DiscoJuice is requesting several IdP choosing when used as a Central DS

46 views
Skip to first unread message

Carlos González

unread,
Mar 13, 2014, 12:38:47 PM3/13/14
to disco...@googlegroups.com
Hi...
I've deployed DiscoJuice as a standalone central point to 4 SPs (2 of them with Shibboleth, 2 others over SimpleSAMLphp). 
The DiscoJuice is working well, except that once the user has choose their IdP and sucessfully authenticated against it, the disco asks again him to chose their IdP when using for the first time another service.
What I want is that DiscoJuice remembers the first user's choice and then, don't ask him again to choose their IdP, but send the user to it automatically, so the IdP validates if the user sesion is still active. Just the way Shibboleth DS works.
Is there any option inside the configuration parameters that I must to set up in order to get this working the way I need?
Regards,

Carlos González.

Sakhi Hadebe

unread,
Mar 14, 2014, 5:18:27 AM3/14/14
to disco...@googlegroups.com

Hi Carlos,


I am sorry I don't have a solution to your request. But I think you might be of help to what I am struggling with.


We are in the process of coming up with an FID - pilot project. I am tasked to deploy a Discovery service. Yes I have deployed a standalone DiscoJuice . I am struggling to populate DiscoJuice with our Idp, no the edugain federations. We have an SP and Idp over simplesamlphp.


Can you help please.



Regards,

Sakhi Hadebe

SANReN Engineer - CSIR Meraka Institute

Tel:  +27 12 841 2308
Fax:  +27 12 841 4223
http://www.sanren.ac.za


>>> Carlos González<carl...@gmail.com> 3/13/2014 6:38 PM >>>

--
You received this message because you are subscribed to the Google Groups "DiscoJuice" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discojuice+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard.
The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html.


This message has been scanned for viruses and dangerous content by MailScanner,
and is believed to be clean.


Please consider the environment before printing this email.


--
This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard.
The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html.


This message has been scanned for viruses and dangerous content by MailScanner,
and is believed to be clean.


Please consider the environment before printing this email.

Carlos González

unread,
Mar 14, 2014, 3:01:45 PM3/14/14
to disco...@googlegroups.com, sha...@csir.co.za
Sakhi,
If what you need is to tell the DiscoJuice that should use your IdP, all what you have to do is add something like that:

djc.inlinemetadata = [
                {"entityID":"https:\/\/idp.yourorg.edu.za\/entity\/path","country":"ZA","title":"Organization Name","geo":{"lat":"4.8744","lon":"-74.0281"}},
]

Regards!

Sakhi Hadebe

unread,
Mar 17, 2014, 2:19:43 AM3/17/14
to Carlos González, disco...@googlegroups.com

Hi,


Thank you I will try it and let you know the results.


On which file should I add this?


Correct me if I am wrong, I need to replace the entityID, country, title and the geo location with the correct values?






Regards,

Sakhi Hadebe

SANReN Engineer - CSIR Meraka Institute

Tel:  +27 12 841 2308
Fax:  +27 12 841 4223
http://www.sanren.ac.za


>>> Carlos González<carl...@gmail.com> 3/14/2014 9:01 PM >>>

Carlos González

unread,
Mar 17, 2014, 9:49:24 AM3/17/14
to disco...@googlegroups.com
Hi Sakhi, 

If you define a djc variable, just as:

var djc = DiscoJuice.Hosted.getConfig(options);

Then yo can put the djc.inlinemetadata line just after that.

Regards.




--
You received this message because you are subscribed to a topic in the Google Groups "DiscoJuice" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/discojuice/VwkikqywTzg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to discojuice+...@googlegroups.com.

Sakhi Hadebe

unread,
Mar 17, 2014, 10:15:26 AM3/17/14
to disco...@googlegroups.com, carl...@gmail.com

below is the discojuice/central.php file:




<?php


if (empty($_REQUEST['entityID'])) throw new Exception('Missing parameter [entityID]');

if (empty($_REQUEST['return'])) throw new Exception('Missing parameter [return]');



$djconfig = SimpleSAML_Configuration::getOptionalConfig('discojuice.php');

$config = SimpleSAML_Configuration::getInstance();


// EntityID

$entityid = $_REQUEST['entityID'];


// Return to...

$returnidparam = !empty($_REQUEST['returnIDParam']) ? $_REQUEST['returnIDParam'] : 'entityID';

$href = SimpleSAML_Utilities::addURLparameter(

        $_REQUEST['return'],

        array($returnidparam => '')

);



$hostedConfig = array(

        // Name of service

      $djconfig->getString('name', 'Service'),


      $entityid,


        // Url to response

      SimpleSAML_Module::getModuleURL('discojuice/response.html'),


        // Set of feeds to subscribe to.

      $djconfig->getArray('feeds', array('edugain')),


      $href


);

/*

        "a.signin", "Teest Demooo",

    "https://example.org/saml2/entityid",

    "' . SimpleSAML_Module::getModuleURL('discojuice/discojuice/discojuiceDiscoveryResponse.html') . '", ["kalmar"], "http://example.org/login?idp="

*/


$t = new SimpleSAML_XHTML_Template($config, 'discojuice:central.tpl.php');

$t->data['hostedConfig'] = $hostedConfig;

$t->data['enableCentralStorage'] = $djconfig->getBoolean('enableCentralStorage', true);

$t->data['additionalFeeds'] = $djconfig->getArray('additionalFeeds', null);

$t->show();


Do  I need to put it inside the $hostedConfig function or outside?  This is the metadata of my IdP:


$metadata['https://myorg.ac.za/simplesamlphp/saml2/idp/metadata.php'] = array (

  'metadata-set' => 'saml20-idp-remote',

  'entityid' => 'https:/myorg.ac.za/simplesamlphp/saml2/idp/metadata.php',

  'SingleSignOnService' =>

  array (

    0 =>

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',

      'Location' => 'https://myorg.ac.za/simplesamlphp/saml2/idp/SSOService.php',

    ),

  ),

  'SingleLogoutService' => 'https://myorg.ac.za/simplesamlphp/saml2/idp/SingleLogoutService.php',

  'certData' => 'MIID3zCCAsegAwIBAgIJAJkJJwZPrjyDMA0GCSqGSIb3DQEB1dGVuZzERMA8GA1UEBwwIUHJldG9yaWExDTALBgNVBAoMBENTSVIxDzANBgNVBAsMBlNBTlJlTjEOMAwGA1UEAwwFU2FraGkxITAfBgkqhkiG9w0BCQEWEnNoYWRlYmVAY3Npci5jby56YTAeFw0xNDAzMTcxMDQ2MDhaFw0yNDAzMTYxMDQ2MDhaMIGFMQswCQYDVQQGEwJaQTEQMA4GA1UECAwHR2F1dGVuZzERMA8GA1UEBwwIUHJldG9yaWExDTALBgNVBAoMBENTSVIxDzANBgNVBAsMBlNBTlJlTjEOMAwGA1UEAwwFU2FraGkxITAfBgkqhkiG9w0BCQEWEnNoYWRlYmVAY3Npci5jby56YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMA2NtZvX0ZZvQAixDgnxuh1tKuzyrh04PMzWQNooAp8usamgBAHGVFzELHNqwZfkX24Qv/PlhvyZMQoNGmjNHqZAvdSTcJEyiOaF+xUlLDNk9/w7lmZauA9cw0JUWaHrbFnN/5GhZ7xMRcaDKbow8OmI7o/5bbAN3WCTP9N3wrcTYExJg0u9fHPrwiU19qFH70/GT0PrtNHkYzHHNBt0Cajg+Brphufi0IKGPkvdRflvBzcTxRdX7TiDJ3rvkm1VdP40loZyH/9RrUKySxdGkTgnjbkPvRQtgjTdxzG4E+tK4OlO8REuVkyN6BFaMxp8i4LPEhH0CTgHxK8wkXwLkECAwEAAaNQME4wHQYDVR0OBBYEFNcPxFJoY+Pn9PFCDNSEpyAZyl+AMB8GA1UdIwQYMBaAFNcPxFJoY+Pn9PFCDNSEpyAZyl+AMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACxjDCmc6IiZjjApsxDJC5unD18hJgZfjwYthZgI/sw3n1u2nSGo4qHmJr0q/j2Q/uWSMeBdlN0J18B0W+8sZ3UXSMrTtvU5HMACZH7GQSNN6J4x3XK85niV0+kW6RoKPFTeLqi4lAauvG70dq/vRVeMd3OXkJ7S2XeE99iikZZGyjDyt4WUGzEQCUZCvA5M1kv8AEBkwhCxFNA1+zsiZxdIcJA7tPq/duzmDYHAadDcK8k70jJE1CD+x1XplTAifTddvZhso+kWuUu6aRzx5ZypXL9JgTplA2aaSRTGioecUKFANfIQqlzFA/CsKSQM5hd612CkPD0nteq2hXD0CfY=',

  'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',

);

How do I put the values of the line you sent me?






Regards,

Sakhi Hadebe

SANReN Engineer - CSIR Meraka Institute

Tel:  +27 12 841 2308
Fax:  +27 12 841 4223
http://www.sanren.ac.za


>>> Carlos González<carl...@gmail.com> 3/17/2014 3:49 PM >>>

Sakhi Hadebe

unread,
Mar 18, 2014, 5:19:58 AM3/18/14
to disco...@googlegroups.com

I have tried but I am not getting it write.


Can you tell me waht info would you need to help me with this. I definitely need help on this.




Regards,

Sakhi Hadebe

SANReN Engineer - CSIR Meraka Institute

Tel:  +27 12 841 2308
Fax:  +27 12 841 4223
http://www.sanren.ac.za


>>> Carlos González<carl...@gmail.com> 3/17/2014 3 :49 PM >>>


djc.inlinemetadata = [

{"entityID":"https:\/\/idp.yourorg.edu.za\/entity\/path","country":"ZA","title":"Organization Name","geo":{"lat":"4.8744","lon":"-74.0281"}},

]

Sakhi Hadebe

unread,
Mar 18, 2014, 6:51:21 AM3/18/14
to disco...@googlegroups.com, carl...@gmail.com

I have tried and nothing seems to be fixed so far. Instead now it's showing a blank gray screen. Maybe I was working on the wrong file.  Attached is the discojuice/central.tpl.php file.


The hostnames involved are:


sa-sp.sanren.ac.za : SP

sa-idp.sanren.ac.za : Idp

sa-ds.sanren.ac.za: DS


Can you please check it and advise what is it that I am doing wrong. Please let me know if you need more info to help me.


Please help out!




Regards,

Sakhi Hadebe

SANReN Engineer - CSIR Meraka Institute

Tel:  +27 12 841 2308
Fax:  +27 12 841 4223
http://www.sanren.ac.za


>>> Carlos González<carl...@gmail.com> 3/17/2014 3:49 PM >>>

Hi Sakhi,


If you define a djc variable, just as:


var djc = DiscoJuice.Hosted.getConfig(options);


Then yo can put the djc.inlinemetadata line just after that.

p

Regards.



central.tpl.php

Sakhi Hadebe

unread,
Mar 27, 2014, 6:15:43 AM3/27/14
to disco...@googlegroups.com

Hi Carlos,


I have tried to configure discojuice to add my IdP in the central.tpl.php file. Not sure if it is the correct file to apply the configurations. Please advise. Below is my configuration:


 var djc = DiscoJuice.Hosted.getConfig(

            "Demo of local auth",

            "https://servername/simplesaml/saml2/idp/metadata.php", // here goes in my IdP entityID

            "http://dev.discojuice.org/discojuice/discojuiceDiscoveryResponse.html", ["edugain"], "http://example.org/login?idp="

        );// I am really not sure what should I put in this line?


        djc.inlinemetadata = [

                {

                        'entityID': 'https://servername/simplesaml/saml2/idp/metadata.php', // IdP entityID

                        'auth': 'local',

                        'title': 'Local authentication',

                        'country':'_all_',

                        'geo':null,

                        'weight':-8

                }

        ];


If you need more details to get this running, please let me know.








Regards,

Sakhi Hadebe

SANReN Engineer - CSIR Meraka Institute

Tel:  +27 12 841 2308
Fax:  +27 12 841 4223
http://www.sanren.ac.za


>>> Carlos González<carl...@gmail.com> 3/17/2014 3:49 PM >>>

Sakhi Hadebe

unread,
Apr 14, 2014, 4:16:21 AM4/14/14
to disco...@googlegroups.com

Hi Carlos,


Sorry I  had some pressing projects and didn't update you on this. I am still stuck. Which specific file do I need to add this onto?


Can you send me a detailed configuration file that I can maybe refer to.





Regards,
Sakhi Hadebe
SANReN Engineer - CSIR Meraka Institute
Tel:  +27 12 841 2308
Fax:  +27 12 841 4223
http://www.sanren.ac.za

>>> Carlos González<carl...@gmail.com> 3/17/2014 3:49 PM >>>

Reply all
Reply to author
Forward
0 new messages