...
Source: InAcademiaSchematic for dev.ditaa
(1)
...
Relying Party
A OIDC relaying relying party who mimics the role of the merchant website asking for the validation.
For this we use a vanilla Apache server together with apache mod OIDC
Setup Based on the client setup as is described for InAcademia here: https://github.com/InAcademia/Client-docs/blob/master/Apache2%2Bmod_auth_oidc.md
...
As we do not need real identities from users for development we use a mock IdP which can be set up form these Ansible scripts: https://github.com/surfnet-niels/simplesaml-idp
Detailed information on deploying and running this IdP in docker can be found
(3) InAcademia Core SVS
The core of the InAcademia service is offered by SaToSa, which we have extended by the SVS functionality
SaToSa can be found here: https://github.com/IdentityPython/SATOSA
SVS is here: https://github.com/InAcademiainacademia-development/svs
Pound is being used to proxy the SaToSa to the outside world. It also takes care of https offloading
...
Code Block |
---|
docker network create --subnet=172.20172.0172.0/16 inacademia.local |
Local hostname resolution
Add the following hosts to you local hosts file (/etc/hosts)
Code Block |
---|
172.172.172.1 svs.inacademia.local 172.172.172.2 op.inacademia.local 172.172.172.100 rp.inacademia.local 172.172.172.200 idp.inacademia.local |
Setup of the dockers
We want the dockers to be set up in a consistent way. As such:
...
The Dockerfile will be the only entity that controls the creation of the docker from a vanilla Ubuntu 1816.04 LTS and is responsible fro ALL dependency resolution. It may pull git repositories of even Ansible code to do so of case, but can also use regular apt commands.
A start/stop shell script will start the docker and dynamically inject config like mount points, network config etc.
An example is provided below for the IdenityProvider component based on SimpleSamlPhp
Code Block |
---|
ssp-idp
- config/
- ansible
- idp.yml
- inventory
- metadata/
- saml20-idp-hosted.php
- saml20-idp-remote.php
- saml20-sp-remote.php
- Dockerfile
- build_ssp-idp.sh
- run_ssp-idp.sh |
The docker file is completely self contained, so it will build the IdP based on the condig and by pulling relevant repositories if needed
...
For the components we have detailed pages describing the setup: