Skip to content

Commit

Permalink
FIX puid not being stored in cwl data
Browse files Browse the repository at this point in the history
The OID used for the puid was wrong. So I've set it to the right one.
I've also updated the dev IDP so that it'll send out the puid attribute
on that OID.

I've also changed the eduPersonAffiliation to values that I see in
staging.

I noticed that the dev IDP doesn't have the SP metadata checked in, so
I've added it in.

Also noticed that nodeservices is probably very outdated, although it
still seems to work. Added comments that it might not be necessary in
the next LTS due to deprecations.
  • Loading branch information
ionparticle committed Jul 22, 2024
1 parent 925f7f1 commit 5a4fcc0
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 10 deletions.
5 changes: 2 additions & 3 deletions LocalSettings.php
Original file line number Diff line number Diff line change
Expand Up @@ -643,9 +643,8 @@ function loadenv($envName, $default = "") {
# UBCAuth required attributes:
# eduPersonAffiliation, an array of (staff, student, faculty, etc)
'eduPersonAffiliationAttribute' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',
# non-standard attributes, uncertain OIDs
# ubc's puid
'puidAttribute' => 'ubcEduCwlPuid',
# ubc's puid, non-standard attribute/OID
'puidAttribute' => 'urn:mace:dir:attribute-def:ubcEduCwlPuid',
]
];

Expand Down
3 changes: 3 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,9 @@ services:
# - MEDIAWIKI_API_URL=http://web/w/api.php
# - PARSOID_DOMAIN=localhost
# - PARSOID_URL=http://parsoid:8000
# parsoid is now integrated into mediawiki since 1.35
# restbase is being deprecated
# TODO: we might not need nodeservices anymore in the next lts
nodeservices:
image: ubcctlt/mediawiki-node-services
ports:
Expand Down
14 changes: 7 additions & 7 deletions docker/simplesamlphp/idp/config/authsources.php
Original file line number Diff line number Diff line change
Expand Up @@ -100,30 +100,30 @@
'student01:student01' => [
'uid' => ['student01'],
'displayName' => 'Student 01',
'ubcEduCwlPuid' => 'PUIDST01',
'eduPersonAffiliation' => ['member', 'student'],
'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDST01',
'eduPersonAffiliation' => ['student'],
'mail' => '[email protected]'
],
'instructor01:instructor01' => [
'uid' => ['instructor01'],
'displayName' => 'Instructor 01',
'ubcEduCwlPuid' => 'PUIDIN01',
'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDIN01',
'alt' => '51092d7f-2f38-4a91-bfb0-13a021c02df3',
'eduPersonAffiliation' => ['member', 'student'],
'eduPersonAffiliation' => ['faculty', 'student'],
'mail' => '[email protected]'
],
'employee:employeepass' => [
'uid' => ['employee'],
'displayName' => 'Employee 00',
'ubcEduCwlPuid' => 'PUIDEM00',
'eduPersonAffiliation' => ['member', 'employee'],
'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDEM00',
'eduPersonAffiliation' => ['staff', 'alumni'],
'mail' => '[email protected]'
],
# intended to simulate a basic CWL account
'blockme01:blockme01' => [
'uid' => ['blockme01'],
'displayName' => 'Block Me01',
'ubcEduCwlPuid' => 'PUIDBM01',
'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDBM01',
'eduPersonAffiliation' => [],
'mail' => '[email protected]'
],
Expand Down
30 changes: 30 additions & 0 deletions docker/simplesamlphp/idp/metadata/saml20-sp-remote.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<?php

$metadata['http://wiki.docker:8080/_saml2'] = [
'SingleLogoutService' => [
[
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-logout.php/wiki-sp',
],
],
'AssertionConsumerService' => [
[
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-acs.php/wiki-sp',
'index' => 0,
],
[
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-acs.php/wiki-sp',
'index' => 1,
],
],
'contacts' => [
[
'emailAddress' => '[email protected]',
'givenName' => 'UBC LT Hub',
'contactType' => 'technical',
],
],
'certData' => 'MIIEcTCCAtmgAwIBAgIUWmBx+tf9d7hKrFe9sjuhClKXFZ8wDQYJKoZIhvcNAQELBQAwSDELMAkGA1UEBhMCQ0ExEjAQBgNVBAcMCVZhbmNvdXZlcjEMMAoGA1UECgwDVUJDMRcwFQYDVQQDDA5zcC53aWtpLmRvY2tlcjAeFw0yNDA3MDQwOTA4MzZaFw0zNDA3MDQwOTA4MzZaMEgxCzAJBgNVBAYTAkNBMRIwEAYDVQQHDAlWYW5jb3V2ZXIxDDAKBgNVBAoMA1VCQzEXMBUGA1UEAwwOc3Aud2lraS5kb2NrZXIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDCEa0f5ZJhpSU+Xc0WNohbxTzpmDkqgI0rtWCmL5vqJakPCHnWnq0icCX2/zwh6//WP+9UPgO1ifHUhNC/NEJhBKGJjtNNKaV+AwUzj43IiLMqgkhMEvkqNePuKNBh/lvzjLl3KYMrLAEZKx+AluMaS7us5CmR9lyhY9nHZS0P1FRjwJ6SJ1o0HEuXHkH5eRotaRtrd8L+L93R9SaIBpgAy0XMkgFDqGmX7NbVAMT6cPNEVmj63J5veMtpCN5mQRXpZFPCSbmXOGlyy7S3cilpSk8QA8QOkt4EB+I6G5W/aaG8hNs4QHKkKMReJ/oHQbQXIJ2d4oMsQaEXk3FtTIbl4l7fKS+LvhCHvB9z8q/ueh3bAIcpSxGzg3oTScZM5ZZAqzjYxCMYdI+3h44FPUtDsZdwezFN/B+JsITQouaYzuRxjUV6uNGhZXSRb+st3VYIBg0+mIvowDyBHgQvOaAZ8/UuSqcfrMH/AwTVY2Ej2YzerKDCwchHmpv5sXRY+o8CAwEAAaNTMFEwHQYDVR0OBBYEFIUt4n/0ouPzNfRNonY/EtJhHXPfMB8GA1UdIwQYMBaAFIUt4n/0ouPzNfRNonY/EtJhHXPfMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAAK5QNOmFjLmQZdfWURK+hyCN08RIB6qOgKxuMG6j6u4brKOhktRAx+8hwrgVH96+fW3DkELsNGTTjUzxJvXM01cDDn2lUNMhLA2InHTsFe2zbmKG5sSl0wOFhi0kBnkGL8di3FgnqJJs8sTcQWajoFiEPa0yW3Gad/S6JSPgrHMlPkMPgZ8Vw8aYVprronbj9eiGWzRO5vFrE6YMn2l9es/pVJKzsb362EPhFekJA6f+6Ek2rfPRd0KiF5+Pln8KSooRmXpOZkM2CUfgOmb3lT9mwel2wemnXjUj0sjN5luotbK6YVhnwuq9d1O1a8Lhx8HLLasV7bR1hg9rjz+K2nv1XqWYsiFJelkgD4DOcFP68I/eiUiAf6jqh5+YJuqFXkXS9P6ohOXn5sbiV69+VV64JXG31emPgX/mm/41Bq2j5ESYak1I4RCPdLPpsjPWUMUKAXrRjbj8UZBf5w3Uv7tc4SY+Sc8mcBw0/14Ossz5h2ZLBW0j1QKqDWwSyWn5A==',
];

0 comments on commit 5a4fcc0

Please sign in to comment.