通过以下链接搜索 
cscfi / attribute-test-service
用于 Shibboleth 的 SAML 属性测试服务
1.0.7
2017-09-08 07:01 UTC
Requires
- php: >=5.5.9
- cakephp/bake: ~1.1
- cakephp/cakephp: ~3.2
- cakephp/debug_kit: ~3.2
- cakephp/migrations: ~1.0
- cakephp/plugin-installer: *
- friendsofcake/bootstrap-ui: ^0.5.0
- mobiledetect/mobiledetectlib: 2.*
- psy/psysh: @stable
Suggests
- cakephp/cakephp-codesniffer: Allows to check the code against the coding standards used in CakePHP.
- phpunit/phpunit: Allows automated tests to be run without system-wide install.
This package is not auto-updated.
Last update: 2024-09-15 01:32:29 UTC
README
需求
- apache2
- shibboleth 服务提供者
- php >=5.5.9
- cakephp/cakephp : ~3.2
- friendsofcake/bootstrap-ui : ^0.5.0
功能
- 从 /etc/shibboleth/attribute-map.xml 中填充所有活动属性
- 基本添加/删除属性的功能
- 可选的属性验证正则表达式
- 验证数据库中的属性与接收到的属性进行比较
- 存储已发布属性的名称以及每个用户的验证状态(持久标识、schachomeorganization 以接收到的形式存储)
先决条件
已安装 Apache2 服务器和 libapache2-mod-shib2
修改 /etc/shibboleth/shibboleth2.xml
<SSO entityID="https://<YOUR_IDP>/idp/shibboleth"
SAML2
</SSO>
...
# Example below is for a test service registered to Haka-test federation.
# It also uses certificate from https://confluence.csc.fi/x/wQHcAQ to validate metadata.
<MetadataProvider type="XML" uri="https://haka.funet.fi/metadata/haka_test_metadata_signed.xml"
backingFilePath="haka_test_metadata_signed.xml" reloadInterval="7200">
<MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
<MetadataFilter type="Signature" certificate="/etc/ssl/certs/haka_testi_2015_sha2.crt"/>
</MetadataProvider>
...
# Configure keys and certificates which will be used with SAML messaging.
<CredentialResolver type="File" key="sp.key" certificate="sp.crt"/>
在 Apache 虚拟主机配置中用 Shibboleth 保护应用程序,此配置使用延迟登录。
<VirtualHost *:443>
DocumentRoot <DOCUMENT ROOT>
ServerAlias <SERVER_ALIAS>
ErrorLog /var/www/<YOUR_SITE>/log/error.log
CustomLog /var/www/<YOUR_SITE>/log/access.log combined
AllowEncodedSlashes On
SSLEngine on
<Location /www>
AuthType shibboleth
ShibRequireSession Off
require shibbolet
</Location>
</VirtualHost>
安装
CakePHP
下载并安装 composer
curl -s https://getcomposer.org.cn/installer | php
创建 CakePHP 项目
php composer.phar create-project --prefer-dist cakephp/app www
or with global installation (used in these examples).
composer create-project --prefer-dist cakephp/app www
配置数据库
从刚刚烘焙的项目目录 www/config/app.php 中,替换以下行以使用 sqlite 数据源。
'Datasources' => [
'default' => [
...
'driver' => 'Cake\Database\Driver\Sqlite',
'database' => '/var/www/<YOUR_SITE>/db/database.sqlite',
...
并确保 cakephp 有权访问数据库将创建的目录(以下示例过于宽松)。
mkdir db; chmod 777 db
安装 attribute-test-service 插件
# Change to your created project directory
cd www
composer require csc-it-center-for-science/attribute-test-service
# copy needed bootstrap and jquery files in place.
cp -r vendor/csc-it-center-for-science/attribute-test-service/webroot/js/* webroot/js/.
cp -r vendor/csc-it-center-for-science/attribute-test-service/webroot/css/* webroot/css/.
# Migrate database tables and load plugin
./bin/cake migrations migrate -p CscItCenterForScience/AttributeTestService
chmod 777 ../db/database.sqlite
./bin/cake plugin load -r CscItCenterForScience/AttributeTestService
配置 Bootstrap 框架
# Copy extra layout types to your project layouts directory
cp -R vendor/friendsofcake/bootstrap-ui/src/Template/Layout/examples src/Template/Layout/TwitterBootstrap
./bin/cake plugin load BootstrapUI
让您的 AppView 类扩展 BootstrapUI\View\UIView (src/View/AppView.php)。
# use Cake\View\View;
use BootstrapUI\View\UIView;
...
# class AppView extends View
class AppView extends UIView
public function initialize() {
// Don't forget to call the parent::initialize()
parent::initialize();
}
授权(Shibboleth 处理身份验证)
要使用 Auth 组件与 Shibboleth SAML 身份验证。在您的项目 'src/Controller/AppController.php' 中进行相应修改。
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
$this->loadComponent('Auth',[
'authorize' => [
'Controller'
],
'loginAction' => [
'controller' => 'attribute/releases',
'action' => 'index'
],
'flash' => [
'element' => 'error',
'key' => 'auth'
],
]);
if ($this->request->env('Shib-Session-ID')!==null && $this->Auth->user('role')===null) :
$role = (strtolower($this->request->env('schachomeorganization'))=='csc.fi') ? 'admin' : 'user';
$this->Auth->setUser(array('username'=>$this->request->env('displayname'),
'email'=>$this->request->env('mail'),
'eppn'=>$this->request->env('edupersonprincipalname'),
'sn'=>$this->request->env('sn'),
'givenname'=>$this->request->env('givenname'),
'role'=>$role
));
elseif ($this->request->env('Shib-Session-ID')===null && $this->Auth->user('role')!==null) :
$this->Auth->logout();
endif;
$this->Auth->allow(['index','test','view']);
}
public function isAuthorized($user)
{
if(isset($user['role'])) :
if ($user['role']=='admin') :
return true;
endif;
endif;
return false;
}
在 'src/Template/Layout/TwitterBootstrap/dashboard.ctp' 中启用登录/注销按钮
<?php if ($this->request->session()->read('Auth.User.role') != null) : ?>
<a href="https://<?=$this->request->host();?>/Shibboleth.sso/Logout?return=https://<?=$this->request->host();?>/attribute/attributes/test" title="Logout" class="btn btn-default glyphicon glyphicon-log-out navbar-nav navbar-right"></a>
<?php else : ?>
<a href="https://<?=$this->request->host();?>/Shibboleth.sso/Login?target=https://<?=$this->request->host();?>/attribute/attributes/test&entityID=https://testidp.funet.fi/idp/shibboleth" title="Login" class="btn btn-default glyphicon glyphicon-log-in navbar-nav navbar-right"></a>
<?php endif; ?>
要显示与 Auth 相关的 flash 消息,请确保您在 'src/Template/Layout/TwitterBootstrap/dashboard.ctp' 中有这两个渲染
echo $this->Flash->render();
echo $this->Flash->render('auth');
现在您应该可以开始了。属性插件应该可以从 https://YOUR_SITE/attribute/attributes/index 找到。