Merge pull request #1802 from tcmitchell/eds

Switch to vanilla Shibboleth EDS

CHANGES.md

@@ -10,10 +10,14 @@
   ([#1797](https://github.com/GENI-NSF/geni-portal/issues/1797))
 * Fix a UTF-8 encoding error in geni-sync-wireless
   ([#1799](https://github.com/GENI-NSF/geni-portal/issues/1799))
+* Switch to vanilla Shibboleth EDS
+  ([#1802](https://github.com/GENI-NSF/geni-portal/issues/1802))
 
 ## Installation Notes
 
-* None
+* Install Shibboleth EDS per INSTALL-centos.md
+* Update Shibboleth SP configuration to use new discovery page
+  portal-ds.php instead of the EDS page.
 
 # [Release 3.23](https://github.com/GENI-NSF/geni-portal/milestones/3.23)
 

INSTALL-centos.md

@@ -110,23 +110,34 @@ sudo cp /tmp/hosts /etc/hosts
 
 # 3. Install Shibboleth Software
 
-3a. Edit shibboleth attribute-map.xml
-```
-Edit /etc/shibboleth/attribute-map.xml and uncomment the block of <Attribute> entries
-below the "<!-- Examples of LDAP-based attributes, uncomment to use these ... -->
-```
+## 3a. Edit shibboleth attribute-map.xml
 
-3b. Install Embedded Discovery Service
-```bash
-cd /tmp
-wget https://github.com/GENI-NSF/geni-eds/releases/download/v1.1.0-geni.3/shibboleth-embedded-ds-1.1.0-geni.3.tar.gz
-tar xvfz shibboleth-embedded-ds-1.1.0-geni.3.tar.gz
-cd shibboleth-embedded-ds-1.1.0-geni.3
-sudo mkdir -p /var/www/eds
-sudo cp *.css *.js *.html *.gif *.png /var/www/eds
+Edit `/etc/shibboleth/attribute-map.xml` and uncomment the block
+of <Attribute> entries below the following line:
 
+    <!-- Examples of LDAP-based attributes, uncomment to use these ... -->
+
+## 3b. Install Embedded Discovery Service (EDS)
+```bash
+sudo yum install -y shibboleth-embedded-ds
 ```
 
+## 3c. Edit Shibboleth EDS Apache configuration
+
+There is a bug in the Shibboleth EDS configuration file for Apache on
+CentOS 7. In `/etc/httpd/conf.d/shibboleth-ds.conf`, change the line:
+
+    Allow from all
+
+To:
+
+    Require all granted
+
+## 3d. Edit Shibboleth EDS config file
+
+Edit the file `/etc/shibboleth-ds/idpselect_config.js` and set the
+`helpURL` to a valid web page or email link.
+
 # 4. Set up Variables
 ```bash
 sudo cp /usr/share/geni-ch/templates/parameters.json \

geni-portal.spec

@@ -262,6 +262,7 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitelib}/portal_utils/orbit_interface.pyc
 %{python_sitelib}/portal_utils/orbit_interface.pyo
 %{webdir}/amstatus.php
+%{webdir}/common/css/ds.css
 %{webdir}/common/css/kmtool.css
 %{webdir}/common/css/mobile-portal.css
 %{webdir}/common/css/newportal.css
@@ -273,6 +274,8 @@ rm -rf $RPM_BUILD_ROOT
 %{webdir}/common/topbar_gradient.png
 %{webdir}/common/topbar_gradient2.png
 %{webdir}/favicon.ico
+%{webdir}/images/ds-logo.png
+%{webdir}/images/ds-nsf1.gif
 %{webdir}/images/EG-VM-noTxt-centered.svg
 %{webdir}/images/EG-VM-noTxt.svg
 %{webdir}/images/EG-VM.svg
@@ -309,6 +312,7 @@ rm -rf $RPM_BUILD_ROOT
 %{webdir}/index.php
 %{webdir}/login-help.php
 %{webdir}/policy/privacy.html
+%{webdir}/portal-ds.php
 %{webdir}/secure/accept-project-invite.php
 %{webdir}/secure/admin.php
 %{webdir}/secure/aggregates.php

portal/Makefile.am

@@ -207,6 +207,8 @@ dist_svcweb_DATA = \
 	www/portal/wireless_redirect.php
 
 dist_svcwebimages_DATA = \
+	www/images/ds-logo.png \
+	www/images/ds-nsf1.gif \
 	www/images/EG-VM-noTxt-centered.svg \
 	www/images/EG-VM-noTxt.svg \
 	www/images/EG-VM.svg \
@@ -248,6 +250,7 @@ dist_svcwebcommon_DATA = \
 	www/common/topbar_gradient2.png
 
 dist_svcwebcss_DATA =  \
+	www/common/css/ds.css \
 	www/common/css/mobile-portal.css \
 	www/common/css/newportal.css \
 	www/common/css/portal.css
@@ -260,7 +263,8 @@ dist_svcwebtop_DATA = \
 	www/amstatus.php \
 	www/index.php \
 	www/login-help.php \
-	www/favicon.ico
+	www/favicon.ico \
+	www/portal-ds.php
 
 dist_svcwebpolicy_DATA = \
 	www/policy/privacy.html

portal/www/common/css/ds.css

@@ -0,0 +1,40 @@
+/*
+  CSS Style Sheet for GENI Portal discover service
+
+*/
+
+body {
+  background-color: #BBDEFB;
+  text-align: center;
+  font-family: 'Open Sans';
+}
+
+#loginArea {
+  display: inline-block;
+  margin: 30px auto;
+  background-color: white;
+  box-shadow: 0 3px 6px rgba(0,0,0,0.16), 0 3px 6px rgba(0,0,0,0.23);
+  padding: 5px;
+}
+
+#logo {
+  height: 100px;
+  margin: 20px;
+}
+
+#footer {
+  background-color: #616161;
+  width: 400px;
+  margin: 0 auto 20px auto;
+  color: white;
+  padding: 20px 10px;
+  box-shadow: 0 3px 6px rgba(0,0,0,0.16), 0 3px 6px rgba(0,0,0,0.23);
+}
+
+#footer a {
+    color: white;
+}
+
+#idpSelect {
+  display: inline-block;
+}

portal/www/portal-ds.php

@@ -0,0 +1,65 @@
+<?php
+//----------------------------------------------------------------------
+// Copyright (c) 2017 Raytheon BBN Technologies
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and/or hardware specification (the "Work") to
+// deal in the Work without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense,
+// and/or sell copies of the Work, and to permit persons to whom the Work
+// is furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Work.
+//
+// THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+// WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
+// IN THE WORK.
+//----------------------------------------------------------------------
+?>
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+<head>
+  <title>IDP select test bed</title>
+  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-5" />
+  <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700" rel="stylesheet" type="text/css">
+  <link rel="stylesheet" type="text/css" href="/shibboleth-ds/idpselect.css" />
+  <link rel="stylesheet" type="text/css" href="/common/css/ds.css" />
+</head>
+
+<body>
+  <div id="loginArea">
+    <img id="logo" src='/images/ds-logo.png' alt='Geni logo'/>
+    <br/>
+    <div id="idpSelect"></div>
+  </div>
+
+  <div id="footer">
+    <p><a href="http://groups.geni.net/geni/wiki/InCommon/GpoLogin">
+      Looking for the GENI Project Office login?</a></p>
+    <hr>
+    <p>Can't find your school or organization above?<br>
+    <a href="https://go.ncsa.illinois.edu/geni">Request an account</a>&nbsp;|&nbsp;
+    <a href="mailto:[email protected]">Contact GENI Help</a></p>
+    <hr>
+    <p style="font-size: .8em;">
+    <a href="http://www.geni.net/">GENI</a> is sponsored by the
+    <a href="http://www.nsf.gov/"><img src="/images/ds-nsf1.gif" alt="NSF Logo" height="16" width="16"/> National Science Foundation</a><br>
+    NSF Award CNS-0714770</p>
+  </div>
+
+  <script src="/shibboleth-ds/idpselect_config.js" type="text/javascript" language="javascript"></script>
+  <script src="/shibboleth-ds/idpselect.js" type="text/javascript" language="javascript"></script>
+  <noscript>
+    Your Browser does not support javascript. Please use
+    a browser that supports javascript.
+  </noscript>
+</body>
+</html>