This component is part of "Step-up Authentication as-a Service". See Stepup-Deploy for an overview and installation instructions for a complete Stepup system, including this component. The requirements and installation instructions below cover this component only.
- PHP 8.2
- Composer
- A web server (Apache, Nginx)
- MariaDB 5.5+ (MySQL should work as well)
- syslog (or change the logging configuration in /app/config/logging.yml)
Clone the repository or download the archive to a directory. Install the dependencies by running composer install && yarn install and fill out the database credentials et cetera.
The Gateway is configured to only accept connections over SSL. Disable this under nelmio_security in config.yml or run the web server using a (self-signed) certificate.
If you are not in possession of an actual Yubikey device, using the Mock Yubikey service might prove useful. This mock service was created for end to end test purposes, but could be utilized in this situation. To use the mock service:
- Update your
src/Surfnet/StepupGateway/ApiBundle/Resources/config/services.yml - Find the
surfnet_gateway_api.service.yubikeyservice - Update the service definition to point to this class:
class: Surfnet\StepupGateway\ApiBundle\Tests\TestDouble\Service\YubikeyService - Do not commit/push this change!
APP_ENV=smoketest
STEPUP_VERSION:test
AZUREMFA_PHP_IMAGE=php82-apache2-node20-composer2:latest
DEMOGSSP_PHP_IMAGE=php82-apache2-node20-composer2:latest
#GATEWAY_PHP_IMAGE=php72-apache2-node14-composer2:latest
MIDDLEWARE_PHP_IMAGE=php82-apache2-node20-composer2:latest
RA_PHP_IMAGE=php82-apache2-node20-composer2:latest
SELFSERVICE_PHP_IMAGE=php82-apache2-node20-composer2:latest
TIQR_PHP_IMAGE=php82-apache2-node20-composer2:latest
WEBAUTHN_PHP_IMAGE=php82-apache2-node20-composer2:latest
./start-dev-env.sh gateway:../../OpenConext-stepup/Stepup-Gateway
$ docker exec -it stepup-gateway-1 bash
$ composer behat
The composer behat command can now also pipe the arguments to the behat call. So now, for example you can do:
$ composer behat tests/features/self-asserted.feature
$ composer behat tests/features/sso.feature:34
$ compseor behat -- -vv
$ compseor behat -- --stop-on-failure
From the doc-root:
$ cd ci/docker
$ ./init.sh
# If this fails, possibly you'll have to make the app/files folder writable for your docker user
$ docker-compose exec -T php-fpm.stepup.example.com bash -c 'composer behat'Be aware! Make sure any parameter changes are also applied in the ci/config/parameters.yaml.
When finished working on behat tests, stop the containers (docker-compose down), and restart your stepup-vm.
Having them running simultaneous might cause hostname issues, but your mileage may vary.
Please read: https://github.com/OpenConext/Stepup-Deploy/wiki/Release-Management fro more information on the release strategy used in Stepup projects.
Documentation specific to this component is located in the docs directory in this repository:
- Gateway API
- Gateway State (diagrams of main flows and user session data)
- SAML Proxy with:
- SAML Example messages
Documentation for the Stepup system can be found in the
- Stepup-Deploy repository;
- and in the wiki of the Stepup-Deploy repository.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
