Skip to content

Migrate JHED id log in to use shibboleth #1113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 4 commits into
base: develop
Choose a base branch
from
Draft

Migrate JHED id log in to use shibboleth #1113

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
23d8c20
saml: config saml auth settings
JiaqiWang18 Apr 13, 2024
12b516b
add command to install required linux deps
JiaqiWang18 Apr 13, 2024
56f9c85
try to fix CI
JiaqiWang18 Apr 13, 2024
1c40983
add sudo to actions command
JiaqiWang18 Apr 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/semesterly.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@ jobs:

- name: Install Python Dependencies
run: |
sudo apt-get --allow-releaseinfo-change update
sudo apt install libxmlsec1 libxmlsec1-dev -y
python -m pip install --upgrade pip
pip install -r requirements.txt

Expand Down
4 changes: 3 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,4 +57,6 @@ venv/
webpack-stats.json
workfile.html
cache
stunnel/
stunnel/
saml.crt
saml.key
3 changes: 3 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ COPY ./build/local_settings.py /code/semesterly/local_settings.py
# Add parser script
COPY ./build/run_parser.sh /code/run_parser.sh

RUN apt-get --allow-releaseinfo-change update
RUN apt install libxmlsec1 libxmlsec1-dev -y

RUN pip3 install -r /code/requirements.txt

# Install package.json dependencies
Expand Down
1 change: 1 addition & 0 deletions authpipe/urls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,5 @@
# auth
re_path("", include("social_django.urls", namespace="social")),
re_path("", include(("django.contrib.auth.urls", "auth"), namespace="auth")),
re_path(r"^saml/metadata$", authpipe.views.saml_metadata_view),
]
14 changes: 14 additions & 0 deletions authpipe/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,17 @@
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
from django.http import HttpResponse
from django.urls import reverse
from social_django.utils import load_strategy, load_backend

def saml_metadata_view(request):
complete_url = reverse('social:complete', args=("saml", ))
saml_backend = load_backend(
load_strategy(request),
"saml",
redirect_uri=complete_url,
)
metadata, errors = saml_backend.generate_metadata_xml()
if not errors:
return HttpResponse(content=metadata, content_type='text/xml')
1 change: 1 addition & 0 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ python-dateutil==2.8.2
social-auth-core==4.0.3
social-auth-app-django==4.0.0
python-memcached==1.59
python3-saml==1.16.0
python-social-auth==0.2.21
pytz==2017.2
pywebpush==1.4.0
Expand Down
34 changes: 34 additions & 0 deletions semesterly/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,38 @@ def get_secret(key):

USE_X_FORWARDED_HOST = True

SOCIAL_AUTH_SAML_SP_ENTITY_ID = "http://jhu.semester.ly"

SOCIAL_AUTH_SAML_SP_PUBLIC_CERT = get_secret("SOCIAL_AUTH_SAML_SP_PUBLIC_CERT")

SOCIAL_AUTH_SAML_SP_PRIVATE_KEY = get_secret("SOCIAL_AUTH_SAML_SP_PRIVATE_KEY")

SOCIAL_AUTH_SAML_ORG_INFO = {
"en-US": {
"name": "semesterly",
"displayname": "Semester.ly",
"url": "http://jhu.semester.ly",
}
}

SOCIAL_AUTH_SAML_TECHNICAL_CONTACT = {
"givenName": "Semester.ly",
"emailAddress": "[email protected]",
}

SOCIAL_AUTH_SAML_SUPPORT_CONTACT = {
"givenName": "Semester.ly",
"emailAddress": "[email protected]",
}

SOCIAL_AUTH_SAML_ENABLED_IDPS = {
"jhu": {
"entity_id": "https://idp.jh.edu/idp/shibboleth",
"url": "https://idp.jh.edu/idp/profile/SAML2/Redirect/SSO",
"x509cert": get_secret("JHU_SAML_IDP_CERT"),
}
}

SOCIAL_AUTH_FACEBOOK_SCOPE = [
"email",
"user_friends",
Expand Down Expand Up @@ -104,6 +136,7 @@ def get_secret(key):
"social_core.backends.google.GooglePlusAuth",
"social_core.backends.google.GoogleOAuth2",
"social_core.backends.azuread_tenant.AzureADTenantOAuth2",
"social_core.backends.saml.SAMLAuth",
)
FIELDS_STORED_IN_SESSION = ["student_token", "login_hash"]

Expand Down Expand Up @@ -229,6 +262,7 @@ def get_secret(key):
"social_core.backends.google.GoogleOAuth2",
"social_core.backends.twitter.TwitterOAuth",
"social_core.backends.azuread_tenant.AzureADTenantOAuth2",
"social_core.backends.saml.SAMLAuth",
"django.contrib.auth.backends.ModelBackend",
)

Expand Down
2 changes: 1 addition & 1 deletion static/js/redux/ui/modals/UserAcquisitionModal.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ const UserAcquisitionModal = () => {
className="btn abnb-btn secondary"
onClick={() => {
const link = document.createElement("a");
link.href = `/login/azuread-tenant-oauth2/?student_token=${LoginToken}&login_hash=${LoginHash}`;
link.href = `/login/saml/?idp=jhu&student_token=${LoginToken}&login_hash=${LoginHash}`;
document.body.appendChild(link);
link.click();
}}
Expand Down
Loading