Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import SAML code from last year's website #59

Merged
merged 8 commits into from
Dec 6, 2023
Merged

Import SAML code from last year's website #59

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
cc14145
feat: inital saml import
samderanova Dec 2, 2023
7241bd2
update: pathlib and json load optimizations
samderanova Dec 2, 2023
e3a7472
feat: SAML pytest and pnpm test script
samderanova Dec 2, 2023
4352759
feat: import Serveless Function build script
samderanova Dec 2, 2023
362c03e
fix: add python3-saml to requirements.txt
samderanova Dec 2, 2023
26508e0
fix: add config directory to copy api script
samderanova Dec 2, 2023
d8ced2d
Fix SAML entityID for staging/QA identity provider
taesungh Dec 3, 2023
14c37b5
feat: SP_KEY and DEPLOYMENT documentation
samderanova Dec 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions apps/api/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
__pycache__
*.key
.coverage
42 changes: 42 additions & 0 deletions apps/api/configuration/saml/advanced_settings.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"security": {
"nameIdEncrypted": true,
"authnRequestsSigned": true,
"logoutRequestSigned": true,
"logoutResponseSigned": true,
"signMetadata": true,
"wantMessagesSigned": true,
"wantAssertionsSigned": true,
"wantAssertionsEncrypted": true,
"wantNameId": false,
"wantNameIdEncrypted": true,
"wantAttributeStatement": true,
"requestedAuthnContext": true,
"requestedAuthnContextComparison": "exact",
"failOnAuthnContextMismatch": false,
"metadataValidUntil": null,
"metadataCacheDuration": null,
"allowSingleLabelDomains": false,
"signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256",
"allowRepeatAttributeName": false,
"rejectDeprecatedAlgorithm": true
},
"contactPerson": {
"technical": {
"givenName": "Hack at UCI",
"emailAddress": "[email protected]"
},
"support": {
"givenName": "Hack at UCI",
"emailAddress": "[email protected]"
}
},
"organization": {
"en-US": {
"name": "HackAtUCI",
"displayname": "Hack at UCI",
"url": "https://hack.ics.uci.edu"
}
}
}
25 changes: 25 additions & 0 deletions apps/api/configuration/saml/certs/sp-prod.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEOTCCAyGgAwIBAgIUZ3pK3QmQN4lwPHQEd1XfG8ZDAtEwDQYJKoZIhvcNAQEL
BQAwgasxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMQ8wDQYDVQQH
DAZJcnZpbmUxKTAnBgNVBAoMIFVuaXZlcnNpdHkgb2YgQ2FsaWZvcm5pYSwgSXJ2
aW5lMRQwEgYDVQQLDAtIYWNrIGF0IFVDSTEYMBYGA1UEAwwPaXJ2aW5laGFja3Mu
Y29tMRswGQYJKoZIhvcNAQkBFgxoYWNrQHVjaS5lZHUwHhcNMjMxMTIzMTgwODM5
WhcNMzMxMTIyMTgwODM5WjCBqzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm
b3JuaWExDzANBgNVBAcMBklydmluZTEpMCcGA1UECgwgVW5pdmVyc2l0eSBvZiBD
YWxpZm9ybmlhLCBJcnZpbmUxFDASBgNVBAsMC0hhY2sgYXQgVUNJMRgwFgYDVQQD
DA9pcnZpbmVoYWNrcy5jb20xGzAZBgkqhkiG9w0BCQEWDGhhY2tAdWNpLmVkdTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI9wb3qTdkEQEJnVaMfiud0V
sQtKlaHR8jxIMa40plsAoPSzs/VDn+V1CiH/I2Hp8CL7uZcoDIdG9slYyulBN0jP
KvpYrHf5GYxunHk/D+aD8spq1hP5KktiuaNYTDqDNYrHKyyavqFcEMy7ZXUk/rqn
di7tzcLXFJutaSB++ad4cws/XLmJjJz8zn3rbGM+rCHzlZ60bw3y24xjSQhhiy9R
Q+l9SYNJgz1q1M6g1l+9nPDgmtzKoR8f/qFMeQxkfTmmWuyYM2R4bD0FZW2pa2cv
nH4fmeVXaFxyjAK5DvXFCckSt9X2/7efZdI1+MaPoYfZunXR+vOn6oWsq9Zu0DkC
AwEAAaNTMFEwHQYDVR0OBBYEFNO4CEyG3Rbyt9y9MzpauzgffX09MB8GA1UdIwQY
MBaAFNO4CEyG3Rbyt9y9MzpauzgffX09MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBADiItb6TkqFEiZPr2xeGiMjbDqQroNDw4m46D32FiTsr7WkD
r6ZA/lInTSN30xF0cuzJyHh/M1uwwEo1w6Z4D3LWMDJROaiVAaKBAxiJFY5yDAFo
cRO2VmoWLvJryJvyZdG4+ALaHgWYTXnAqZBAfmtaBIATX/Db5rI4+VKSaqqZNLlQ
2s+9T5AlYcNOE/yIQmAIV5Nk319zmUhZbtJD9bmE1RwdE0qwBjIWOHDiNBpRcmES
Umq0tVD/V7oUdE6L3WFOu8EMj5k6667hQcNZJDJwiEpC+brsJO/vBRWA8Skz6YFW
CsdbuJV5/JXU5pzmizrSO7ZIvQJpXo27LTHwI+Y=
-----END CERTIFICATE-----
25 changes: 25 additions & 0 deletions apps/api/configuration/saml/certs/sp-staging.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIESTCCAzGgAwIBAgIUXSOSqBVb0kaTHAvtg4BIeaKk31wwDQYJKoZIhvcNAQEL
BQAwgbMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMQ8wDQYDVQQH
DAZJcnZpbmUxKTAnBgNVBAoMIFVuaXZlcnNpdHkgb2YgQ2FsaWZvcm5pYSwgSXJ2
aW5lMRQwEgYDVQQLDAtIYWNrIGF0IFVDSTEgMB4GA1UEAwwXc3RhZ2luZy5pcnZp
bmVoYWNrcy5jb20xGzAZBgkqhkiG9w0BCQEWDGhhY2tAdWNpLmVkdTAeFw0yMzEx
MjMxODA5MTFaFw0zMzExMjIxODA5MTFaMIGzMQswCQYDVQQGEwJVUzETMBEGA1UE
CAwKQ2FsaWZvcm5pYTEPMA0GA1UEBwwGSXJ2aW5lMSkwJwYDVQQKDCBVbml2ZXJz
aXR5IG9mIENhbGlmb3JuaWEsIElydmluZTEUMBIGA1UECwwLSGFjayBhdCBVQ0kx
IDAeBgNVBAMMF3N0YWdpbmcuaXJ2aW5laGFja3MuY29tMRswGQYJKoZIhvcNAQkB
FgxoYWNrQHVjaS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9
+thRtbPV5pGNw1ju6A1Ay4fWNZSJOSVExh7uK/f31GwPz+eKgZqg3TEkRvzJO5Bw
Kok19oS5fXji1OvTy5BJEzSZ8rRUkWS5LlFBQTCLkP79+S12ldrbv8ojpsAYPuVa
D7z69U9kmwFsTiS3h6Oqmn/rV0eicmGCFRYAjPSbdcG7zQZJ/HCfLHiblpagKX1X
o2SeNBLkRZAV1uNA3fB8czk68pJ6+yBXH3BIbZUxRarmMDRMd104d4dvrcD90Lja
B+kL3wAM/Iz3NkihRR45F0OZ66Tk9XnBZrdj2eyHMFn5nkVLAdi+nwZld/23ZL06
9JkTvzeFpzqXltBk8kbnAgMBAAGjUzBRMB0GA1UdDgQWBBTTIK63nY6j+IH2KEiT
rbsdulCI+DAfBgNVHSMEGDAWgBTTIK63nY6j+IH2KEiTrbsdulCI+DAPBgNVHRMB
Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvxa/E8WJYlkckEMrY7X0u1EhF
xxbHXiS1fXIYrojg4zFLpiulmw06C/09aw4kDaIGwUh8aicyRiA9PtVd8MEuqlhi
C/GlI+PRjc/+5I0RNws4occAcWADEjMt7WHg/iLwuAg/QjmOEhZlA3qh+vYyaSlR
XgoqdMtkulnIdxvXs+n/ZZEE9irVDbqrWF691bzhX1McvqxoIAuMEGUAWUqUhmdl
GIk09JrWyJ9jwCwmObK8sKroNedUW22gh1wG/Bb3IIkNrXfoQukOinPlWmA327vP
Pd8KjVZ0uR/IDRQwzROyU6j8/OVYpjOnEijShmVd74PK6wcDl0PmOnP9DFxT
-----END CERTIFICATE-----
60 changes: 60 additions & 0 deletions apps/api/configuration/saml/settings-prod.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"strict": true,
"debug": true,
"sp": {
"entityId": "https://irvinehacks.com/shibboleth",
"assertionConsumerService": {
"url": "https://irvinehacks.com/api/saml/acs",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
},
"singleLogoutService": {
"url": "https://irvinehacks.com/api/saml/sls",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
"attributeConsumingService": {
"serviceName": "IrvineHacks Website",
"serviceDescription": "Website for IrvineHacks, Orange County's largest hackathon.",
"requestedAttributes": [
{
"nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"name": "urn:oid:0.9.2342.19200300.100.1.3",
"isRequired": true,
"friendlyName": "email"
},
{
"nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"name": "urn:oid:2.16.840.1.113730.3.1.241",
"isRequired": true,
"friendlyName": "displayName"
},
{
"nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"name": "urn:oid:2.16.840.1.113916.5.6.1.1",
"isRequired": true,
"friendlyName": "ucinetid"
},
{
"nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"name": "urn:oid:2.16.840.1.113916.5.6.1.59",
"isRequired": true,
"friendlyName": "uciaffiliation"
}
]
},
"NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"x509cert": "",
"privateKey": ""
},
"idp": {
"entityId": "urn:mace:incommon:uci.edu",
"singleSignOnService": {
"url": "https://shib.service.uci.edu/idp/profile/SAML2/Redirect/SSO",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
"singleLogoutService": {
"url": "https://shib.service.uci.edu/logout.html",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
"x509cert": "MIIDODCCAiCgAwIBAgIJALjyIupKtkKDMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNVBAMTEXNoaWIubmFjcy51Y2kuZWR1MB4XDTE2MDcxNTIzMTg1MVoXDTI2MDcxMzIzMTg1MVowHDEaMBgGA1UEAxMRc2hpYi5uYWNzLnVjaS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp964Q5ZWIBmmI/5EfAo1z0S3SBYoLfNl5EkfJrnqntc5VO7AcBjsuNrZTb1zrv/juL7cXXjzcrh1Pbh2BIpwSa3z0yta1KQX3NZBq8wZOjdyd6iLkLx6kcT9q5MyWyd8qJ2DmPQZ9wWdPCb0RoRA8RaJW0gp/3JQhh4+ERVUJx438JA/+dfouSiXB+UguVYHgceETjOik09A/j6cD1shILMZnuBObAtOAuT9PSFiWhOKOLghloAHkc0QDTyXC9BNTBKtyBr9XiYLgvspmy13L3Kc1npPynLt+KqfuBIG0OE/arSOImGD/y6ep6EaB6WTcWaCqNaQ3l4bQX8RaLMp5AgMBAAGjfTB7MB0GA1UdDgQWBBTvY0+ZHT/jnKj8RLLgCpDcTowcCzBMBgNVHSMERTBDgBTvY0+ZHT/jnKj8RLLgCpDcTowcC6EgpB4wHDEaMBgGA1UEAxMRc2hpYi5uYWNzLnVjaS5lZHWCCQC48iLqSrZCgzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBTuqm1sr3CNlHMKaou7THCv+ADueR7mE+25C0vG8cEF+5GQ1Rh3dGPqXPmnt/D1R8zKhm5XqvkjXTvdE4cvq1hdpwADhDAa9IOYbnRCrbeajfZFUG0tAe5mFayBhKKmSVdM73n535nQ2NvTImGgO9bkD1Nss/Yi1WfCWUdoYf6zhE8LP6zQEE75vYHD5nmYpQ/k3Yw3dxkifIjuUZf/eTibB26/FRM4cdv05EYBQ88U4+0PzRg8ZRqvZ2Cj0qub7eRQNt6Jfm4/QsEos3q2PxBLbvTGUtZ1RizkEWrhF5bk0Ax8xJFkh64xXidpKNgt8Bl6IfZDpHXUZTdfjCTDRRD"
}
}
60 changes: 60 additions & 0 deletions apps/api/configuration/saml/settings-staging.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"strict": true,
"debug": true,
"sp": {
"entityId": "https://staging.irvinehacks.com/shibboleth",
"assertionConsumerService": {
"url": "https://staging.irvinehacks.com/api/saml/acs",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
},
"singleLogoutService": {
"url": "https://staging.irvinehacks.com/api/saml/sls",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
"attributeConsumingService": {
"serviceName": "IrvineHacks Website",
"serviceDescription": "Website for IrvineHacks, Orange County's largest hackathon.",
"requestedAttributes": [
{
"nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"name": "urn:oid:0.9.2342.19200300.100.1.3",
"isRequired": true,
"friendlyName": "email"
},
{
"nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"name": "urn:oid:2.16.840.1.113730.3.1.241",
"isRequired": true,
"friendlyName": "displayName"
},
{
"nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"name": "urn:oid:2.16.840.1.113916.5.6.1.1",
"isRequired": true,
"friendlyName": "ucinetid"
},
{
"nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"name": "urn:oid:2.16.840.1.113916.5.6.1.59",
"isRequired": true,
"friendlyName": "uciaffiliation"
}
]
},
"NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"x509cert": "",
"privateKey": ""
},
"idp": {
"entityId": "urn:mace:incommon:uci.edu",
samderanova marked this conversation as resolved.
Show resolved Hide resolved
"singleSignOnService": {
"url": "https://shib-qa.service.uci.edu/idp/profile/SAML2/Redirect/SSO",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
"singleLogoutService": {
"url": "https://shib-qa.service.uci.edu/logout.html",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
"x509cert": "MIIDJzCCAg+gAwIBAgIUU1688ql6Nw4jpeO9aKzQTz4eTCUwDQYJKoZIhvcNAQELBQAwIzEhMB8GA1UEAwwYc2hpYi1kZXYuc2VydmljZS51Y2kuZWR1MB4XDTIxMDMxNjIxMjUyMVoXDTMxMDMxNDIxMjUyMVowIzEhMB8GA1UEAwwYc2hpYi1kZXYuc2VydmljZS51Y2kuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo673SK1qbWNcQbTNzTz9j4hwQF5W+VwFsaHOa+YqtngRGjbXWrgwuf15pUgLz/Mzuqg8j8I46VAaTXd5kdPmhN0GbLxWmVQDgUjMEZzGk50LATvmx9abt3YR8JhvlVtgLAYCssjp3LA8QhoZJu0DsJJ8uMHM9xXtrktotYp8/PHoJekMsmPYjZk41Semz63H87wv79faREeBznpj1BNNeCqGHCV/OhsBnhuDjD7/xei1DH7fqHD2p/CSpti5/2GL+X60n7yuqe3SkQaHJ/fmUvsc2TVsmJ2GB9/tYbLaBnpeIR/W6Td9e8hB8t4/OS0tQFQlpdvuNg2mFEWyeChIBwIDAQABo1MwUTAdBgNVHQ4EFgQU4l1TIJmWzfA8aVWBM0z64ahRfFwwHwYDVR0jBBgwFoAU4l1TIJmWzfA8aVWBM0z64ahRfFwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAIgqAD8S9io6RR3vIvjMGcWtW7bE0ICAV9sVm2bXXB5mLBuDCGS46TEy8tVoLw5/56LfM6x25EF62/uncnFHQw/8b5r+45J6jVclT0YhHtwWeqKO3GJ7dzxXIdXCsNLPZ17/rL/wKQhUTuKDtFgOko3Oq4xsZM0X3ObsJD+t1VmgVcoTweai4LyiyX0k+vxX2F2EEXI7AWN0qzuQiBhp4pWGfSXRKCHEpQwd8+sXcYbn3VflbSXaMifPqWm5JRzsmUT6pA4XFxoux9/JAKciFuDeD/zWgM5HinqooIwg3SlHzjcOCK07ZcQ1fBTvnbS2NfVwwQmtCQHzLL8VoLFDaZw=="
}
}
5 changes: 3 additions & 2 deletions apps/api/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"name": "api",
"private": true,
"scripts": {
"dev": "python src/dev.py"
"dev": "python src/dev.py",
"test": "pytest"
}
}
}
11 changes: 11 additions & 0 deletions apps/api/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[tool.pytest.ini_options]
pythonpath = "src"
addopts = "--verbose --cov src"
testpaths = "tests"
asyncio_mode = "auto"

[tool.coverage.run]
branch = true

[tool.coverage.report]
show_missing = true
4 changes: 4 additions & 0 deletions apps/api/requirements-dev.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,5 @@
pytest==7.4.3
pytest-asyncio==0.21.1
pytest-cov==4.1.0

uvicorn[standard]==0.23.2
2 changes: 2 additions & 0 deletions apps/api/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
fastapi==0.104.1
httpx==0.25.2
python-multipart==0.0.5
python3-saml==1.16.0
4 changes: 2 additions & 2 deletions apps/api/src/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
from fastapi import FastAPI

from routers import demo
from routers import saml

app = FastAPI()

app.include_router(demo.router, prefix="/demo", tags=["demo"])
app.include_router(saml.router, prefix="/saml", tags=["saml"])


@app.get("/")
Expand Down
Loading
Loading