From b1cd7e7bc26a8968c801b4c777db119f7ae088b5 Mon Sep 17 00:00:00 2001 From: handnot2 Date: Fri, 15 Dec 2017 09:47:50 -0800 Subject: [PATCH] moved key/cert to priv/keys, deps refreshed as well --- .gitignore | 5 ++--- README.md | 22 ++++++++++++++-------- config/dev.exs | 50 ++++++++++++++++++++++++++++---------------------- gencert.sh | 6 ++++-- mix.exs | 2 +- mix.lock | 9 +++++---- 6 files changed, 54 insertions(+), 40 deletions(-) diff --git a/.gitignore b/.gitignore index 3955e0c..b36e3c6 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,7 @@ npm-debug.log # we ignore priv/static. You may want to comment # this depending on your deployment strategy. /priv/static/ +/priv/keys/ # Files matching config/*.secret.exs pattern contain sensitive # data and you should not commit them into version control. @@ -25,6 +26,4 @@ npm-debug.log # secrets files as long as you replace their contents by environment # variables. /config/*.secret.exs -idp_metadata.xml -samly.crt -samly.pem +/*.xml diff --git a/README.md b/README.md index cebd5be..23fc228 100644 --- a/README.md +++ b/README.md @@ -28,17 +28,23 @@ The changes required are confined to the `config/dev.exs` file. git clone https://github.com/handnot2/samly_howto cd samly_howto ./gencert.sh -cd assets && npm install && cd .. mix deps.get mix compile +cd assets && npm install && cd .. ``` -> Before you can run this application, you need to setup an IdP. Checkout the -> instructions in the [Samly Documentation](https://hexdocs.pm/samly) - -Make sure that the Docker compose based SimpleSAMLphp IdP is setup. Follow -the instructions there to establish mutual trust between the SimpleSAMLphp -IdP and this application. +> Before you can run this application, you need to have a working +> SAML Identity Provider setup. Checkout the instructions in +> +> [Samly Documentation](https://hexdocs.pm/samly) +> +> for configuration related information. The following blog post +> will be very useful as well (based on Shibboleth SAML IdP): +> +> [SAML Authentication for Phoenix](https://handnot2.github.io/blog/auth/saml-auth-for-phoenix) +> +> If you want to use `SimpleSAMLphp`, checkout: +> [`samly_simplesaml`](https://github.com/handnot2/samly_simplesaml). Start this application by running @@ -47,4 +53,4 @@ Start this application by running ``` This application can now be accessed from the browser by visiting the -URL: `http://samly.howto:4003`. +URL: `https://samly.howto:4443`. diff --git a/config/dev.exs b/config/dev.exs index 62621b6..52c72f6 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -7,7 +7,13 @@ use Mix.Config # watchers to your application. For example, we use it # with brunch.io to recompile .js and .css sources. config :samly_howto, SamlyHowtoWeb.Endpoint, - http: [port: {:system, "PORT"}], + #http: [port: {:system, "PORT"}], + https: [ + port: 4443, + otp_app: :samly_howto, + keyfile: "priv/keys/samly.pem", + certfile: "priv/keys/samly.crt" + ], url: [host: {:system, "HOST"}], debug_errors: true, code_reloader: true, @@ -64,46 +70,46 @@ config :samly, Samly.Provider, service_providers: [ %{ id: "sp1", - entity_id: "urn:samly.howto:sp1", - certfile: "samly.crt", - keyfile: "samly.pem", + #entity_id: "urn:samly.howto:sp1", + certfile: "priv/keys/samly.crt", + keyfile: "priv/keys/samly.pem", contact_name: "Samly Howto SP1 Admin", contact_email: "sp1-admin@samly.howto", org_name: "Samly Howto SP1", org_displayname: "Samly Howto SP1 Displayname", - org_url: "http://samly.howto:4003" + org_url: "https://samly.howto:4443" }, %{ id: "sp2", - entity_id: "urn:idp2.samly.howto:sp2", - certfile: "samly.crt", - keyfile: "samly.pem" + #entity_id: "urn:idp2.samly.howto:sp2", + certfile: "priv/keys/samly.crt", + keyfile: "priv/keys/samly.pem", # contact_name: "Samly Howto SP2 Admin", # contact_email: "sp2-admin@samly.howto", # org_name: "Samly Howto SP2", # org_displayname: "Samly Howto SP2 Displayname", - # org_url: "http://idp2.samly.howto:4003" + # org_url: "https://idp2.samly.howto:4443" }, %{ id: "sp3", - entity_id: "urn:idp3.samly.howto:sp3", - certfile: "samly.crt", - keyfile: "samly.pem" + #entity_id: "urn:idp3.samly.howto:sp3", + certfile: "priv/keys/samly.crt", + keyfile: "priv/keys/samly.pem", # contact_name: "Samly Howto SP3 Admin", # contact_email: "sp3-admin@samly.howto", # org_name: "Samly Howto SP3", # org_displayname: "Samly Howto SP3 Displayname", - # org_url: "http://idp3.samly.howto:4003" + # org_url: "https://idp3.samly.howto:4443" } ], identity_providers: [ %{ id: "idp1", sp_id: "sp1", - base_url: "http://samly.howto:4003/sso", + base_url: "https://samly.howto:4443/sso", metadata_file: "idp_metadata.xml", - pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline - # use_redirect_for_req: false, + pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline, + use_redirect_for_req: true, # sign_requests: true, # sign_metadata: true, # signed_assertion_in_resp: true, @@ -112,10 +118,10 @@ config :samly, Samly.Provider, %{ id: "idp2", sp_id: "sp2", - base_url: "http://idp2.samly.howto:4003/sso", + base_url: "https://idp2.samly.howto:4443/sso", metadata_file: "idp_metadata.xml", - pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline - # use_redirect_for_req: false, + pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline, + use_redirect_for_req: true, # sign_requests: true, # sign_metadata: true, # signed_assertion_in_resp: true, @@ -124,10 +130,10 @@ config :samly, Samly.Provider, %{ id: "idp3", sp_id: "sp3", - base_url: "http://idp3.samly.howto:4003/sso", + base_url: "https://idp3.samly.howto:4443/sso", metadata_file: "idp_metadata.xml", - pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline - # use_redirect_for_req: false, + pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline, + use_redirect_for_req: true, # sign_requests: true, # sign_metadata: true, # signed_assertion_in_resp: true, diff --git a/gencert.sh b/gencert.sh index f7a52c2..6bab2b6 100755 --- a/gencert.sh +++ b/gencert.sh @@ -10,9 +10,11 @@ OU="Howto" CN="samly.howto" SUBJ="/C=${C}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${CN}" +mkdir -p priv/keys + echo "Generating SP certificate ..." openssl req -new -x509 -sha256 -days 365 -nodes \ -newkey rsa:4096 \ - -out ${NAME}.crt \ - -keyout ${NAME}.pem \ + -out priv/keys/${NAME}.crt \ + -keyout priv/keys/${NAME}.pem \ -subj "${SUBJ}" diff --git a/mix.exs b/mix.exs index bfd72b6..8f3f333 100644 --- a/mix.exs +++ b/mix.exs @@ -4,7 +4,7 @@ defmodule SamlyHowto.Mixfile do def project do [ app: :samly_howto, - version: "0.6.1", + version: "0.7.0", elixir: "~> 1.4", elixirc_paths: elixirc_paths(Mix.env()), compilers: [:phoenix, :gettext] ++ Mix.compilers(), diff --git a/mix.lock b/mix.lock index 46024ec..cc1c08c 100644 --- a/mix.lock +++ b/mix.lock @@ -1,14 +1,15 @@ %{"cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [:rebar3], [{:cowlib, "~> 1.0.2", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm"}, "cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [:make], [], "hexpm"}, - "esaml": {:hex, :esaml, "3.1.0", "76337f00b5953a6c249fa8c322905c7a069b7c20339ece3756072279e6dcb41c", [:rebar3], [{:cowboy, "1.1.2", [hex: :cowboy, repo: "hexpm", optional: false]}], "hexpm"}, + "esaml": {:hex, :esaml, "3.3.0", "9b675c1201ef2d60e53cf5603a20560e1a688acc128bf0de476812919e4d2c52", [:rebar3], [{:cowboy, "1.1.2", [hex: :cowboy, repo: "hexpm", optional: false]}], "hexpm"}, "file_system": {:hex, :file_system, "0.2.2", "7f1e9de4746f4eb8a4ca8f2fbab582d84a4e40fa394cce7bfcb068b988625b06", [:mix], [], "hexpm"}, - "gettext": {:hex, :gettext, "0.13.1", "5e0daf4e7636d771c4c71ad5f3f53ba09a9ae5c250e1ab9c42ba9edccc476263", [:mix], [], "hexpm"}, + "gettext": {:hex, :gettext, "0.14.0", "1a019a2e51d5ad3d126efe166dcdf6563768e5d06c32a99ad2281a1fa94b4c72", [:mix], [], "hexpm"}, "mime": {:hex, :mime, "1.1.0", "01c1d6f4083d8aa5c7b8c246ade95139620ef8effb009edde934e0ec3b28090a", [:mix], [], "hexpm"}, "phoenix": {:hex, :phoenix, "1.3.0", "1c01124caa1b4a7af46f2050ff11b267baa3edb441b45dbf243e979cd4c5891b", [:mix], [{:cowboy, "~> 1.0", [hex: :cowboy, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 1.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"}, - "phoenix_html": {:hex, :phoenix_html, "2.10.4", "d4f99c32d5dc4918b531fdf163e1fd7cf20acdd7703f16f5d02d4db36de803b7", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}, + "phoenix_html": {:hex, :phoenix_html, "2.10.5", "4f9df6b0fb7422a9440a73182a566cb9cbe0e3ffe8884ef9337ccf284fc1ef0a", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}, "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.1.3", "1d178429fc8950b12457d09c6afec247bfe1fcb6f36209e18fbb0221bdfe4d41", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.0 or ~> 1.2 or ~> 1.3", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm"}, "phoenix_pubsub": {:hex, :phoenix_pubsub, "1.0.2", "bfa7fd52788b5eaa09cb51ff9fcad1d9edfeb68251add458523f839392f034c1", [:mix], [], "hexpm"}, "plug": {:hex, :plug, "1.4.3", "236d77ce7bf3e3a2668dc0d32a9b6f1f9b1f05361019946aae49874904be4aed", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1", [hex: :cowboy, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}], "hexpm"}, "poison": {:hex, :poison, "3.1.0", "d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665", [:mix], [], "hexpm"}, "ranch": {:hex, :ranch, "1.3.2", "e4965a144dc9fbe70e5c077c65e73c57165416a901bd02ea899cfd95aa890986", [:rebar3], [], "hexpm"}, - "samly": {:hex, :samly, "0.8.1", "483aaa0191eaf9f0c00c1896da5e7bbd3376804b9a8db88282a27eb20d94e432", [], [{:esaml, "~> 3.1", [hex: :esaml, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}} + "samly": {:hex, :samly, "0.8.4", "cf14c25157f07a85f62c4cac892bb971f3c341dd3209c8957bc601d7db27a82b", [:mix], [{:esaml, "~> 3.3", [hex: :esaml, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}, {:sweet_xml, "~> 0.6", [hex: :sweet_xml, repo: "hexpm", optional: false]}], "hexpm"}, + "sweet_xml": {:hex, :sweet_xml, "0.6.5", "dd9cde443212b505d1b5f9758feb2000e66a14d3c449f04c572f3048c66e6697", [:mix], [], "hexpm"}}