From 3ad894264b8a2c4bab10c56774d7c4d41880854e Mon Sep 17 00:00:00 2001 From: Salvatore Laiso Date: Fri, 19 Jan 2024 13:12:59 +0100 Subject: [PATCH 1/4] fix: remove `apply_conf.sh` script and use ENV vars instead --- Docker-compose/.env | 1 + Docker-compose/docker-compose.yml | 55 ++++---- example/entrypoint.sh | 7 +- .../plugins/backends/ciesaml2_backend.yaml | 58 ++++---- example/plugins/backends/pyeudiw_backend.yaml | 130 +++++++----------- example/plugins/backends/saml2_backend.yaml | 46 +++---- .../plugins/backends/spidsaml2_backend.yaml | 54 ++++---- .../plugins/frontends/oidcop_frontend.yaml | 12 +- example/plugins/frontends/saml2_frontend.yaml | 40 +++--- example/proxy_conf.yaml | 11 +- satosa.Dockerfile | 2 +- 11 files changed, 196 insertions(+), 220 deletions(-) diff --git a/Docker-compose/.env b/Docker-compose/.env index f025a248..ab89965d 100644 --- a/Docker-compose/.env +++ b/Docker-compose/.env @@ -1,3 +1,4 @@ MONGO_DBUSER=satosa MONGO_DBPASSWORD=thatpassword HOSTNAME=localhost +KEYS_FOLDER=./pki diff --git a/Docker-compose/docker-compose.yml b/Docker-compose/docker-compose.yml index 7974a177..9b27b79b 100644 --- a/Docker-compose/docker-compose.yml +++ b/Docker-compose/docker-compose.yml @@ -74,32 +74,37 @@ services: - SATOSA_CONTACT_PERSON_EMAIL_ADDRESS=support.example@organization.org - SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER=+3906123456789 - # - SATOSA_CONTACT_PERSON_FISCALCODE=01234567890 - # - SATOSA_CONTACT_PERSON_GIVEN_NAME=Name - # - SATOSA_ENCRYPTION_KEY= + - SATOSA_CONTACT_PERSON_FISCALCODE=01234567890 + - SATOSA_CONTACT_PERSON_GIVEN_NAME=Name + - SATOSA_CONTACT_PERSON_IPA_CODE=ispra_rm + - SATOSA_CONTACT_PERSON_MUNICIPALITY=H501 + - SATOSA_ENCRYPTION_KEY=CHANGE_ME! - # - SATOSA_ORGANIZATION_DISPLAY_NAME_EN=Resource provided by Example Organization - # - SATOSA_ORGANIZATION_DISPLAY_NAME_IT=Resource provided by Example Organization - # - SATOSA_ORGANIZATION_NAME_EN=Resource provided by Example Organization - # - SATOSA_ORGANIZATION_NAME_IT=Resource provided by Example Organization - # - SATOSA_ORGANIZATION_URL_EN=https://example_organization.org - # - SATOSA_ORGANIZATION_URL_IT=https://example_organization.org - # - SATOSA_PRIVATE_KEY= - # - SATOSA_PUBLIC_KEY= - # - SATOSA_SALT= - # - SATOSA_STATE_ENCRYPTION_KEY - # - SATOSA_UI_DESCRIPTION_EN=Resource description - # - SATOSA_UI_DESCRIPTION_IT=Resource description - # - SATOSA_UI_DISPLAY_NAME_EN=Resource Display Name - # - SATOSA_UI_DISPLAY_NAME_IT=Resource Display Name - # - SATOSA_UI_INFORMATION_URL_EN=https://example_organization.org/information_url_en - # - SATOSA_UI_INFORMATION_URL_IT=https://example_organization.org/information_url_en - # - SATOSA_UI_LOGO_HEIGHT=60 - # - SATOSA_UI_LOGO_URL=https://example_organization.org/logo.png - # - SATOSA_UI_LOGO_WIDTH=80 - # - SATOSA_UI_PRIVACY_URL_EN=https://example_organization.org/privacy_en - # - SATOSA_UI_PRIVACY_URL_IT=https://example_organization.org/privacy_en - # - SATOSA_USER_ID_HASH_SALT + - SATOSA_ORGANIZATION_DISPLAY_NAME_EN=Resource provided by Example Organization + - SATOSA_ORGANIZATION_DISPLAY_NAME_IT=Resource provided by Example Organization + - SATOSA_ORGANIZATION_NAME_EN=Resource provided by Example Organization + - SATOSA_ORGANIZATION_NAME_IT=Resource provided by Example Organization + - SATOSA_ORGANIZATION_URL_EN=https://example_organization.org + - SATOSA_ORGANIZATION_URL_IT=https://example_organization.org + - SATOSA_PRIVATE_KEY=${KEYS_FOLDER}/privkey.pem + - SATOSA_PUBLIC_KEY=${KEYS_FOLDER}/cert.pem + - SATOSA_SALT=CHANGE_ME! + - SATOSA_STATE_ENCRYPTION_KEY=CHANGE_ME! + - SATOSA_UI_DESCRIPTION_EN=Resource description + - SATOSA_UI_DESCRIPTION_IT=Resource description + - SATOSA_UI_DISPLAY_NAME_EN=Resource Display Name + - SATOSA_UI_DISPLAY_NAME_IT=Resource Display Name + - SATOSA_UI_INFORMATION_URL_EN=https://example_organization.org/information_url_en + - SATOSA_UI_INFORMATION_URL_IT=https://example_organization.org/information_url_en + - SATOSA_UI_LOGO_HEIGHT=60 + - SATOSA_UI_LOGO_URL=https://example_organization.org/logo.png + - SATOSA_UI_LOGO_WIDTH=80 + - SATOSA_UI_PRIVACY_URL_EN=https://example_organization.org/privacy_en + - SATOSA_UI_PRIVACY_URL_IT=https://example_organization.org/privacy_en + - SATOSA_USER_ID_HASH_SALT=CHANGE_ME! + - SATOSA_REQUESTED_ATTRIBUTES=[] + + - GET_IDEM_MDQ_KEY=true expose: - 10000 ports: diff --git a/example/entrypoint.sh b/example/entrypoint.sh index dc86b126..a2b66792 100644 --- a/example/entrypoint.sh +++ b/example/entrypoint.sh @@ -1,5 +1,10 @@ #!/bin/bash -bash apply_conf.sh +# get IDEM MDQ key +if [[ $GET_IDEM_MDQ_KEY == true ]]; then + wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O $KEYS_FOLDER/idem-mdx-service-crt.pem + wget https://registry.spid.gov.it/metadata/idp/spid-entities-idps.xml -O metadata/idp/spid-entities-idps.xml + echo "Downloaded IDEM MDQ key" +fi uwsgi --ini /satosa_proxy/uwsgi_setup/uwsgi/uwsgi.ini.docker diff --git a/example/plugins/backends/ciesaml2_backend.yaml b/example/plugins/backends/ciesaml2_backend.yaml index 1825ab74..daa2acd9 100644 --- a/example/plugins/backends/ciesaml2_backend.yaml +++ b/example/plugins/backends/ciesaml2_backend.yaml @@ -5,7 +5,7 @@ config: # idp_blacklist_file: /path/to/blacklist.json # error templates - static_storage_url: "https://localhost/static" + static_storage_url: !ENV SATOSA_BASE error_template: "spid_login_error.html" template_folder: "templates" # project root @@ -28,33 +28,33 @@ config: # "https://identity.infocert.it": 'https://www.spid.gov.it/SpidL1' sp_config: - key_file: ./pki/privkey.pem - cert_file: ./pki/cert.pem + key_file: !ENV SATOSA_PRIVATE_KEY + cert_file: !ENV SATOSA_PUBLIC_KEY encryption_keypairs: - - {'key_file': ./pki/privkey.pem, 'cert_file': ./pki/cert.pem} + - {'key_file': !ENV SATOSA_PRIVATE_KEY, 'cert_file': !ENV SATOSA_PUBLIC_KEY} attribute_map_dir: 'attributes-map' organization: display_name: - - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN', 'en'] - - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_DISPLAY_NAME_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_DISPLAY_NAME_IT, 'it'] name: - - [ 'change with $SATOSA_ORGANIZATION_NAME_EN', 'en'] - - [ 'change with $SATOSA_ORGANIZATION_NAME_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_NAME_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_NAME_IT, 'it'] url: - - [ 'https://change_with_SATOSA_ORGANIZATION_URL_EN', 'en'] - - [ 'https://change_with_SATOSA_ORGANIZATION_URL_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_URL_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_URL_IT, 'it'] contact_person: - contact_type: 'administrative' - company: change_with_SATOSA_ORGANIZATION_NAME_IT - email_address: satosa_contact_person_email_address@example.it - telephone_number: change_with_SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER + company: !ENV SATOSA_ORGANIZATION_NAME_IT + email_address: !ENV SATOSA_CONTACT_PERSON_EMAIL_ADDRESS + telephone_number: !ENV SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER cie_info: Public: '' - IPACode: ispra_rm - Municipality: H501 + IPACode: !ENV SATOSA_CONTACT_PERSON_IPA_CODE + Municipality: !ENV SATOSA_CONTACT_PERSON_MUNICIPALITY metadata: @@ -72,28 +72,28 @@ config: ui_info: display_name: - lang: en - text: change with $SATOSA_UI_DISPLAY_NAME_EN + text: !ENV SATOSA_UI_DISPLAY_NAME_EN - lang: it - text: change with $SATOSA_UI_DISPLAY_NAME_IT + text: !ENV SATOSA_UI_DISPLAY_NAME_IT description: - lang: en - text: change with $SATOSA_UI_DESCRIPTION_EN + text: !ENV SATOSA_UI_DESCRIPTION_EN - lang: it - text: change with $SATOSA_UI_DESCRIPTION_IT + text: !ENV SATOSA_UI_DESCRIPTION_IT information_url: - lang: en - text: change with $SATOSA_UI_INFORMATION_URL_EN - - lang: it - text: change with $SATOSA_UI_INFORMATION_URL_IT + text: !ENV SATOSA_UI_INFORMATION_URL_EN + - lang: it + text: !ENV SATOSA_UI_INFORMATION_URL_IT privacy_statement_url: - lang: en - text: change with $SATOSA_UI_PRIVACY_URL_EN + text: !ENV SATOSA_UI_PRIVACY_URL_EN - lang: it - text: change with $SATOSA_UI_PRIVACY_URL_IT + text: !ENV SATOSA_UI_PRIVACY_URL_IT logo: - text: change with $SATOSA_UI_LOGO_URL - width: change with $SATOSA_UI_LOGO_WIDTH - height: change with $SATOSA_UI_LOGO_HEIGHT + text: !ENV SATOSA_UI_LOGO_URL + width: !ENV SATOSA_UI_LOGO_WIDTH + height: !ENV SATOSA_UI_LOGO_HEIGHT # sign dig and enc authn_requests_signed: true @@ -124,7 +124,7 @@ config: 'dateOfBirth', 'fiscalNumber', ] - + requested_attributes: !ENV SATOSA_REQUESTED_ATTRIBUTES #optional_attributes: ['gender', # 'companyName', # 'registeredOffice', @@ -147,4 +147,4 @@ config: - [//disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol'] # disco_srv must be defined if there is more than one IdP in the metadata specified above - disco_srv: "https://sso.isprambiente.it/static/disco.html" + disco_srv: !ENV SATOSA_DISCO_SRV diff --git a/example/plugins/backends/pyeudiw_backend.yaml b/example/plugins/backends/pyeudiw_backend.yaml index c7a6d01d..a7c7a043 100644 --- a/example/plugins/backends/pyeudiw_backend.yaml +++ b/example/plugins/backends/pyeudiw_backend.yaml @@ -4,15 +4,15 @@ name: OpenID4VP config: ui: - static_storage_url: "https://localhost/static" + static_storage_url: !ENV SATOSA_BASE template_folder: "templates" # project root qrcode_template: "qr_code.html" error_template: "error.html" error_url: "https://localhost/static/error_page.html" - + endpoints: pre_request: '/pre-request' - redirect: '/redirect-uri' + redirect-uri: '/redirect-uri' request: '/request-uri' entity_configuration: '/.well-known/openid-federation' status: '/status' @@ -21,7 +21,8 @@ config: qrcode: size: 100 color: '#2B4375' - logo_path: + expiration_time: 120 # seconds + logo_path: use_zlib: false jwt: @@ -50,10 +51,10 @@ config: - ES256 - ES384 - ES512 - + authorization: url_scheme: eudiw - scopes: + scopes: - pid-sd-jwt:unique_id+given_name+family_name default_acr_value: https://www.spid.gov.it/SpidL2 @@ -61,8 +62,8 @@ config: unique_identifiers: - tax_id_code - unique_id - subject_id_salt: CHANGEME! - + subject_id_random_value: CHANGEME! + network: httpc_params: connection: @@ -78,11 +79,11 @@ config: - http://127.0.0.1:8000 default_sig_alg: "RS256" federation_entity_metadata: - - organization_name: Developers Italia SATOSA OpenID4VP backend - - homepage_uri: https://developers.italia.it - - policy_uri: https://developers.italia.it - - tos_uri: https://developers.italia.it - - logo_uri: https://developers.italia.it/assets/icons/logo-it.svg + organization_name: Developers Italia SATOSA OpenID4VP backend + homepage_uri: https://developers.italia.it + policy_uri: https://developers.italia.it + tos_uri: https://developers.italia.it + logo_uri: https://developers.italia.it/assets/icons/logo-it.svg # private jwk federation_jwks: @@ -93,12 +94,12 @@ config: n: utqtxbs-jnK0cPsV7aRkkZKA9t4S-WSZa3nCZtYIKDpgLnR_qcpeF0diJZvKOqXmj2cXaKFUE-8uHKAHo7BL7T-Rj2x3vGESh7SG1pE0thDGlXj4yNsg0qNvCXtk703L2H3i1UXwx6nq1uFxD2EcOE4a6qDYBI16Zl71TUZktJwmOejoHl16CPWqDLGo9GUSk_MmHOV20m4wXWkB4qbvpWVY8H6b2a0rB1B1YPOs5ZLYarSYZgjDEg6DMtZ4NgiwZ-4N1aaLwyO-GLwt9Vf-NBKwoxeRyD3zWE2FXRFBbhKGksMrCGnFDsNl5JTlPjaM3kYyImE941ggcuc495m-Fw p: 2zmGXIMCEHPphw778YjVTar1eycih6fFSJ4I4bl1iq167GqO0PjlOx6CZ1-OdBTVU7HfrYRiUK_BnGRdPDn-DQghwwkB79ZdHWL14wXnpB5y-boHz_LxvjsEqXtuQYcIkidOGaMG68XNT1nM4F9a8UKFr5hHYT5_UIQSwsxlRQ0 q: 2jMFt2iFrdaYabdXuB4QMboVjPvbLA-IVb6_0hSG_-EueGBvgcBxdFGIZaG6kqHqlB7qMsSzdptU0vn6IgmCZnX-Hlt6c5X7JB_q91PZMLTO01pbZ2Bk58GloalCHnw_mjPh0YPviH5jGoWM5RHyl_HDDMI-UeLkzP7ImxGizrM - + # trust_marks: # todo # - ... # private jwk - metadata_jwks: + metadata_jwks: - crv: P-256 d: KzQBowMMoPmSZe7G8QsdEWc1IvR2nsgE8qTOYmMcLtc kid: dDwPWXz5sCtczj7CJbqgPGJ2qQ83gZ9Sfs-tJyULi6s @@ -126,9 +127,9 @@ config: url: mongodb://satosa-mongo:27017 conf: db_name: eudiw - username: satosa - password: thatpassword - # connection_params: + connection_params: + username: !ENV MONGODB_USERNAME + password: !ENV MONGODB_PASSWORD storage: module: pyeudiw.storage.mongo_storage class: MongoStorage @@ -136,12 +137,13 @@ config: url: mongodb://satosa-mongo:27017 conf: db_name: eudiw - username: satosa - password: thatpassword db_sessions_collection: sessions db_trust_attestations_collection: trust_attestations db_trust_anchors_collection: trust_anchors - # - connection_params: + data_ttl: 63072000 # 2 years + connection_params: + username: !ENV MONGODB_USERNAME + password: !ENV MONGODB_PASSWORD #This is the configuration for the relaying party metadata metadata: @@ -172,66 +174,25 @@ config: # jwks: #This section contains the details for presentation request - presentation_definitions: - - id: pid-sd-jwt:unique_id+given_name+family_name - input_descriptors: - - id: pid-sd-jwt:unique_id+given_name+family_name + presentation_definition: + id: d76c51b7-ea90-49bb-8368-6b3d194fc131 + input_descriptors: + - id: IdentityCredential format: - constraints: - fields: - - filter: - const: PersonIdentificationData - type: string - path: - - $.sd-jwt.type - - filter: - type: object - path: - - $.sd-jwt.cnf - - intent_to_retain: 'true' - path: - - $.sd-jwt.family_name - - intent_to_retain: 'true' - path: - - $.sd-jwt.given_name - - intent_to_retain: 'true' - path: - - $.sd-jwt.unique_id - limit_disclosure: required - jwt: - alg: - - EdDSA - - ES256 - - id: mDL-sample-req - input_descriptors: - - format: - constraints: - fields: - - filter: - const: org.iso.18013.5.1.mDL + vc+sd-jwt: { } + constraints: + limit_disclosure: required + fields: + - path: + - "$.vct" + filter: type: string - path: - - $.mdoc.doctype - - filter: - const: org.iso.18013.5.1 - type: string - path: - - $.mdoc.namespace - - intent_to_retain: 'false' - path: - - $.mdoc.family_name - - intent_to_retain: 'false' - path: - - $.mdoc.portrait - - intent_to_retain: 'false' - path: - - $.mdoc.driving_privileges - limit_disclosure: required - mso_mdoc: - alg: - - EdDSA - - ES256 - id: mDL + const: IdentityCredential + - path: + - "$.family_name" + - path: + - "$.given_name" + redirect_uris: - //redirect-uri @@ -242,7 +203,10 @@ config: subject_type: pairwise vp_formats: - jwt_vp_json: - alg: - - EdDSA - - ES256K + vc+sd-jwt: + sd-jwt_alg_values: + - ES256 + - ES384 + kb-jwt_alg_values: + - ES256 + - ES384 diff --git a/example/plugins/backends/saml2_backend.yaml b/example/plugins/backends/saml2_backend.yaml index afc0df2b..7ca5702c 100644 --- a/example/plugins/backends/saml2_backend.yaml +++ b/example/plugins/backends/saml2_backend.yaml @@ -7,25 +7,25 @@ config: entityid_endpoint: true sp_config: - key_file: ./pki/privkey.pem - cert_file: ./pki/cert.pem + key_file: !ENV SATOSA_PRIVATE_KEY + cert_file: !ENV SATOSA_PUBLIC_KEY encryption_keypairs: - - {'key_file': ./pki/privkey.pem, 'cert_file': ./pki/cert.pem} + - {'key_file': !ENV SATOSA_PRIVATE_KEY, 'cert_file': !ENV SATOSA_PUBLIC_KEY} organization: display_name: - - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN', 'en'] - - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_DISPLAY_NAME_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_DISPLAY_NAME_IT, 'it'] name: - - [ 'change with $SATOSA_ORGANIZATION_NAME_EN', 'en'] - - [ 'change with $SATOSA_ORGANIZATION_NAME_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_NAME_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_NAME_IT, 'it'] url: - - [ 'change with $SATOSA_ORGANIZATION_URL_EN', 'en'] - - [ 'change with $SATOSA_ORGANIZATION_URL_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_URL_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_URL_IT, 'it'] contact_person: - contact_type: technical - given_name: change with $SATOSA_CONTACT_PERSON_GIVEN_NAME - email_address: change with $SATOSA_CONTACT_PERSON_EMAIL_ADDRESS + given_name: !ENV SATOSA_CONTACT_PERSON_GIVEN_NAME + email_address: !ENV SATOSA_CONTACT_PERSON_EMAIL_ADDRESS metadata: local: [./metadata/idp/] @@ -46,28 +46,28 @@ config: ui_info: display_name: - lang: en - text: change with $SATOSA_UI_DISPLAY_NAME_EN + text: !ENV SATOSA_UI_DISPLAY_NAME_EN - lang: it - text: change with $SATOSA_UI_DISPLAY_NAME_IT + text: !ENV SATOSA_UI_DISPLAY_NAME_IT description: - lang: en - text: change with $SATOSA_UI_DESCRIPTION_EN + text: !ENV SATOSA_UI_DESCRIPTION_EN - lang: it - text: change with $SATOSA_UI_DESCRIPTION_IT + text: !ENV SATOSA_UI_DESCRIPTION_IT information_url: - lang: en - text: change with $SATOSA_UI_INFORMATION_URL_EN + text: !ENV SATOSA_UI_INFORMATION_URL_EN - lang: it - text: change with $SATOSA_UI_INFORMATION_URL_IT + text: !ENV SATOSA_UI_INFORMATION_URL_IT privacy_statement_url: - lang: en - text: change with $SATOSA_UI_PRIVACY_URL_EN + text: !ENV SATOSA_UI_PRIVACY_URL_EN - lang: it - text: change with $SATOSA_UI_PRIVACY_URL_IT + text: !ENV SATOSA_UI_PRIVACY_URL_IT logo: - text: change with $SATOSA_UI_LOGO_URL - width: change with $SATOSA_UI_LOGO_WIDTH - height: change with $SATOSA_UI_LOGO_HEIGHT + text: !ENV SATOSA_UI_LOGO_URL + width: !ENV SATOSA_UI_LOGO_WIDTH + height: !ENV SATOSA_UI_LOGO_HEIGHT only_use_keys_in_metadata: true force_authn: true @@ -97,4 +97,4 @@ config: name_id_format_allow_create: false # disco_srv must be defined if there is more than one IdP in the metadata specified above - disco_srv: "https://localhost/static/disco.html" + disco_srv: !ENV SATOSA_DISCO_SRV diff --git a/example/plugins/backends/spidsaml2_backend.yaml b/example/plugins/backends/spidsaml2_backend.yaml index 65643d01..3c528b3a 100644 --- a/example/plugins/backends/spidsaml2_backend.yaml +++ b/example/plugins/backends/spidsaml2_backend.yaml @@ -5,7 +5,7 @@ config: # idp_blacklist_file: /path/to/blacklist.json # error templates - static_storage_url: "https://localhost/static" + static_storage_url: !ENV SATOSA_BASE error_template: "spid_login_error.html" template_folder: "templates" # project root @@ -27,30 +27,30 @@ config: # "https://identity.infocert.it": 'https://www.spid.gov.it/SpidL1' sp_config: - key_file: ./pki/privkey.pem - cert_file: ./pki/cert.pem + key_file: !ENV SATOSA_PRIVATE_KEY + cert_file: !ENV SATOSA_PUBLIC_KEY encryption_keypairs: - - {'key_file': ./pki/privkey.pem, 'cert_file': ./pki/cert.pem} + - {'key_file': !ENV SATOSA_PRIVATE_KEY, 'cert_file': !ENV SATOSA_PUBLIC_KEY} attribute_map_dir: 'attributes-map' organization: display_name: - - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN', 'en'] - - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_DISPLAY_NAME_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_DISPLAY_NAME_IT, 'it'] name: - - [ 'change with $SATOSA_ORGANIZATION_NAME_EN', 'en'] - - [ 'change with $SATOSA_ORGANIZATION_NAME_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_NAME_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_NAME_IT, 'it'] url: - - [ 'https://change_with_SATOSA_ORGANIZATION_URL_EN', 'en'] - - [ 'https://change_with_SATOSA_ORGANIZATION_URL_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_URL_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_URL_IT, 'it'] contact_person: - contact_type: 'other' - given_name: change with $SATOSA_CONTACT_PERSON_GIVEN_NAME - email_address: change_with $SATOSA_CONTACT_PERSON_EMAIL_ADDRESS.it - telephone_number: change_with $SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER - FiscalCode: change with $SATOSA_CONTACT_PERSON_FISCALCODE + given_name: !ENV SATOSA_CONTACT_PERSON_GIVEN_NAME + email_address: !ENV SATOSA_CONTACT_PERSON_EMAIL_ADDRESS + telephone_number: !ENV SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER + FiscalCode: !ENV SATOSA_CONTACT_PERSON_FISCALCODE Public: '' # - {'contact_type': 'other', 'telephone_number': '+3984756344785', 'email_address': 'info@example.org', 'VATNumber': 'IT12345678901', 'FiscalCode': 'XYasdasdadasdGGJ000W', 'Private': '' } # - {'contact_type': 'billing', 'telephone_number': '+3984756344785', 'email_address': 'info@example.org', 'company': 'example s.p.a.', 'CodiceFiscale': 'NGLMRA80A01D086T', 'IdCodice': '983745349857', 'IdPaese': 'IT', 'Denominazione': 'Destinatario Fatturazione', 'Indirizzo': 'via tante cose', 'NumeroCivico': '12', 'CAP': '87100', 'Comune': 'Cosenza', 'Provincia': 'CS', 'Nazione': 'IT' } @@ -72,33 +72,33 @@ config: ui_info: display_name: - lang: en - text: change with $SATOSA_UI_DISPLAY_NAME_EN + text: !ENV SATOSA_UI_DISPLAY_NAME_EN - lang: it - text: change with $SATOSA_UI_DISPLAY_NAME_IT + text: !ENV SATOSA_UI_DISPLAY_NAME_IT description: - lang: en - text: change with $SATOSA_UI_DESCRIPTION_EN + text: !ENV SATOSA_UI_DESCRIPTION_EN - lang: it - text: change with $SATOSA_UI_DESCRIPTION_IT + text: !ENV SATOSA_UI_DESCRIPTION_IT information_url: - lang: en - text: change with $SATOSA_UI_INFORMATION_URL_EN + text: !ENV SATOSA_UI_INFORMATION_URL_EN - lang: it - text: change with $SATOSA_UI_INFORMATION_URL_IT + text: !ENV SATOSA_UI_INFORMATION_URL_IT privacy_statement_url: - lang: en - text: https://change_with_SATOSA_UI_PRIVACY_URL_EN + text: !ENV SATOSA_UI_PRIVACY_URL_EN - lang: it - text: https://change_with_SATOSA_UI_PRIVACY_URL_IT + text: !ENV SATOSA_UI_PRIVACY_URL_IT keywords: - lang: it text: ["SPID Authentication Proxy", "SPID Service Provider IT"] - lang: en text: ["SPID Authentication Proxy", "SPID Service Provider EN"] logo: - text: change with $SATOSA_UI_LOGO_URL - width: change with $SATOSA_UI_LOGO_WIDTH - height: change with $SATOSA_UI_LOGO_HEIGHT + text: !ENV SATOSA_UI_LOGO_URL + width: !ENV SATOSA_UI_LOGO_WIDTH + height: !ENV SATOSA_UI_LOGO_HEIGHT # sign dig and enc authn_requests_signed: true @@ -124,7 +124,7 @@ config: # this instantiate the attribute_consuming_service required_attributes: ['spidCode', 'name', 'familyName', 'fiscalNumber', 'email'] - + requested_attributes: !ENV SATOSA_REQUESTED_ATTRIBUTES #optional_attributes: ['gender', # 'companyName', # 'registeredOffice', @@ -150,5 +150,5 @@ config: # disco_srv must be defined if there is more than one IdP in the metadata specified above # disco_srv: change with $SATOSA_DISCO_SRV - disco_srv: "https://localhost/static/disco.html" + disco_srv: !ENV SATOSA_DISCO_SRV diff --git a/example/plugins/frontends/oidcop_frontend.yaml b/example/plugins/frontends/oidcop_frontend.yaml index fa1984dd..c47148ab 100644 --- a/example/plugins/frontends/oidcop_frontend.yaml +++ b/example/plugins/frontends/oidcop_frontend.yaml @@ -11,8 +11,8 @@ config: kwargs: url: mongodb://satosa-mongo:27017/oidcop connection_params: - username: satosa - password: thatpassword + username: !ENV MONGODB_USERNAME + password: !ENV MONGODB_PASSWORD connectTimeoutMS: 5000 socketTimeoutMS: 5000 serverSelectionTimeoutMS: 5000 @@ -179,17 +179,17 @@ config: email: - urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword session_params: - password: CHANGE_ME__password_used_to_encrypt_access_token_sid_value - salt: 'CHANGE_ME salt involved in session sub hash' + password: !ENV SATOSA_ENCRYPTION_KEY + salt: !ENV SATOSA_SALT sub_func: pairwise: class: idpyoidc.server.session.manager.PairWiseID kwargs: - salt: CHANGE_ME_OR_LET_IT_BE_RANDOMIC + salt: !ENV SATOSA_SALT public: class: idpyoidc.server.session.manager.PublicID kwargs: - salt: CHANGE_ME_OR_LET_IT_BE_RANDOMIC + salt: !ENV SATOSA_SALT template_dir: templates token_handler_args: code: diff --git a/example/plugins/frontends/saml2_frontend.yaml b/example/plugins/frontends/saml2_frontend.yaml index e74b6fda..8992dc35 100644 --- a/example/plugins/frontends/saml2_frontend.yaml +++ b/example/plugins/frontends/saml2_frontend.yaml @@ -10,18 +10,18 @@ config: idp_config: organization: display_name: - - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN', 'en'] - - [ 'change with $SAOSA_ORGANIZATION_DISPLAY_NAME_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_DISPLAY_NAME_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_DISPLAY_NAME_IT, 'it'] name: - - [ 'change with $SATOSA_ORGANIZATION_NAME_EN', 'en'] - - [ 'change with $SATOSA_ORGANIZATION_NAME_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_NAME_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_NAME_IT, 'it'] url: - - [ 'change with $SATOSA_ORGANIZATION_URL_EN', 'en'] - - [ 'change with $SATOSA_ORGANIZATION_URL_IT', 'it'] + - [ !ENV SATOSA_ORGANIZATION_URL_EN, 'en'] + - [ !ENV SATOSA_ORGANIZATION_URL_IT, 'it'] contact_person: - contact_type: technical - given_name: change with $SATOSA_CONTACT_PERSON_GIVEN_NAME - email_address: change with $SATOSA_CONTACT_PERSON_EMAIL_ADDRESS + given_name: !ENV SATOSA_CONTACT_PERSON_GIVEN_NAME + email_address: !ENV SATOSA_CONTACT_PERSON_EMAIL_ADDRESS attribute_map_dir: 'attributes-map' @@ -56,28 +56,28 @@ config: ui_info: display_name: - lang: en - text: change with $SATOSA_UI_DISPLAY_NAME_EN + text: !ENV SATOSA_UI_DISPLAY_NAME_EN - lang: it - text: change with $SATOSA_UI_DISPLAY_NAME_IT + text: !ENV SATOSA_UI_DISPLAY_NAME_IT description: - lang: en - text: change with $SATOSA_UI_DESCRIPTION_EN + text: !ENV SATOSA_UI_DESCRIPTION_EN - lang: it - text: change with $SATOSA_UI_DESCRIPTION_IT + text: !ENV SATOSA_UI_DESCRIPTION_IT information_url: - lang: en - text: change with $SATOSA_UI_INFORMATION_URL_EN - - lang: it - text: change with $SATOSA_UI_INFORMATION_URL_IT + text: !ENV SATOSA_UI_INFORMATION_URL_EN + - lang: it + text: !ENV SATOSA_UI_INFORMATION_URL_IT privacy_statement_url: - lang: en - text: change with $SATOSA_UI_PRIVACY_URL_EN + text: !ENV SATOSA_UI_PRIVACY_URL_EN - lang: it - text: change with $SATOSA_UI_PRIVACY_URL_IT + text: !ENV SATOSA_UI_PRIVACY_URL_IT logo: - text: change with $SATOSA_UI_LOGO_URL - width: change with $SATOSA_UI_LOGO_WIDTH - height: change with $SATOSA_UI_LOGO_HEIGHT + text: !ENV SATOSA_UI_LOGO_URL + width: !ENV SATOSA_UI_LOGO_WIDTH + height: !ENV SATOSA_UI_LOGO_HEIGHT name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient'] # want_authn_requests_signed: true diff --git a/example/proxy_conf.yaml b/example/proxy_conf.yaml index 5c0eb1f1..0211bd13 100644 --- a/example/proxy_conf.yaml +++ b/example/proxy_conf.yaml @@ -1,5 +1,6 @@ +--- #--- SATOSA Proxy_conf.yaml Config ---# -BASE: "https://localhost" +BASE: !ENV SATOSA_BASE INTERNAL_ATTRIBUTES: "internal_attributes.yaml" COOKIE_STATE_NAME: "SATOSA_STATE" CONTEXT_STATE_DELETE: yes @@ -8,14 +9,14 @@ COOKIE_MAX_AGE: 600 # 10 minutes #COOKIE_SECURE: no #COOKIE_HTTPONLY: no #COOKIE_SAMESITE: "None" -STATE_ENCRYPTION_KEY: "CHANGE_ME!" +STATE_ENCRYPTION_KEY: !ENV SATOSA_STATE_ENCRYPTION_KEY cookies_samesite_compat: - ["SATOSA_STATE", "SATOSA_STATE_LEGACY"] # The proxy can hash any attribute value (e.g., for obfuscation) before passing it on to the client # DEPRECATED, use hasher microservice instead -USER_ID_HASH_SALT: "CHANGE_ME!" +USER_ID_HASH_SALT: !ENV SATOSA_SALT ERROR_URL: "https://localhost/static/error_page.html" @@ -120,5 +121,5 @@ LOGGING: propagate: no # root: - # level: INFO - # handlers: [info_file_handler] + # level: INFO + # handlers: [info_file_handler] diff --git a/satosa.Dockerfile b/satosa.Dockerfile index c732fb29..cc4f08c0 100644 --- a/satosa.Dockerfile +++ b/satosa.Dockerfile @@ -35,7 +35,7 @@ ENV BASEDIR="/satosa_proxy" RUN apk add --update xmlsec libffi-dev openssl-dev python3 py3-pip python3-dev procps git openssl build-base gcc wget bash jq yq \ && pip3 install --upgrade pip setuptools --root-user-action=ignore \ && pip3 install -r requirements.txt --ignore-installed --root-user-action=ignore \ - && mkdir /satosa_proxy + && mkdir $BASEDIR RUN pip list From 8e361c31828e351db79d86ea25cba63b7e667576 Mon Sep 17 00:00:00 2001 From: Salvatore Laiso Date: Fri, 19 Jan 2024 14:14:04 +0100 Subject: [PATCH 2/4] fix: remove `apply_conf.sh` script and use ENV vars instead --- example/plugins/backends/pyeudiw_backend.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/plugins/backends/pyeudiw_backend.yaml b/example/plugins/backends/pyeudiw_backend.yaml index a7c7a043..1d7e6d71 100644 --- a/example/plugins/backends/pyeudiw_backend.yaml +++ b/example/plugins/backends/pyeudiw_backend.yaml @@ -12,7 +12,7 @@ config: endpoints: pre_request: '/pre-request' - redirect-uri: '/redirect-uri' + redirect: '/redirect-uri' request: '/request-uri' entity_configuration: '/.well-known/openid-federation' status: '/status' From 9f0547588b00013b6cd0b7b02abe9530460e219d Mon Sep 17 00:00:00 2001 From: Salvatore Laiso Date: Fri, 19 Jan 2024 14:16:57 +0100 Subject: [PATCH 3/4] fix: delete `apply_conf.sh` file --- example/apply_conf.sh | 176 ------------------------------------------ 1 file changed, 176 deletions(-) delete mode 100644 example/apply_conf.sh diff --git a/example/apply_conf.sh b/example/apply_conf.sh deleted file mode 100644 index 70426444..00000000 --- a/example/apply_conf.sh +++ /dev/null @@ -1,176 +0,0 @@ -#!/bin/bash - -update_yaml () { - if [[ -n "${3}" ]]; then - UPDATE="${2} |= \"${3}\"" - yq -yi "$UPDATE" $1 - echo "yaml_update $1 (${2}) updated" - else - echo "yaml_update $1 (${2}) loaded with default value" - fi -} - -# Update proxy_conf.yaml .BASE with SATOSA_BASE env -update_yaml proxy_conf.yaml ".BASE" "$SATOSA_BASE" -# Update proxy_conf.yaml .STATE_ENCRYPTION_KEY with $SATOSA_ENCRYPTION_KEY -update_yaml proxy_conf.yaml ".STATE_ENCRYPTION_KEY" "$SATOSA_STATE_ENCRYPTION_KEY" -# Update proxy_conf.yaml .USER_ID_HASH_SALT with $SATOSA_USER_ID_HASH_SALT -update_yaml proxy_conf.yaml ".USER_ID_HASH_SALT" "$SATOSA_SALT" -# Update proxy_conf.yaml .UNKNOW_ERROR_REDIRECT_PAGE with $SATOSA_UNKNOW_ERROR_REDIRECT_PAGE env -update_yaml proxy_conf.yaml ".UNKNOW_ERROR_REDIRECT_PAGE" "$SATOSA_UNKNOW_ERROR_REDIRECT_PAGE" - -# Update spidsaml2_backend.yaml and cieSaml2_backend.saml with $SATOSA_BASE env -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.static_storage_url" "$SATOSA_BASE" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.static_storage_url" "$SATOSA_BASE" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN / IT -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.display_name[0][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_EN" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.display_name[0][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_EN" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.organization.display_name[0][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_EN" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.display_name[0][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_EN" -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.display_name[1][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_IT" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.display_name[1][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_IT" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.organization.display_name[1][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_IT" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.display_name[1][0]" "$SATOSA_ORGANIZATION_DISPLAY_NAME_IT" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_ORGANIZATION_NAME_EN / IT -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.name[0][0]" "$SATOSA_ORGANIZATION_NAME_EN" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.name[0][0]" "$SATOSA_ORGANIZATION_NAME_EN" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.organization.name[0][0]" "$SATOSA_ORGANIZATION_NAME_EN" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.name[0][0]" "$SATOSA_ORGANIZATION_NAME_EN" -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.name[1][0]" "$SATOSA_ORGANIZATION_NAME_IT" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.name[1][0]" "$SATOSA_ORGANIZATION_NAME_IT" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.contact_person[0].company" "$SATOSA_ORGANIZATION_NAME_IT" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.name[1][0]" "$SATOSA_ORGANIZATION_NAME_IT" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_ORGANIZATION_URL_EN / IT -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.url[0][0]" "$SATOSA_ORGANIZATION_URL_EN" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.url[0][0]" "$SATOSA_ORGANIZATION_URL_EN" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.organization.url[0][0]" "$SATOSA_ORGANIZATION_URL_EN" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.url[0][0]" "$SATOSA_ORGANIZATION_URL_EN" -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.organization.url[1][0]" "$SATOSA_ORGANIZATION_URL_IT" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.organization.url[1][0]" "$SATOSA_ORGANIZATION_URL_IT" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.organization.url[1][0]" "$SATOSA_ORGANIZATION_URL_IT" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.organization.url[1][0]" "$SATOSA_ORGANIZATION_URL_IT" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_CONTACT_PERSON_GIVEN_NAME -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.contact_person[0].given_name" "$SATOSA_CONTACT_PERSON_GIVEN_NAME" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.contact_person[0].given_name" "$SATOSA_CONTACT_PERSON_GIVEN_NAME" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.contact_person[0].given_name" "$SATOSA_CONTACT_PERSON_GIVEN_NAME" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_CONTACT_PERSON_EMAIL_ADDRESS -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.contact_person[0].email_address" "$SATOSA_CONTACT_PERSON_EMAIL_ADDRESS" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.contact_person[0].email_address" "$SATOSA_CONTACT_PERSON_EMAIL_ADDRESS" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.contact_person[0].email_address" "$SATOSA_CONTACT_PERSON_EMAIL_ADDRESS" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.contact_person[0].email_address" "$SATOSA_CONTACT_PERSON_EMAIL_ADDRESS" - -# Update spidsaml2_backend.yaml with $SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.contact_person[0].telephone_number" "$SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.contact_person[0].telephone_number" "$SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER" - -# Update spidsaml2_backend.yaml with $SATOSA_CONTACT_PERSON_FISCALCODE -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.contact_person[0].FiscalCode" "$SATOSA_CONTACT_PERSON_FISCALCODE" - -# Update ciesaml2_backend with $SATOSA_CONTACT_PERSON_IPA_CODE -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.contact_person[0].cie_info.IPACode" "$SATOSA_CONTACT_PERSON_IPA_CODE" - -# Update ciesaml2_backend with $SATOSA_CONTACT_PERSON_MUNICIPALITY -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.contact_person[0].cie_info.Municipality" "$SATOSA_CONTACT_PERSON_MUNICIPALITY" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_UI_DISPLAY_NAME_EN / IT -update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[0]["text"]' "$SATOSA_UI_DISPLAY_NAME_EN" -update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[0]["text"]' "$SATOSA_UI_DISPLAY_NAME_EN" -update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[0]["text"]' "$SATOSA_UI_DISPLAY_NAME_EN" -update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.display_name[0]["text"]' "$SATOSA_UI_DISPLAY_NAME_EN" -update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[1]["text"]' "$SATOSA_UI_DISPLAY_NAME_IT" -update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[1]["text"]' "$SATOSA_UI_DISPLAY_NAME_IT" -update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.display_name[1]["text"]' "$SATOSA_UI_DISPLAY_NAME_IT" -update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.display_name[1]["text"]' "$SATOSA_UI_DISPLAY_NAME_IT" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_UI_DESCRIPTION_EN / IT -update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[0]["text"]' "$SATOSA_UI_DESCRIPTION_EN" -update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[0]["text"]' "$SATOSA_UI_DESCRIPTION_EN" -update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[0]["text"]' "$SATOSA_UI_DESCRIPTION_EN" -update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.description[0]["text"]' "$SATOSA_UI_DESCRIPTION_EN" -update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[1]["text"]' "$SATOSA_UI_DESCRIPTION_IT" -update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[1]["text"]' "$SATOSA_UI_DESCRIPTION_IT" -update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.description[1]["text"]' "$SATOSA_UI_DESCRIPTION_IT" -update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.description[1]["text"]' "$SATOSA_UI_DESCRIPTION_IT" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_UI_INFORMATION_URL_EN / IT -update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[0]["text"]' "$SATOSA_UI_INFORMATION_URL_EN" -update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[0]["text"]' "$SATOSA_UI_INFORMATION_URL_EN" -update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[0]["text"]' "$SATOSA_UI_INFORMATION_URL_EN" -update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.information_url[0]["text"]' "$SATOSA_UI_INFORMATION_URL_EN" -update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[1]["text"]' "$SATOSA_UI_INFORMATION_URL_IT" -update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[1]["text"]' "$SATOSA_UI_INFORMATION_URL_IT" -update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.information_url[1]["text"]' "$SATOSA_UI_INFORMATION_URL_IT" -update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.information_url[1]["text"]' "$SATOSA_UI_INFORMATION_URL_IT" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_UI_PRIVACY_URL_EN / IT -update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[0]["text"]' "$SATOSA_UI_PRIVACY_URL_EN" -update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[0]["text"]' "$SATOSA_UI_PRIVACY_URL_EN" -update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[0]["text"]' "$SATOSA_UI_PRIVACY_URL_EN" -update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.privacy_statement_url[0]["text"]' "$SATOSA_UI_PRIVACY_URL_EN" -update_yaml plugins/backends/saml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[1]["text"]' "$SATOSA_UI_PRIVACY_URL_IT" -update_yaml plugins/backends/spidsaml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[1]["text"]' "$SATOSA_UI_PRIVACY_URL_IT" -update_yaml plugins/backends/ciesaml2_backend.yaml '.config.sp_config.service.sp.ui_info.privacy_statement_url[1]["text"]' "$SATOSA_UI_PRIVACY_URL_IT" -update_yaml plugins/frontends/saml2_frontend.yaml '.config.idp_config.service.idp.ui_info.privacy_statement_url[1]["text"]' "$SATOSA_UI_PRIVACY_URL_IT" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_UI_LOGO_URL / WIDTH / HEIGHT -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.text" "$SATOSA_UI_LOGO_URL" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.text" "$SATOSA_UI_LOGO_URL" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.text" "$SATOSA_UI_LOGO_URL" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.service.idp.ui_info.logo.text" "$SATOSA_UI_LOGO_URL" -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.width" "$SATOSA_UI_LOGO_WIDTH" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.width" "$SATOSA_UI_LOGO_WIDTH" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.width" "$SATOSA_UI_LOGO_WIDTH" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.service.idp.ui_info.logo.width" "$SATOSA_UI_LOGO_WIDTH" -update_yaml plugins/backends/saml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.height" "$SATOSA_UI_LOGO_HEIGHT" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.height" "$SATOSA_UI_LOGO_HEIGHT" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.sp_config.service.sp.ui_info.logo.height" "$SATOSA_UI_LOGO_HEIGHT" -update_yaml plugins/frontends/saml2_frontend.yaml ".config.idp_config.service.idp.ui_info.logo.height" "$SATOSA_UI_LOGO_HEIGHT" - -# Update saml2_backend.yaml and spidsaml2_backend.yaml with $SATOSA_DISCO_SRV -update_yaml plugins/backends/saml2_backend.yaml ".config.disco_srv" "$SATOSA_DISCO_SRV" -update_yaml plugins/backends/spidsaml2_backend.yaml ".config.disco_srv" "$SATOSA_DISCO_SRV" -update_yaml plugins/backends/ciesaml2_backend.yaml ".config.disco_srv" "$SATOSA_DISCO_SRV" - -# Set username and password for mongodb in oidcop_frontend with $SATOSA_MONGODB_USERNAME and $SATOSA_MONGODB_PASSWORD -update_yaml plugins/frontends/oidcop_frontend.yaml ".config.storage.kwargs.connection_params.username" "$MONGODB_USERNAME" -update_yaml plugins/frontends/oidcop_frontend.yaml ".config.storage.kwargs.connection_params.password" "$MONGODB_PASSWORD" - -# Set encrypt password and salt for oidcop_frontend with $SATOSA_SALT and $ -update_yaml plugins/frontends/oidcop_frontend.yaml ".config.op.server_info.session_params.password" "$SATOSA_ENCRYPTION_KEY" -update_yaml plugins/frontends/oidcop_frontend.yaml ".config.op.server_info.session_params.salt" "$SATOSA_SALT" -update_yaml plugins/frontends/oidcop_frontend.yaml ".config.op.server_info.session_params.sub_func.pairwise.kwargs.salt" "$SATOSA_SALT" -update_yaml plugins/frontends/oidcop_frontend.yaml ".config.op.server_info.session_params.sub_func.pairwise.kwargs.salt" "$SATOSA_SALT" - -# Update saml2_backend.yaml requested_attributes -if [[ -v SATOSA_SAML2_REQUESTED_ATTRIBUTES ]]; then - yq -yi --argjson a "${SATOSA_SAML2_REQUESTED_ATTRIBUTES}" '.config.sp_config.service.sp.requested_attributes |= $a' plugins/backends/saml2_backend.yaml - echo "yaml_update plugins/backends/saml2_backend.yaml requested_attributes updated" -else - echo "yaml_update plugins/backends/saml2_backend.yaml requested_attributes loaded with default value" -fi - -# Update spidsaml2_backend requested_attributes -if [[ -v SATOSA_SPID_REQUESTED_ATTRIBUTES ]]; then - yq -yi --argjson a "${SATOSA_SPID_REQUESTED_ATTRIBUTES}" '.config.sp_config.service.sp.requested_attributes |= $a' plugins/backends/spidsaml2_backend.yaml - echo "yaml_update plugins/backends/spidsaml2_backend.yaml requested_attributes updated" -else - echo "yaml_update plugins/backends/spidsaml2_backend.yaml requested_attributes loaded with default value" -fi - -# import satosa keys with $SATOSA_PUBLIC_KEY and $SATOSA_PRIVATE_KEY, both must be present -if [[ -v SATOSA_PRIVATE_KEY && -v SATOSA_PUBLIC_KEY ]]; then - echo "$SATOSA_PRIVATE_KEY" > pki/privkey.pem - echo "$SATOSA_PUBLIC_KEY" > pki/cert.pem - echo "Satosa keys imported" -else - echo "satosa has loaded default keys" -fi - -# get IDEM MDQ key -wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O pki/idem-mdx-service-crt.pem -wget https://registry.spid.gov.it/metadata/idp/spid-entities-idps.xml -O metadata/idp/spid-entities-idps.xml From 8dced4ddfc259b3ac5eda85a3c2fe2ad2a67448f Mon Sep 17 00:00:00 2001 From: Salvatore Laiso Date: Fri, 19 Jan 2024 15:00:36 +0100 Subject: [PATCH 4/4] fix: separate `SATOSA_BASE_STATIC` from `SATOSA_BASE` --- Docker-compose/docker-compose.yml | 1 + example/plugins/backends/ciesaml2_backend.yaml | 2 +- example/plugins/backends/pyeudiw_backend.yaml | 2 +- example/plugins/backends/spidsaml2_backend.yaml | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Docker-compose/docker-compose.yml b/Docker-compose/docker-compose.yml index 9b27b79b..9ac8b110 100644 --- a/Docker-compose/docker-compose.yml +++ b/Docker-compose/docker-compose.yml @@ -66,6 +66,7 @@ services: - SATOSA_BY_DOCKER=1 - SATOSA_BASE=https://$HOSTNAME + - SATOSA_BASE_STATIC=https://$HOSTNAME/static - SATOSA_DISCO_SRV=https://$HOSTNAME/static/disco.html - SATOSA_UNKNOW_ERROR_REDIRECT_PAGE=https://$HOSTNAME/static/error_page.html diff --git a/example/plugins/backends/ciesaml2_backend.yaml b/example/plugins/backends/ciesaml2_backend.yaml index daa2acd9..77e75bf0 100644 --- a/example/plugins/backends/ciesaml2_backend.yaml +++ b/example/plugins/backends/ciesaml2_backend.yaml @@ -5,7 +5,7 @@ config: # idp_blacklist_file: /path/to/blacklist.json # error templates - static_storage_url: !ENV SATOSA_BASE + static_storage_url: !ENV SATOSA_BASE_STATIC error_template: "spid_login_error.html" template_folder: "templates" # project root diff --git a/example/plugins/backends/pyeudiw_backend.yaml b/example/plugins/backends/pyeudiw_backend.yaml index 1d7e6d71..fbb94bb3 100644 --- a/example/plugins/backends/pyeudiw_backend.yaml +++ b/example/plugins/backends/pyeudiw_backend.yaml @@ -4,7 +4,7 @@ name: OpenID4VP config: ui: - static_storage_url: !ENV SATOSA_BASE + static_storage_url: !ENV SATOSA_BASE_STATIC template_folder: "templates" # project root qrcode_template: "qr_code.html" error_template: "error.html" diff --git a/example/plugins/backends/spidsaml2_backend.yaml b/example/plugins/backends/spidsaml2_backend.yaml index 3c528b3a..36741030 100644 --- a/example/plugins/backends/spidsaml2_backend.yaml +++ b/example/plugins/backends/spidsaml2_backend.yaml @@ -5,7 +5,7 @@ config: # idp_blacklist_file: /path/to/blacklist.json # error templates - static_storage_url: !ENV SATOSA_BASE + static_storage_url: !ENV SATOSA_BASE_STATIC error_template: "spid_login_error.html" template_folder: "templates" # project root