feature/override-metadata-default-values

README.md

@@ -116,21 +116,21 @@ To use the *SPID Validator* the AuthnRequest are thus sent from your SP, loggin
 
 - Start authentication request connecting to your SP, the AuthnRequest would be created and sent to spid-saml-check.
   You should access to a page like shown in the following picture
-  
+
   <img src="doc/img/login.png" width="500" alt="login page" />
-  
+
 
 - Submit __validator__ / __validator__ as credential
 - You would see the SAML2 Authn Request made from your SP
 
   <img src="doc/img/2.png" width="500" alt="authn request page" />
-  
+
 
 - Click on Metadata -> Download and submit your SP metadata url.<br/>
   **Warning**: If your SP is on your localhost, please use your host Docker IP and not "localhost"!
 
   <img src="doc/img/3.png" width="500" alt="metadata download page" />
-  
+
 - Now you'll be able to execute all the tests, in order of appareance: Metadata, Request and Response.
 - To check a Response, from Response section, select in the scroll menu the test you want to execute, then mark it as done and if successful
 
@@ -142,8 +142,8 @@ To use the *SPID Validator* the AuthnRequest are thus sent from your SP, loggin
 The application spid-demo runs at: [https://localhost:8443/demo](https://localhost:8443/demo)
 
 <img src="doc/img/demo_idp_index.png" width="500" alt="demo index page" />
-   
-   
+
+
 Test users of spid-demo that can be used are listed at: [https://localhost:8443/demo/users](https://localhost:8443/demo/users)
 
 <img src="doc/img/demo_idp_users.png" width="500" alt="demo users page" />
@@ -159,18 +159,60 @@ Test users of spid-demo that can be used are listed at: [https://localhost:8443/
 
 - Go to https://localhost:8443 to register metadata of your SP on spid-validator.
   You should access to a page like shown in the following picture
-  
+
   <img src="doc/img/login.png" width="500" alt="login page" />
-  
-  
+
+
 - Submit __validator__/ __validator__ as credential
 
 - Click on Metadata -> Download and submit your SP metadata url.<br/>
   **Warning**: If your SP is on your localhost, please use your host Docker IP and not "localhost"!
-  
+
   <img src="doc/img/demo_download_metadata_sp.png" width="500" alt="download metadata page" />
-  
+
 
 - Send an authn request to spid-demo in order to use Demo environment
 
   <img src="doc/img/demo_idp.png" width="500" alt="demo idp" />
+
+
+## Override default config with env variables
+
+The application runs at: [https://localhost:8443/](https://localhost:8443/)
+
+All the endpoints are mapped to match this URL. ie:
+```
+<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8443/samlsso" ResponseLocation="https://localhost:8443/samlsso"/>
+<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:8443/samlsso" ResponseLocation="https://localhost:8443/samlsso"/>
+
+.....
+
+<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8443/samlsso"/>
+<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:8443/samlsso"/>
+```
+
+You can override this value by setting an environment variable. You can also hide the port if you have a proxy configured to listen on port 443.
+
+```
+docker run -t -i -d -p 8443:8443  \
+        -e SERVER_HOST='https://proxy.spid.local' \
+        -e SERVER_PROXY_ACTIVE=true \
+        spid-saml-check
+```
+It is possible to change the *SPID Validator* entityId and the *SPID Demo* entityId:
+
+```
+docker run -t -i -d -p 8443:8443  \
+        -e IDP_ENTITY_ID='https://proxy.spid.local' \
+        -e DEMO_ENTITY_ID='https://demo-proxy.spid.local' \
+        spid-saml-check
+```
+
+### Env variables list
+
+| name   | default value |  info |
+|----------|-------------|------|
+| SERVER_HOST | https://localhost:8443 | *SPID Validator* url |
+| SERVER_PROXY_ACTIVE | false | hide port in the `Location` metadata entries |
+| IDP_ENTITY_ID | https://localhost:8443 | `entityID` of the *SPID Validator* metadata |
+| DEMO_ENTITY_ID | https://localhost:8443/demo | `entityID` of the *SPID Demo* metadata |

doc/proxy/apache-http-server.md

@@ -0,0 +1,43 @@
+## How to setup apache httpd as proxy
+
+On the apache 2 server enable:
+`ssl` module
+`headers` module
+`proxy` module
+`proxy_http` module
+`proxy_balancer` module
+
+Create a new VirtualHost or edit the existing one to match those configurations:
+```
+<VirtualHost *:80>
+    ###### Edit this line with your domain
+    ServerName spid.proxy.local
+
+    RewriteEngine on
+
+    ###### Edit this line with your domain
+    RewriteCond %{SERVER_NAME} =spid.proxy.local
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+</VirtualHost>
+
+<VirtualHost *:443>
+    ###### Edit this line with your domain
+    ServerName spid.proxy.local
+
+    Header always set Content-Security-Policy "upgrade-insecure-requests;"
+
+    SSLProxyEngine on
+    SSLProxyCheckPeerCN off
+    SSLProxyCheckPeerName off
+    SSLProxyCheckPeerExpire off
+
+    ProxyPreserveHost On
+    ProxyPass / https://127.0.0.1:8443/
+    ProxyPassReverse / https://127.0.0.1:8443/
+
+    ###### Edit those lines with SSL certificate of the domain
+    SSLCertificateFile /path/to/fullchain.pem
+    SSLCertificateKeyFile /path/to/privkey.key
+
+</VirtualHost>
+```

spid-validator/server/api/metadata-sp.js

@@ -4,8 +4,9 @@ const upload = multer({dest: 'temp/'});
 const unzip = require('unzip');
 const Utility = require('../lib/utils');
 const MetadataParser = require('../lib/saml-utils').MetadataParser;
+const config_loader = require('../utils/config_loader');
 const config_dir = require('../../config/dir.json');
-const config_idp = require("../../config/idp.json");
+const config_idp = config_loader.idp();
 const config_test = require("../../config/test.json");
 const moment = require('moment');
 

spid-validator/server/api/request.js

@@ -1,8 +1,10 @@
 const fs = require("fs-extra");
 const Utility = require("../lib/utils");
 const moment = require('moment');
+const config_loader = require('../utils/config_loader');
 const config_dir = require("../../config/dir.json");
-const config_idp = require("../../config/idp.json");
+const config_idp = config_loader.idp();
+
 
 
 module.exports = function(app, checkAuthorisation, getEntityDir, database) {

spid-validator/server/api/response.js

@@ -5,8 +5,9 @@ const RequestParser = require("../lib/saml-utils").RequestParser;
 const TestSuite = require("../lib/saml-utils").TestSuite;
 const Signer = require("../lib/signer").Signer;
 const SIGN_MODE = require("../lib/signer").SIGN_MODE;
+const config_loader = require('../utils/config_loader');
 const config_test = require("../../config/test.json");
-const config_idp = require("../../config/idp.json");
+const config_idp = config_loader.idp();
 const config_dir = require("../../config/dir.json");
 
 

spid-validator/server/app/auth.js

@@ -3,7 +3,8 @@ const path = require('path');
 const sha256 = require("sha256");
 const moment = require("moment"); 
 const Utility = require("../lib/utils");
-const config_idp = require("../../config/idp.json");
+const config_loader = require('../utils/config_loader');
+const config_idp = config_loader.idp();
 
 
 module.exports = function(app, checkAuthorisation, authenticator) {

spid-validator/server/app/idp.js

@@ -4,8 +4,9 @@ const Utility = require("../lib/utils");
 const IdP = require("../lib/saml-utils").IdP;
 const PayloadDecoder = require("../lib/saml-utils").PayloadDecoder;
 const RequestParser = require("../lib/saml-utils").RequestParser;
-const config_server = require("../../config/server.json");
-const config_idp = require("../../config/idp.json");
+const config_loader = require('../utils/config_loader');
+const config_server = config_loader.server();
+const config_idp = config_loader.idp();
 const config_dir = require("../../config/dir.json");
 
 const validator_basepath = config_idp.basepath=='/'? '':config_idp.basepath;
@@ -31,7 +32,7 @@ module.exports = function(app, checkAuthorisation, getEntityDir, sendLogoutRespo
         let config = config_idp;
 
         let endpoint = config_server.host
-            + (config_server.useProxy? '' : ":" + config_server.port)
+            + ((config_server.useProxy === true || config_server.useProxy === "true")? '' : ":" + config_server.port)
             + validator_basepath + "/samlsso";
 
         config.endpoints = {

spid-validator/server/app/idp_demo.js

@@ -10,9 +10,10 @@ const MetadataParser = require("../lib/saml-utils").MetadataParser;
 const TestSuite = require("../lib/saml-utils").TestSuite;
 const Signer = require("../lib/signer").Signer;
 const SIGN_MODE = require("../lib/signer").SIGN_MODE;
-const config_server = require("../../config/server.json");
-const config_demo = require("../../config/idp_demo.json");
-const config_idp = require("../../config/idp.json");
+const config_loader = require('../utils/config_loader');
+const config_server = config_loader.server();
+const config_demo = config_loader.idpDemo();
+const config_idp = config_loader.idp();
 const config_dir = require("../../config/dir.json");
 const config_test = require("../../config/test.json");
 const spid_users = require("../../config/spid_users.json");
@@ -30,7 +31,7 @@ module.exports = function(app, checkAuthorisation, getEntityDir, sendLogoutRespo
         let config = config_demo;
 
         let endpoint = config_server.host
-            + (config_server.useProxy? '' : ":" + config_server.port)
+            + ((config_server.useProxy === true || config_server.useProxy === "true") ? '' : ":" + config_server.port)
             + demo_basepath + "/samlsso";
 
         config.endpoints = {

spid-validator/server/lib/utils.js

@@ -5,8 +5,9 @@ const child_process = require('child_process');
 const UUID = require("uuidjs");
 const moment = require("moment");
 const CryptoJS = require("crypto-js");
+const config_loader = require('../utils/config_loader');
 const config_dir = require("../../config/dir.json");
-const config_idp = require("../../config/idp.json");
+const config_idp = config_loader.idp();
 const fs = require("fs-extra");
 
 

spid-validator/server/package.json

@@ -10,6 +10,7 @@
     "better-sqlite3": "^5.4.0",
     "circular-json": "^0.5.5",
     "crypto-js": "^3.1.9-1",
+    "dotenv": "^8.2.0",
     "express": "^4.15.2",
     "express-handlebars": "^3.0.0",
     "express-session": "^1.15.5",

spid-validator/server/spid-validator.js

@@ -8,10 +8,11 @@ const path = require('path');
 const fs = require("fs-extra");
 const moment = require("moment");
 
-const config_server = require("../config/server.json");
+const config_loader = require('./utils/config_loader');
+const config_server = config_loader.server();
 const config_test = require("../config/test.json");
-const config_idp = require("../config/idp.json");
-const config_demo = require("../config/idp_demo.json");
+const config_idp = config_loader.idp();
+const config_demo = config_loader.idpDemo();
 const config_dir = require("../config/dir.json");
 const config_api = require("../config/api.json");
 

spid-validator/server/utils/config_loader.js

@@ -0,0 +1,40 @@
+require('dotenv').config();
+
+const replaceEnvVariableConfig = (configJson,envMap) => {
+    Object.entries(envMap).forEach(([prop,envVar]) => {
+        if(process.env[envVar]) configJson[prop] = process.env[envVar];
+    });
+    return configJson;
+}
+
+const serverConfig = () => {
+    const envMap = {
+        'host': 'SERVER_HOST',
+        'useProxy': 'SERVER_PROXY_ACTIVE'
+    }
+    let config = require("../../config/server.json");
+    return replaceEnvVariableConfig(config,envMap);
+}
+
+const idpConfig = () => {
+    const envMap = {
+        'entityID': 'IDP_ENTITY_ID'
+    }
+    let config = require("../../config/idp.json");
+    return replaceEnvVariableConfig(config,envMap);
+}
+
+const idpDemoConfig = () => {
+    const envMap = {
+        'entityID': 'DEMO_ENTITY_ID'
+    }
+    let config = require("../../config/idp_demo.json");
+    return replaceEnvVariableConfig(config,envMap);
+}
+
+module.exports = {
+    getFromEnv: replaceEnvVariableConfig,
+    server: serverConfig,
+    idp: idpConfig,
+    idpDemo: idpDemoConfig
+}