From 62a56fd638474ecef045cec6c4bc55b74296a9b5 Mon Sep 17 00:00:00 2001 From: John Hsu Date: Sun, 21 Jul 2024 20:36:25 -0700 Subject: [PATCH] FIX puid not being stored in cwl data The OID used for the puid was wrong. So I've set it to the right one. I've also updated the dev IDP so that it'll send out the puid attribute on that OID. I've also changed the eduPersonAffiliation to values that I see in staging. I noticed that the dev IDP doesn't have the SP metadata checked in, so I've added it in. --- LocalSettings.php | 5 ++-- .../simplesamlphp/idp/config/authsources.php | 14 ++++----- .../idp/metadata/saml20-sp-remote.php | 30 +++++++++++++++++++ 3 files changed, 39 insertions(+), 10 deletions(-) create mode 100644 docker/simplesamlphp/idp/metadata/saml20-sp-remote.php diff --git a/LocalSettings.php b/LocalSettings.php index 1786c13..241683b 100644 --- a/LocalSettings.php +++ b/LocalSettings.php @@ -643,9 +643,8 @@ function loadenv($envName, $default = "") { # UBCAuth required attributes: # eduPersonAffiliation, an array of (staff, student, faculty, etc) 'eduPersonAffiliationAttribute' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', - # non-standard attributes, uncertain OIDs - # ubc's puid - 'puidAttribute' => 'ubcEduCwlPuid', + # ubc's puid, non-standard attribute/OID + 'puidAttribute' => 'urn:mace:dir:attribute-def:ubcEduCwlPuid', ] ]; diff --git a/docker/simplesamlphp/idp/config/authsources.php b/docker/simplesamlphp/idp/config/authsources.php index 3d31e21..48c21d3 100644 --- a/docker/simplesamlphp/idp/config/authsources.php +++ b/docker/simplesamlphp/idp/config/authsources.php @@ -100,30 +100,30 @@ 'student01:student01' => [ 'uid' => ['student01'], 'displayName' => 'Student 01', - 'ubcEduCwlPuid' => 'PUIDST01', - 'eduPersonAffiliation' => ['member', 'student'], + 'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDST01', + 'eduPersonAffiliation' => ['student'], 'mail' => 'student01@example.edu' ], 'instructor01:instructor01' => [ 'uid' => ['instructor01'], 'displayName' => 'Instructor 01', - 'ubcEduCwlPuid' => 'PUIDIN01', + 'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDIN01', 'alt' => '51092d7f-2f38-4a91-bfb0-13a021c02df3', - 'eduPersonAffiliation' => ['member', 'student'], + 'eduPersonAffiliation' => ['faculty', 'student'], 'mail' => 'instructor01@example.edu' ], 'employee:employeepass' => [ 'uid' => ['employee'], 'displayName' => 'Employee 00', - 'ubcEduCwlPuid' => 'PUIDEM00', - 'eduPersonAffiliation' => ['member', 'employee'], + 'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDEM00', + 'eduPersonAffiliation' => ['staff', 'alumni'], 'mail' => 'employee@example.edu' ], # intended to simulate a basic CWL account 'blockme01:blockme01' => [ 'uid' => ['blockme01'], 'displayName' => 'Block Me01', - 'ubcEduCwlPuid' => 'PUIDBM01', + 'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDBM01', 'eduPersonAffiliation' => [], 'mail' => 'blockme01@example.edu' ], diff --git a/docker/simplesamlphp/idp/metadata/saml20-sp-remote.php b/docker/simplesamlphp/idp/metadata/saml20-sp-remote.php new file mode 100644 index 0000000..0106a05 --- /dev/null +++ b/docker/simplesamlphp/idp/metadata/saml20-sp-remote.php @@ -0,0 +1,30 @@ + [ + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', + 'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-logout.php/wiki-sp', + ], + ], + 'AssertionConsumerService' => [ + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + 'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-acs.php/wiki-sp', + 'index' => 0, + ], + [ + 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', + 'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-acs.php/wiki-sp', + 'index' => 1, + ], + ], + 'contacts' => [ + [ + 'emailAddress' => 'lt.hub@ubc.ca', + 'givenName' => 'UBC LT Hub', + 'contactType' => 'technical', + ], + ], + 'certData' => 'MIIEcTCCAtmgAwIBAgIUWmBx+tf9d7hKrFe9sjuhClKXFZ8wDQYJKoZIhvcNAQELBQAwSDELMAkGA1UEBhMCQ0ExEjAQBgNVBAcMCVZhbmNvdXZlcjEMMAoGA1UECgwDVUJDMRcwFQYDVQQDDA5zcC53aWtpLmRvY2tlcjAeFw0yNDA3MDQwOTA4MzZaFw0zNDA3MDQwOTA4MzZaMEgxCzAJBgNVBAYTAkNBMRIwEAYDVQQHDAlWYW5jb3V2ZXIxDDAKBgNVBAoMA1VCQzEXMBUGA1UEAwwOc3Aud2lraS5kb2NrZXIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDCEa0f5ZJhpSU+Xc0WNohbxTzpmDkqgI0rtWCmL5vqJakPCHnWnq0icCX2/zwh6//WP+9UPgO1ifHUhNC/NEJhBKGJjtNNKaV+AwUzj43IiLMqgkhMEvkqNePuKNBh/lvzjLl3KYMrLAEZKx+AluMaS7us5CmR9lyhY9nHZS0P1FRjwJ6SJ1o0HEuXHkH5eRotaRtrd8L+L93R9SaIBpgAy0XMkgFDqGmX7NbVAMT6cPNEVmj63J5veMtpCN5mQRXpZFPCSbmXOGlyy7S3cilpSk8QA8QOkt4EB+I6G5W/aaG8hNs4QHKkKMReJ/oHQbQXIJ2d4oMsQaEXk3FtTIbl4l7fKS+LvhCHvB9z8q/ueh3bAIcpSxGzg3oTScZM5ZZAqzjYxCMYdI+3h44FPUtDsZdwezFN/B+JsITQouaYzuRxjUV6uNGhZXSRb+st3VYIBg0+mIvowDyBHgQvOaAZ8/UuSqcfrMH/AwTVY2Ej2YzerKDCwchHmpv5sXRY+o8CAwEAAaNTMFEwHQYDVR0OBBYEFIUt4n/0ouPzNfRNonY/EtJhHXPfMB8GA1UdIwQYMBaAFIUt4n/0ouPzNfRNonY/EtJhHXPfMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAAK5QNOmFjLmQZdfWURK+hyCN08RIB6qOgKxuMG6j6u4brKOhktRAx+8hwrgVH96+fW3DkELsNGTTjUzxJvXM01cDDn2lUNMhLA2InHTsFe2zbmKG5sSl0wOFhi0kBnkGL8di3FgnqJJs8sTcQWajoFiEPa0yW3Gad/S6JSPgrHMlPkMPgZ8Vw8aYVprronbj9eiGWzRO5vFrE6YMn2l9es/pVJKzsb362EPhFekJA6f+6Ek2rfPRd0KiF5+Pln8KSooRmXpOZkM2CUfgOmb3lT9mwel2wemnXjUj0sjN5luotbK6YVhnwuq9d1O1a8Lhx8HLLasV7bR1hg9rjz+K2nv1XqWYsiFJelkgD4DOcFP68I/eiUiAf6jqh5+YJuqFXkXS9P6ohOXn5sbiV69+VV64JXG31emPgX/mm/41Bq2j5ESYak1I4RCPdLPpsjPWUMUKAXrRjbj8UZBf5w3Uv7tc4SY+Sc8mcBw0/14Ossz5h2ZLBW0j1QKqDWwSyWn5A==', +];