silinternational · briskt · May 24, 2024 · May 18, 2024 · May 20, 2024 · May 20, 2024
diff --git a/Dockerfile b/Dockerfile
@@ -56,7 +56,7 @@ COPY dockerbuild/ssp-overrides/id.php $SSP_PATH/www/id.php
 COPY dockerbuild/ssp-overrides/announcement.php $SSP_PATH/announcement/announcement.php
 COPY tests /data/tests
 
-RUN cp $SSP_PATH/modules/sildisco/sspoverrides/www_saml2_idp/SSOService.php $SSP_PATH/www/saml2/idp/
+RUN cp $SSP_PATH/modules/sildisco/lib/SSOService.php $SSP_PATH/www/saml2/idp/
 RUN chmod a+x /data/run.sh /data/run-tests.sh
 
 ADD https://github.com/silinternational/config-shim/releases/latest/download/config-shim.gz config-shim.gz

diff --git a/README.md b/README.md
@@ -375,3 +375,29 @@ load balancer) in the TRUSTED_IP_ADDRESSES environment variable (see
 #### Status Check
 To check the status of the website, you can access this URL:  
 `https://(your domain name)/module.php/silauth/status.php`
+
+### SilDisco module for SAML Discovery
+
+#### Configuration
+
+Ensure the DYNAMO_* environment variables are set as shown in the local.env.dist file.
+
+#### Overview
+
+[Module Overview](./docs/overview.md)
+
+#### The Hub
+
+[The Hub](./docs/the_hub.md)
+
+#### Authprocs
+
+[Editing Authprocs](./docs/editing_authprocs.md)
+
+#### Development
+
+[Development](./docs/development.md)
+
+#### Functional Testing
+
+[Functional Testing](./docs/functional_testing.md)
diff --git a/actions-services.yml b/actions-services.yml
@@ -16,7 +16,10 @@ services:
       - ssp-hub.local
       - ssp-idp1.local
       - ssp-idp2.local
+      - ssp-idp3.local
       - ssp-sp1.local
+      - ssp-sp2.local
+      - ssp-sp3.local
       - pwmanager.local
       - test-browser
     environment:
@@ -59,7 +62,6 @@ services:
 
       # Enable checking our test metadata
       - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh
-    command: /data/run.sh
     environment:
       ADMIN_EMAIL: "[email protected]"
       ADMIN_PASS: "abc123"
@@ -88,11 +90,8 @@ services:
       - ./development/idp-local/metadata/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php
       - ./development/idp-local/metadata/saml20-sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-remote.php
 
-      # Misc. files needed
-      - ./development/enable-exampleauth-module.sh:/data/enable-exampleauth-module.sh
-
       # Customized SSP code -- TODO: make a better solution that doesn't require hacking SSP code
-      - ./development/idp-local/UserPass.php:/data/vendor/simplesamlphp/simplesamlphp/modules/exampleauth/lib/Auth/Source/UserPass.php
+      - ./development/UserPass.php:/data/vendor/simplesamlphp/simplesamlphp/modules/exampleauth/lib/Auth/Source/UserPass.php
 
       # Enable checking our test metadata
       - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh
@@ -101,7 +100,6 @@ services:
       - ./features:/data/features
     command: >
       bash -c "whenavail db 3306 60 /data/vendor/simplesamlphp/simplesamlphp/modules/silauth/lib/Auth/Source/yii migrate --interactive=0 &&
-      /data/enable-exampleauth-module.sh &&
       /data/run.sh"
     environment:
       ADMIN_EMAIL: "[email protected]"
@@ -113,9 +111,9 @@ services:
       ID_BROKER_ASSERT_VALID_IP: "false"
       ID_BROKER_BASE_URI: "dummy"
       ID_BROKER_TRUSTED_IP_RANGES: "192.168.0.1/8"
-      MFA_SETUP_URL: "http://pwmanager.local:8083/module.php/core/authenticate.php?as=ssp-hub-custom-port"
+      MFA_SETUP_URL: "http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub-custom-port"
       REMEMBER_ME_SECRET: "12345"
-      PROFILE_URL: "http://pwmanager:8083/module.php/core/authenticate.php?as=ssp-hub-custom-port"
+      PROFILE_URL: "http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub-custom-port"
       PROFILE_URL_FOR_TESTS: "http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub"
       SECURE_COOKIE: "false"
       SHOW_SAML_ERRORS: "true"
@@ -140,12 +138,9 @@ services:
       - ./development/idp2-local/metadata/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php
       - ./development/idp2-local/metadata/saml20-sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-remote.php
 
-      # Local modules
-      - ./modules/expirychecker:/data/vendor/simplesamlphp/simplesamlphp/modules/expirychecker
-      - ./modules/profilereview:/data/vendor/simplesamlphp/simplesamlphp/modules/profilereview
-    command: /data/run.sh
-    ports:
-      - "8086:80"
+      # Customized SSP code -- TODO: make a better solution that doesn't require hacking SSP code
+      - ./development/UserPass.php:/data/vendor/simplesamlphp/simplesamlphp/modules/exampleauth/lib/Auth/Source/UserPass.php
+
     environment:
       ADMIN_EMAIL: "[email protected]"
       ADMIN_PASS: "b"
@@ -155,6 +150,28 @@ services:
       SHOW_SAML_ERRORS: "true"
       THEME_USE: "material:material"
 
+  ssp-idp3.local:
+    build: .
+    volumes:
+      # Utilize custom certs
+      - ./development/idp3-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
+
+      # Utilize custom configs
+      - ./development/idp3-local/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
+      - ./development/idp3-local/config/config.php:/data/vendor/simplesamlphp/simplesamlphp/config/config.php
+
+      # Utilize custom metadata
+      - ./development/idp3-local/metadata/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php
+      - ./development/idp3-local/metadata/saml20-sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-remote.php
+
+    environment:
+      ADMIN_EMAIL: "[email protected]"
+      ADMIN_PASS: "c"
+      SECRET_SALT: "h57fjem34fh*nsJFGNjweJ"
+      SECURE_COOKIE: "false"
+      SHOW_SAML_ERRORS: "true"
+      IDP_NAME: "IdP3"
+
   ssp-sp1.local:
     build: .
     volumes:
@@ -179,6 +196,51 @@ services:
       SAML20_IDP_ENABLE: "false"
       ADMIN_PROTECT_INDEX_PAGE: "false"
 
+  ssp-sp2.local:
+    build: .
+    volumes:
+      # Utilize custom certs
+      - ./development/sp2-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
+
+      # Utilize custom configs
+      - ./development/sp2-local/config/config.php:/data/vendor/simplesamlphp/simplesamlphp/config/config.php
+      - ./development/sp2-local/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
+
+      # Utilize custom metadata
+      - ./development/sp2-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
+
+    environment:
+      - [email protected]
+      - ADMIN_PASS=sp2
+      - SECRET_SALT=h57fjemb&dn^nsJFGNjweJz2
+      - SECURE_COOKIE=false
+      - SHOW_SAML_ERRORS=true
+      - SAML20_IDP_ENABLE=false
+      - ADMIN_PROTECT_INDEX_PAGE=false
+
+  ssp-sp3.local:
+    build: .
+    volumes:
+      # Utilize custom certs
+      - ./development/sp3-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
+
+      # Utilize custom configs
+      - ./development/sp3-local/config/config.php:/data/vendor/simplesamlphp/simplesamlphp/config/config.php
+      - ./development/sp3-local/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
+
+      # Utilize custom metadata
+      - ./development/sp3-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
+
+    environment:
+      - [email protected]
+      - ADMIN_PASS=sp3
+      - SECRET_SALT=h57fjemb&dn^nsJFGNjweJz3
+      - SECURE_COOKIE=false
+      - SHOW_SAML_ERRORS=true
+      - SAML20_IDP_ENABLE=false
+      - ADMIN_PROTECT_INDEX_PAGE=false
+
+
   pwmanager.local:
     image: silintl/ssp-base:develop
     volumes:
@@ -204,8 +266,6 @@ services:
   # the broker and brokerDb containers are used by the silauth module
   broker:
     image: silintl/idp-id-broker:latest
-    ports:
-      - "80"
     depends_on:
       - brokerDb
     environment:
@@ -235,8 +295,6 @@ services:
 
   brokerDb:
     image: mariadb:10
-    ports:
-      - "3306"
     environment:
       MYSQL_ROOT_PASSWORD: "r00tp@ss!"
       MYSQL_DATABASE: "broker"

diff --git a/behat.yml b/behat.yml
@@ -18,6 +18,16 @@ default:
     profilereview_features:
       paths:    [ '%paths.base%//features//profilereview.feature' ]
       contexts: [ 'ProfileReviewContext' ]
+    sildisco_features:
+      contexts: ['SilDiscoContext']
+      paths:
+        - '%paths.base%//features//Sp1Idp1Sp2Idp2Sp3.feature'
+        - '%paths.base%//features//Sp1Idp2Sp2Sp3Idp1.feature'
+        - '%paths.base%//features//Sp2Idp2Sp1Idp1Sp3.feature'
+        - '%paths.base%//features//Sp2Idp2Sp1Idp2Sp3.feature'
+        - '%paths.base%//features//Sp3Idp1Sp1Idp1Sp2Idp2.feature'
+        - '%paths.base%//features//WwwMetadataCept.feature'
+        - '%paths.base%//features//ZSp1Idp1BetaSp1Idp3.feature'
     status_features:
       paths:    [ '%paths.base%//features//status.feature' ]
       contexts: [ 'StatusContext' ]
diff --git a/development/idp-local/UserPass.php → development/UserPass.php b/development/idp-local/UserPass.php → development/UserPass.php
diff --git a/development/enable-exampleauth-module.sh b/development/enable-exampleauth-module.sh