Add config for identity_providers in local_info.xml #524
Conversation
| } | ||
|
|
||
| $this->principal = $_SERVER['voPersonID']; | ||
| $this->userDetails = ['AuthenticationRealm' => [$provider['idp']]]; |
There was a problem hiding this comment.
This probably shouldn't just be the IdP. For EGI Check In, it should be "EGI Proxy IdP" - this should defined in the local config in the provider block.
There was a problem hiding this comment.
Yep Make sense. Added this in 7e7396c
Sae126V
force-pushed
the
GT-471-Shib/CheckIn-Token-reads-config-file
branch
3 times, most recently
from
694c0b2 to
7e7396c
Compare
Sae126V
force-pushed
the
GT-471-Shib/CheckIn-Token-reads-config-file
branch
from
7e7396c to
11b2a67
Compare
config/local_info.xml
Outdated
| <authentication_realms> | ||
| <shib_realm_name>EGI Proxy IdP</shib_realm_name> | ||
| </authentication_realms> |
There was a problem hiding this comment.
This can just be authentication_realm
| <authentication_realms> | |
| <shib_realm_name>EGI Proxy IdP</shib_realm_name> | |
| </authentication_realms> | |
| <authentication_realm> | |
| EGI Proxy IdP | |
| </authentication_realm> |
config/local_info.xml
Outdated
| <authentication_realms> | ||
| <shib_realm_name>EGI Proxy IdP</shib_realm_name> | ||
| </authentication_realms> |
There was a problem hiding this comment.
As with https://github.com/GOCDB/gocdb/pull/524/files#r1842006878
| <authentication_realms> | |
| <shib_realm_name>EGI Proxy IdP</shib_realm_name> | |
| </authentication_realms> | |
| <authentication_realm> | |
| EGI Proxy IdP | |
| </authentication_realm> |
There was a problem hiding this comment.
Addressed as part of 01f3cd3
| if (empty($_SERVER['voPersonID'])) { | ||
| die( | ||
| "Did not receive required attributes from the " | ||
| . "IDP $name to complete authentication. " |
There was a problem hiding this comment.
I think this will read better
| . "IDP $name to complete authentication. " | |
| . "$name to complete authentication. " |
| if (empty($_SERVER['entitlement'])) { | ||
| die( | ||
| "Did not receive the required entitlement " | ||
| . "attribute from the IDP $name. " |
There was a problem hiding this comment.
I think this will read better
| . "attribute from the IDP $name. " | |
| . "attribute from the $name. " |
| ) { | ||
| $HTML = "<ul>" | ||
| . "<li>Login requires a GOCDB entitlement value " | ||
| . "which was not provided for the IDP $name.</li>" |
There was a problem hiding this comment.
I think this will read better
| . "which was not provided for the IDP $name.</li>" | |
| . "which was not provided for the $name.</li>" |
|
|
||
| $this->principal = $_SERVER['voPersonID']; | ||
| $this->userDetails = [ | ||
| 'AuthenticationRealm' => $provider['authenticationRealms'] |
There was a problem hiding this comment.
Given https://github.com/GOCDB/gocdb/pull/524/files#r1842006878, this will need a slight tweak
lib/Gocdb_Services/Config.php
Outdated
| $localInfo = $this->GetLocalInfoXML(); | ||
| $identityProviders = []; | ||
|
|
||
| if (!empty($localInfo->identity_providers->provider)) { |
There was a problem hiding this comment.
What happens here if identity_providers is omitted in it's entirety from the local_config.xml?
There was a problem hiding this comment.
identity_providers -> this is anyway optional. But if passed thru xml then it MUST have provider(This being idp, name, and other attributes) info.
This is just a safe check. Just in case if Null case is referring to any method(s) due to which it may cause errors.
lib/Gocdb_Services/Config.php
Outdated
| if (!empty($localInfo->identity_providers->provider)) { | ||
| foreach ( | ||
| $localInfo | ||
| ->identity_providers | ||
| ->provider as $providerDetails | ||
| ) { |
There was a problem hiding this comment.
Something like this I think would read better
| if (!empty($localInfo->identity_providers->provider)) { | |
| foreach ( | |
| $localInfo | |
| ->identity_providers | |
| ->provider as $providerDetails | |
| ) { | |
| $configured_providers = $localInfo->identity_providers->provider; | |
| if (!empty($configured_providers)) { | |
| foreach ($configured_providers as $providerDetails) { |
lib/Gocdb_Services/Config.php
Outdated
|
|
||
| /** authentication_realms */ | ||
| $authenticationRealms = []; | ||
| if ($providerDetails->authentication_realms) { |
There was a problem hiding this comment.
Given https://github.com/GOCDB/gocdb/pull/524/files#r1842006878, this will need a slight tweak
lib/Gocdb_Services/Config.php
Outdated
| $identityProviders[] = [ | ||
| 'idp' => $idp, | ||
| 'name' => $name, | ||
| 'authenticationRealms' => $authenticationRealms, |
There was a problem hiding this comment.
Given https://github.com/GOCDB/gocdb/pull/524/files#r1842006878
| 'authenticationRealms' => $authenticationRealms, | |
| 'authenticationRealm' => $authenticationRealm, |
…/github.com/Sae126V/gocdb into GT-471-Shib/CheckIn-Token-reads-config-file
Resolves GT-472 and GT-471