Versions Compared

Old Version 9

changes.mady.by.user Marko Ivancic

Saved on

compared with

New Version 10

changes.mady.by.user Marko Ivancic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Conformance IdP

The Conformance

The test environment is set up with several Docker containers with a reverse proxy in front of them, all hosted on a single virtual machine (VM).

The main domain is maiv1.incubator.geant.org, supplemented by the registered wildcard domain *.maiv1.incubator.geant.org, allowing for an unlimited number of subdomain virtual hosts.

Virtual host certificates are obtained using acme.sh, available at https://github.com/acmesh-official/acme.sh

The Git repository for the entire setup is internally available here (expect significant changes during Incubator activity): https://gitlab.software.geant.org/TI_Incubator/saml-signature-validation-test-env

Test IdP

The test IdP is a SimpleSAMLphp v2.1 SAML2 IdP instance with a configured IdP and installed 'conformance' module (:

  • default authentication source which automatically authenticates a sample (dummy) user
  • Conformance module installed which provides
    • authentication processing filter

...

    • that can modify SAML Responses

...

    • , that is, create invalid ones in order to test SP behavior
    • ability to run Nuclei tests from the module UI
    • API which enables programmatic control and execution of tests

IdP metadata: https://conformance-idp.maiv1.incubator.geant.org/module.php/saml/idp/metadata

Admin dashboard: https://conformance-idp.maiv1.incubator.geant.org/module.php/admin/

Conformance module UI: https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/nuclei/test/setup

Conformance module repo: https://github.com/cicnavi/simplesamlphp-module-conformance

...

SP metadata handling

Test Conformance IdP is configured with PDO metadata storage handler (it can use database to store SP metadata) in addition to plain PHP metadata files.

...

The UI form is available here: https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/metadata/add

In additionAlso, there is additional an API endpoint which can be used to provision SP metadata dynamically (described below).

Available endpoints

API endpoints

API endpoints are protected with Authorization Bearer token. In order to access the API, you must provide the token in the HTTP request as the Authorization header, with Bearer scheme. For example:

GET /resource HTTP/1.1
Host: server.example.com
Authorization: Bearer sometoken


Test modification

Endpoint to define next test for particular SP.

...

Endpoint to provision SP metadata which will be trusted by the Test Conformance IdP.

URI: https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/metadata/persist

...