Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shib Environment Variables #651

Open
alexBLR opened this issue Nov 19, 2024 · 5 comments
Open

Shib Environment Variables #651

alexBLR opened this issue Nov 19, 2024 · 5 comments
Assignees
@kbowaterskelly
Labels
Backend Migration

Comments

@alexBLR
Copy link
Contributor

alexBLR commented Nov 19, 2024
edited by kbowaterskelly
Loading

Duplicate avalon environment variables to /opt/dlp-selfdeposit/current/.env.production on oe24-hyrax-arch

Does not need to be totally functional pre deploy
@alexBLR alexBLR assigned alexBLR and unassigned alexBLR Nov 19, 2024
@alexBLR
Copy link
Contributor Author

alexBLR commented Nov 19, 2024

I shared environment variables setup with Kaeln. They are located here: https://github.com/emory-libraries/dlp-selfdeposit/blob/omniauth-saml/config/environments/production.rb

@alexBLR alexBLR changed the title Copy of Shib Application Work Shib Environment Variables Nov 19, 2024
@tmill29 tmill29 mentioned this issue Nov 19, 2024
Open
4 tasks
@kbowaterskelly
Copy link
Contributor 

  config.idp_slo_target_url = ENV['IDP_SLO_TARGET_URL']
  config.assertion_consumer_service_url = ENV['ASSERTION_CS_URL']
  config.assertion_consumer_logout_service_url = ENV['ASSERTION_LOGOUT_URL']
  config.issuer = ENV['ISSUER']
  config.idp_sso_target_url = ENV['IDP_SSO_TARGET_URL']
  config.idp_cert = ENV['IDP_CERT']
  config.certificate = ENV['SP_CERT']
  config.private_key = ENV['SP_KEY']

@kbowaterskelly
Copy link
Contributor

kbowaterskelly commented Nov 21, 2024
edited
Loading

It's not clear to me that any configuration needs to happen around environment variables. Shibboleth SP is supposed to provide what you are asking for from its configuration by default. It looks like you may need to use the SSO or Sessions element(s). Please see the following:

https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334348/SSO
https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334342/Sessions

It is possible that I am misunderstanding and that you are not able to request these values directly from the SP? If so, I would suggest a discussion to try and gain some clarity here. If the goal is only to manually populate these values, that can be done from within the ruby configuration, as above.

@kbowaterskelly
Copy link
Contributor

Here is some sample configuration.

  settings.assertion_consumer_service_url     = "http://localhost:3000/users/saml/auth"
  settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
  settings.name_identifier_format             = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
  settings.issuer                             = "http://localhost:3000/saml/metadata"
  settings.authn_context                      = ""
  settings.idp_slo_target_url                 = "http://localhost/simplesaml/www/saml2/idp/SingleLogoutService.php"
  settings.idp_sso_target_url                 = "http://localhost/simplesaml/www/saml2/idp/SSOService.php"
  settings.idp_cert                           = <<-CERT.chomp

In addition, with regards to SLO, it is not yet configured. Generally that would be done after implementing a successful login scheme, at least as far as Emory usually does things.

@kbowaterskelly
Copy link
Contributor

Clarified this request and fulfilled.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kbowaterskelly kbowaterskelly

Labels
Backend Migration
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexBLR @kbowaterskelly