diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index ebb6c194..b4662807 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -53,7 +53,7 @@ jobs: run: | cd Docker-compose/satosa-project spid_sp_test --idp-metadata > metadata/idp/spid-sp-test.xml - spid_sp_test --metadata-url https://localhost/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8443" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr + IDP_ENTITYID=https://localhost:8443/samlsso spid_sp_test --metadata-url https://localhost/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8443" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr - name: spid-sp-test CIE id metadata run: | cd Docker-compose/satosa-project diff --git a/.gitignore b/.gitignore index e36be54f..61532ffc 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ Docker-compose/satosa-project/* Docker-compose/djangosaml2_sp/* Docker-compose/mongo/db/* Docker-compose/nginx/html/static/* +Docker-compose/.env diff --git a/Docker-compose/README.md b/Docker-compose/README.md index 0eab6bec..6dd8f017 100644 --- a/Docker-compose/README.md +++ b/Docker-compose/README.md @@ -22,14 +22,18 @@ sudo apt install docker-compose For docker-compose you can also [see here](https://docs.docker.com/compose/install/other/). -## Run the composition MAGIC WAY +## Run the Composition for Demo Purposes Enter in `Docker-compose` directory and run `run-docker-compose.sh`: ```bash cd Docker-compose ./run-docker-compose.sh ``` -The script make the directories for local mounts, copy all required files in right directory and start a full demo with test and Service providers +The script creates the directories for local mounts and copies all required files to start a full demo with test and SAML2 Service Providers. + +> Warning: The script deletes any previous created directory if found. + +The result is represented by the following services: * Satosa-saml2spid is published with nginx frontend on https://localhost * Mongo Espress is published on http://localhost:8081 @@ -38,7 +42,7 @@ The script make the directories for local mounts, copy all required files in rig More details ad start option are avable on [run-docker-compose.sh](../docs/run-docker-compose.sh.md) page -### Run the composition LONG WAY +### Run the Composition for Production Use Enter in `Docker-compose` directory and make required direcotries for local mounts: ```bash @@ -61,6 +65,14 @@ Clean static data from Satosa project rm -R ./satosa-project/static ``` +Copy the example env file and edit according to your configuration, +therefore **all the default passwords MUST be changed**. + +```bash +cp env.example .env +``` +You can still edit all files in detail from their local volumes. + Run the compose for a minimal system (nginx and satosa) ``` docker compose up @@ -73,16 +85,6 @@ docker compose --profile demo up Read the [profiles guide](../docs/docker_compose_profiles.md) for more informations - -### Configure your system -Copy the example env file: -```bash -cp env.example .env -``` - -Edit and personalize the system from `.env` files. You can still edit all files in detail from their local volumes. -**IMPORTANT all the default password must be changed!** - ### Insights * More details on prodiles read the [Docker Compose Profiles](../docs/docker_compose_profiles.md) page diff --git a/Docker-compose/docker-compose.yml b/Docker-compose/docker-compose.yml index ee335526..218d1135 100644 --- a/Docker-compose/docker-compose.yml +++ b/Docker-compose/docker-compose.yml @@ -1,4 +1,5 @@ services: + satosa-mongo: profiles: - demo @@ -39,6 +40,7 @@ services: TZ: "${TZ:-Europe/Rome}" networks: - satosa-saml2spid + django_sp: profiles: - demo @@ -57,6 +59,7 @@ services: - "8000:8000" networks: - satosa-saml2spid + satosa-saml2spid: image: ghcr.io/italia/satosa-saml2spid:latest #image: satosa-saml2spid:latest diff --git a/Docker-compose/env.example b/Docker-compose/env.example index 6a15f3c2..dde23b85 100644 --- a/Docker-compose/env.example +++ b/Docker-compose/env.example @@ -1,8 +1,8 @@ SATOSA_HOSTNAME=localhost -# SATOSA_BASE=https://${SATOSA_HOSTNAME:-localhost} -# SATOSA_BASE_STATIC=${SATOSA_BASE}/static -# SATOSA_DISCO_SRV=${SATOSA_BASE_STATIC}/disco.html -# SATOSA_UNKNOW_ERROR_REDIRECT_PAGE=${SATOSA_BASE_STATIC}/error_page.html +SATOSA_BASE=https://${SATOSA_HOSTNAME:-localhost} +SATOSA_BASE_STATIC=${SATOSA_BASE}/static +SATOSA_DISCO_SRV=${SATOSA_BASE_STATIC}/disco.html +SATOSA_UNKNOW_ERROR_REDIRECT_PAGE=${SATOSA_BASE_STATIC}/error_page.html # Set Time Zone TZ="Europe/Rome" diff --git a/Docker-compose/run-docker-compose.sh b/Docker-compose/run-docker-compose.sh index 5bd7a161..8b730bb5 100755 --- a/Docker-compose/run-docker-compose.sh +++ b/Docker-compose/run-docker-compose.sh @@ -1,6 +1,7 @@ #!/bin/bash export COMPOSE_PROFILES=demo export SKIP_UPDATE= + function clean_data { rm -Rf ./mongo/db/* rm -Rf ./satosa-project/* @@ -9,6 +10,8 @@ function clean_data { } function initialize_satosa { + cp env.example .env + mkdir -p ./satosa-project mkdir -p ./djangosaml2_sp mkdir -p ./mongo/db diff --git a/Dockerfile b/Dockerfile index 9b96232e..c1b4c211 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,6 @@ LABEL org.opencontainers.image.authors=$AUTHORS \ org.opencontainers.image.source=$VCS_URL \ org.opencontainers.image.revision=$VCS_REF \ org.opencontainers.image.description="Docker Image di Satosa-Saml2Spid." - COPY requirements.txt / @@ -27,7 +26,7 @@ ENV BASEDIR="/satosa_proxy" # "mailcap" package is required to add mimetype support RUN apk add --update --no-cache tzdata mailcap xmlsec libffi-dev openssl-dev python3 py3-pip python3-dev procps git openssl build-base gcc wget bash jq yq-go pcre-dev -RUN python3 -m venv .venv && . .venv/bin/activate && pip3 install --upgrade pip setuptools \ +RUN python3 -m venv .venv && . .venv/bin/activate && pip3 install --upgrade pip setuptools \ && pip3 install -r requirements.txt --ignore-installed --root-user-action=ignore && mkdir $BASEDIR \ && addgroup -S satosa && adduser -S satosa -G satosa \ && chown satosa:satosa $BASEDIR diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/urls.py b/example_sp/djangosaml2_sp/djangosaml2_sp/urls.py index b9d5f64f..97cd46dc 100644 --- a/example_sp/djangosaml2_sp/djangosaml2_sp/urls.py +++ b/example_sp/djangosaml2_sp/djangosaml2_sp/urls.py @@ -26,7 +26,7 @@ path(f'{SAML2_URL_PREFIX}/ls/', views.LogoutView.as_view(), name='saml2_ls'), path(f'{SAML2_URL_PREFIX}/ls/post/', views.LogoutView.as_view(), name='saml2_ls_post'), path(f'{SAML2_URL_PREFIX}/metadata/', views.MetadataView.as_view(), name='saml2_metadata'), - # path(f'{SAML2_URL_PREFIX}/echo_attributes', views.EchoAttributesView.as_view(), name='saml2_echo_attributes'), + path(f'{SAML2_URL_PREFIX}/echo_attributes', views.EchoAttributesView.as_view(), name='saml2_echo_attributes'), path('logout/', LogoutView.as_view(), {'next_page': settings.LOGOUT_REDIRECT_URL}, name='logout') ])