style="stroke-width:0.264583">foobar</tspan></text> + <path + style="fill:none;stroke:#000000;stroke-width:0.6;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker1395)" + d="m 122.38602,132.41943 53.73814,-0.16083" + id="path1391" + sodipodi:nodetypes="cc" /> + <path + style="fill:none;stroke:#000000;stroke-width:0.6;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker1479)" + d="m 173.81279,150.24422 -49.57193,-0.16083" + id="path1475" + sodipodi:nodetypes="cc" /> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="49.679348" + y="153.82144" + id="text1557"><tspan + sodipodi:role="line" + id="tspan1555" + x="49.679348" + y="153.82144" + style="stroke-width:0.264583">config[foobar]</tspan></text> + <path + style="fill:none;stroke:#000000;stroke-width:0.6;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker1569)" + d="M 57.457342,144.56686 40.538359,62.323961" + id="path1565" + sodipodi:nodetypes="cc" /> + <rect + style="opacity:0.999612;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.600001;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" + id="rect1653" + width="73.093201" + height="58.464077" + x="208.26524" + y="104.81395" /> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="257.59998" + y="116.0069" + id="text1657"><tspan + sodipodi:role="line" + id="tspan1655" + x="257.59998" + y="116.0069" + style="stroke-width:0.264583">GUI</tspan></text> + <path + style="fill:none;stroke:#000000;stroke-width:0.6;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;marker-end:url(#marker1669)" + d="m 237.03538,132.74244 -49.57193,-0.16083" + id="path1665" + sodipodi:nodetypes="cc" /> + <rect + style="opacity:0.999612;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:0.600001;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" + id="rect1869" + width="112.27538" + height="31.817488" + x="158.06119" + y="59.776882" /> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="243.02301" + y="70.650307" + id="text1873"><tspan + sodipodi:role="line" + id="tspan1871" + x="243.02301" + y="70.650307" + style="stroke-width:0.264583">DNS</tspan></text> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="136.01866" + y="69.844772" + id="text1895"><tspan + sodipodi:role="line" + id="tspan1893" + x="136.01866" + y="69.844772" + style="stroke-width:0.264583">1</tspan></text> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="74.241219" + y="80.351952" + id="text1899"><tspan + sodipodi:role="line" + id="tspan1897" + x="74.241219" + y="80.351952" + style="stroke-width:0.264583">3</tspan></text> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="78.909431" + y="120.36098" + id="text1903"><tspan + sodipodi:role="line" + id="tspan1901" + x="78.909431" + y="120.36098" + style="stroke-width:0.264583">4</tspan></text> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="143.77029" + y="129.21373" + id="text1907"><tspan + sodipodi:role="line" + id="tspan1905" + x="143.77029" + y="129.21373" + style="stroke-width:0.264583">5</tspan></text> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="134.92162" + y="147.71471" + id="text1911"><tspan + sodipodi:role="line" + id="tspan1909" + x="134.92162" + y="147.71471" + style="stroke-width:0.264583">6</tspan></text> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="34.757381" + y="85.439484" + id="text1915"><tspan + sodipodi:role="line" + id="tspan1913" + x="34.757381" + y="85.439484" + style="stroke-width:0.264583">7</tspan></text> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="210.7531" + y="129.58975" + id="text1919"><tspan + sodipodi:role="line" + id="tspan1917" + x="210.7531" + y="129.58975" + style="stroke-width:0.264583">0</tspan></text> + <text + xml:space="preserve" + style="font-style:normal;font-weight:normal;font-size:10.5833px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.264583" + x="134.12915" + y="92.629112" + id="text1941"><tspan + sodipodi:role="line" + id="tspan1939" + x="134.12915" + y="92.629112" + style="stroke-width:0.264583">2</tspan></text> + </g> +</svg>