D8CORE-6842 Added and configured stanford_samlauth (#701)

SU-SWS · Sep 7, 2023 · 4104b69 · 4104b69
1 parent cdd04ee
commit 4104b69
Show file tree

Hide file tree

Showing 22 changed files with 793 additions and 95 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -87,7 +87,7 @@ jobs:
       options: '--network-alias=drupal8ci'
     services:
       selenium:
-        image: selenium/standalone-chrome
+        image: selenium/standalone-chrome:115.0
         options: '--shm-size="2g"'
       mysql:
         image: mysql:5.7

diff --git a/composer.json b/composer.json
@@ -162,7 +162,7 @@
         "su-sws/stanford_media": "^9.0",
         "su-sws/stanford_migrate": "^8.3",
         "su-sws/stanford_profile_helper": "^9.2",
-        "su-sws/stanford_ssp": "^8.2"
+        "su-sws/stanford_samlauth": "^1.0"
     },
     "config": {
         "sort-packages": true

diff --git a/config/sync/autologout.settings.yml b/config/sync/autologout.settings.yml
@@ -0,0 +1,22 @@
+_core:
+  default_config_hash: kwGGKvKSU7cPTEgTMWrbW0o9Jwe6FSDmpgdUWmIXCdg
+enabled: true
+timeout: 43200
+max_timeout: 172800
+padding: 20
+logout_regardless_of_activity: false
+no_individual_logout_threshold: false
+role_logout: false
+role_logout_max: false
+redirect_url: /user/login
+no_dialog: false
+message: 'Your session is about to expire. Do you want to reset it?'
+inactivity_message: 'You have been logged out due to inactivity.'
+inactivity_message_type: status
+modal_width: 450
+enforce_admin: false
+jstimer_format: '%hours%:%mins%:%secs%'
+jstimer_js_load_option: false
+use_alt_logout_method: false
+use_watchdog: true
+whitelisted_ip_addresses: ''
diff --git a/config/sync/config_pages.type.stanford_saml.yml b/config/sync/config_pages.type.stanford_saml.yml
@@ -6,58 +6,52 @@ dependencies:
     - config_pages_overrides
 third_party_settings:
   config_pages_overrides:
-    adb68721-a642-41a8-a15e-0f54da3f2dac:
-      field: su_simplesaml_roles
-      delta: 0
-      column: value
-      config_name: simplesamlphp_auth.settings
-      config_item: role.population
     2b719076-004b-4596-9f49-6987ce0b5a04:
       field: su_simplesaml_allowed
       delta: -1
       column: value
-      config_name: stanford_ssp.settings
+      config_name: stanford_samlauth.settings
       config_item: allowed.groups
     3c6bbd4f-d697-408a-b12e-544c6b740b8d:
       field: su_simplesaml_users
       delta: -1
       column: value
-      config_name: stanford_ssp.settings
+      config_name: stanford_samlauth.settings
       config_item: allowed.users
     b4145a0d-796c-418e-b71a-83c365aa27e2:
       field: su_simplesaml_users
       delta: 0
       column: value
-      config_name: stanford_ssp.settings
-      config_item: restriction
+      config_name: stanford_samlauth.settings
+      config_item: restrict
     50bcbb65-445c-410a-9c93-5d5a88870d2c:
       field: su_simplesaml_allowed
       delta: 0
       column: value
-      config_name: stanford_ssp.settings
-      config_item: restriction
+      config_name: stanford_samlauth.settings
+      config_item: restrict
     2e223afa-8768-41f6-acdd-cfe15114b930:
       field: su_simplesaml_affil
       delta: 0
       column: value
-      config_name: stanford_ssp.settings
-      config_item: restriction
+      config_name: stanford_samlauth.settings
+      config_item: restrict
     576fa6f9-1295-4d86-b639-0e6cac675d35:
       field: su_simplesaml_affil
       delta: -1
       column: value
-      config_name: stanford_ssp.settings
+      config_name: stanford_samlauth.settings
       config_item: allowed.affiliations
 id: stanford_saml
-label: SimpleSAML
-token: null
+label: SAML
+token: false
 context:
   show_warning: true
   group:
     language: false
   fallback:
     language: ''
 menu:
-  path: /admin/config/people/simplesaml
+  path: /admin/config/people/stanford-saml
   weight: -10
   description: ''
diff --git a/config/sync/core.extension.yml b/config/sync/core.extension.yml
@@ -7,6 +7,7 @@ module:
   admin_toolbar_tools: 0
   allowed_formats: 0
   auto_entitylabel: 0
+  autologout: 0
   block: 0
   block_content: 0
   block_content_permissions: 0
@@ -143,6 +144,7 @@ module:
   pdb_react: 0
   preprocess_event_dispatcher: 0
   printable: 0
+  r4032login: 0
   rabbit_hole: 0
   react_paragraphs: 0
   react_paragraphs_behaviors: 0
@@ -156,6 +158,8 @@ module:
   rh_node: 0
   rh_taxonomy: 0
   role_delegation: 0
+  samlauth: 0
+  samlauth_user_fields: 0
   scheduler: 0
   search_api: 0
   search_api_db: 0
@@ -164,7 +168,6 @@ module:
   shortcut: 0
   shs: 0
   simple_oauth: 0
-  simplesamlphp_auth: 0
   smart_date: 0
   smart_trim: 0
   sophron: 0
@@ -191,7 +194,7 @@ module:
   stanford_profile_drush: 0
   stanford_profile_styles: 0
   stanford_publication: 0
-  stanford_ssp: 0
+  stanford_samlauth: 0
   subrequests: 0
   syslog: 0
   system: 0

diff --git a/config/sync/r4032login.settings.yml b/config/sync/r4032login.settings.yml
@@ -0,0 +1,18 @@
+_core:
+  default_config_hash: FtwnuCXmazPAh2H2i_gbDhMK1-eBmNy1dG4RBU4qt4o
+langcode: en
+display_denied_message: true
+access_denied_message: 'Access denied. You must log in to view this page.'
+access_denied_message_type: error
+redirect_authenticated_users_to: ''
+throw_authenticated_404: false
+display_auth_denied_message: true
+access_denied_auth_message: 'Access denied. Check with your site administrator if you need assistance.'
+access_denied_auth_message_type: error
+user_login_path: /user/login
+default_redirect_code: 307
+add_noindex_header: true
+destination_parameter_override: ''
+match_noredirect_pages: "/jsonapi\r\n/jsonapi/*\r\n/subrequests"
+match_noredirect_negate: 0
+redirect_to_destination: true
diff --git a/config/sync/samlauth.authentication.yml b/config/sync/samlauth.authentication.yml
@@ -0,0 +1,83 @@
+_core:
+  default_config_hash: oDGEkhP0h5rXXqlDplxeBDre0goLigOJupHKMDMwcqM
+login_menu_item_title: ''
+logout_menu_item_title: ''
+login_redirect_url: ''
+logout_redirect_url: ''
+error_redirect_url: ''
+error_throw: false
+local_login_saml_error: false
+logout_different_user: false
+drupal_login_roles:
+  administrator: '0'
+  authenticated: '0'
+  stanford_faculty: '0'
+  stanford_staff: '0'
+  stanford_student: '0'
+  contributor: '0'
+  site_manager: '0'
+  site_editor: '0'
+  site_builder: '0'
+  site_developer: '0'
+  layout_builder_user: '0'
+  decoupled_site_users: '0'
+sp_entity_id: ''
+sp_name_id_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+sp_x509_certificate: ''
+sp_new_certificate: ''
+sp_private_key: ''
+metadata_valid_secs: 60
+metadata_cache_http: false
+idp_entity_id: 'https://idp.stanford.edu/'
+idp_single_sign_on_service: 'https://login.stanford.edu/idp/profile/SAML2/Redirect/SSO'
+idp_single_log_out_service: ''
+idp_change_password_service: ''
+idp_certs: {  }
+idp_cert_encryption: ''
+unique_id_attribute: uid
+map_users: false
+map_users_name: true
+map_users_mail: true
+map_users_roles:
+  administrator: administrator
+  stanford_faculty: stanford_faculty
+  stanford_staff: stanford_staff
+  stanford_student: stanford_student
+  contributor: contributor
+  site_manager: site_manager
+  site_editor: site_editor
+  site_builder: site_builder
+  site_developer: site_developer
+  layout_builder_user: layout_builder_user
+  decoupled_site_users: decoupled_site_users
+create_users: true
+sync_name: false
+sync_mail: false
+user_name_attribute: ''
+user_mail_attribute: mail
+request_set_name_id_policy: true
+strict: true
+security_metadata_sign: false
+security_authn_requests_sign: true
+security_logout_requests_sign: true
+security_logout_responses_sign: true
+security_nameid_encrypt: false
+security_signature_algorithm: ''
+security_encryption_algorithm: ''
+security_messages_sign: true
+security_assertions_signed: false
+security_assertions_encrypt: false
+security_nameid_encrypted: false
+security_want_name_id: true
+security_request_authn_context: true
+security_lowercase_url_encoding: true
+security_logout_reuse_sigs: false
+security_allow_repeat_attribute_name: false
+debug_display_error_details: false
+debug_log_in: false
+debug_log_saml_in: false
+debug_log_saml_out: false
+debug_phpsaml: false
+use_proxy_headers: false
+use_base_url: true
+bypass_relay_state_check: false
diff --git a/config/sync/samlauth_user_fields.mappings.yml b/config/sync/samlauth_user_fields.mappings.yml
@@ -0,0 +1,5 @@
+field_mappings:
+  -
+    attribute_name: displayName
+    field_name: su_display_name
+    link_user_order: null
diff --git a/config/sync/simplesamlphp_auth.settings.yml b/config/sync/simplesamlphp_auth.settings.yml
diff --git a/config/sync/stanford_samlauth.settings.yml b/config/sync/stanford_samlauth.settings.yml
@@ -0,0 +1,20 @@
+_core:
+  default_config_hash: Gg16MjldLejVucRsgAVxrnzR6CxV4zt94j_HnyyxQ3g
+hide_local_login: true
+local_login_fieldset_label: 'Drupal Login'
+local_login_fieldset_open: false
+allowed:
+  restrict: false
+  users: {  }
+  affiliations: {  }
+  groups: {  }
+role_mapping:
+  workgroup_api:
+    cert: ''
+    key: ''
+  reevaluate: new
+  mapping:
+    -
+      role: administrator
+      attribute: eduPersonEntitlement
+      value: 'uit:sws'
diff --git a/config/sync/stanford_ssp.settings.yml b/config/sync/stanford_ssp.settings.yml
diff --git a/config/sync/views.view.content.yml b/config/sync/views.view.content.yml
@@ -74,6 +74,7 @@ display:
           batch: true
           batch_size: 10
           form_step: true
+          ajax_loader: false
           buttons: false
           action_title: Action
           clear_on_exposed: true

diff --git a/config/sync/views.view.files.yml b/config/sync/views.view.files.yml
@@ -74,6 +74,7 @@ display:
           batch: true
           batch_size: 10
           form_step: true
+          ajax_loader: false
           buttons: false
           action_title: Action
           clear_on_exposed: true

diff --git a/config/sync/views.view.redirect.yml b/config/sync/views.view.redirect.yml
@@ -247,7 +247,7 @@ display:
         type: basic
         options:
           submit_button: Filter
-          reset_button: false
+          reset_button: true
           reset_button_label: Reset
           exposed_sorts_label: 'Sort by'
           expose_sort_order: true