Configure mscolab for sso #1818
Conversation
|
add libxmlsec1 to the meta.yaml this will solve the missing library from the description what pysaml2 uses and from the definition of libxmlsec1 it is the same source |
…anodya/MSS into Configure-mscolab-for-SSO
…anodya/MSS into Configure-mscolab-for-SSO
Co-authored-by: Matthias Riße <[email protected]>
There was a problem hiding this comment.
in idp_conf.py and conftest.py there is a leftover definition which writes into MSS dir. I am not sure if a file store is needed at all. conftest should add them if needed to the tmp dir and idp_conf if needed have them on the colabdata. .gitignore has also an entry
"subject_data": "./idp.subject",
Could we also move the idp/modules to the colabdata? For what are they needed? I mean why is that not just a Jinja2 template used?
interestingly didn't I find what gets mako into the environment mamba repoquery search mako finds only this module.
|
also in the MSS dir are two file idp.subject.dir idp.subject.dat |
There was a problem hiding this comment.
I tried to follow the instructions and couldn't get this working. I had a hard time figuring out where to set which configuration and when trying to generate the metadata files with python mslib/mscolab/mscolab.py sso_conf --init_sso_metadata I ran into a bunch of exceptions from the xml parser due to ~/colabdata/datasso/idp.xml being empty and ~/colabdata/datasso/metadata_sp.xml containing:
<!doctype html>
<html lang=en>
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>
The output of the --init_sso_metadata command still said
idp metadata file generated succesfully
ALl necessary metadata file generated successfully
so there is something wrong with the error handling of the executed commands.
I think I am missing a step in "Enable IDP login". I just copied over mslib/mscolab/conf.py to ~/mss/mscolab_settings.py and set IDP_ENABLED = True. CONFIGURED_IDPS seemed to be correctly set already for the testing IdP. I am not sure what, if anything, to do with the yaml SP config.
|
Try to avoid global as much as possible. I found one in idp_uwsgi.py These are some ideas on that and some options. For now a ToDo refactor https://betterprogramming.pub/alternatives-to-using-globals-in-python-a3b2a7d5411b |
Co-authored-by: Matthias Riße <[email protected]>
…lmanodya/MSS into Configure-mscolab-for-SSO
Thanks for figuring out that point. updated documentation and error handling. 🙂 |
There was a problem hiding this comment.
small "typos" in the documentation.
Add ToDos of the not solved comments into the codebase, e.g. #1818 (comment)
# ToDo refactor, use common lib secrets? see discussion in https://github.com/Open-MSS/MSS/pull/1818#discussion_r1270701658
Added into ToDo : e3a81ba |
Added into Todo :e3a81ba |
Added into ToDo : e3a81ba |
There was a problem hiding this comment.
The issue I had was caused by me setting IDP_ENABLED (now USE_SAML2) in ~/mss/mscolab_settings.py instead of mslib/mscolab/conf.py. Since the former should overwrite the latter there seems to be something wrong with the loading of the configuration. Nevertheless I was able to get this working now, to the point that a login with the IdP in msui works, which is great :)
I saw a few typos in docs/conf_sso_test_msscolab.rst though, could you please proofread that?
Apart from this I think we can merge this and improve on it in the next PR.
* remove global var * remove idp.subjects file dirs * remove relaystste, rndstr and use secrets * remove shell=True * correct typos * fix group order * enable flake8 for GSOC2023-NilupulManodya * fix lint * fix lint * fixes comments * resolve comments * fix comments * update doc
* remove inputs from conditions (#1808) * Setup sp and idp for the sso (#1809) * configure sp and idp * update meta.yml remove cherypy * fixes previous * update notice * update readme * regroup idp_uwsgi * regroup app.py * regroup, change wsgi server to flask * Update conf_sp_idp/README.md Co-authored-by: Matthias Riße <[email protected]> * hide secrets by config * update copy-paste-able command for creating keys and certificates * Update README.md * correct copyright lines * remove make_metadata.py file and update doc with new flow * remove idp.xml file * remove condition libxmlsec1 * Update conf_sp_idp/sp/app/conf.py Co-authored-by: Matthias Riße <[email protected]> * Update conf_sp_idp/idp/idp.py Co-authored-by: Matthias Riße <[email protected]> * remove generate_metadatascript * remove hardcoded path * recorrect copyrights --------- Co-authored-by: Matthias Riße <[email protected]> * Split conf sp idp (#1811) * split sp and idp * generate doc * remove prints idp.py * update comeponents.rst * UI changes in Qt for SSO (#1813) * ui changes in qt for sso * fixes qt UI implementation * get idp_enabled response from server * update tests for test_hello * update test utils * Update mslib/msui/mscolab.py Co-authored-by: Matthias Riße <[email protected]> * fix typo * move downed idp_enabled exception * increase height ui_mscolab_connect_dialog * resolve comments --------- Co-authored-by: Matthias Riße <[email protected]> * web browser implementation (#1814) * web browser implementation * update gitgnore * resolve comments * update docstring * Configure mscolab for sso (#1818) * db modeling * add users into id[ * backend yaml implementation * set server conf * config server for sso * qt ui implmentation * backend html templates implementation * update testcases * config qt client app * update gitignore * set yaml endpoints * update docs * update test utill, and fix error * fix test utils * remove disabled pylint * add libxmlsec1 into dep * set IDP ENabled false * Update mslib/mscolab/server.py Co-authored-by: Matthias Riße <[email protected]> * recorrect commit * update db modeling with authentication_backend for multiple idps * update conf for the multiple idps * template implementation * msui update redirect url for multiple idps * saml update for multiple idps * update mscolab server for multiple idps * update doc for multiple idps * automate CERTs generation and paths * update doc * correct typo in doc * update doc * fix typos update gitignore * fix config idp_conf * update gitignore * set one time token access * add params for cert creation * set idp token for one time validation * fix unnnescessary debug * remove duplicate imports * Update mslib/mscolab/mscolab.py Co-authored-by: Matthias Riße <[email protected]> * automate saml yaml file and improve error handling * rename IDP_ENABLED to USE_SAML2 * update error template * update doc * add todo idp_wsgi * update db models * recorrect doc * add todo refactors --------- Co-authored-by: Matthias Riße <[email protected]> * To do fixes #1818 (#1974) * remove global var * remove idp.subjects file dirs * remove relaystste, rndstr and use secrets * remove shell=True * correct typos * fix group order * enable flake8 for GSOC2023-NilupulManodya * fix lint * fix lint * fixes comments * resolve comments * fix comments * update doc * improve code for multiple Idps * conf routes for multiple conf * remove uncessary .yaml * update cmd metadata * update conf * update saml handler for multiple idps * pinning of xmlschema * pin werkzeug * disable pytests for todo refactor * disbale whole file gsoc_testing * fix conf * resolve comments * resolve comments * manual conflict resolve ui_mscolab_connect_dialog.ui file * resolve flake8 * set SSL certificate verification enablement (#2062) * ssl verification enablement for SSO * add hint * Remove testing SP (#2066) * remove testing sp * remove documentation auth_client_sp * Create documentation for SSO integration through SAML (#2064) * create documentation sso integration * added into makefile components * change dir images * resolve comments, add sample files * resolve comments * change cookies dir of web browser (#2063) * change cookies dir of web browser * Update mslib/msui/msui_web_browser.py Co-authored-by: Matthias Riße <[email protected]> --------- Co-authored-by: Matthias Riße <[email protected]> * improve accessibility saml2 urls (#2068) * improve accessibility saml2 urls * resolve comments --------- Co-authored-by: Nilupul Manodya <[email protected]> Co-authored-by: Matthias Riße <[email protected]> Co-authored-by: Matthias Riße <[email protected]> Co-authored-by: nilupulmanodya <[email protected]>
Configure the MSS collaboration server for SSO with testing IDP
Need to merge #1813 before merging this PR