Build a SSP debug SP

.github/workflows/build-ssp-debug-sp.yml

@@ -0,0 +1,29 @@
+name: Build docker SSP debug SP container
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  build-ssp-debug-sp:
+
+    runs-on: ubuntu-latest
+
+    steps:
+
+    - name: Check out the repo
+      uses: actions/checkout@v2
+
+    - name: Log into GitHub Container Registry
+      uses: docker/login-action@v1
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build the SSP Debug SP container and push to GitHub Packages
+      uses: docker/build-push-action@v2
+      with:
+        tags: ghcr.io/openconext/openconext-containers/openconext-ssp-debug-sp:latest
+        context: docker/ssp-debug-sp/
+        push: true

README.md

@@ -1 +1,13 @@
 # OpenConext-containers
+
+## SSP Debug SP
+The SSP debug SP container is specifically targeted for use with StepUp projects. The container is configured with 
+a SP / IdP setup that tailors to use with StepUp authentication in mind. The debug SP (sp.php) can be used to fire
+SSO and SFO authentications to the Gateway. 
+
+In order to work with this container, you will need to do some small additional setting up in your own Dockerfile/Docker
+Compose. 
+
+1. Make sure you deploy a sp.key, idp.key, sp.crt and idp.crt to the `/var/cert` folder. They should match the SP 
+   certificate of the SP's defined in your Gateway SAML entity setup. E.g the entities projected in 
+   gateway.saml_entities`.

docker/ssp-debug-sp/Dockerfile

@@ -0,0 +1,40 @@
+FROM webdevops/php-nginx:7.2 AS ssp-debug-sp
+MAINTAINER Michiel Kodde ([email protected])
+
+# Install required applications & binaries to install SimpleSAMLphp
+RUN apt-get update && apt-get install -y git python zip libpng-dev nodejs
+RUN docker-php-ext-install pdo_mysql exif gd
+
+# Install Composer
+COPY --from=composer:1 /usr/bin/composer /usr/local/bin/composer
+# Install SSP: Clone and install rev adf1eb8 of SSP
+WORKDIR /app/
+RUN git clone https://github.com/simplesamlphp/simplesamlphp.git /app
+RUN git reset --hard adf1eb8
+
+# Install SSP: Copy files
+COPY conf/config.php /app/config/config.php
+COPY conf/authsources.php /app/config/authsources.php
+COPY conf/accountgen.inc /app/config/accountgen.inc
+COPY certificates/* /app/cert/
+COPY conf/saml20-idp-hosted.php /app/metadata/saml20-idp-hosted.php
+COPY conf/saml20-idp-remote.php /app/metadata/saml20-idp-remote.php
+COPY conf/saml20-sp-remote.php /app/metadata/saml20-sp-remote.php
+COPY conf/SURFconext_short_to_urn.php /attributemap/SURFconext_short_to_urn.php
+
+# Install SSP: Install dependencies and build
+RUN composer require simplesamlphp/simplesamlphp-module-saml2debug
+RUN composer install --prefer-dist -n -o
+
+# Install SSP: Copy DebugSP files
+COPY conf/DebugSP /app/modules/DebugSP
+COPY conf/sp.php /app/www/sp.php
+COPY conf/sp-config.inc /app/www/sp-config.inc
+COPY conf/sp-utils.inc /app/www/sp-utils.inc
+
+# Enable the SSP IdP
+RUN touch modules/exampleauth/enable
+
+# Configure the webserver: deploy the nginx vhost config & set php-fpm pool config
+COPY conf/nginx.conf /opt/docker/etc/nginx/vhost.conf
+RUN echo '' > /opt/docker/etc/nginx/vhost.common.d/10-php.conf

docker/ssp-debug-sp/certificates/idp.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7TCCAlUCFA/gdInhlGAC81SV1MS4HTXKLa2PMA0GCSqGSIb3DQEBCwUAMDMx
+GDAWBgNVBAMMD0RlbW8gR1NTUCAyIElkUDEXMBUGA1UECgwORGV2ZWxvcG1lbnQg
+Vk0wHhcNMjEwNDIwMDcwMjI2WhcNMjYwNDE5MDcwMjI2WjAzMRgwFgYDVQQDDA9E
+ZW1vIEdTU1AgMiBJZFAxFzAVBgNVBAoMDkRldmVsb3BtZW50IFZNMIIBojANBgkq
+hkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxJFJZyGp5Epp/y0rqRL63Q30S/97zlst
+5Be/vtSwJL/M1yINk38mFGcjVEbuAxyDXHoHhgbwothfikI/1GLygPF4BGjse6fC
+0JSOAyT8YrGvGm4NlKCrDnTcnryWkUZZFZWxzw5F6MdJ1N4+fa2b3KxSRokwrI8h
+soxZxYmzaN01CBrNH4lv2RZ8dFttujUkUjWedOsMcjosg6bSHuSwHvbh1cNCj0Xq
+bJyuEPdFlfi2WL4B8sQIUXPn3ms64K72+ZLPE/HhZ2Ush/mGA0b2Z0pCDX0728WF
+og3ShTz6lXL0XL1Q1sl4ThIZxNraGJ5WxGqsWu5Kykk35gxQI0w9rTWosOCSRZcL
+gVWE1GumlYv3x9XsXpj9+FG75E8Sre2uL0KlGqvcevKhc7h5hg5L059uFX6YnCDr
++F+03Iw5P1cDXaZ84Fua7MTCmldFcyIZxuib7vclhZCZGKgRxhmxZnSBDPT+D/zo
+eq6WW5AJZEo3Ud4ZyRrolLueU66v/+VZAgMBAAEwDQYJKoZIhvcNAQELBQADggGB
+AFd1oxY5qWs7x+keY8jf3AAV3ao3UIKuHpVm6YnkIoTLe+ova5IjY0blj9IYfDTE
+UCoQkwekijJleNadrTQvBvh5ZAj+ghQOJhz2GoVA7CMA+QRIwU51tL7Umss4IQ8S
+NEoz7JrZXfRqM34VAVhZb+9jImUJdpyeiOFLvdVyYkGrJ77+tEmxLpXHXCmPkayp
+O7G0AGbkJHEzhsFSUfdd5O9zh1wX2xW1bXGFIBtBi3g6SsxfPtG69RIuC4E7mvWi
+C9+139Ht9cM90tFRqO6C/ZonZPSR4G95oNI8jKnPS5oToDDzxK+qqCyRRlEts+pV
+SIZiD2Equc+ejSkCiW1zNsKyimRv0arXZCm+GP7qh3bDEWXaGeG91beTRipTvphr
+2+RGr9XDY1mEGqISIogNOQp+TQa5vj18pYRdiNtRcqwxoj/DtMfDpnzuyKD2g4Z8
+Z0+zTe9v0wzDa7Snk0nGWtF2mmW7cClyCpJm1vYE9Z2EWBth7ykndxGD3SpD62fW
+Jw==
+-----END CERTIFICATE-----

docker/ssp-debug-sp/certificates/idp.key

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEAxJFJZyGp5Epp/y0rqRL63Q30S/97zlst5Be/vtSwJL/M1yIN
+k38mFGcjVEbuAxyDXHoHhgbwothfikI/1GLygPF4BGjse6fC0JSOAyT8YrGvGm4N
+lKCrDnTcnryWkUZZFZWxzw5F6MdJ1N4+fa2b3KxSRokwrI8hsoxZxYmzaN01CBrN
+H4lv2RZ8dFttujUkUjWedOsMcjosg6bSHuSwHvbh1cNCj0XqbJyuEPdFlfi2WL4B
+8sQIUXPn3ms64K72+ZLPE/HhZ2Ush/mGA0b2Z0pCDX0728WFog3ShTz6lXL0XL1Q
+1sl4ThIZxNraGJ5WxGqsWu5Kykk35gxQI0w9rTWosOCSRZcLgVWE1GumlYv3x9Xs
+Xpj9+FG75E8Sre2uL0KlGqvcevKhc7h5hg5L059uFX6YnCDr+F+03Iw5P1cDXaZ8
+4Fua7MTCmldFcyIZxuib7vclhZCZGKgRxhmxZnSBDPT+D/zoeq6WW5AJZEo3Ud4Z
+yRrolLueU66v/+VZAgMBAAECggGAA+SkwYgnJ0BaDRXF8ZlQoqQuHHs45oNjy0q1
+H4By5Kdv1Sr1feBczrakOn0VJbag22oHUB4/EdqbOc/KF9jF2MvvhpbVaDWQZDUt
+At7uqL3ALBPV7QWpnaWu4O33RXVROl42oVU1CUE5MyAbuL2BgsNe9cqtzh0fm7uv
+43uws/j9neV5/o/oSTJq0Jsm9zMqPv6U3tfw7So9y3W4X6hD3LkjC+rMHK5T0Ebi
+I6/iDvBYHDXXMAm16HcVNpCFIAIXFT5WNdc21I89l4gbEMjoh+bkLhPHqFmTVVON
+Qhn58UleXWSk1qJCWRYkNcwY2HPehA4aW8moACcS8XH6GeY20HP2fMPGULyNp3Kj
+0pfq66R827ZViF3B4hTQpfFERLYJ/VkMhgRP1TDyvVwAdEM9kcUJS4u8uMGXxpgF
+f1CWlmBARgvqdgkXhzfJDEsB/sOJhob9BDvberQyAESCWn3EJLROLTStvWeuCjWZ
+s/BDz8DcFcIEdE8iuv7TYWJS6RgBAoHBAPAHNL5YzyRXyTn/PDzWmHKssvPGhP9D
+eV5Ao+qOcnuo09oNkbYscWmhGD8LrbLy5XkgwlSXfZCHtrY1JjQyUA6ZpGfXszV7
+rwXa6BVs9aVQ78DYvAzsQEXPHoKMiWwXqzZ1BQFmfYCqMunYNgLqMdNfjR5ApLX7
++IvejYe0I9azU4XEBamloh6x/lLXpi9vGCC0ppbW/qt3xMYXgpFaqrDQ6Ae3gOHu
+ZmftPRdHtnhqHatF/lOY+WHV/YU4zqP4gQKBwQDRpb6Wy9LMs9E0ZdsnFccdW6tP
+XgPBDCs/rrGhida+BJMlZYszuaDbqrwcbgLfBS/Ub7M3pIz3q5f2dpy+hXkf1jXX
+xmPki7QM+WAmyYkvdbTCHnjCoNu1IjlvlSHqNO/Dvd9lPFQH70yOEZtsUq4dtssn
+81ktFXZYbWm6/ZNxi+Q/MaaOwxMsFqim8fTn4kijVyeX2sjchyMfL2bGRpfGgxQv
+rCTOUayyL2sbqQOh+vRzS4qhX2l0EbuWgafiQNkCgcEAsRHv0/g6H6pvNUzYSF1b
+K0XB4lpyJMnHEEQJaHDbfeRHHRZjhwv0QqNn+qKH6nqL1LbZBYSYSfYEURiWbW0s
+aAjqIv0aJHtw25XpHl06PlGd/RsmZzYmGBm6fT5l5orzcIIVRjownalxU9d/yNiy
+FyfnOAkiOWp/qddte03mHm4+UHESaFtbZN+UKdMSsu121DHQr3g9eYsqa6ROWyKS
+x0vl0EOMXZ/8hfCa38C0mNJXvtEs1MkGOCmgFBabQpWBAoHAUwFowJPa1qmrfy+E
+4ajBuWH+JeJ3YgvLY99q/SZyG7H8AKZ/wu8QPWkQKcF06ZBIK7g+IR3JopYSCMdV
+sClwl6Zckx49ltOpaimiZDkPU/cqpmEiNw0xcDoou4E0eGKVO88FkDOeobWhfe6C
+txTVU3Z4YUz8VdlVjhVj82FK634T1OF3rLaX9LDT/aV27git8d4kEv/Q31+yDDrc
+WkzA8xwa9fUWbYnw8mvL4Ju+kHeoKa4TKWl5ezc6KpETQ4WhAoHALvByZ0ch2G2V
+NomRIiCXftGns+mFcTYv/JadMvKQvpwrDPdixqL5rDsPeE/woNmegTsOI3cCZrzr
+zo+W1gUktCcHd9HE4b+8yuAFg2i/FJu9qBqSl2+32a6jt95tr4YySaycWW0NBbjv
+sDsp5eXrq2Tv/6/s2KNdWvpptwhT1/hekll3Mv9vr9ETLG79Wcg5bBrbTwyYfj7O
+qu4tIssiOAqNIH0AGg9alGEIsh/F0wXnAn7QRNvuVmyFZBZ9qAIs
+-----END RSA PRIVATE KEY-----

docker/ssp-debug-sp/certificates/sp.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID4zCCAksCFE/RXnB+y6e2zlC0Zpi7Pl6GbyuAMA0GCSqGSIb3DQEBCwUAMC4x
+EzARBgNVBAMMClJBIFNBTUwgU1AxFzAVBgNVBAoMDkRldmVsb3BtZW50IFZNMB4X
+DTIxMDQyMDA3MDIyM1oXDTI2MDQxOTA3MDIyM1owLjETMBEGA1UEAwwKUkEgU0FN
+TCBTUDEXMBUGA1UECgwORGV2ZWxvcG1lbnQgVk0wggGiMA0GCSqGSIb3DQEBAQUA
+A4IBjwAwggGKAoIBgQCyMqGyevrF/Ms8fsGQdz6fqzCA8T/QKC9Jb3m7EpQOp/OM
+q/qBv4gjtFf0/bAun2N/u6zZOlPk61iVWRbxIet/O9BAoqRhtT6PHQVcReXR1F3+
+Dk2vH8+QyZwnWGENwh16BYuirIeWQuEgfVDUpSg2MBjkHjZmpF8Dxn6d485qwrdb
+FZN+z3QPtxNaNu1FBktsgPNjlpE7HNB9xcGy4DlgTIP+80nKgM+Kdopw9FVk71bf
+KKHp1m9qSSbFI+drtbtFJ7OPqFYDs9gJEY8ivALID1ERNQkAPImr/EIPiazHc4nk
+Qfi4Kt5ohsvGufdCxYtOUGxjcrkq9oJX5YiiC9xfekPeU05F2FsYWxYK0nmnEP0t
+ydgDFeKl2FI2vUhr2oOaiTs5VlNhMz43diX9AJzjmO4nrePsuA/T3wj8rSzhS9kD
+9IF6GkZ+y+1Yyzf8NWxPfFCL0K4B5/+pGDY5BETX+BHq4kKCGjWVWz9Whd9MeaJb
+4buycT9RyKZrmSEe/fkCAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAjuAYYpA337xi
+Uem4MTmCB68VVEPxVeiR3geTqZdk42ep6ATfalbAIAsqzTsh5QPU5FZByrZauOWA
+6m5HLmlEY3UQmI6l1P9KcOAIVfHQ0uVIpREuEaiFJlA2pif/Epk+Go/jp+yKPHms
+/IT/ZhZTzUCM3xbcan9rDA779pgi/NqYSHJ1EljiD+Wt8jDk67hZAjHum9b79UNs
+bJqB4wHrNkoyOZZnmW88nDeJGvBpoeo/zsy4xi20E23oBP7ti7QVEvsvaZtJ5L7S
+mysHP03fIkfquXswZ8Xl5wS3Vjr82wx9LOGunzZzFF4awRrsIuovvxrTBTD/NNHA
+v0Mm7UC0I8A27mlpufneN4TFcXmYW0KZxkiLbcrXtOicqgRyfEB1UC2C8RAPmeX3
+VGM+odFNhJjkCecms4/xpSqj13CE6S6ci2+osfiMWm5uBw6wAfPt/5rPrvy50dWx
+J13vign9EqLAy7aVRzK8ghu1bOLlXV5Hp6kwwMYYqZBV5A0xOuSj
+-----END CERTIFICATE-----

docker/ssp-debug-sp/certificates/sp.key

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAsjKhsnr6xfzLPH7BkHc+n6swgPE/0CgvSW95uxKUDqfzjKv6
+gb+II7RX9P2wLp9jf7us2TpT5OtYlVkW8SHrfzvQQKKkYbU+jx0FXEXl0dRd/g5N
+rx/PkMmcJ1hhDcIdegWLoqyHlkLhIH1Q1KUoNjAY5B42ZqRfA8Z+nePOasK3WxWT
+fs90D7cTWjbtRQZLbIDzY5aROxzQfcXBsuA5YEyD/vNJyoDPinaKcPRVZO9W3yih
+6dZvakkmxSPna7W7RSezj6hWA7PYCRGPIrwCyA9RETUJADyJq/xCD4msx3OJ5EH4
+uCreaIbLxrn3QsWLTlBsY3K5KvaCV+WIogvcX3pD3lNORdhbGFsWCtJ5pxD9LcnY
+AxXipdhSNr1Ia9qDmok7OVZTYTM+N3Yl/QCc45juJ63j7LgP098I/K0s4UvZA/SB
+ehpGfsvtWMs3/DVsT3xQi9CuAef/qRg2OQRE1/gR6uJCgho1lVs/VoXfTHmiW+G7
+snE/Ucima5khHv35AgMBAAECggGAKVZrgj7bG8C32NHCz2OKKHoK526PkhcwWQW+
+JHJ73CaD7hcbJqwqxbWZTeDn1PjumPwNbdsFCS67PvIKy2dF/R8AAW55WZ005Pgj
+fTNNy+5K25uv07c6bGkIi2wKH6nvMpZEvTjuvyHGncXUUW/6sw9XRtvnXMo2rGaI
+itIE2WlQJZYMwDcZwmeC2sOxKPj72DDVxT1xdVgK2ZJdi8ROKxO07xi6/noBKyqy
+lN9pS9/ltCD15ovzDqHnl4XrsmXWpvMuBl6f9ACNTI0jZE1WoMMKhxPdWvRm+gId
+U3ikNK6eLfReHu6jeTQRNCAO9dExrAJzgV7G4jHwinDrBk8ywYqSYVrbpz5Sx/Ij
+W6Gt9XMjHz2y8Bs114foVW3Fr3Fj55/eQu1xa6WaxFcF5nEP2/bLXexMJHqeMI4r
+T+150G6pjHk2uvh61JB8aAfaqIrOP7/1hjbJBIHjD/ub2xZ7uwtibFQvhmOpzYE8
+jeO09A2byQU2yIXvZXxVJWE4vmwBAoHBAOuRI+WqFpRAlJ7yolRfM0uwo3R09+Aw
+LZ3tvnMHGJPipImFC5k2ralll/tstBVdRNEMIqsLcogBfMt3F1kx6hYtMXj3gy9S
+b0XKJvEikdQvmdUjVfkIlRI+yMm811xqtqNXcLqndSxTUkTotpxmU7p1AhdXpIv9
+IiXaBfuUvBi68M8tJ0tgJWKCDtwJWtlvhKRv6UXVauJbb8QczIgrpk0PVI9WvX0Z
+VN/3bq/BxJBjD/RvLN1uNqjsi/qoN1wWeQKBwQDBp5XrNzU8wctaLxdZrKCjfe0T
+X3Scm9xgWKZOZUBOH6ydbVya/g0VsFM6mgu6tz2yMGA4TlmqM2WfzhzVkb2aJ8Z4
+me2jsyqku3sANZzFaGRMu0i03LC6SFv9NQ+YA8p01Ry9KPF8RU0Ows9Zv/uVgPNp
+CEy8GfjbmJsbfEPkj5gNIJx5RNEgI6mSOOtTAiQK7Mra4bJwgvRSudhpMQJWUdbo
+J8k0+VSspmC0gIh108rAvlpEDTBgDa7QAbMGQ4ECgcB1bQNk79WTj2HGnhK3VkF+
+wI2qdsg9dCa5LBMcyfPBfGAiwTSX6n7FC4Soa3aVk8nDH3aEpw8vpvYrgrEb4Frd
+NSgNMeyuATzAoFWrLF1fVV8stRGdM18EGlIC5mTAh92FLQhfsywgrWQ8P3kQG54v
+OzaQpjq7IbMNBVKoJ2tgNIfn7o1A8KuSIF0B6JPmAcYwJi01h35hWc0sCGMYmhGr
+JjIzxbxtiNwbTP9bE49FnmwMoALQWqlaqZfZmlMGT5kCgcBKaPiEHvyH0fcvOfUA
+8gHvkE1uKjmGi6UMKEQOz3z8B9Ot0f3JWGDyuoPgepyTLCG6vDfcqs5tRb6AvxP5
+RDzUZQAwCwVy5z81eQx0MiWA/PG9QiFXzYzipzchfif1w08hwVl/naHcnExVpalC
+1S/4bEobS6Mgi+JBjsvarc7wnfRQ5vz44+ZvMQTROKnDhYkP4Zi4rgyAivEScHKl
+SL2bKWsoXVFE16EfjfaOpOzKSY0YrovEpkS2Q8uuBVkiyQECgcB4JN+HiWD5auBl
+S0eDa+cGd7dNcs3d1t++sIyGZtxclzlpzHl5mr5Ey9UdkCvB3JmUh+fSsxBile7Y
+n03lt29kozvJ5FsL6t8zp3Fs9HY9fvNJQ51J7xLJpeGuZkUebxQRad/Gs18EkP4c
+5Wpa8inZay7o2+VHPcgyp1OmAMwUxof8WNdzhpqe1SR/c58WOOu0OPyDP6gmEUu3
+rka3UsBdb2pXLUCipKVDOOO64ACNicH6Lp+jZgdNCg1N+KKdTdM=
+-----END RSA PRIVATE KEY-----

docker/ssp-debug-sp/certificates/ssp.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID4zCCAksCFE/RXnB+y6e2zlC0Zpi7Pl6GbyuAMA0GCSqGSIb3DQEBCwUAMC4x
+EzARBgNVBAMMClJBIFNBTUwgU1AxFzAVBgNVBAoMDkRldmVsb3BtZW50IFZNMB4X
+DTIxMDQyMDA3MDIyM1oXDTI2MDQxOTA3MDIyM1owLjETMBEGA1UEAwwKUkEgU0FN
+TCBTUDEXMBUGA1UECgwORGV2ZWxvcG1lbnQgVk0wggGiMA0GCSqGSIb3DQEBAQUA
+A4IBjwAwggGKAoIBgQCyMqGyevrF/Ms8fsGQdz6fqzCA8T/QKC9Jb3m7EpQOp/OM
+q/qBv4gjtFf0/bAun2N/u6zZOlPk61iVWRbxIet/O9BAoqRhtT6PHQVcReXR1F3+
+Dk2vH8+QyZwnWGENwh16BYuirIeWQuEgfVDUpSg2MBjkHjZmpF8Dxn6d485qwrdb
+FZN+z3QPtxNaNu1FBktsgPNjlpE7HNB9xcGy4DlgTIP+80nKgM+Kdopw9FVk71bf
+KKHp1m9qSSbFI+drtbtFJ7OPqFYDs9gJEY8ivALID1ERNQkAPImr/EIPiazHc4nk
+Qfi4Kt5ohsvGufdCxYtOUGxjcrkq9oJX5YiiC9xfekPeU05F2FsYWxYK0nmnEP0t
+ydgDFeKl2FI2vUhr2oOaiTs5VlNhMz43diX9AJzjmO4nrePsuA/T3wj8rSzhS9kD
+9IF6GkZ+y+1Yyzf8NWxPfFCL0K4B5/+pGDY5BETX+BHq4kKCGjWVWz9Whd9MeaJb
+4buycT9RyKZrmSEe/fkCAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAjuAYYpA337xi
+Uem4MTmCB68VVEPxVeiR3geTqZdk42ep6ATfalbAIAsqzTsh5QPU5FZByrZauOWA
+6m5HLmlEY3UQmI6l1P9KcOAIVfHQ0uVIpREuEaiFJlA2pif/Epk+Go/jp+yKPHms
+/IT/ZhZTzUCM3xbcan9rDA779pgi/NqYSHJ1EljiD+Wt8jDk67hZAjHum9b79UNs
+bJqB4wHrNkoyOZZnmW88nDeJGvBpoeo/zsy4xi20E23oBP7ti7QVEvsvaZtJ5L7S
+mysHP03fIkfquXswZ8Xl5wS3Vjr82wx9LOGunzZzFF4awRrsIuovvxrTBTD/NNHA
+v0Mm7UC0I8A27mlpufneN4TFcXmYW0KZxkiLbcrXtOicqgRyfEB1UC2C8RAPmeX3
+VGM+odFNhJjkCecms4/xpSqj13CE6S6ci2+osfiMWm5uBw6wAfPt/5rPrvy50dWx
+J13vign9EqLAy7aVRzK8ghu1bOLlXV5Hp6kwwMYYqZBV5A0xOuSj
+-----END CERTIFICATE-----

docker/ssp-debug-sp/certificates/ssp.key

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAsjKhsnr6xfzLPH7BkHc+n6swgPE/0CgvSW95uxKUDqfzjKv6
+gb+II7RX9P2wLp9jf7us2TpT5OtYlVkW8SHrfzvQQKKkYbU+jx0FXEXl0dRd/g5N
+rx/PkMmcJ1hhDcIdegWLoqyHlkLhIH1Q1KUoNjAY5B42ZqRfA8Z+nePOasK3WxWT
+fs90D7cTWjbtRQZLbIDzY5aROxzQfcXBsuA5YEyD/vNJyoDPinaKcPRVZO9W3yih
+6dZvakkmxSPna7W7RSezj6hWA7PYCRGPIrwCyA9RETUJADyJq/xCD4msx3OJ5EH4
+uCreaIbLxrn3QsWLTlBsY3K5KvaCV+WIogvcX3pD3lNORdhbGFsWCtJ5pxD9LcnY
+AxXipdhSNr1Ia9qDmok7OVZTYTM+N3Yl/QCc45juJ63j7LgP098I/K0s4UvZA/SB
+ehpGfsvtWMs3/DVsT3xQi9CuAef/qRg2OQRE1/gR6uJCgho1lVs/VoXfTHmiW+G7
+snE/Ucima5khHv35AgMBAAECggGAKVZrgj7bG8C32NHCz2OKKHoK526PkhcwWQW+
+JHJ73CaD7hcbJqwqxbWZTeDn1PjumPwNbdsFCS67PvIKy2dF/R8AAW55WZ005Pgj
+fTNNy+5K25uv07c6bGkIi2wKH6nvMpZEvTjuvyHGncXUUW/6sw9XRtvnXMo2rGaI
+itIE2WlQJZYMwDcZwmeC2sOxKPj72DDVxT1xdVgK2ZJdi8ROKxO07xi6/noBKyqy
+lN9pS9/ltCD15ovzDqHnl4XrsmXWpvMuBl6f9ACNTI0jZE1WoMMKhxPdWvRm+gId
+U3ikNK6eLfReHu6jeTQRNCAO9dExrAJzgV7G4jHwinDrBk8ywYqSYVrbpz5Sx/Ij
+W6Gt9XMjHz2y8Bs114foVW3Fr3Fj55/eQu1xa6WaxFcF5nEP2/bLXexMJHqeMI4r
+T+150G6pjHk2uvh61JB8aAfaqIrOP7/1hjbJBIHjD/ub2xZ7uwtibFQvhmOpzYE8
+jeO09A2byQU2yIXvZXxVJWE4vmwBAoHBAOuRI+WqFpRAlJ7yolRfM0uwo3R09+Aw
+LZ3tvnMHGJPipImFC5k2ralll/tstBVdRNEMIqsLcogBfMt3F1kx6hYtMXj3gy9S
+b0XKJvEikdQvmdUjVfkIlRI+yMm811xqtqNXcLqndSxTUkTotpxmU7p1AhdXpIv9
+IiXaBfuUvBi68M8tJ0tgJWKCDtwJWtlvhKRv6UXVauJbb8QczIgrpk0PVI9WvX0Z
+VN/3bq/BxJBjD/RvLN1uNqjsi/qoN1wWeQKBwQDBp5XrNzU8wctaLxdZrKCjfe0T
+X3Scm9xgWKZOZUBOH6ydbVya/g0VsFM6mgu6tz2yMGA4TlmqM2WfzhzVkb2aJ8Z4
+me2jsyqku3sANZzFaGRMu0i03LC6SFv9NQ+YA8p01Ry9KPF8RU0Ows9Zv/uVgPNp
+CEy8GfjbmJsbfEPkj5gNIJx5RNEgI6mSOOtTAiQK7Mra4bJwgvRSudhpMQJWUdbo
+J8k0+VSspmC0gIh108rAvlpEDTBgDa7QAbMGQ4ECgcB1bQNk79WTj2HGnhK3VkF+
+wI2qdsg9dCa5LBMcyfPBfGAiwTSX6n7FC4Soa3aVk8nDH3aEpw8vpvYrgrEb4Frd
+NSgNMeyuATzAoFWrLF1fVV8stRGdM18EGlIC5mTAh92FLQhfsywgrWQ8P3kQG54v
+OzaQpjq7IbMNBVKoJ2tgNIfn7o1A8KuSIF0B6JPmAcYwJi01h35hWc0sCGMYmhGr
+JjIzxbxtiNwbTP9bE49FnmwMoALQWqlaqZfZmlMGT5kCgcBKaPiEHvyH0fcvOfUA
+8gHvkE1uKjmGi6UMKEQOz3z8B9Ot0f3JWGDyuoPgepyTLCG6vDfcqs5tRb6AvxP5
+RDzUZQAwCwVy5z81eQx0MiWA/PG9QiFXzYzipzchfif1w08hwVl/naHcnExVpalC
+1S/4bEobS6Mgi+JBjsvarc7wnfRQ5vz44+ZvMQTROKnDhYkP4Zi4rgyAivEScHKl
+SL2bKWsoXVFE16EfjfaOpOzKSY0YrovEpkS2Q8uuBVkiyQECgcB4JN+HiWD5auBl
+S0eDa+cGd7dNcs3d1t++sIyGZtxclzlpzHl5mr5Ey9UdkCvB3JmUh+fSsxBile7Y
+n03lt29kozvJ5FsL6t8zp3Fs9HY9fvNJQ51J7xLJpeGuZkUebxQRad/Gs18EkP4c
+5Wpa8inZay7o2+VHPcgyp1OmAMwUxof8WNdzhpqe1SR/c58WOOu0OPyDP6gmEUu3
+rka3UsBdb2pXLUCipKVDOOO64ACNicH6Lp+jZgdNCg1N+KKdTdM=
+-----END RSA PRIVATE KEY-----

docker/ssp-debug-sp/conf/DebugSP/lib/Auth/Source/SP.php

@@ -0,0 +1,83 @@
+<?php
+
+/**
+ * Copyright 2018 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Installation: copy this file to the "modules/saml/lib/Auth/Source/" directory of your SimpleSAMLphp installation
+   Usage:
+   - In authsourcesphp use "DebugSP:SP" where you would otherwise use "saml:SP"
+   - In the call to AuthSimple::requireAuth($params), AuthSimple::login($params) set 'saml:AssertionConsumerServiceURL'
+     and 'DebugSP:extraPOSTvars' to the desired values.
+     E.g.:
+     $params=array(
+        'DebugSP:AssertionConsumerServiceURL' => 'https://...',
+        'DebugSP:extraPOSTvars' => array(
+           'SomePOSTvariable'    => 'SomeValue',
+           'AnotherPOSTvariable' => 'AnotherValue'
+        ),
+     );
+     $as->login($params);
+*/
+
+// Extend from the SimpleSAMLphp SAML 2.0 authentication source "saml:SP"
+class sspmod_DebugSP_Auth_Source_SP extends sspmod_saml_Auth_Source_SP {
+
+    public function __construct($info, $config) {
+        parent::__construct($info, $config);
+    }
+
+    public function sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar) {
+
+        if ( isset( $state['DebugSP:AssertionConsumerServiceURL'] ) ) {
+            // Set the AssertionConsumerServiceURL in the AuthnRequest
+            $ar->setAssertionConsumerServiceURL( $state['DebugSP:AssertionConsumerServiceURL'] );
+        }
+
+        if ($binding instanceof \SAML2\HTTPPost) {
+            // replicate \SAML2\HTTPPost::send(Message $message) so we can set additional POST variables
+            $destination = $ar->getDestination();
+            $relayState = $ar->getRelayState();
+            $post = array();
+
+            // Set extra POST variables
+            if (isset($state['DebugSP:extraPOSTvars'])) {
+                assert(is_array($state['DebugSP:extraPOSTvars']), 'DebugSP:extraPOSTvars must be array()');
+                foreach ($state['DebugSP:extraPOSTvars'] as $key => $value) {
+                    $post[$key] = $value;
+                }
+            }
+
+            // Create SAMLRequest
+            $msgStr = $ar->toSignedXML();
+            $msgStr = $msgStr->ownerDocument->saveXML($msgStr);
+
+            \SAML2\Utils::getContainer()->debugMessage($msgStr, 'out');
+
+            $post['SAMLRequest'] = base64_encode($msgStr);
+
+            if ($relayState !== null) {
+                $post['RelayState'] = $relayState;
+            }
+
+            \SAML2\Utils::getContainer()->postRedirect($destination, $post);
+
+            return;
+        }
+
+        // Use partent implementation
+        parent::sendSAML2AuthnRequest($state, $binding, $ar);
+    }
+}

docker/ssp-debug-sp/conf/DebugSP/www/sp/saml2-acs.php

@@ -0,0 +1,26 @@
+<?php
+
+/**
+ * Copyright 2018 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Rename the "_SAMLResponse" variable that used by the ADFS SFO extension back to the SAML HTTP-POST standard
+// "SAMLResponse" and then hand over processing to the standard SSP ACS processing
+
+if (isset($_POST['_SAMLResponse'])) {
+    $_POST['SAMLResponse'] = $_POST['_SAMLResponse'];
+}
+
+require(__DIR__.'/../../../saml/www/sp/saml2-acs.php');