ISTWCMS-3030: Saml files with symbolic links and saml.pem private key

ae4ca024 · Tyler Struyk · 17485111 · ae4ca024 · ae4ca024 · ae4ca024
Commit ae4ca024 authored Mar 19, 2020 by Tyler Struyk
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
 /modules
 /themes
 /libraries
+/saml_config/cert/saml.pem
--- a/composer.json
+++ b/composer.json
@@ -84,6 +84,8 @@
        "drupal/role_expire": "1.3",
        "drupal/samlauth": "dev-3.0-alpha1-uw_wcms3",
        "drupal/search_kint": "dev-8.x-1.x",
+        "drupal/simplesamlphp_auth": "3.2",
+        "drupal/simplesamlphp_custom_attributes": "^1.0",
        "drupal/simplify_menu": "2.0",
        "drupal/sophron": "1.0-rc1",
        "drupal/token": "1.5",
@@ -104,6 +106,7 @@
        "onelogin/php-saml": "3.2.1",
        "oomphinc/composer-installers-extender": "v1.1.2",
        "phpunit/phpunit": "^7",
+        "simplesamlphp/simplesamlphp": "^1.18",
        "symfony/browser-kit": ">=2.8.13 <3.0",
        "symfony/css-selector": "~3.0",
        "symfony/finder": "^4.0",

--- a/saml_config/cert/saml.crt
+++ b/saml_config/cert/saml.crt
+-----BEGIN CERTIFICATE-----
+MIID4DCCAsigAwIBAgIJALC8GNTD5x5dMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xETAPBgNVBAcMCFdhdGVybG9vMRIwEAYDVQQKDAl1V2F0ZXJsb28xDTALBgNVBAsMBFdDTVMxCzAJBgNVBAMMAmQ4MSUwIwYJKoZIhvcNAQkBFhZ0eWxlci5zdHJ1eWtAZ21haWwuY29tMB4XDTE3MDkwNTE4MDQwN1oXDTI3MDkwNTE4MDQwN1owgYQxCzAJBgNVBAYTAkNBMQswCQYDVQQIDAJPTjERMA8GA1UEBwwIV2F0ZXJsb28xEjAQBgNVBAoMCXVXYXRlcmxvbzENMAsGA1UECwwEV0NNUzELMAkGA1UEAwwCZDgxJTAjBgkqhkiG9w0BCQEWFnR5bGVyLnN0cnV5a0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyvEhtLHAYOVD8ruY0M8rttbk+Vil2WSuvfPw9tXBAz1imaVdIId8P9ux1Rfs+K7C8PdNrfX7EltiZGLEU/JlxJsjZZ4F+X6UeAg5y9ST66ZRfAG7pI+VlYs0aMEXt5VEpxKoMOZja/15i6U0vnymSUYg3hl5GF9meKJy32GaiylEx8JM1LkulD5D7QROFcO2cpoAN3oUv3gVa5UaYf/l8ozB1Cv3mnfQojinjs6QfZjSIf0g2bd6TTZL4UxoyGcL/xuq+BmAH66I8/iXygNJWKrmedHtwapyaB723MhEcPk6lcmvzVlxr84s/u7rhSw81J5IbmrgfrbcC3uw5ofl7AgMBAAGjUzBRMB0GA1UdDgQWBBRWWKM4qLXtU60wDPlStVD592+oVDAfBgNVHSMEGDAWgBRWWKM4qLXtU60wDPlStVD592+oVDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAGDckQ5oZU8PpbmpSsE6+S88/WG3gLL+cnzwjZ6Uji4IO22v37TbcTGivBHK/n66ryA4E/psy5rtD+cW44BlTcpsKL2eqT2oBaKblTUyOObqR4UkxVXKJWRE4m+Ep0EuTOIR02P9thwYFkZpUqw6MTN81EtdC7bu4MQFKg5tTB0RyFrG2XfjKfHZlj/e6ppr368xG5i1BqKW0wE/5ulVmjgwzll86ysRD5tjaGMI4V/7YjkPNZfn+GBFeh7m0kLyA4BaHsX2IuL8Dysujw/Y1I4FuyEgo5V/ophjDnDe54cu9RDJOlO+6K6lncBFgfbHPaXsifQj+bz2zswWHWVPe4
+-----END CERTIFICATE-----
--- a/saml_config/config/authsources.php
+++ b/saml_config/config/authsources.php
+<?php
+$config = array(
+  'admin' => array(
+    'core:AdminPassword',
+  ),
+  'default-sp' => array(
+   'saml:SP',
+
+   // You can get this from ADFS Federation file
+   // Contact your ADFS administrator
+   // to obtain this information.
+   'entityID'             => 'urn:drupal:adfs-saml',
+   'idp'                  => 'http://adfstest.uwaterloo.ca/adfs/services/trust',
+   'NameIDPolicy'         => null,
+   'redirect.sign'        => true,
+   'assertion.encryption' => true,
+   'sign.logout'          => true,
+
+   // Generate using openssl, @see example above.
+   // These are the certs from `/cert` directory.
+   'privatekey'           => 'saml.pem',
+   'certificate'          => 'saml.crt',
+   // Defaults to SHA1 (http://www.w3.org/2000/09/xmldsig#rsa-sha1)
+   'signature.algorithm'  => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
+  ),
+);
--- a/saml_config/config/config.php
+++ b/saml_config/config/config.php
--- a/saml_config/metadata/saml20-idp-remote.php
+++ b/saml_config/metadata/saml20-idp-remote.php
+<?php
+$metadata['http://adfstest.uwaterloo.ca/adfs/services/trust'] = array (
+  'entityid' => 'http://adfstest.uwaterloo.ca/adfs/services/trust',
+  'contacts' => 
+  array (
+    0 => 
+    array (
+      'contactType' => 'support',
+      'emailAddress' => 
+      array (
+        0 => 'noreply@uwaterloo.ca',
+      ),
+      'telephoneNumber' => 
+      array (
+        0 => '519-888-4567',
+      ),
+    ),
+  ),
+  'metadata-set' => 'saml20-idp-remote',
+  'SingleSignOnService' => 
+  array (
+    0 => 
+    array (
+      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+      'Location' => 'https://adfstest.uwaterloo.ca/adfs/ls/',
+    ),
+    1 => 
+    array (
+      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
+      'Location' => 'https://adfstest.uwaterloo.ca/adfs/ls/',
+    ),
+  ),
+  'SingleLogoutService' => 
+  array (
+    0 => 
+    array (
+      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+      'Location' => 'https://adfstest.uwaterloo.ca/adfs/ls/',
+    ),
+    1 => 
+    array (
+      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
+      'Location' => 'https://adfstest.uwaterloo.ca/adfs/ls/',
+    ),
+  ),
+  'ArtifactResolutionService' => 
+  array (
+  ),
+  'NameIDFormats' => 
+  array (
+    0 => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+    1 => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+    2 => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
+  ),
+  'keys' => 
+  array (
+    0 => 
+    array (
+      'encryption' => true,
+      'signing' => false,
+      'type' => 'X509Certificate',
+      'X509Certificate' => 'MIIC7DCCAdSgAwIBAgIQabPppzSyAKFGbXTJwyxgtjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzdGVzdC51d2F0ZXJsb28uY2EwHhcNMTgwODE3MTk1ODIxWhcNMjEwODE2MTk1ODIxWjAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzdGVzdC51d2F0ZXJsb28uY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwrzcRIEo0/J/Sb9Sjg5WHS0EwvrkWiGTLThe+rXgAgxKQ+c3DGqfy22eOXlLn2dWftRnr9Uc2eJc9opZxoatfrSQwXOr3R1P0gZ64XHFbUeOvQmBVCMeo1/b5tDARPVn8DQEAtCddfxIAiSADj6pCOoD7ULL6C+38dJ/OeHvd/ksOD3FlVsdLuq/WtHO4Wd+/257ObtTOcaPvvfxULKVvV0AMoTLr8XYdYDRcRZ7KYI+y1R1cR1c9UjzAbKoGo3ggAK4F6X26nYVMbShCGPsSZQZTqVOQA01hyfWoH7AFXZDBqcipm1lND4BCOTTpfo7COyropUBpS7vctZsYtNs9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBACRs+EwV2xib2jhO3lim3BaSwxnF08NHSouoGBxbvvnqWemBNNVPjw4giUXpQl0S2nySEdYCRWmfSIkISWwUvWGkr9PgfT9NRp0XT2NWe7ebGucG9ZSbAtr+WFcZWw3W7Cg+eUYa7DNJzISXHYVMED0QdGSKPYsjHK60Bpegmd8CzRbHymiBqBlqCQxjqpDWvfWe/HsG4Rsd4YbdOIHBnWl7ezneaTIAFzd1A6gZdrIWFB0vHXOZwcI18KGiNZn1ToL8WISdEaYF+iX/NwHnTf61Z3THCtGDqkeXFyHR4UEfDK5Vdbep8UNx7/0jCFG0gb4RId6E1U6OT379QCaXF8o=',
+    ),
+    1 => 
+    array (
+      'encryption' => false,
+      'signing' => true,
+      'type' => 'X509Certificate',
+      'X509Certificate' => 'MIIC5jCCAc6gAwIBAgIQJ0Z/g10RYJhI50XIRoJ4FTANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzdGVzdC51d2F0ZXJsb28uY2EwHhcNMTgwODE3MTk1ODI3WhcNMjEwODE2MTk1ODI3WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzdGVzdC51d2F0ZXJsb28uY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/1OpIRlqWp6cX0PkhpvKr/o0uuYPIm1NHuh2JO3ott1OgSvz+T7+S1lT5EAoD8ZUjCTstOppE0jTI/JRyvtETCqpjW8Lzv++KOLpqB/Qp7G83cjzb2j1bz117VEisdBXLnRF1G1TAD/gk1+HJ4R0U+59GEgFsL8cF+2ZwWVjexZsD+d+9luUsU8kgdvkGp/jcj0dmKsbwGspZkRz7mF2wcToD73bneCyw8PzQ/+02uN0qtX6m5lFpRLt9d/FOIOTpHEshkrlJLrGo3+0JWj5A5vzHgYvZ8xqNx1x/hWuFf2MJdSnl58v2yCaxDfT+S+JYBuvOngP/Sfwk5qdZnqv5AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKAVGOCbHr/FIjgjCkpEVpPsQT1+ChJl0AOjdsNGOfgciVvigDV7SZIHL199RAV8IQgpiHFpBkREWhKGFM0D8eqmovfXkj+gRele0TlDi0PrfbwmLZ/uwMol09FvmZseuKLppwPnbrX9f/wpiXImy/P4GfKBfLQY/BxjxRTyrYXM9oYVzK6I8XWWRFYl10d0MWIQeIKSuZZHVwjVX1KLiUVRczBAzCdUsRoeq5TtlCQCklVWx/G4gO07A62rVC15ik4X2PjMhR1IHLwsTjhklv58PCl+oammYgxGaMsRGjdZHYk55znPeNhk0Xs+UbyF2P0D1LM9i8GZmX0IegCpx90=',
+    ),
+  ),
+);