Lasso Exemples
----------------------------------

SOFTWARE
  This directory include a Liberty Alliance Service Provider (sample-sp)
  and a Liverty Alliance Identity Provider (sample-idp) written in PHP
  with the Lasso extension. 

INSTALLATION
 You need the fallowing components :
 - The Apache Web Server with SSL support (http://www.apache.org) 
 - OpenSSL (http://www.openssl.org) 
 - PHP4 version 4.3 with OpenSSL support enabled (http://www.php.net)
 - The Lasso Extension for PHP (http://lasso.entrouvert.org)
 - A PostgreSQL database server (http://www.postgresql.org/) 
 - PHP Pear modules : DB, HTML_QuickForm, Log (http://pear.php.net)

 Debian packages for the Lasso extension are available, they are included
 in the current development version (sid) and packages for the current stable
 version (sarge) are  available in the entr'ouvert's apt repository:
 
 deb http://www.entrouvert.org ./debian/lasso/

 Add this line in your /etc/apt/sources.list and install the fallow packages :
 
 apt-get install apache-ssl php4 php4-lasso php4-pgsql php4-pear postgresql 

 Pear packages can be installed with the pear command :

 # pear install DB HTML_Common HTML_Form HTML_QuickForm Log

CONFIGURATION
 
 PostgreSQL 

 Change user "postgres" password to access the database.
 You can do this by executing in a shell :
 
 # su - postgres
 $ psql template1
 template1=# ALTER USER postgres password 'new_pass';
 ALTER USER
 template1=# \q

 Change your PostgreSQL server configuration to use passwords to
 authenticate users writing in your /etc/postgresql/pg_hba.conf file:

 local   all         all                                       password
 host    all         all   127.0.0.1         255.255.255.255   password
 
 Then, restart the postmaster with /etc/init.d/postgresql restart.

 # /etc/init.d/postgresql restart

 Now you can create users idp and sp in postgres. Thoses users can create 
 database.

 $ createuser -A -d  -P idp
 Enter password for new user:
 Enter it again:
 Password:               <-- postgres's password used to access the database
 CREATE USER

 $  createuser -A -d  -P sp
 [ ... ]
 
 Create databases for idp and sp.
 
 $ createdb -U idp idp
 Password:            <-- idp's password
 CREATE DATABASE

 $ createdb -U sp sp
 [ ... ]
 
 Database setup is finished.

 Copy example source code in /var/lib/www :

 # cp -r sample-idp /var/www/idp
 # cp -r sample-sp /var/www/sp
 # chown -R www-data: /var/www/idp /var/www/sp
 
 OpenSSL
 
 To generate SSL certificat for the Identity Provider and the Service 
 Provider you need the openssl command line utility. You need to create
 a certificate, a public and private key : 

 # cd /var/www/sp
 # openssl req -out certificate_sp1.pem -keyout private-key-raw_sp1.pem -x509 -nodes -newkey rsa:2048
 [ ... ]
 Common Name (eg, YOUR name) []:sp1
 [ ... ]  
 # openssl x509 -in certificate_sp1.pem -noout -pubkey > public-key_sp1.pem
 # chown www-data: *.pem

 # cd /var/www/idp
 # openssl req -out certificate_idp1.pem -keyout private-key-raw_idp1.pem -x509 -nodes -newkey rsa:2048
 [ ... ]
 Common Name (eg, YOUR name) []:idp1
 [ ... ]
 # openssl x509 -in certificate_idp1.pem -noout -pubkey > public-key_idp1.pem
 # chown www-data: *.pem

 Then, copy the IdP's certificate and public key in the SP directory :
 
 # cd /var/www
 # cp -p idp/certificate_idp1.pem idp/public-key_idp1.pem sp/
 
 Copy the SP's certificate and public key in the IdP directory :
 
 # cd /var/www
 # cp -p sp/certificate_sp1.pem sp/public-key_sp1.pem idp/

 Enable PHP in Apache

 Change you Apache's configuration file to load PHP as module in your
 /etc/apache-ssl/modules.conf file :

 LoadModule php4_module /usr/lib/apache/1.3/libphp4.so

 Add Type Mime for PHP 

 In /etc/apache-ssl/httpd.conf write :
 
 #
 # And for PHP 4.x, use:
 #
 AddType application/x-httpd-php .php

 PHP 4

 Edit PHP 4 configuration file to enable the Lasso and Postgres extension 
 at the end of /etc/php4/apache/php.ini file :

 extension=pgsql.so
 extension=lasso.so

 Configure Virtual Host in Apache

 With a two virtual hosts setup, one for the IdP and another for the SP, 
 you can try Lasso on one physical machine. 

 At first we need to add two hosts in the /etc/hosts file :

 127.0.0.2       idp1
 127.0.0.3       sp1

 In the Apache configuration file add two lines :
 
 Listen idp1:1998
 Listen sp1:2006

 <VirtualHost 127.0.0.2:1998>
        DocumentRoot /var/www/idp
        ServerName idp1
        SSLCertificateFile /var/www/idp/certificate_idp1.pem
        SSLCertificateKeyFile /var/www/idp/private-key-raw_idp1.pem
 </VirtualHost>

 <VirtualHost 127.0.0.3:2006>
        DocumentRoot /var/www/sp
        ServerName sp1
        SSLCertificateFile /var/www/sp/certificate_sp1.pem
        SSLCertificateKeyFile /var/www/sp/private-key-raw_sp1.pem
 </VirtualHost>


SETUP 
  
  Now launch your favorite web browser and go to :

  https://idp1:1998/setup.php

  or 

  https://sp1:2006/setup.php