Merge pull request #310 from OpenConext/feature/add-4-0-0-changelog

Update 4.0.0 documentation

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+# 4.0.0
+From this version PHP 7.2 is supported and support for PHP 5.6 is dropped.
+
+Be aware that the new Symfony directory structure is now used. So if you are overwriting for example config files it is recommended 
+to verify the location on forehand. Also the file extensions of Yaml files are changed and some Symfony specific special characters    
+need to be escaped. 
+
+See:  https://github.com/symfony/symfony/blob/4.4/UPGRADE-4.0.md
+
+**Improvements** 
+* Upgrade to Symfony4.4 LTS with PHP7.2 support #307
+
 # 3.1.8
 **Feature**
 * Added identity & token bootstrap console commands (for test) #302 #303 #304 #305 

README.md

@@ -17,7 +17,7 @@ This component is part of "Step-up Authentication as-a Service". See [Stepup-Dep
 
 Clone the repository or download the archive to a directory. Install the dependencies by running `composer install` and fill out the database credentials et cetera.
 
-Make sure to run database migrations using `app/console middleware:migrations:migrate`. 
+Make sure to run database migrations using `bin/console middleware:migrations:migrate`. 
 
 ## Management API
 
@@ -31,7 +31,7 @@ Some of the configuratio of the components is static (i.e. stored in parameteres
 
 ### Adding new events
 
-Whenever adding a new event, be sure to update `app/config/events.yml`.
+Whenever adding a new event, be sure to update `bin/config/events.yml`.
 This is a list of events that is shown when replaying events.
 Also be sure to create or update the event serialization/deserialization tests,
 for example see [EventSerializationAndDeserializationTest for Configuration events][event-serialization-example]

bin/extract-translations.sh

@@ -1,2 +1,2 @@
 #!/bin/bash
-app/console translation:extract --config=default --env=dev
+php72 bin/console translation:extract --config=default --env=dev

docs/MiddlewareConfiguration.md

@@ -178,7 +178,7 @@ Each element in the ```service_providers``` array must be an object and contain
 * `entity_id` has a string as value that identifies the IdP that is listed as Authenticating Authority in the SAML assertion.
 * `public_key` contains the Base64 encoded X.509 certificate with the the public signing key of the SP (i.e. a PEM certificate, but without the PEM "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" headers and without whitespace). This is value of the X509Certificate element in the KeyDescriptor of the SAML 2.0 metadata of the SP.
 * The `acs` property contains a list of AssertionConsumerService (ACS) Location URLs to which the SAMLResponse may be sent. The Stepup-Gateway always uses the SAML HTTP-POST Binding to send the SAMLResponse the ACS location of the SP. The first ACS location in the `acs` list is the default location. When multiple ACS locations are present the SP can specify the ACS location to use in the AuthnRequest using the `AssertionConsumerServiceURL` attribute. The requested ACS location must match exacly with one of the enties in the `acs` property, otherwise the default location is used. For an SFO SP multiple ACS locations are not supported and the default location is always used. When the SFO SP is an ADFS MFA Plugin the verification is more relaxed, and it is only verified that the requested ACS location starts with the default location. Multiple ACS locations are supported since Stepup-Gateway 2.9.2 (Release 15)
-* The `loa` property must contain a hash (object) with at least the key `__default__` with the default required minimum loa for the SP as value. The LoA values, even for SFO, that are used in the configuration are the values that are defined using the `gateway_loa_loa*` parameters in the [gateway configuration](https://github.com/OpenConext/Stepup-Gateway/blob/develop/app/config/parameters.yml.dist).
+* The `loa` property must contain a hash (object) with at least the key `__default__` with the default required minimum loa for the SP as value. The LoA values, even for SFO, that are used in the configuration are the values that are defined using the `gateway_loa_loa*` parameters in the [gateway configuration](https://github.com/OpenConext/Stepup-Gateway/blob/develop/config/legacy/parameters.yml.dist).
   For specific institutions an alternative minimum LoA can be specified by using the institution identifier (as used in the institution whitelist configuration) as the key, and the required minimum LoA as the value.
 * `second_factor_only` boolean determines whether this SP is allowed to use the Second Factor Only (SFO) mode. SFO uses different endpoints and metadata (/second-factor-only/metadata). Using SFO is mutually exclusive with using the normal endpoint (/second-factor-only/metadata).
 * `second_factor_only_nameid_patterns` contains a list of patterns (strings that may contain a '*' wildcard character) that are allowed to use the Second Factor Only mode. E.g. the wilcard pattern `urn:collab:person:example.org:*` matches all NameIDs that start with "urn:collab:person:example.org:". Does nothing if `second_factor_only` is not set to true.
@@ -208,7 +208,7 @@ It is possible to specify a LoA in 3 places:
 
 The Gateway will require that the user authenticates with the highest LoA of all of these. I.e. it is possible the raise the LoA, not to lower it.
 
-Second Factor Only (SFO) mode requires that AuthnRequests use LoA aliases in the AuthnRequest. However internally these are immediately translated to their equivalent LoAs. This means that the configuration must **not** use Second Factor Only LoA aliases, only the LoAs defined in the `gateway_loa_loa*` parameters in the [gateway configuration](https://github.com/OpenConext/Stepup-Gateway/blob/develop/app/config/parameters.yml.dist).
+Second Factor Only (SFO) mode requires that AuthnRequests use LoA aliases in the AuthnRequest. However internally these are immediately translated to their equivalent LoAs. This means that the configuration must **not** use Second Factor Only LoA aliases, only the LoAs defined in the `gateway_loa_loa*` parameters in the [gateway configuration](https://github.com/OpenConext/Stepup-Gateway/blob/develop/config/legacy/parameters.yml.dist).
 
 ### Example
 ```json

docs/test-data.md

@@ -40,7 +40,7 @@ In order of appearance:
 **Example usage**
 
 ```bash
-$ app/console middleware:bootstrap:sms urn:collab:person:institution-b:joe-beone institution-b.example.com "+31 (0) 612345678" vetted 'db9b8bdf-720c-44ba-a4c4-154953e45f14'
+$ bin/console middleware:bootstrap:sms urn:collab:person:institution-b:joe-beone institution-b.example.com "+31 (0) 612345678" vetted 'db9b8bdf-720c-44ba-a4c4-154953e45f14'
 Adding a vetted SMS token for Joe Beone
 Creating an unverified SMS token
 Creating a verified SMS token
@@ -62,7 +62,7 @@ In order of appearance:
 **Example usage**
 
 ```bash
-$ app/console middleware:bootstrap:yubikey urn:collab:person:institution-b:joe-beone institution-b.example.com 01622612 vetted 'db9b8bdf-720c-44ba-a4c4-154953e45f14'
+$ bin/console middleware:bootstrap:yubikey urn:collab:person:institution-b:joe-beone institution-b.example.com 01622612 vetted 'db9b8bdf-720c-44ba-a4c4-154953e45f14'
 Adding a vetted Yubikey token for Joe Beone
 Creating an unverified Yubikey token
 Creating a verified Yubikey token
@@ -85,7 +85,7 @@ In order of appearance:
 **Example usage**
 
 ```bash
-$ app/console middleware:bootstrap:gssp urn:collab:person:institution-b:joe-beone institution-b.example.com tiqr t39dk-aas vetted 'db9b8bdf-720c-44ba-a4c4-154953e45f14'
+$ bin/console middleware:bootstrap:gssp urn:collab:person:institution-b:joe-beone institution-b.example.com tiqr t39dk-aas vetted 'db9b8bdf-720c-44ba-a4c4-154953e45f14'
 Adding a vetted tiqr GSSP token for Joe Beone
 Creating an unverified tiqr token
 Creating an verified tiqr token