Skip to content
Snippets Groups Projects
Commit ce7d9bbf authored by Art's avatar Art :lizard:
Browse files

Update README.md

parent 77d88fdf
No related branches found
No related tags found
No related merge requests found
...@@ -8,49 +8,67 @@ ...@@ -8,49 +8,67 @@
- SAML/SAML2: It's just another XML-based enterprise-grade standard that will make you cry blood - SAML/SAML2: It's just another XML-based enterprise-grade standard that will make you cry blood
#### Integrating the app into your Django project. #### Necessary stuff
- Binary dependencies: `sudo apt install libxml2-dev libxslt1-dev xmlsec1 libxmlsec1-dev pkg-config` - Binary dependencies: `sudo apt install libxml2-dev libxslt1-dev xmlsec1 libxmlsec1-dev pkg-config`
- Python dependencies: see `requirements.txt` or `setup.py` - Python dependencies: see `requirements.txt` or `setup.py`
- Add the app into `INSTALLED_APPS` - Add the app into `INSTALLED_APPS`
- Include the app's `urls.py` into the project `urls.py` `urlpatterns` - Include the app's `urls.py` into the project `urls.py` `urlpatterns`, preferably without a prefix
- Add to the project settings
- Development
#### Development setup
This is what you normally want during the development.
```python ```python
# imports """ settings/dev.py """
import socket import socket
import os import os
# SP
SP_HOST = "141.71.foo.bar" # your SP host or IP address DO_YOU_WANT_SSO = False
if DO_YOU_WANT_SSO:
SP_HOST = "localhost"
SP_PORT = 8000 SP_PORT = 8000
SP_SSL = False SP_SSL = False
SP_FORCE_ENTITY_ID = "auto-{0}-{1}".format(socket.gethostname(), os.path.dirname(os.path.dirname(__file__))) SP_FORCE_ENTITY_ID = "dev-auto-id-{0}-{1}".format(socket.gethostname(), os.path.dirname(os.path.dirname(__file__)))
# IDP
IDP_META_URL = "https://idp-test.it.hs-hannover.de/idp/shibboleth" # development IDP_META_URL = "https://idp-test.it.hs-hannover.de/idp/shibboleth" # development
# IDP_IGNORE = True # set to True if you experience problems with the IDP (SSO will NOT work) else:
SSO_DISABLED = True
``` ```
- Production
Use `localhost:8000/dev/` to acces the development view.
The code snippet above disables the actual SSO. If you need it:
- change `DO_YOU_WANT_SSO` to True
- see the SSO configuration section
#### Production setup
```python ```python
# SP """ settings/prod.py """
SP_HOST = "141.71.foo.bar" # your SP host or IP address SP_HOST = "141.71.foo.bar" # your SP host or IP address
# IDP
IDP_META_URL = "https://idp.hs-hannover.de/idp/shibboleth" # production IDP_META_URL = "https://idp.hs-hannover.de/idp/shibboleth" # production
``` ```
- generate a new key pair: You will also need to configure the SSO
#### SSO configuration
- create a key pair:
- if you don't need your cert to be signed you can use `openssl req -new -x509 -days 3650 -nodes -out sp.pem -keyout sp.key`
- create `cert` directory: - create `cert` directory:
- inside of project `settings` directory if it's a package - inside of project `settings` directory if it's a package
- next to project `settings.py` file if it's a module - next to project `settings.py` file if it's a module
- `openssl req -new -x509 -days 3650 -nodes -out sp.pem -keyout sp.key`
- `./cert/sp.key` put the private key here - `./cert/sp.key` put the private key here
- `./cert/sp.pem` put the certificate here, signing is optional - `./cert/sp.pem` put the certificate here, signing is optional
- configure the IdP:
#### Integrating your project into the existing SSO infrastructure
- **Do this only if you want to use SSO. For development it's usually enough to use the dev view instead.**
- Ask somebody who knows more. Seriously. - Ask somebody who knows more. Seriously.
- Try on the test IdP before you brick the production! - Try on the test IdP before you brick the production!
- Grab your meta - Grab your meta
- Run your project. - Run your project.
- Find meta of your SP (relative path `/saml2/meta` or view name `sso-saml2-meta`) - Find meta of your SP (relative path `/saml2/meta` or view name `sso-saml2-meta`)
- **if using Firefox:** use "show source code" option or you will get invalid XML - Use Ctrl+U ("view source") to get the actual XML, otherwise your browser could mess it up
- configure the IdP: - configure the IdP:
- `SSH` to the IdP and locate the Shibboleth directory, most likely `/opt/shibboleth-idp/` - `SSH` to the IdP and locate the Shibboleth directory, most likely `/opt/shibboleth-idp/`
- put your meta into a new file in `./metadata/` and give it a nice verbose name - put your meta into a new file in `./metadata/` and give it a nice verbose name
...@@ -61,5 +79,6 @@ ...@@ -61,5 +79,6 @@
- edit `./conf/attribute-filter.xml` - edit `./conf/attribute-filter.xml`
- add a new `<Rule .../>` element inside of `<AttributeFilterPolicy id="releaseToDjango">` - add a new `<Rule .../>` element inside of `<AttributeFilterPolicy id="releaseToDjango">`
- `value` (looks like URI) should be the `entityID` of your SP (you find it in your meta) - `value` (looks like URI) should be the `entityID` of your SP (you find it in your meta)
- `systemctl restart tomcat8 & tail -fn0 /opt/shibboleth-idp/logs/idp-warn.log` (you now have some time to grab you a coffee) - `systemctl restart tomcat8` (you now have some time to grab you a coffee)
- ensure the IdP works after restarting!
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment