Skip to content

A small app to help distribute courses among teaching assistants

Notifications You must be signed in to change notification settings

UCL-INGI/ictm-teaching

Repository files navigation

ICTM Teaching

Configuring SAML authentication

Setting up a fake SAML IdP server

  1. Create a working directory <some_path>/saml-idp and install the npm package saml-idp.

    [user@localhost saml-idp]$ npm install saml-idp
  2. Create a pair of self-signed X.509 private key and certificate

    [user@localhost saml-idp]$ openssl req -newkey rsa:2048 -nodes -keyout idp_key.pem -x509 -days 365 -out idp_cert.pem
  3. Create a idp_config.js file to contain the fake IdP configuration.

        /**
        * User Profile
        */
        var profile = {
          userName: 'sjackson',
          nameIdFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
          uid: 'sjackson',
          lastName:'Jackson',
          firstName: 'Saml',
          email: 'saml.jackson@example.com'
        }
    
        /**
         * SAML Attribute Metadata
         */
        var metadata = [
        {
          id: "uid",
          optional: false,
          displayName: 'Username',
          description: 'The username of the user',
          multiValue: false
        },
        {
          id: "email",
          optional: false,
          displayName: 'E-Mail Address',
          description: 'The e-mail address of the user',
          multiValue: false
        },
        {
          id: "firstName",
          optional: false,
          displayName: 'First Name',
          description: 'The given name of the user',
          multiValue: false
        },
        {
          id: "lastName",
          optional: false,
          displayName: 'Last Name',
          description: 'The surname of the user',
          multiValue: false
        }];
    
        module.exports = {
          user: profile,
          metadata: metadata
        }

    Your working folder should contain idp_key.pem, idp_cert.pem and idp_config.js.

  4. Run the IdP server by running (acsUrl points to the Teaching app and may change if you changed the port):

    node node_modules/saml-idp/bin/run.js --key ./key.pem --cert ./certificate.pem \
    --configFile <some_path>/saml-idp/idp_config.js --acsUrl http:/localhost:5000/auth/callback \
    --audience ictm-teaching --issuer saml-idp

    The configFile parameter requires an absolute path to work correctly. The server will run, by default, on port 7000.

Configuring the app (or SAML SP)

  1. Create a pair of self-signed X.509 private key and certificate

    [user@localhost ictm-teaching]$ openssl req -newkey rsa:2048 -nodes -keyout sp_key.pem -x509 -days 365 -out sp_cert.pem
  2. Adapt the config.jsonfile so that the SAML corresponds to :

      "SAML": {
          "attributes": {
            "sn": "lastName",
            "email": "email",
            "givenName": "firstName",
            "uid": "uid"
          },
          "security": {
            "metadataValidUntil": "",
            "metadataCacheDuration": "",
            "wantAssertionsEncrypted": false,
            "wantAssertionsSigned": true,
            "authnRequestsSigned": true
          },
          "sp": {
            "assertionConsumerService": {
              "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
            },
            "entityId": "ictm-teaching",
            "x509cert": "<paste sp_cert.pem here>",
            "privateKey": "<paste sp_key.pem here>"
          },
          "idp": {
            "entityId": "saml-idp",
            "singleSignOnService": {
              "url": "http://localhost:7000/saml/sso",
              "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
            },
            "x509cert": "<paste idp_cert.pem here>"
          },
          "strict": true
        }

    and paste the content of the required files in the indicated <tags>.

  3. You can now run the app and feed any user information using the fields provided by the IdP application.

Configuration for the first application run

Setting up the database

  1. Add the database URI to the config.json file. The URI should be in the following format:

    "SQLALCHEMY_DATABASE_URI": "DB URI"

    Replace the DB URI with the preferred location for the database.

  2. Run python script to create database tables and add the first admin.:

    [user@localhost ictm-teaching]$ python create_db.py --first_name "<first_name>" --name "<name>" --email "<email>"

    Replace the <tags> with the desired information for the first admin.

  3. Run the IdP server and the app.

About

A small app to help distribute courses among teaching assistants

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •