From 420d7071bd6ebbdc8a4641542aefa026435814a4 Mon Sep 17 00:00:00 2001 From: gregcorbett Date: Thu, 23 Nov 2023 15:38:22 +0000 Subject: [PATCH 1/3] Whitespace Fixes --- lib/Authentication/AuthTokens/ShibAuthToken.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/Authentication/AuthTokens/ShibAuthToken.php b/lib/Authentication/AuthTokens/ShibAuthToken.php index af6f9a9a2..7408ee0ce 100644 --- a/lib/Authentication/AuthTokens/ShibAuthToken.php +++ b/lib/Authentication/AuthTokens/ShibAuthToken.php @@ -79,11 +79,9 @@ public function getDetails() { public function getPrinciple() { return $this->principal; } - - - + private function getAttributesInitToken(){ - $hostname = $_SERVER['HTTP_HOST']; // don't use $_SERVER['SERVER_NAME'] as this don't support DNS + $hostname = $_SERVER['HTTP_HOST']; // don't use $_SERVER['SERVER_NAME'] as this don't support DNS // specify location of the Shib Logout handler \Factory::$properties['LOGOUTURL'] = 'https://'.$hostname.'/Shibboleth.sso/Logout'; $idp = isset($_SERVER['Shib-Identity-Provider']) ? $_SERVER['Shib-Identity-Provider'] : ''; From 84dffc1b2056ef73544fc1f2e9a47b339c3e4041 Mon Sep 17 00:00:00 2001 From: gregcorbett Date: Thu, 23 Nov 2023 15:40:20 +0000 Subject: [PATCH 2/3] Update ShibToken for Keycloak based EGI Check In - this has included: - switching to aai-demo.egi.eu for preproduction, on the advice of EGI Check In team - updating the expected IdPs from subdomain/proxy/saml2/idp/metadata.php to subdomain/auth/realms/egi - moving from using epuid to voPersonID - related ticket: https://ggus.eu/index.php?mode=ticket_info&ticket_id=164026 --- .../AuthTokens/ShibAuthToken.php | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/Authentication/AuthTokens/ShibAuthToken.php b/lib/Authentication/AuthTokens/ShibAuthToken.php index 7408ee0ce..3361b5cc8 100644 --- a/lib/Authentication/AuthTokens/ShibAuthToken.php +++ b/lib/Authentication/AuthTokens/ShibAuthToken.php @@ -96,9 +96,9 @@ private function getAttributesInitToken(){ $this->userDetails = array('AuthenticationRealm' => array('UK_ACCESS_FED')); return; } - else if($idp == 'https://aai.egi.eu/proxy/saml2/idp/metadata.php'){ + else if($idp == 'https://aai.egi.eu/auth/realms/egi'){ // assurance is the old way EGI checkIn used to pass LoA attributes - /*if( empty($_SERVER['epuid'])){// || empty($_SERVER['displayName']) ){ + /*if( empty($_SERVER['voPersonID'])){// || empty($_SERVER['displayName']) ){ die('Did not recieve required attributes from the EGI Proxy Identity Provider to complete authentication, please contact gocdb-admins'); } if(empty($_SERVER['assurance'])){ @@ -112,16 +112,16 @@ private function getAttributesInitToken(){ echo ($HTML); die(); } - $this->principal = $_SERVER['epuid']; + $this->principal = $_SERVER['voPersonID']; $this->userDetails = array('AuthenticationRealm' => array('EGI Proxy IdP')); return; */ - if( empty($_SERVER['epuid'])){// || empty($_SERVER['displayName']) ){ + if( empty($_SERVER['voPersonID'])){// || empty($_SERVER['displayName']) ){ die('Did not recieve required attributes from the EGI Proxy Identity Provider to complete authentication, please contact gocdb-admins'); } if(empty($_SERVER['entitlement'])){ - //die('Did not recieve the required entitlement attribute from the EGI Dev Proxy IdP, please contact gocdb-admins'); + //die('Did not recieve the required entitlement attribute from the EGI Proxy IdP, please contact gocdb-admins'); $HTML = ''; $HTML .= "
"; $HTML .= 'Logout'; @@ -139,28 +139,28 @@ private function getAttributesInitToken(){ echo ($HTML); die(); } - $this->principal = $_SERVER['epuid']; + $this->principal = $_SERVER['voPersonID']; $this->userDetails = array('AuthenticationRealm' => array('EGI Proxy IdP')); return; } - else if($idp == 'https://aai-dev.egi.eu/proxy/saml2/idp/metadata.php'){ - if( empty($_SERVER['epuid'])){ - die('Did not receive required ePUID attributes from the EGI Dev Proxy Identity Provider to complete authentication, please contact gocdb-admins'); + else if($idp == 'https://aai-demo.egi.eu/auth/realms/egi'){ + if( empty($_SERVER['voPersonID'])){ + die('Did not receive required voPersonID attributes from the EGI Demo Proxy Identity Provider to complete authentication, please contact gocdb-admins'); } if(empty($_SERVER['entitlement'])){ - die('Did not receive the required entitlement attribute from the EGI Dev Proxy IdP, please contact gocdb-admins'); - } - $entitlementValuesArray = explode(';', $_SERVER['entitlement']); + die('Did not receive the required entitlement attribute from the EGI Demo Proxy IdP, please contact gocdb-admins'); + } + $entitlementValuesArray = explode(';', $_SERVER['entitlement']); if( !in_array('urn:mace:egi.eu:res:gocdb#aai.egi.eu', $entitlementValuesArray) ){ - $HTML = '
  • You authenticated to the EGI Dev Identity Provider using a method that does not provide a GOCDB entitlement.
  • Login is required with a gocdb entitlement.
  • To gain access, you will need to login to the Proxy IdP using a scheme that provides a gocdb entitlement.
  • Please logout or restart your browser and attempt to login again.
'; + $HTML = '
  • You authenticated to the EGI Demo Identity Provider using a method that does not provide a GOCDB entitlement.
  • Login is required with a gocdb entitlement.
  • To gain access, you will need to login to the Proxy IdP using a scheme that provides a gocdb entitlement.
  • Please logout or restart your browser and attempt to login again.
'; $HTML .= "
"; $HTML .= 'Logout'; $HTML .= "
"; echo ($HTML); die(); } - $this->principal = $_SERVER['epuid']; + $this->principal = $_SERVER['voPersonID']; $this->userDetails = array('AuthenticationRealm' => array('EGI Proxy IdP')); return; } From 68201e2d13b07222b9d091893b69ba67198b3dda Mon Sep 17 00:00:00 2001 From: gregcorbett Date: Wed, 29 Nov 2023 09:51:12 +0000 Subject: [PATCH 3/3] Version bump to 5.10.5 --- htdocs/web_portal/static_html/goc5_logo.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/web_portal/static_html/goc5_logo.html b/htdocs/web_portal/static_html/goc5_logo.html index 4f2641bbb..0f0407c3a 100644 --- a/htdocs/web_portal/static_html/goc5_logo.html +++ b/htdocs/web_portal/static_html/goc5_logo.html @@ -4,7 +4,7 @@

- GOCDB 5.10.4 + GOCDB 5.10.5