Remove apply_conf.sh script (#103)

* fix: remove `apply_conf.sh` script and use ENV vars instead * fix: remove `apply_conf.sh` script and use ENV vars instead * fix: delete `apply_conf.sh` file * fix: separate `SATOSA_BASE_STATIC` from `SATOSA_BASE` --------- Co-authored-by: Salvatore Laiso <salvatore.laiso@it.ey.com>
italia · Jan 22, 2024 · c9a9b54 · c9a9b54
1 parent 9bf36a2
commit c9a9b54
Show file tree

Hide file tree

Showing 12 changed files with 196 additions and 395 deletions.
diff --git a/Docker-compose/.env b/Docker-compose/.env
@@ -1,3 +1,4 @@
 MONGO_DBUSER=satosa
 MONGO_DBPASSWORD=thatpassword
 HOSTNAME=localhost
+KEYS_FOLDER=./pki
diff --git a/Docker-compose/docker-compose.yml b/Docker-compose/docker-compose.yml
@@ -66,6 +66,7 @@ services:
       - SATOSA_BY_DOCKER=1
 
       - SATOSA_BASE=https://$HOSTNAME
+      - SATOSA_BASE_STATIC=https://$HOSTNAME/static
       - SATOSA_DISCO_SRV=https://$HOSTNAME/static/disco.html
       - SATOSA_UNKNOW_ERROR_REDIRECT_PAGE=https://$HOSTNAME/static/error_page.html
 
@@ -74,32 +75,37 @@ services:
 
       - SATOSA_CONTACT_PERSON_EMAIL_ADDRESS=support.example@organization.org
       - SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER=+3906123456789
-      # - SATOSA_CONTACT_PERSON_FISCALCODE=01234567890
-      # - SATOSA_CONTACT_PERSON_GIVEN_NAME=Name
-      # - SATOSA_ENCRYPTION_KEY=
+      - SATOSA_CONTACT_PERSON_FISCALCODE=01234567890
+      - SATOSA_CONTACT_PERSON_GIVEN_NAME=Name
+      - SATOSA_CONTACT_PERSON_IPA_CODE=ispra_rm
+      - SATOSA_CONTACT_PERSON_MUNICIPALITY=H501
+      - SATOSA_ENCRYPTION_KEY=CHANGE_ME!
 
-      # - SATOSA_ORGANIZATION_DISPLAY_NAME_EN=Resource provided by Example Organization
-      # - SATOSA_ORGANIZATION_DISPLAY_NAME_IT=Resource provided by Example Organization
-      # - SATOSA_ORGANIZATION_NAME_EN=Resource provided by Example Organization
-      # - SATOSA_ORGANIZATION_NAME_IT=Resource provided by Example Organization
-      # - SATOSA_ORGANIZATION_URL_EN=https://example_organization.org
-      # - SATOSA_ORGANIZATION_URL_IT=https://example_organization.org
-      # - SATOSA_PRIVATE_KEY=
-      # - SATOSA_PUBLIC_KEY=
-      # - SATOSA_SALT=
-      # - SATOSA_STATE_ENCRYPTION_KEY
-      # - SATOSA_UI_DESCRIPTION_EN=Resource description
-      # - SATOSA_UI_DESCRIPTION_IT=Resource description
-      # - SATOSA_UI_DISPLAY_NAME_EN=Resource Display Name
-      # - SATOSA_UI_DISPLAY_NAME_IT=Resource Display Name
-      # - SATOSA_UI_INFORMATION_URL_EN=https://example_organization.org/information_url_en
-      # - SATOSA_UI_INFORMATION_URL_IT=https://example_organization.org/information_url_en
-      # - SATOSA_UI_LOGO_HEIGHT=60
-      # - SATOSA_UI_LOGO_URL=https://example_organization.org/logo.png
-      # - SATOSA_UI_LOGO_WIDTH=80
-      # - SATOSA_UI_PRIVACY_URL_EN=https://example_organization.org/privacy_en
-      # - SATOSA_UI_PRIVACY_URL_IT=https://example_organization.org/privacy_en
-      # - SATOSA_USER_ID_HASH_SALT
+      - SATOSA_ORGANIZATION_DISPLAY_NAME_EN=Resource provided by Example Organization
+      - SATOSA_ORGANIZATION_DISPLAY_NAME_IT=Resource provided by Example Organization
+      - SATOSA_ORGANIZATION_NAME_EN=Resource provided by Example Organization
+      - SATOSA_ORGANIZATION_NAME_IT=Resource provided by Example Organization
+      - SATOSA_ORGANIZATION_URL_EN=https://example_organization.org
+      - SATOSA_ORGANIZATION_URL_IT=https://example_organization.org
+      - SATOSA_PRIVATE_KEY=${KEYS_FOLDER}/privkey.pem
+      - SATOSA_PUBLIC_KEY=${KEYS_FOLDER}/cert.pem
+      - SATOSA_SALT=CHANGE_ME!
+      - SATOSA_STATE_ENCRYPTION_KEY=CHANGE_ME!
+      - SATOSA_UI_DESCRIPTION_EN=Resource description
+      - SATOSA_UI_DESCRIPTION_IT=Resource description
+      - SATOSA_UI_DISPLAY_NAME_EN=Resource Display Name
+      - SATOSA_UI_DISPLAY_NAME_IT=Resource Display Name
+      - SATOSA_UI_INFORMATION_URL_EN=https://example_organization.org/information_url_en
+      - SATOSA_UI_INFORMATION_URL_IT=https://example_organization.org/information_url_en
+      - SATOSA_UI_LOGO_HEIGHT=60
+      - SATOSA_UI_LOGO_URL=https://example_organization.org/logo.png
+      - SATOSA_UI_LOGO_WIDTH=80
+      - SATOSA_UI_PRIVACY_URL_EN=https://example_organization.org/privacy_en
+      - SATOSA_UI_PRIVACY_URL_IT=https://example_organization.org/privacy_en
+      - SATOSA_USER_ID_HASH_SALT=CHANGE_ME!
+      - SATOSA_REQUESTED_ATTRIBUTES=[]
+
+      - GET_IDEM_MDQ_KEY=true
     expose:
       - 10000
     ports:

diff --git a/example/apply_conf.sh b/example/apply_conf.sh
diff --git a/example/entrypoint.sh b/example/entrypoint.sh
@@ -1,5 +1,10 @@
 #!/bin/bash
 
-bash apply_conf.sh
+# get IDEM MDQ key
+if [[ $GET_IDEM_MDQ_KEY == true ]]; then
+  wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O $KEYS_FOLDER/idem-mdx-service-crt.pem
+  wget https://registry.spid.gov.it/metadata/idp/spid-entities-idps.xml -O metadata/idp/spid-entities-idps.xml
+  echo "Downloaded IDEM MDQ key"
+fi
 
 uwsgi --ini /satosa_proxy/uwsgi_setup/uwsgi/uwsgi.ini.docker
diff --git a/example/plugins/backends/ciesaml2_backend.yaml b/example/plugins/backends/ciesaml2_backend.yaml
@@ -5,7 +5,7 @@ config:
   # idp_blacklist_file: /path/to/blacklist.json
 
   # error templates
-  static_storage_url: "https://localhost/static"
+  static_storage_url: !ENV SATOSA_BASE_STATIC
   error_template: "spid_login_error.html"
   template_folder: "templates" # project root
 
@@ -28,33 +28,33 @@ config:
     # "https://identity.infocert.it": 'https://www.spid.gov.it/SpidL1'
 
   sp_config:
-    key_file: ./pki/privkey.pem
-    cert_file: ./pki/cert.pem
+    key_file: !ENV SATOSA_PRIVATE_KEY
+    cert_file: !ENV SATOSA_PUBLIC_KEY
     encryption_keypairs:
-    - {'key_file': ./pki/privkey.pem, 'cert_file': ./pki/cert.pem}
+    - {'key_file': !ENV SATOSA_PRIVATE_KEY, 'cert_file': !ENV SATOSA_PUBLIC_KEY}
 
     attribute_map_dir: 'attributes-map'
 
     organization:
       display_name: 
-        - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_EN', 'en']
-        - [ 'change with $SATOSA_ORGANIZATION_DISPLAY_NAME_IT', 'it']
+        - [ !ENV SATOSA_ORGANIZATION_DISPLAY_NAME_EN, 'en']
+        - [ !ENV SATOSA_ORGANIZATION_DISPLAY_NAME_IT, 'it']
       name: 
-        - [ 'change with $SATOSA_ORGANIZATION_NAME_EN', 'en']
-        - [ 'change with $SATOSA_ORGANIZATION_NAME_IT', 'it']
+        - [ !ENV SATOSA_ORGANIZATION_NAME_EN, 'en']
+        - [ !ENV SATOSA_ORGANIZATION_NAME_IT, 'it']
       url:
-        - [ 'https://change_with_SATOSA_ORGANIZATION_URL_EN', 'en']
-        - [ 'https://change_with_SATOSA_ORGANIZATION_URL_IT', 'it']
+        - [ !ENV SATOSA_ORGANIZATION_URL_EN, 'en']
+        - [ !ENV SATOSA_ORGANIZATION_URL_IT, 'it']
 
     contact_person:
       - contact_type: 'administrative'
-        company: change_with_SATOSA_ORGANIZATION_NAME_IT
-        email_address: satosa_contact_person_email_address@example.it
-        telephone_number: change_with_SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER
+        company: !ENV SATOSA_ORGANIZATION_NAME_IT
+        email_address: !ENV SATOSA_CONTACT_PERSON_EMAIL_ADDRESS
+        telephone_number: !ENV SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER
         cie_info: 
           Public: ''
-          IPACode: ispra_rm
-          Municipality: H501
+          IPACode: !ENV SATOSA_CONTACT_PERSON_IPA_CODE
+          Municipality: !ENV SATOSA_CONTACT_PERSON_MUNICIPALITY
 
 
     metadata:
@@ -72,28 +72,28 @@ config:
         ui_info:
           display_name:
             - lang: en
-              text: change with  $SATOSA_UI_DISPLAY_NAME_EN
+              text: !ENV SATOSA_UI_DISPLAY_NAME_EN
             - lang: it
-              text: change with $SATOSA_UI_DISPLAY_NAME_IT
+              text: !ENV SATOSA_UI_DISPLAY_NAME_IT
           description:
             - lang: en
-              text: change with $SATOSA_UI_DESCRIPTION_EN
+              text: !ENV SATOSA_UI_DESCRIPTION_EN
             - lang: it
-              text: change with $SATOSA_UI_DESCRIPTION_IT
+              text: !ENV SATOSA_UI_DESCRIPTION_IT
           information_url:
             - lang: en
-              text: change with $SATOSA_UI_INFORMATION_URL_EN
-            - lang: it 
-              text: change with $SATOSA_UI_INFORMATION_URL_IT
+              text: !ENV SATOSA_UI_INFORMATION_URL_EN
+            - lang: it
+              text: !ENV SATOSA_UI_INFORMATION_URL_IT
           privacy_statement_url:
             - lang: en
-              text: change with $SATOSA_UI_PRIVACY_URL_EN
+              text: !ENV SATOSA_UI_PRIVACY_URL_EN
             - lang: it
-              text: change with $SATOSA_UI_PRIVACY_URL_IT
+              text: !ENV SATOSA_UI_PRIVACY_URL_IT
           logo:
-            text: change with $SATOSA_UI_LOGO_URL
-            width: change with $SATOSA_UI_LOGO_WIDTH
-            height: change with $SATOSA_UI_LOGO_HEIGHT
+            text: !ENV SATOSA_UI_LOGO_URL
+            width: !ENV SATOSA_UI_LOGO_WIDTH
+            height: !ENV SATOSA_UI_LOGO_HEIGHT
 
         # sign dig and enc
         authn_requests_signed: true
@@ -124,7 +124,7 @@ config:
                               'dateOfBirth',
                               'fiscalNumber',
                               ]
-
+        requested_attributes: !ENV SATOSA_REQUESTED_ATTRIBUTES
         #optional_attributes: ['gender',
         #                      'companyName',
         #                      'registeredOffice',
@@ -147,4 +147,4 @@ config:
           - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
 
   # disco_srv must be defined if there is more than one IdP in the metadata specified above
-  disco_srv: "https://sso.isprambiente.it/static/disco.html"
+  disco_srv: !ENV SATOSA_DISCO_SRV