Fixes for ssphp 2.2.1

README.md

@@ -29,28 +29,19 @@ which is copied from the ansible deployment to its final destination upon provis
 The original file can be found in the group_vars directory:
 
     group_vars/logins.json
-    
+
 You can add additional users and attributes to this file and (re)provision the IdP.
 
 The final product is a single-server installation and not useable in production environments.
 
 Setup
 =====
-The provisioning script was developed for deployment to an Ubuntu Xenial Xerus (16.04 LTS)
-installation. Due to the requirement of python for Ansible, the basic installation requires
-installation of at least the `python` package:
-
-    sudo apt-get install python
-
-Instead of installing python, you can use the default `python3` installation by supplying an
-ansible configuration
-
-    --extra-vars "ansible_python_interpreter=/usr/bin/python3"
-
+The provisioning script was developed for deployment to an Debian Bookworm (12)
+installation.
 
 All other required packages are installed automatically.
 
-The installation will use the default PHP version (7.1). You can make this work for other versions
+The installation will use the default PHP version (8.2). You can make this work for other versions
 as well (PHP5.6 for example) by adjusting the package requirements in the `common` role. Some tweaking
 may apply in the `apache` role as well to get the right modules enabled.
 
@@ -88,7 +79,7 @@ dynamically and will change on redeployment.
     ssp_sp_metadata: "{{ idp_sp }}/authentication/sp/metadata"
     ssp_sp_consumer: "{{ idp_sp }}/authentication/sp/consume-assertion"
     ssp_title_suffix: "OpenConext-DIY"
-    
+
 The 'ssp_title_suffix' option allows differentiating between various default SimpleSaml installations. Comment
 this option out to disable generating the header suffix.
 
@@ -128,10 +119,6 @@ Then provision the application by running:
 
     ansible-playbook -i inventory openconext-diy.yml
 
-or
-
-    ansible-playbook -i inventory openconext-diy.yml --extra-vars "ansible_python_interpreter=/usr/bin/python3"
-
 During provisioning, the roles and tasks will:
 
 - try to find out if the target machine has a publicly accessible network address
@@ -143,7 +130,7 @@ During provisioning, the roles and tasks will:
 
 After provisioning, the metadata is available at:
 
-    https://{{ idp_hostname }}/saml2/idp/metadata.php
+    https://{{ idp_hostname }}/module.php/saml/idp/metadata
 
 You can use this link to configure service providers to accept this IdP.
 
@@ -165,13 +152,13 @@ to get the vagrant machine up and running. The `VagrantFile` uses the VirtualBox
 Docker
 ======
 A basic `Dockerfile` is available to install this IdP on a Docker container. Due to Docker networking
-configuration and setup, this installation knows neither hostname nor IP address, so additional 
-configuration after provisioning is required. 
+configuration and setup, this installation knows neither hostname nor IP address, so additional
+configuration after provisioning is required.
 
 The `Dockerfile` mounts the SimpleSAML metadata directory. In the `docker-run` script file, the Docker
 image is build and the run command mounts the local `docker/metadata` directory to the container,
 allowing local edits to appear in the container metadata. You can use this as a starting point for
-configuring and running your own containers. 
+configuring and running your own containers.
 
 Disclaimer
 ==========

deploy.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+ansible-playbook -i inventory --ask-become-pass openconext-diy.yml

group_vars/idp.yml

@@ -1,16 +1,16 @@
 # Site information
-idp_hostname: idp.example.org
-idp_sp: https://sp.example.org
+idp_hostname: idp.maes1.lab.surf.nl
+idp_sp: https://sp.maes1.lab.surf.nl
 
 cert_hostname: "{{ idp_hostname }}"
 
-letsencrypt_email: [email protected]
+letsencrypt_email: "admin@{{ idp_hostname }}"
 letsencrypt_domain: "{{ idp_hostname }}"
 letsencrypt_request_www: false
 # apache is installed first and claims port 80. Pause it to allow LetsEncrypt to request a certificate
 letsencrypt_pause_services: [apache2]
 
-ssp_version: 1.18.8
+ssp_version: 2.2.1
 ssp_hostname: "{{ idp_hostname }}"
 ssp_subject: "{{ cert_subject }}"
 ssp_days_valid: "{{ cert_days_valid }}"
@@ -19,12 +19,10 @@ ssp_certificate: "{{ idp_hostname }}.crt"
 ssp_auth_admin_password: "changethispassword"
 ssp_technicalcontact_name: Contact
 ssp_technicalcontact_email: postmaster@{{ idp_hostname }}
-ssp_managingcontact_name: Manager
-ssp_managingcontact_email: webmaster@{{ idp_hostname }}
 spp_sp_metadata: "{{ idp_sp }}/authentication/sp/metadata"
 spp_sp_consumer: "{{ idp_sp }}/authentication/sp/consume-assertion"
 ssp_title_suffix: OpenConext-DIY2
 
 ssl_hostname: "{{ idp_hostname }}"
 ssl_webmaster: "webmaster@{{ ssl_hostname }}"
-ssl_docroot: "{{ ssp_dir }}/www"
+ssl_docroot: "{{ ssp_dir }}/public"

group_vars/logins.json

@@ -176,7 +176,7 @@
     "student6:student6" : {
             "uid" : ["U6789003"],
             "schacHomeOrganization" : "home-university-example.org",
-            "eduPersonPrincipalName" : "[email protected]",         
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Phùng Thị Lệ Tư",
             "givenName" : "Phùng Thị",
             "sn" : "Lệ Tư",
@@ -190,7 +190,7 @@
     "student7:student7" : {
             "uid" : ["jsanden"],
             "schacHomeOrganization" : "uniamsterdam-example.nl",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Jaantje van der Sanden",
             "givenName" : "Jaantje",
             "sn" : "van der Sanden",
@@ -204,7 +204,7 @@
     "student8:student8" : {
             "uid" : ["s445599"],
             "schacHomeOrganization" : "universitatmadrid-example.es",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Alessandra Gómez Llarnas",
             "givenName" : "Alessandra",
             "sn" : "Gómez Llarnas",
@@ -217,7 +217,7 @@
     "student9:student9" : {
             "uid" : ["abriseno"],
             "schacHomeOrganization" : "universitatmadrid-example.es",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Augustus Padrón Briseño",
             "givenName" : "August",
             "sn" : "Briseño",
@@ -230,7 +230,7 @@
     "student10:student10" : {
             "uid" : ["s134567"],
             "schacHomeOrganization" : "pkuni.edu-example.cn",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Shao Jingyi, 邵靜宜",
             "givenName" : "Shao",
             "sn" : "Jingy",
@@ -243,7 +243,7 @@
     "student11:student11" : {
             "uid" : ["U9088123"],
             "schacHomeOrganization" : "uni.poznantech-example.pl",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Roman Švejda",
             "givenName" : "Roman",
             "sn" : "Švejda",
@@ -256,7 +256,7 @@
     "student12:student12" : {
             "uid" : ["U7128109"],
             "schacHomeOrganization" : "uni.poznantech-example.pl",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Anna Rybínová",
             "givenName" : "Anna",
             "sn" : "Rybínová",
@@ -269,7 +269,7 @@
     "student13:student13" : {
             "uid" : ["p0987743"],
             "schacHomeOrganization" : "pkuni.edu-example.cn",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Li Qin Ch'ien",
             "givenName" : "Li Qin",
             "sn" : "Ch'ien",
@@ -282,7 +282,7 @@
     "student14:student14" : {
             "uid" : ["student14"],
             "schacHomeOrganization" : "stockholmuni-example.se",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Martin Nikolaus Jørgensen",
             "givenName" : "Martin",
             "sn" : "Jørgensen",
@@ -295,7 +295,7 @@
     "student15:student15" : {
             "uid" : ["student15"],
             "schacHomeOrganization" : "stockholmuni-example.se",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Sander Johan Kjær",
             "givenName" : "Sander",
             "sn" : "Kjær",
@@ -308,7 +308,7 @@
     "student16:student16" : {
             "uid" : ["student16"],
             "schacHomeOrganization" : "kuni.edu-example.tr",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Erôss Neci",
             "givenName" : "Erôss",
             "sn" : "Neci",
@@ -322,7 +322,7 @@
     "student17:student17" : {
             "uid" : ["student17"],
             "schacHomeOrganization" : "kuni.edu-example.tr",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Kocsis Szescõ",
             "givenName" : "Kocsis",
             "sn" : "Szescõ",
@@ -335,7 +335,7 @@
     "student18:student18" : {
             "uid" : ["student18"],
             "schacHomeOrganization" : "kuni.edu-example.tr",
-            "eduPersonPrincipalName" : "[email protected]",             
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Marjanca Muršić",
             "givenName" : "Marjanca",
             "sn" : "Muršić",
@@ -348,7 +348,7 @@
     "student19:student19" : {
             "uid" : ["student19"],
             "schacHomeOrganization" : "university-example.org",
-            "eduPersonPrincipalName" : "[email protected]",             
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Petra Penttilä",
             "givenName" : "Petra",
             "sn" : "Penttilä",
@@ -361,7 +361,7 @@
     "student20:student20" : {
             "uid" : ["student20"],
             "schacHomeOrganization" : "unidenmark-example.dk",
-            "eduPersonPrincipalName" : "[email protected]",             
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Jóney Ingólfsdóttir",
             "givenName" : "Jóney",
             "sn" : "Ingólfsdóttir",
@@ -374,7 +374,7 @@
     "student21:student21" : {
             "uid" : ["student21"],
             "schacHomeOrganization" : "exmplebilbioharderwijk.nl",
-            "eduPersonPrincipalName" : "[email protected]",     
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Pietje Puk",
             "givenName" : "Pietje",
             "sn" : "Puk",
@@ -384,7 +384,7 @@
     "teacher1:teacher1" : {
             "uid" : ["jstiglitz"],
             "schacHomeOrganization" : "harvard-example.edu",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Joseph Eugene Stiglitz",
             "givenName" : "Joseph",
             "sn" : "Stiglitz",
@@ -398,7 +398,7 @@
     "teacher2:teacher2" : {
             "uid" : ["pkrugman"],
             "schacHomeOrganization" : "harvard-example.edu",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Prof. Paul Robin Krugman",
             "givenName" : "Paul",
             "sn" : "Krugman",
@@ -411,7 +411,7 @@
     "teacher3:teacher3" : {
             "uid" : ["bbernanke"],
             "schacHomeOrganization" : "yale-uni-example.edu",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Ben Shalom Bernanke",
             "givenName" : "Ben",
             "sn" : "Bernanke",
@@ -424,7 +424,7 @@
     "teacher4:teacher4" : {
             "uid" : ["agreenspan"],
             "schacHomeOrganization" : "yale-uni-example.edu",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Alan Greenspan",
             "givenName" : "Alan",
             "sn" : "Greenspan",
@@ -437,7 +437,7 @@
     "teacher5:teacher5" : {
             "uid" : ["am_ampere"],
             "schacHomeOrganization" : "electrical-uni-example.edu",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "André-Marie Ampère",
             "givenName" : "André-Marie",
             "sn" : "Ampère",
@@ -450,7 +450,7 @@
     "teacher6:teacher6" : {
             "uid" : ["w_rontgen"],
             "schacHomeOrganization" : "electrical-uni-example.edu",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Wilhelm Conrad Röntgen",
             "givenName" : "Wilhelm",
             "sn" : "Röntgen",
@@ -463,7 +463,7 @@
     "teacher7:teacher7" : {
             "uid" : ["m_faraday"],
             "schacHomeOrganization" : "electrical-uni-example.edu",
-            "eduPersonPrincipalName" : "[email protected]", 
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Michael Faraday FRS",
             "givenName" : "Michael",
             "sn" : "Faraday",
@@ -476,7 +476,7 @@
     "teacher8:teacher8" : {
             "uid" : ["n_tesla"],
             "schacHomeOrganization" : "electrical-uni-example.edu",
-            "eduPersonPrincipalName" : "[email protected]",             
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Nikola Tesla",
             "givenName" : "Nikola",
             "sn" : "Tesla",
@@ -489,7 +489,7 @@
     "teacher9:teacher9" : {
             "uid" : ["teacher9"],
             "schacHomeOrganization" : "stanford-example.edu",
-            "eduPersonPrincipalName" : "[email protected]",       
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "William Henry Gates III",
             "givenName" : "Bill",
             "sn" : "Gates",
@@ -503,7 +503,7 @@
     "teacher10:teacher10" : {
             "uid" : ["teacher10"],
             "schacHomeOrganization" : "stanford-example.edu",
-            "eduPersonPrincipalName" : "[email protected]",       
+            "eduPersonPrincipalName" : "[email protected]",
             "cn" : "Steven Paul Jobs",
             "givenName" : "Steve",
             "sn" : "Jobs",
@@ -513,6 +513,32 @@
             "eduPersonScopedAffiliation" : ["[email protected]", "[email protected]", "[email protected]"],
             "eduPersonEntitlement" : "urn:mace:terena.org:tcs:personal-user-example",
             "isMemberOf" : "urn:collab:org:aarc-project.eu"
+        },
+    "member1:member1" : {
+            "uid" : ["member1"],
+            "schacHomeOrganization" : "diy.surfconext.nl",
+            "eduPersonPrincipalName" : "[email protected]",
+            "cn" : "Member One",
+            "givenName" : "Member",
+            "sn" : "One",
+            "displayName" : "Member One",
+            "mail" : "[email protected]",
+            "eduPersonAffiliation" : ["library-walkin", "member"],
+            "eduPersonScopedAffiliation" : ["[email protected]", "[email protected]"],
+            "isMemberOf" : "urn:collab:org:aarc-project.eu"
+        },
+    "member2:member2" : {
+            "uid" : ["member2"],
+            "schacHomeOrganization" : "diy.surfconext.nl",
+            "eduPersonPrincipalName" : "[email protected]",
+            "cn" : "Member Two",
+            "givenName" : "Member",
+            "sn" : "Two",
+            "displayName" : "Member Two",
+            "mail" : "[email protected]",
+            "eduPersonAffiliation" : ["member"],
+            "eduPersonScopedAffiliation" : ["[email protected]"],
+            "isMemberOf" : "urn:collab:org:aarc-project.eu"
         }
 }
 

inventory

@@ -1,4 +1,4 @@
-target  ansible_host=127.0.0.1
+target  ansible_host=145.0.6.67
 
 [idp]
 target