Skip to content
Snippets Groups Projects
Commit 32f96ecc authored by Marco Malavolti's avatar Marco Malavolti
Browse files

Removed unused files

parent 09ef03f4
Branches
No related tags found
No related merge requests found
<IfModule mod_alias.c>
Alias /eccs /home/<USER>/eccs/web
Alias /eccs/html /home/<USER>/eccs/html
<Directory /home/<USER>/eccs/web>
DirectoryIndex index.php
Require all granted
</Directory>
<Directory /home/<USER>/eccs/html>
Require all granted
</Directory>
</IfModule>
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
ProxyPass /eccs/api uwsgi://127.0.0.1:8000/
<IfModule mod_alias.c>
Alias /eccs /home/<USER>/eccs/web
Alias /eccs/html /home/<USER>/eccs/html
<Directory /home/<USER>/eccs/web>
DirectoryIndex index.php
Require all granted
</Directory>
<Directory /home/<USER>/eccs/html>
Require all granted
</Directory>
</IfModule>
<IfModule mod_proxy_uwsgi.c>
ProxyPass /eccs/api uwsgi://127.0.0.1:8000/
</IfModule>
[uwsgi]
project = eccs
base = /home/<USER>
chdir = %(base)/%(project)
master = true
processes = 2
uid = <USER>
gid = <USER>
socket = 127.0.0.1:8000
chmod-socket = 660
vacuum = true
die-on-term = true
# set max connections to 128 in uWSGI
listen = 128
virtualenv = eccs-venv
wsgi-file = eccs-wsgi.py
logto = logs/%(project)-uwsgi.log
log-maxsize = 100000000
log-backupname = logs/%(project)-uwsgi.old.log
# Each 1000 request restart workers
max-requests = 1000
# respawn processes taking more than takes more then ... seconds
harakiri = 20
pidfile = %(project).pid
touch-reload = %(project).ini
#stats = 127.0.0.1:9193
#stats-http = True
import os
import random
import string
from datetime import date
import xml.etree.ElementTree as ET
def get_real_sps():
sps_list = []
namespaces = {
'md': 'urn:oasis:names:tc:SAML:2.0:metadata',
}
sp_1_entityid = "https://sp-demo.idem.garr.it/shibboleth"
sp_2_entityid = "https://attribute-viewer.aai.switch.ch/interfederation-test/shibboleth"
tree = ET.parse(SPS_MD_PATH)
root = tree.getroot()
sp_1 = root.find(f"./md:EntityDescriptor[@entityID='{sp_1_entityid}']/md:SPSSODescriptor/md:AssertionConsumerService[@Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']", namespaces)
sp_2 = root.find(f"./md:EntityDescriptor[@entityID='{sp_2_entityid}']/md:SPSSODescriptor/md:AssertionConsumerService[@Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']", namespaces)
sp_1_http_post_acs = sp_1.get("Location")
sp_2_http_post_acs = sp_2.get("Location")
# SP 1
sps_list.append({
"entityID":f"{sp_1_entityid}",
"http_post_acs_location":f"{sp_1_http_post_acs}"
})
# SP 2
sps_list.append({
"entityID":f"{sp_2_entityid}",
"http_post_acs_location":f"{sp_2_http_post_acs}"
})
return sps_list
def get_fake_sp_name():
chars = string.ascii_lowercase
return ''.join(random.choice(chars) for x in range(10))+'.org'
# Miscellaneous
DAY = date.today().isoformat()
CA_BUNDLE_PATH = "/etc/ssl/certs/ca-certificates.crt"
ECCS_DIR = f"{os.environ['HOME']}/eccs"
PATHCHROMEDRIVER = f"{ECCS_DIR}/chromedriver"
ECCS_PYTHON = f"{ECCS_DIR}/python/bin/python3"
# Input
ECCS_INPUTDIR = f"{ECCS_DIR}/input"
ECCS_LISTIDPSURL = 'https://technical.edugain.org/api.php?action=list_eccs_idps&format=json'
ECCS_LISTIDPSFILE = f"{ECCS_INPUTDIR}/list_eccs_idps.json"
ECCS_LISTFEDSURL = 'https://technical.edugain.org/api.php?action=list_feds&opt=1&format=json'
ECCS_LISTFEDSFILE = f"{ECCS_INPUTDIR}/list_fed.json"
# Output
ECCS_OUTPUTDIR = f"{ECCS_DIR}/output"
ECCS_RESULTSLOG = f"eccs_{DAY}.log"
ECCS_HTMLDIR = f"{ECCS_DIR}/html"
# SPS Metadata
SPS_MD_PATH = f"{ECCS_INPUTDIR}/sps-metadata.xml"
# Selenium
ECCS_SELENIUMDEBUG = False
ECCS_SELENIUMLOGDIR = f"{ECCS_DIR}/selenium-logs"
ECCS_SELENIUMPAGELOADTIMEOUT = 60 #seconds (remind to change timeout seconds also on web/eccs.js)
ECCS_SELENIUMSCRIPTTIMEOUT = 60 #seconds
ECCS_REQUESTSTIMEOUT = 15 #seconds
# Logs
ECCS_LOGSDIR = f"{ECCS_DIR}/logs"
ECCS_STDOUT = f"{ECCS_LOGSDIR}/stdout_{DAY}.log"
ECCS_STDERR = f"{ECCS_LOGSDIR}/stderr_{DAY}.log"
ECCS_FAILEDCMD = f"{ECCS_LOGSDIR}/failed-cmd.sh"
ECCS_STDOUTIDP = f"{ECCS_LOGSDIR}/stdout_idp_{DAY}.log"
ECCS_STDERRIDP = f"{ECCS_LOGSDIR}/stderr_idp_{DAY}.log"
ECCS_FAILEDCMDIDP = f"{ECCS_LOGSDIR}/failed-cmd-idp.sh"
# Number of processes to run in parallel
ECCS_NUMPROCESSES = 30
# The 3 SPs that will be used to test each IdP
ECCS_SPS = [
{
"entityID":f"{get_real_sps()[0]['entityID']}",
"http_post_acs_location":f"{get_real_sps()[0]['http_post_acs_location']}",
},
{
"entityID":f"{get_real_sps()[1]['entityID']}",
"http_post_acs_location":f"{get_real_sps()[1]['http_post_acs_location']}",
},
{
"entityID":f"https://{get_fake_sp_name()}/shibboleth",
"http_post_acs_location":f"https://{get_fake_sp_name()}/Shibboleth.sso/SAML2/POST",
}
]
# ROBOTS.TXT
ROBOTS_USER_AGENT = "ECCS/2.0 (+https://technical.edugain.org/eccs)"
# PATTERNS
JAVASCRIPT = '"x-my-okta-version"'
IDPERROR = "error\s(has\s)?occur(r)?(ed)$|Error\swhen\sprocessing\s(the\s)?authentication\srequest|The\s(server|system)\sencountered\san\s(internal\s)?error|Internal\sServer\sError|403\sForbidden|Service\sUnavailable|InvalidProfileConfiguration|Unexpected\sSystem\sError|404\s(.\s)?not\sfound|OpenAthens:\s404|On\stapahtunut\svirhe|Unhandled\sexception|Bad\sGateway|Page\sNot\sFound|Δεν\sεπιτρέπεται\sη\sπρόσβαση|tempora(ry|rily)\s(unavailable|error)+|License\serror|n'est\spas\sgérée|Invalid\sRequest|Erreur\s!|Please\sreport\sthis\serror\sto|该网站无法访问|proxy\serror|There\sis\sa\sproblem\swith\syour\saccount"
METADATAPATTERN = "Unable\sto\slocate(\sissuer\sin|)\smetadata(\sfor|)|no\smetadata\sfound|profile\sis\snot\sconfigured\sfor\srelying\sparty|Cannot\slocate\sentity|fail\sto\sload\sunknown\sprovider|does\snot\srecognise\sthe\sservice|unable\sto\sload\sprovider|Nous\sn'avons\spas\spu\s(charg|charger)\sle\sfournisseur\sde\sservice|Metadata\snot\sfound|application\s(you\shave\saccessed\s)?is\snot\sregistered\s(for\suse\sthis\sservice)?|Message\sdid\snot\smeet\ssecurity\srequirements|unsupported\s[Rr]equest|METADATANOTFOUND|Unknown\slogin\srequester|is\sunspecified\sor\sunsupported|Unknown\sservice\sprovider|Richiesta\snon\ssupportata|Metadati\snon\strovati|untrusted\sprovider|Unregistered\sService|UNHANDLEDEXCEPTION|Metadata.*.expired|Could\snot\sfind\sany.*.metadata.*.for|不支持的请求|l'application\sn'est\spas\senregistrée|Requisição\snão\ssuportada|トされていないリクエスト|is\snot\sallowed|Authorization\sFailure|Pedido\snão\ssuportado|Nicht\sunterstützte\sAnfrage|Service\sNot\sAuthorized\sfor\sSingle\sSign-On|Your\sbrowser\ssent\sa\srequest\sthat\sthis\sserver\scould\snot\sunderstand|Application\sNot\sAuthorized\sTo\sUse\sCAS"
XPATH_CHECK_PATTERN = '//input[@type="password"]|//input[@type="Password"]|//input[@type="email"]|//input[@type="user"]|//input[@name="name"]|//form[@action="/idp/module.php/multiauth/selectsource.php"]|//input[@type="text"]'
PASSWORDPATTERN = '<input[\s]+[^>]*((type|name)=\s*"password|email|user|text|name"|password|email|user|text|name)[^>]*>|<form[\s]+[^>]*(action)=\s*"/idp/module.php/multiauth/selectsource.php"[^>]*>'
# { 'reg_auth':'reason' }
FEDS_DISABLED_DICT = {
'http://www.surfconext.nl/':'Federation excluded from check',
'https://www.wayf.dk':'Federation excluded from check',
'http://feide.no/':'Federation excluded from check'
}
# { 'entityid_idp':'reason' }
IDPS_DISABLED_DICT = {
'https://idp.eie.gr/idp/shibboleth':'Disabled on 2019-04-24 because ECCS cannot check non-standard login page',
'https://edugain-proxy.igtf.net/simplesaml/saml2/idp/metadata.php':'Disabled on 2017-03-17 on request of federation operator',
# 'https://gn-vho.grnet.gr/idp/shibboleth':'Disabled on 2019-04-24 because basic authentication is not supported by ECCS check',
'https://wtc.tu-chemnitz.de/shibboleth':'Disabled on 2019-02-26 because ECCS cannot check non-standard login page',
'https://idp.fraunhofer.de/idp/shibboleth':'Disabled on 2017-11-24 on request of federation operator',
'https://idp.dfn-cert.de/idp/shibboleth':'Disabled on 2018-04-05 on request of federation operator',
'https://idp.cambria.ac.uk/openathens':'Disabled on 2017-10-27 on request of federation operator',
'https://login.lstonline.ac.uk/idp/pingfederate':'Disabled on 2017-02-08 on request of federation operator',
'https://indiid.net/idp/shibboleth':'Disabled on 2017-10-27 on request of federation operator',
'https://idp.nulc.ac.uk/openathens':'Disabled on 2017-10-27 on request of federation operator',
# 'https://lc-idp.lincolncollege.ac.uk/shibboleth':'Disabled on 2015-08-17 because uses HTTP Basic authentication, which cannot be checked reliably',
'https://idp.wnsc.ac.uk/idp/shibboleth':'Disabled on 2017-10-27 on request of federation operator',
# 'https://idp.strodes.ac.uk/shibboleth':'Disabled on 2015-08-17 because uses HTTP Basic authentication, which cannot be checked reliably',
'https://idp.uel.ac.uk/shibboleth':'Disabled on 2017-10-27 on request of federation operator',
'https://idp.ucreative.ac.uk/shibboleth':'Disabled on 2017-10-27 on request of federation operator',
'https://idp.llandrillo.ac.uk/shibboleth':'Disabled on 2017-10-27 on request of federation operator',
'https://sso.vu.lt/SSO/saml2/idp/metadata.php':'Disabled on 2018-11-02 because ECCS cannot check non-standard login page',
'https://ssl.education.lu/saml/saml2/idp/metadata.php':'Disabled on 2018-11-06 ECCS cannot check non-standard login page',
'https://sso.oktaedu.com/idp/shibboleth':'Disabled on 2021-08-12 because ECCS cannot check non-standard login page',
}
- load:
- https://mdx.idem.garr.it/edugain/entities/https:%2F%2Fattribute-viewer.aai.switch.ch%2Finterfederation-test%2Fshibboleth /srv/eccs/pyff-config/idem-mdx-service-crt.pem
- https://mdx.idem.garr.it/edugain/entities/https:%2F%2Fsp-demo.idem.garr.it%2Fshibboleth /srv/eccs/pyff-config/idem-mdx-service-crt.pem
- select:
- publish: "/srv/eccs/input/sps-metadata.xml"
......@@ -19,7 +19,7 @@ function modify_hosts_file() {
sudo sed -i "/$domain_name/d" "$hosts_path"
#echo "\nRemoved line containing $domain_name from /etc/hosts file"
else
echo "Utilizzo: modify_hosts_file [add|remove] <dominio> [<indirizzo IP>]"
echo "Usage: modify_hosts_file [add|remove] <domain> [<IP address>]"
return 1
fi
}
......@@ -27,8 +27,8 @@ function modify_hosts_file() {
echo "Stop and remove all"
docker compose down
#echo "Stop any local Apache2 Web Server started"
#sudo systemctl stop apache2.service
echo "Stop any local Apache2 Web Server started"
sudo systemctl stop apache2.service
echo "Remove old container image to be able to create it from scratch"
docker rmi gitlab.software.geant.org:5050/edugain/eccs:dev
......@@ -44,6 +44,6 @@ modify_hosts_file "remove" "$DOMAIN_NAME"
modify_hosts_file "add" "$DOMAIN_NAME" "$ECCS_IP"
echo ""
echo "Per accedere al container 'eccs' usare:"
echo "Useful command to access the 'eccs' terminal:"
echo ""
echo "docker exec -it -u root eccs bash"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment