Local shibboleth setup - Githubissues

utmgdsc / PollVotingSystem

MCS Project with Prof. Zingaro and Prof. Ilir

https://poll.utm.utoronto.ca

MIT License

6 stars 10 forks source link

Local shibboleth setup #68

Open shubhbapna opened 2 years ago

shubhbapna commented 2 years ago

Is your feature request related to a problem? Please describe. For testing currently we have to forcefully add an additional header utorid before running the client. The idea here is to explore ways to automate this.

Describe the solution you'd like

Consider using a env variable that decides whether or not to add the additional header OR
A more preferred fix would be to mimic the exact production setup i.e. run the application behind shibboleth. Explore whether we can setup shibboleth locally in docker for development and testing

Additional context A guide to setup shibboleth locally - https://isea.utoronto.ca/services/weblogin/sso-howto-weblogin/

embeddedt commented 2 years ago

Hi, please assign me to this issue. :slightly_smiling_face:

embeddedt commented 2 years ago

Shibboleth is turning out to be extremely finicky to work with. Do we actually need Shibboleth, or can I just configure an Apache server to add a "utorid" header to all requests it proxies?

shubhbapna commented 2 years ago

Well like we saw in #50 shibboleth can have an impact on how things are working. So it would be nice to mimic this in a dev environment. If it is too unstable, then we can consider using either Apache or maybe a simple node env variable for example:

const headers = process.env.NODE_ENV === "production" ? {utorid: "exampl_utorid"} : {}

Also let us know what you have tried to setup shibboleth. Maybe we can help you debug.

There is a docker image for shibboleth - https://github.com/Unicon/shibboleth-idp-dockerized Configuration info - https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2063695920/Configuration There is some info on uoft related shibboleth setup (although we can't request it since it is just for their staff but maybe we can mimic whatever info is available publicly) - http://sites.utoronto.ca/security/projects/EASI-dev.htm

embeddedt commented 2 years ago

Interesting; I'll see if I can get the docker image to behave. That was basically what I was trying to create from scratch earlier. Thanks.

embeddedt commented 2 years ago

Which half of Shibboleth do we care about replicating? The IdP or SP portion? It's a bit unclear to me what the difference is.

shubhbapna commented 2 years ago

You would need both I believe.

Here is good read - https://shibboleth.atlassian.net/wiki/spaces/CONCEPT/overview

This example might help set things up - https://github.com/UniconLabs/dockerized-idp-testbed