GSSP implementation of Tiqr. https://tiqr.org/documentation/
Project is based on example GSSP project https://github.com/OpenConext/Stepup-gssp-example
The default locale is based on the user agent. When the user switches its locale the selected preference is stored inside a browser cookie (stepup_locale). The cookie is set on naked domain of the requested domain (for tiqr.example.com this is example.com).
The application provides internal (SpBundle) and a remote service provider. Instructions for this are given on the homepage of this Tiqr project Homepage.
To get started, first setup the development environment. The dev env is a virtual machine. Every task described here is required to run from that machine.
- ansible 2.x
- vagrant 1.9.x
- vagrant-hostsupdater
- Virtualbox
- ansible-galaxy
ansible-galaxy install -r ansible/requirements.yml -p ansible/roles/
Using the -c
flag can be used to disable ssl verification on the install command.
vagrant up
Go to the directory inside the VM:
vagrant ssh
cd /vagrant
Install composer dependencies:
composer install
Build frontend assets:
composer encore dev
or composer encore production
for production
If everything goes as planned you can go to:
You might need to add your IP address to the list of allowed remote address in web/app_dev.php
.
Xdebug is configured when provisioning your development Vagrant box. It's configured with auto connect IDE_KEY=phpstorm.
Demo sp is available on https://tiqr.example.com/app_dev.php/demo/sp
To run all required test you can run the following commands from the dev env:
composer test
composer behat
Every part can be run separately. Check "scripts" section of the composer.json file for the different options.
Demo sp is available on https://tiqr.example.com/app_dev.php/demo/sp
Fetch registration link automatically from /app_dev.php/registration/qr/dev
./bin/console test:registration <./qr_file.png>
./bin/console test:authentication <./qr_file.png>
Authentication can also be done in 'offline' mode, so you need to fill in your 'one time password'.
./bin/console test:authentication --offline=true ./<qr_file.png>
Currently we support three user storage solutions. Which are file system storage, ldap and database storage. The
filesystem storage is used by default and stores the registered users in the /var/userdb.json
file.
To use the database storage you will need to change some settings:
In the parametes.yml
, in the tiqr_library_options.storage.userstorage
section configure:
tiqr_library_options:
storage:
userstorage:
type: pdo
arguments:
table: user
dsn: 'mysql:host=tiqr.example.com;dbname=tiqr'
username: tiqr-user
password: tiqr-secret
The database schema can be found here: app/Resources/db/mysql-create-tables.sql
Or if you want to use the filesystem storage use this:
tiqr_library_options:
storage:
userstorage:
type: 'file'
arguments:
path: '/tmp'
encryption: 'dummy' # mcrypt is also supported, dummy will not encrypt the entries in the user storage file
Finally to use the LDAP backend provide the following options:
tiqr_library_options:
storage:
userstorage:
type: 'ldap'
# The argument values equal the default values set when the arguments are omitted. So all arguments are
# optional.
arguments:
userClass: 'tiqrPerson'
dnPattern: '%s'
idAttr: 'dn'
displayNameAttr: 'sn'
secretAttr: 'tiqrSecret'
notificationTypeAttr: 'tiqrNotificationType'
notificationAddressAttr: 'tiqrNotificationAddress'
isBlockedAttr: 'tiqrIsBlocked'
loginAttemptsAttr: 'tiqrLoginAttempts'
temporaryBlockAttemptsAttr: 'tiqrTemporaryBlockAttempts'
temporaryBlockTimestampAttr: 'tiqrTemporaryBlockTimestamp'
attributes: null
Please read: https://github.com/OpenConext/Stepup-Deploy/wiki/Release-Management fro more information on the release strategy used in Stepup projects.