Add simplesaml integration

docker-compose.yml.example

@@ -15,6 +15,15 @@ services:
     volumes:
       - ./src/web:/var/www
       - ./nginx/conf.d/:/etc/nginx/conf.d/
+      # Saml config
+      - ./simplesamlphp-1.18.3:/var/simplesamlphp
+      - ./simple-saml/cert:/var/simplesamlphp/cert
+      - ./simple-saml/config:/var/simplesamlphp/config
+      - ./simple-saml/metadata:/var/simplesamlphp/metadata
+      - ./simplesamlphp-1.18.3:/var/simplesamlphp-idp
+      - ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
+      - ./simple-saml-idp/config:/var/simplesamlphp-idp/config
+      - ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
     networks:
       - doorcode
   postgres:
@@ -51,6 +60,15 @@ services:
     volumes:
       - ./src/web:/var/www
       - ./php/dev.ini:/usr/local/etc/php/conf.d/local.ini
+      # Map saml files to the php-fpm server so it has access to them as well
+      - ./simplesamlphp-1.18.3:/var/simplesamlphp
+      - ./simple-saml/cert:/var/simplesamlphp/cert
+      - ./simple-saml/config:/var/simplesamlphp/config
+      - ./simple-saml/metadata:/var/simplesamlphp/metadata
+      - ./simplesamlphp-1.18.3:/var/simplesamlphp-idp
+      - ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
+      - ./simple-saml-idp/config:/var/simplesamlphp-idp/config
+      - ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
     ports:
       - "9000:9000"
     networks:

nginx/conf.d/app.conf

@@ -12,6 +12,31 @@ server {
     access_log /var/log/nginx/access.log;
     root /var/www/frontend;
 
+    location ^~ /simplesaml {
+        alias /var/simplesamlphp/www;
+
+        location ~ \.php(/|$) {
+            include fastcgi_params;
+            fastcgi_pass api:9000;
+            fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
+            fastcgi_param SCRIPT_FILENAME $request_filename;
+            fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
+        }
+    }
+
+
+    location ^~ /simplesaml-idp {
+        alias /var/simplesamlphp-idp/www;
+
+        location ~ \.php(/|$) {
+            include fastcgi_params;
+            fastcgi_pass api:9000;
+            fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
+            fastcgi_param SCRIPT_FILENAME $request_filename;
+            fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
+        }
+    }
+
     location /api {
         proxy_pass http://localhost.api/;
     }
@@ -21,6 +46,7 @@ server {
     }
 }
 
+
 server {
     listen 80;
     index  index.php index.html;

simple-saml-idp/cert/server.crt

+-----BEGIN CERTIFICATE-----
+MIIEwTCCAymgAwIBAgIUWlixu/uHDLux2Txl3HGBngrYZxQwDQYJKoZIhvcNAQEL
+BQAwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xFjAUBgNVBAcM
+DUNvbGxlZ2UgUGxhY2UxHzAdBgNVBAoMFldhbGxhIFdhbGxhIFVuaXZlcnNpdHkx
+EzARBgNVBAsMCktyZXRzY2htYXIwHhcNMjAwMTIxMTAyNjQxWhcNMzAwMTIwMTAy
+NjQxWjBwMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEWMBQGA1UE
+BwwNQ29sbGVnZSBQbGFjZTEfMB0GA1UECgwWV2FsbGEgV2FsbGEgVW5pdmVyc2l0
+eTETMBEGA1UECwwKS3JldHNjaG1hcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC
+AYoCggGBALhJUyYFwJRwiYzXnuR4dGkEUF6hjnbXxKnkwfuRO0Apy7G3RGtkqq+v
+GOTn2MymUpYOxXNCsz6cAwrrADjnW9cRUERkqR0KSnrTsATzF6rvnodM27hREysQ
+EKVW+dcKIklrXxOaSRJuCoYXV+QuSK/Qph6qDYimxdLl4CWTuWtu2Pytr5ABcewY
+oawf816ErcNVw2pP2gxAB+OxyoERlo2E+6b4yk6e1V/StFdRgeABuMAPAgip49PP
+d7u0hUkay0fplB5fqg7xnuwMsJRffBJRRd5bZjMRz7M3OHL8kvhjCAWn54ERf8zY
+JJLaG+D96TPT7fNbyfylDzWS64wwwdo/iX3R9cwpPatAmh6ke2MGgypE1Xv2EUmq
+TPnlTIgxRxX4Y+N3sQibDtat1KhDIWZFk1YAkJpOarWaXolzUt/7wsYnocA51/RE
+EDoIlVwa0xLDpGAMVHpzCmOMk62C047ptUVAKwPRKwVTRo44wyK2OOOvTWef3oeG
+LjQU0ICX2wIDAQABo1MwUTAdBgNVHQ4EFgQUGwOm6LVLEeLxGMOiqVHjcehg1YQw
+HwYDVR0jBBgwFoAUGwOm6LVLEeLxGMOiqVHjcehg1YQwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAYEAfrz2N8cMRnDpD8H6o63Sa6aVJc0soSy5dzlS
+c/MLh9TvOuztWSovaDmfsshMTBH6ChZQ+XifZWwKJaf+fFaYGgcFDFwQVslzGjoS
+Y2VXYSKmcfSIOpb4jkKvc4mjuxLxhi/WcKga7IVb7/xNw5uqWfJI+ndtz45AwJ/z
+pzQjvAMipZwjtwAgryXhcAdBlzhSRNdysPPCDCxjQWqaI+SSWMa0Ud/frXgYeOP9
+ID73qOf9rKrSjftJKXCYpXsjGykkv9GrCjJxe+usRSHXw6ddrO7aYfl7mXjsXQh+
+OlhuKog8MGUOQMa2I14qn8qTPKNmMl62Qu06pYFgDez9oLPM40mEilRpNQHO/lDq
+wS8J6x8Ir/Ub8a38s+VkIWGHsnvLDR/tHW0VI+RGsL10hsUbV2geIQ0CkDOJMo9k
+ohlLqBf0WKr+sSRH7n/M/Kd0bccERTnr9NYl76Wuddo3v4JcIf48vYE8pUFDmCTG
+RwnTN6vCnNZLvWa/+WwYLpN8KhYW
+-----END CERTIFICATE-----

simple-saml-idp/cert/server.pem

+-----BEGIN PRIVATE KEY-----
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQC4SVMmBcCUcImM
+157keHRpBFBeoY5218Sp5MH7kTtAKcuxt0RrZKqvrxjk59jMplKWDsVzQrM+nAMK
+6wA451vXEVBEZKkdCkp607AE8xeq756HTNu4URMrEBClVvnXCiJJa18TmkkSbgqG
+F1fkLkiv0KYeqg2IpsXS5eAlk7lrbtj8ra+QAXHsGKGsH/NehK3DVcNqT9oMQAfj
+scqBEZaNhPum+MpOntVf0rRXUYHgAbjADwIIqePTz3e7tIVJGstH6ZQeX6oO8Z7s
+DLCUX3wSUUXeW2YzEc+zNzhy/JL4YwgFp+eBEX/M2CSS2hvg/ekz0+3zW8n8pQ81
+kuuMMMHaP4l90fXMKT2rQJoepHtjBoMqRNV79hFJqkz55UyIMUcV+GPjd7EImw7W
+rdSoQyFmRZNWAJCaTmq1ml6Jc1Lf+8LGJ6HAOdf0RBA6CJVcGtMSw6RgDFR6cwpj
+jJOtgtOO6bVFQCsD0SsFU0aOOMMitjjjr01nn96Hhi40FNCAl9sCAwEAAQKCAYEA
+hvnltcamy9I1XPwcu9hh4v0u5HDOCMt2lr0fO2OfExrJv6usqD/+KFlGEXqitxnn
+CVNeWVJ0OJpKPDftXMBP6xEaSk2z87oy3Q2pMabfIesJoK2xjKmNMZA9sOwoZ9Fb
+VY0YASKS/LWubZIxZMZlpKhc077X1MvZvuNxrfQp7b8tnLyWBxKX30YXPBvWw9bH
+8nchfv9nhGttm97/pFM+gv7w1tYIT1dUjy+juQTQ7EI2kC0t3yyX2u5tEwVgTjAZ
+j4ZNfULgro/FOB5QLZkktcKJhfkyJVBMpwOmxc/eLsT5nUR9TTXLm71E94ZEyFvU
+WrOWwlYKhFLrv4StgvjJJpvo8hpzQl8HU1EbUWB5eMehyl9o9mabwVcuvifuRcdS
+KvVP+v/aH+KMKhMjtoRt5iNv4bGnullGQz0xsO/ChtVeseMmpwBJtIohj+q5Ffn9
+7a/UMODYce6VTxNlFGCJokwSFTiDjA4iYtCIPZA5fkxTt38kbNbJCmc4fYISp38J
+AoHBAOBK/BBfkh34epifG5Y18p9HvFLp5l9g0aBlgo9UmgdiQiHZRbKLoDXbRF49
+72XW3yD4Lksbv8Gu+m/+rFfoNbID2Er9A55a4t7ShoUsy11usC58hPyMKivd8HMm
+TBCv2fZyGHrRdPtNXeAYfz2N3+hBN+TUClLWhxy51xsvFnjLuUFeXdfSLdd05ane
+Cq9blQjQOPI9O83+U9vU7x3f2LZuV9Z43NT3KoDTy8MtWabNDViWYp+ltyi3h0Il
+b0GgZwKBwQDSVogJOEeBhx0KkspR93+88vXSiAgTzhR+IfXsPT0aGDtXleTqkIOe
+8LZYnQaCsL6jQtJGocWkpF140NUG6CCkg08e21avOHM5DgQ5/6XyL1aESmJ2BNJH
+nyrRpGyRRGdgtcK0uomZMhYT6hh/TID4d0x3OAwghRBuS0+pGExjj8ViqkFJ1SLC
++NQvn2c7V0sCz5uS0OW0inoCs/piby2fxns7tFS+w9L6OrJhfKmn6S5A6bfwjRsl
+RWLfjcU21G0CgcEAu3tSWWlZnP2/lGWizJuJk8SF0ZS8QUuPzhAr4x0npzZl6x9P
+mCAIKhx/eHsy6iCC4G8zWwr17bMSmZz6eHycrZFzMbNuW+bCrtixIw6/avkEAceJ
+7gRHl+VrgQUpHeWwPsU+WyNMMmeIKbKwYUZ/PAeP7hGkE3xI8iURfiKNGSnJT6/O
+p4GDWg7XjncQ3WWjHPvYLfwrSlPlyuKhgYpD/rIbcCYVCVsVRxxCvYHh54CNQFhs
+VeBSSpGmWQ8rgWLPAoHAQ5QJoOy0DKmcawk+d5dNMyfcUwfhkHtlmiDPIleKihe+
++STvp21G3In6C/5nWRXwKgQOCyNunLcyUN7HkrCBzFlj0kYmU6WPX4VhVkEM0ALl
+iRtdBw4FgX1iBHkPaJzRmgDLzcUg8FdnQH614DB0P2AU8TjQrKIT5VvM/EcSQ+qt
+QEXzNAWGZZ4MjkBoqmghcYXCNilno9nZ2YR5raaKwgrDDSujDqdb4Yl6RlgHKiuA
+8NomfuLXFeJ1Id4qvrMBAoHAEA72uhRfmdJqRrZNfJ4ysUndtnQRtJAfaQH9MVbU