Added sample xml metadata in the distribution

Added a README file, this file explain howto setup a PHP IdP/SP, it's not fully documented yet. Work in progress.
author: Christophe Nowicki <cnowicki@easter-eggs.com> 2004-09-15 15:59:59 +0000
committer: Christophe Nowicki <cnowicki@easter-eggs.com> 2004-09-15 15:59:59 +0000
commit: 2f0a452be39b1ec48a2ce40c3d5d857f31d71a90 (patch)
tree: befa46703e480695e550b6ffb43b3c9639cb8832 /php
parent: 881bb4d750dbb07cae3d4f8836a6c06ba465272e (diff)
download: lasso-2f0a452be39b1ec48a2ce40c3d5d857f31d71a90.tar.gz
lasso-2f0a452be39b1ec48a2ce40c3d5d857f31d71a90.tar.xz
lasso-2f0a452be39b1ec48a2ce40c3d5d857f31d71a90.zip
10 files changed, 290 insertions, 64 deletions
diff --git a/php/Attic/examples/README b/php/Attic/examples/README
new file mode 100644
index 00000000..e53bdb92
--- /dev/null
+++ b/php/Attic/examples/README
@@ -0,0 +1,137 @@
+Lasso Exemples
+----------------------------------
+
+SOFTWARE
+  This directory include a Liberty Alliance Service Provider (sample-sp)
+  and a Liverty Alliance Identity Provider (sample-idp) written in PHP
+  with the Lasso extension. 
+
+INSTALLATION
+ You need the fallowing components :
+ - The Apache Web Server (with SSL support)
+ - OpenSSL
+ - PHP4 version 4.3 with OpenSSL support enabled
+ - The Lasso Extension for PHP
+ - A PostgreSQL database server
+ - PHP Pear modules : DB, HTML_QuickForm, Log
+
+ Debian packages for the Lasso extension are available, they are included
+ in the current development version (sid) and packages for the current stable
+ version (sarge) are  available in the entr'ouvert's apt repository:
+ 
+ deb http://www.entrouvert.org ./debian/lasso/
+
+ Add this line in your /etc/apt/sources.list and install the fallow packages :
+ 
+ apt-get install apache-ssl php4 php4-lasso php4-pgsql php4-pear postgresql 
+
+ Pear packages can be installed with the pear command :
+
+ # pear install DB HTML_Common HTML_Form HTML_QuickForm Log
+
+CONFIGURATION
+ 
+ PostgreSQL 
+
+ Change user "postgres" password to access the database.
+ You can do this by executing in a shell :
+ 
+ # su - postgres
+ $ psql template1
+ template1=# ALTER USER postgres password 'new_pass';
+ ALTER USER
+ template1=# \q
+
+ Change your PostgreSQL server configuration to use passwords to
+ authenticate users writing in your /etc/postgresql/pg_hba.conf file:
+
+ local   all         all                                       password
+ host    all         all   127.0.0.1         255.255.255.255   password
+ 
+ Then, restart the postmaster with /etc/init.d/postgresql restart.
+
+ # /etc/init.d/postgresql restart
+
+ Now you can create users idp and sp in postgres. Thoses users can create 
+ database.
+
+ $ createuser -A -d  -P idp
+ Enter password for new user:
+ Enter it again:
+ Password:               <-- postgres's password used to access the database
+ CREATE USER
+
+ $  createuser -A -d  -P sp
+ [ ... ]
+ 
+ Create databases for idp and sp.
+ 
+ $ createdb -U idp idp
+ Password:            <-- idp's password
+ CREATE DATABASE
+
+ $ createdb -U sp sp
+ [ ... ]
+ 
+ Database setup is finished.
+
+  
+
+ Enable PHP in Apache
+
+ Change you Apache's configuration file to load PHP as module in your
+ /etc/apache-ssl/modules.conf file :
+
+ LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
+
+ Add Type Mime for PHP 
+
+ In /etc/apache-ssl/httpd.conf write :
+ 
+ #
+ # And for PHP 4.x, use:
+ #
+ AddType application/x-httpd-php .php
+
+ PHP 4
+
+ Edit PHP 4 configuration file to enable the Lasso and Postgres extension 
+ at the end of /etc/php4/apache/php.ini file :
+
+ extension=pgsql.so
+ extension=lasso.so
+
+ Copy example source code in /var/lib/www :
+
+ # cp -r sample-idp /var/www/idp
+ # cp -r sample-sp /var/www/sp
+ # chown -R www-data: /var/www/idp /var/www/sp
+ 
+ OpenSSL
+ 
+ To generate SSL certificat for the Identity Provider and the Service 
+ Provider you need the openssl command line utility. 
+ 
+ # cd /var/www/sp
+ # openssl req -out certificate_sp1.pem -keyout private-key-raw_sp1.pem -x509 -nodes -newkey rsa:2048
+ [ ... ]
+ # openssl x509 -in certificate_sp1.pem -noout -pubkey > private-key-raw_sp1.pem
+ # chown www-data *.pem
+
+ # cd /var/www/idp
+ # openssl req -out certificate_idp1.pem -keyout private-key-raw_idp1.pem -x509 -nodes -newkey rsa:2048
+ [ ... ]
+ # openssl x509 -in certificate_idp1.pem -noout -pubkey > private-key-raw_idp1.pem
+ # chown www-data *.pem
+
+
+SETUP 
+  
+  Now launch your favorite web browser and go to :
+
+  https://localhost/sp/setup.php
+  
+  or 
+
+  https://localhost/idp/setup.php
+
diff --git a/php/Attic/examples/sample-idp/Makefile.am b/php/Attic/examples/sample-idp/Makefile.am
index 29829c24..9837e367 100644
--- a/php/Attic/examples/sample-idp/Makefile.am
+++ b/php/Attic/examples/sample-idp/Makefile.am
@@ -1,5 +1,21 @@
-EXTRA_DIST = admin_user.php create_metadata.php defederate.php \
-	     federate.php index.php login.php \
-	     logout.php setup.php singleSignOn.php \
-	     soapEndpoint.php user_add.php
-
+EXTRA_DIST = \
+	admin_user.php \
+	create_metadata.php \
+	defederate.php \
+	edit_metadata.php \
+	federate.php \
+	index.php \
+	login.php \
+	logout.php \
+	setup.php \
+	singleSignOn.php \
+	soapEndpoint.php \
+	user_add.php \
+	idp_certificate.pem \
+	idp_metadata.xml \
+	idp_private-key-raw.pem \
+	idp_public-key.pem \
+	sp1_certificate.pem \
+	sp1_metadata.xml \
+	sp1_public-key.pem \
+	README
diff --git a/php/Attic/examples/sample-idp/README b/php/Attic/examples/sample-idp/README
index 5183812e..e69de29b 100644
--- a/php/Attic/examples/sample-idp/README
+++ b/php/Attic/examples/sample-idp/README
@@ -1,27 +0,0 @@
-Lasso PHP Identity Provider Exemple
----------------------------------- 
-
-SOFTWARE
-  This directory include a Liberty Alliance Identity Provider written in PHP
-  with the Lasso extension. 
-
-INSTALLATION
- You need the fallowing components :
- - The Apache Web Server with PHP4 version 4.3 with OpenSSL support enabled
- - The Lasso Extension for PHP
- - The PostgreSQL database server
- - PHP Pear modules : DB, HTML_QuickForm
-
- Under Debian GNU/Linux you can install thoses package with apt-get or aptitude:
- apache, php4, php4-lasso, postgresql, pear.
-
- You can download pear modules with the pear commande :
-
- # pear install DB HTML_Common HTML_Form HTML_QuickForm
-
-CONFIGURATION
-  For the Apache web server you need to add in the httpd.conf file:
-  
-  RewriteEngine on
-  RewriteRule ^/(soapEndpoint|singleSignOn)(.*)$ /$1.php$2
-
diff --git a/php/Attic/examples/sample-idp/metadata_idp1.xml b/php/Attic/examples/sample-idp/metadata_idp1.xml
new file mode 100644
index 00000000..3330c73d
--- /dev/null
+++ b/php/Attic/examples/sample-idp/metadata_idp1.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://idp1/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <IDPDescriptor>
+
+  <SingleSignOnServiceURL>https://idp1:1998/singleSignOn</SingleSignOnServiceURL>
+  <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
+
+  <SingleLogoutServiceURL>https://idp1:1998/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://idp1:1998/soapEndpoint</SoapEndpoint>
+
+</IDPDescriptor>
+</EntityDescriptor>
diff --git a/php/Attic/examples/sample-idp/metadata_sp1.xml b/php/Attic/examples/sample-idp/metadata_sp1.xml
new file mode 100644
index 00000000..ec28fa48
--- /dev/null
+++ b/php/Attic/examples/sample-idp/metadata_sp1.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://sp1/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <SPDescriptor>
+
+  <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://sp1:2006/assertionConsumer</AssertionConsumerServiceURL>
+
+  <SingleLogoutServiceURL>https://sp1:2006/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://sp1:2006/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://sp1:2006/soapEndpoint</SoapEndpoint>
+
+  <AuthnRequestsSigned>true</AuthnRequestsSigned>
+
+ </SPDescriptor>
+</EntityDescriptor>
diff --git a/php/Attic/examples/sample-idp/setup.php b/php/Attic/examples/sample-idp/setup.php
index 3a7d35fd..e02fd51d 100644
--- a/php/Attic/examples/sample-idp/setup.php
+++ b/php/Attic/examples/sample-idp/setup.php
@@ -81,19 +81,20 @@
         'log_name' => $_SERVER['SERVER_NAME'],
         'log_handler' => 'syslog',
         'auth_type' => 'auth_form',
-		'idp-metadata' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/metadata.xml",
-		'idp-public_key' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/public-key.pem",
-		'idp-private_key' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/private-key-raw.pem",
-		'idp-ca' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/certificate.pem",
+		'idp-metadata' => $cwd . "/metadata_idp1.xml",
+		'idp-public_key' => $cwd . "/public-key_idp1.pem",
+		'idp-private_key' => $cwd . "/private-key_idp1-raw.pem",
+		'idp-ca' => $cwd . "/certificate_idp1.pem",
 		'sp' => array(
 		  'sp1' => array(
-			'metadata' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/metadata.xml",
-			'public_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/public-key.pem",
-			'ca' => "/home/cnowicki/mcvs/lasso/tests/data/ca1-la/certificate.pem"),
+			'metadata' => $cwd . "/metadata_sp1.xml",
+			'public_key' => $cwd . "/public-key_sp1.pem",
+			'ca' => $cwd . "/certificate_sp1.pem")
+		  /* another service provider
 		  'sp2' => array(
 			'metadata' => "/home/cnowicki/mcvs/lasso/tests/data/sp2-la/metadata.xml",
 			'public_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp2-la/public-key.pem",
-			'ca' => "/home/cnowicki/mcvs/lasso/tests/data/ca1-la/certificate.pem")
+			'ca' => "/home/cnowicki/mcvs/lasso/tests/data/ca1-la/certificate.pem") */
 		));
 
 	  $config_ser = serialize($config);
diff --git a/php/Attic/examples/sample-sp/Makefile.am b/php/Attic/examples/sample-sp/Makefile.am
index cbb7aa73..cf6f1b5f 100644
--- a/php/Attic/examples/sample-sp/Makefile.am
+++ b/php/Attic/examples/sample-sp/Makefile.am
@@ -1,4 +1,16 @@
-EXTRA_DIST = admin_user.php index.php logout.php \
-             setup.php README assertionConsumer.php \
-             login.php register.php
-
+EXTRA_DIST = \
+	admin_user.php \
+	assertionConsumer.php \
+	idp_certificate.pem \
+	idp_metadata.xml \
+	idp_public-key.pem \
+	index.php \
+	login.php \
+	logout.php \
+	register.php \
+	setup.php \
+	sp_certificate.pem \
+	sp_metadata.xml \
+	sp_private-key-raw.pem \
+	sp_public-key.pem \
+	README
diff --git a/php/Attic/examples/sample-sp/metadata_idp1.xml b/php/Attic/examples/sample-sp/metadata_idp1.xml
new file mode 100644
index 00000000..3330c73d
--- /dev/null
+++ b/php/Attic/examples/sample-sp/metadata_idp1.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://idp1/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <IDPDescriptor>
+
+  <SingleSignOnServiceURL>https://idp1:1998/singleSignOn</SingleSignOnServiceURL>
+  <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
+
+  <SingleLogoutServiceURL>https://idp1:1998/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://idp1:1998/soapEndpoint</SoapEndpoint>
+
+</IDPDescriptor>
+</EntityDescriptor>
diff --git a/php/Attic/examples/sample-sp/metadata_sp1.xml b/php/Attic/examples/sample-sp/metadata_sp1.xml
new file mode 100644
index 00000000..ec28fa48
--- /dev/null
+++ b/php/Attic/examples/sample-sp/metadata_sp1.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://sp1/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <SPDescriptor>
+
+  <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://sp1:2006/assertionConsumer</AssertionConsumerServiceURL>
+
+  <SingleLogoutServiceURL>https://sp1:2006/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://sp1:2006/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://sp1:2006/soapEndpoint</SoapEndpoint>
+
+  <AuthnRequestsSigned>true</AuthnRequestsSigned>
+
+ </SPDescriptor>
+</EntityDescriptor>
diff --git a/php/Attic/examples/sample-sp/setup.php b/php/Attic/examples/sample-sp/setup.php
index 7688deab..01d283ed 100644
--- a/php/Attic/examples/sample-sp/setup.php
+++ b/php/Attic/examples/sample-sp/setup.php
@@ -46,13 +46,13 @@
 	  $config = array(
 	  'dsn' => "pgsql://sp:sp@localhost/sp",
 	  'server_dump_filename' => "lasso_server_dump.xml",
-	  'sp-metadata' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/metadata.xml",
-	  'sp-public_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/public-key.pem",
-	  'sp-private_key' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/private-key-raw.pem",
-	  'sp-ca' => "/home/cnowicki/mcvs/lasso/tests/data/sp1-la/certificate.pem",
-	  'idp-metadata' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/metadata.xml",
-	  'idp-public_key' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/public-key.pem",
-	  'idp-ca' => "/home/cnowicki/mcvs/lasso/tests/data/ca1-la/certificate.pem",
+	  'sp-metadata' => $cwd . "/metadata_sp1.xml",
+	  'sp-public_key' => $cwd . "/public-key_sp1.pem",
+	  'sp-private_key' => $cwd . "/private-key-raw_sp1.pem",
+	  'sp-ca' => $cwd . "/certificate_sp1.pem",
+	  'idp-metadata' => $cwd . "/metadata_idp1.xml",
+	  'idp-public_key' => $cwd . "/public-key_idp1.pem",
+	  'idp-ca' => $cwd . "/certificate_idp1.pem",
 	  );
 
 	  $config_ser = serialize($config);
@@ -256,7 +256,7 @@
   <td>DSN (Data Source Name) :</td><td><input type='text' name='dsn' size='50' value='<?php echo $config['dsn']; ?>' maxlength='100'></td><td><a href='http://pear.php.net/manual/en/package.database.db.intro-dsn.php' target='_new'>Help</a></td>
 </tr>
 <tr>
-  <td>Server XML Dump:</td><td><input type='text' name='server_dump_filename' size='50' value='<?php echo $config['server_dump_filename']; ?>' maxlength='100'></td><td>&nbsp;</td>
+  <td>Server XML Dump :</td><td><input type='text' name='server_dump_filename' size='50' value='<?php echo $config['server_dump_filename']; ?>' maxlength='100'></td><td>&nbsp;</td>
 
 </tr>
 <tr>
@@ -264,23 +264,28 @@
 </tr>
 
 <tr>
-  <td>Metadata</td><td><input type='text' name='sp-metadata' size='50' value='<?php echo $config['sp-metadata']; ?>'></td><td>&nbsp;</td>
+  <td>Metadata :</td>
+  <td><input type='text' name='sp-metadata' size='50' value='<?php echo $config['sp-metadata']; ?>'></td>
+  <td>&nbsp;</td>
 
 </tr>
 
 <tr>
-  <td>Public Key</td><td><input type='text' name='sp-public_key' size='50' value='<?php echo $config['sp-public_key']; ?>'></td><td>&nbsp;</td>
-
+  <td>Public Key :</td>
+  <td><input type='text' name='sp-public_key' size='50' value='<?php echo $config['sp-public_key']; ?>'></td>
+  <td>&nbsp;</td>
 </tr>
 
 <tr>
-  <td>Private Key</td><td><input type='text' name='sp-private_key' size='50' value='<?php echo $config['sp-private_key']; ?>'></td><td>&nbsp;</td>
-
+  <td>Private Key :</td>
+  <td><input type='text' name='sp-private_key' size='50' value='<?php echo $config['sp-private_key']; ?>'></td>
+  <td>&nbsp;</td>
 </tr>
 
 <tr>
-  <td>Certificate</td><td><input type='text' name='sp-ca' size='50' value='<?php echo $config['sp-ca']; ?>'></td><td>&nbsp;</td>
-
+  <td>Certificate :</td>
+  <td><input type='text' name='sp-ca' size='50' value='<?php echo $config['sp-ca']; ?>'></td>
+  <td>&nbsp;</td>
 </tr>
 
 <tr>
@@ -288,15 +293,19 @@
 </tr>
 
 <tr>
-  <td>Metadata</td><td><input type='text' name='idp-metadata' size='50' value='<?php echo $config['idp-metadata']; ?>'></td><td>&nbsp;</td>
-
+  <td>Metadata :</td>
+  <td><input type='text' name='idp-metadata' size='50' value='<?php echo $config['idp-metadata']; ?>'></td>
+  <td>&nbsp;</td>
 </tr>
 <tr>
-  <td>Public Key</td><td><input type='text' name='idp-public_key' size='50' value='<?php echo $config['idp-public_key']; ?>'></td><td>&nbsp;</td>
-
+  <td>Public Key :</td>
+  <td><input type='text' name='idp-public_key' size='50' value='<?php echo $config['idp-public_key']; ?>'>
+  </td><td>&nbsp;</td>
 </tr>
 <tr>
-  <td>Certificate</td><td><input type='text' name='idp-ca' size='50' value='<?php echo $config['idp-ca']; ?>'></td><td>&nbsp;</td>
+  <td>Certificate :</td>
+  <td><input type='text' name='idp-ca' size='50' value='<?php echo $config['idp-ca']; ?>'></td>
+  <td>&nbsp;</td>
 </tr>
 
 <tr>
author	Christophe Nowicki <cnowicki@easter-eggs.com>	2004-09-15 15:59:59 +0000
committer	Christophe Nowicki <cnowicki@easter-eggs.com>	2004-09-15 15:59:59 +0000
commit	2f0a452be39b1ec48a2ce40c3d5d857f31d71a90 (patch)
tree	befa46703e480695e550b6ffb43b3c9639cb8832 /php
parent	881bb4d750dbb07cae3d4f8836a6c06ba465272e (diff)
download	lasso-2f0a452be39b1ec48a2ce40c3d5d857f31d71a90.tar.gz lasso-2f0a452be39b1ec48a2ce40c3d5d857f31d71a90.tar.xz lasso-2f0a452be39b1ec48a2ce40c3d5d857f31d71a90.zip