EUDI Wallet RP backend integration (#74)

* pyeudiw conf

* fix: discovery page and entity configuration endpoint

* fix: openid4vp backend base_url

* feat: qrcode templates

* chore: openid4vp backend example conf

* feat: added mongodb in pyeudiw backend conf

* feat: aligne pyeudiw backend conf

* chore: alignment of openid4vp backend example with pyeudiw dev branch

* chore: pyeudiw backend example update

* aligned pyeudiw backend assets

* fix: pyeudiw v0.5.0 alignments

* uwsgi setup nginx and spid idps js

* chore: uwsgi examples init scripts and nginx improvements

* feat: nginx hardening

* eudi small alignments

* uwsgi not truncating long debug messages

* Docker revamping (#90)

* python version selected dinamically for docker version

* fixed python version

* added enviroments description

* fix enviroment's name and echo

* fir doker-compose and readme files

* fix: change library from libressl-dev to openssl-dev

* Update target_based_routing.yaml

Fixed ficep entity_id name

* New ficep metadata

* chore: added dependency for django theme

* Fix: remove of non existing field of user

* feat: implemented Django template for the example sp

* chore: example project - disco, proxy_conf and README

* chore: README

* chore: README added CORSO IDEM Proxy

* fix: Docker compose

* fix: Docker compose - README

* fix: Docker compose - README

* pyff folder renamed

* Docker revamp

* Docker revamp

* chore: created static folder with static files

* fix: adding missing STATIC_ROOT

* fix: using {% static %} for static resources

* fix: removed unused code

* Update example_sp/djangosaml2_sp/saml2_sp/views.py

Co-authored-by: Giuseppe De Marco <[email protected]>

* Update example_sp/djangosaml2_sp/saml2_sp/views.py

Co-authored-by: Giuseppe De Marco <[email protected]>

* Docker revamp

* fix: Docker entrypoint

* chore: README

* chore: README

* fix: docker compose

---------

Co-authored-by: Alessio Murru <[email protected]>
Co-authored-by: MDreW <[email protected]>
Co-authored-by: Gartic99 <[email protected]>
Co-authored-by: Ghenadie Artic <[email protected]>

* fix: compose and and idp button

* fix: spid backend target routing

* chore: spid-saml-check animated gif

* fix: general configuration and documentation

* Feat: by clicking on my name, you have a dropdown (#93)

* chore: added dependency for django theme

* Fix: remove of non existing field of user

* feat: implemented Django template for the example sp

* chore: created static folder with static files

* fix: adding missing STATIC_ROOT

* fix: using {% static %} for static resources

* fix: removed unused code

* Update example_sp/djangosaml2_sp/saml2_sp/views.py

Co-authored-by: Giuseppe De Marco <[email protected]>

* Update example_sp/djangosaml2_sp/saml2_sp/views.py

Co-authored-by: Giuseppe De Marco <[email protected]>

* feat: dropdown for profile

* fix: resolved merge conflicts

---------

Co-authored-by: Giuseppe De Marco <[email protected]>

* Merged PR #81 into EUDI (#94)

* new discovery and error page based on bootstrap-itali v2.6.1

* added id and class for errors

* chore: added dependency for django theme

* Fix: remove of non existing field of user

* feat: implemented Django template for the example sp

* chore: created static folder with static files

* fix: adding missing STATIC_ROOT

* fix: using {% static %} for static resources

* fix: removed unused code

* Update example_sp/djangosaml2_sp/saml2_sp/views.py

Co-authored-by: Giuseppe De Marco <[email protected]>

* Update example_sp/djangosaml2_sp/saml2_sp/views.py

Co-authored-by: Giuseppe De Marco <[email protected]>

* feat: dropdown for profile

* fix: resolved merge conflicts

* chore: removed comments on disco.html file

* feat: improved echo_attributes page

* Update Docker-compose/docker-compose.yml

Co-authored-by: Giuseppe De Marco <[email protected]>

---------

Co-authored-by: MDreW <[email protected]>
Co-authored-by: Giuseppe De Marco <[email protected]>

* Satosa-Saml2Spid/Eudi - Readme Review for initial setup of the environment (#95)

* Modifica Readme Satosa-Saml2Spid

* aggiornamento django Readme

* aggiornamento  Readme

* Update readme - second release

* update - review readme

* create new Readme about DEMO SAML2 SP + remove blanck lines + modified django readme

* Apply suggestions from code review

---------

Co-authored-by: Giuseppe De Marco <[email protected]>

* ci: only py3.10 since it will be tested using docker

* fix: djangosaml2 example sp templates and conf

* chore: README wallet demo

* chore: updated discovery page image

* chore: updated discovery page image

* chore: README editorials

* fix: wallet demo animated gif dimensions

* fix: wallet demo animated gif dimensions

* fix: sumamry

* update CI workflow (Revision 1) (#96)

* update CI workflow (Revision 1)

* remove pip install line 35

* Update CI workflow -  revision 2

* ADD django_sp in Docker-compose and revisited CI workflow (#97)

* Update CI workflow + ADD django_sp in Docker-compose

* Update CI Workflow - Review 2

* Update CI Workflow - Review 2.1

* Update CI Workflow - Review 2.2

* Update CI workflow + Docker-compose (review 3.1)

* feat: qrcode loaded by client (#98)

* new discovery and error page based on bootstrap-itali v2.6.1

* added id and class for errors

* chore: added dependency for django theme

* Fix: remove of non existing field of user

* feat: implemented Django template for the example sp

* chore: created static folder with static files

* fix: adding missing STATIC_ROOT

* fix: using {% static %} for static resources

* fix: removed unused code

* Update example_sp/djangosaml2_sp/saml2_sp/views.py

Co-authored-by: Giuseppe De Marco <[email protected]>

* Update example_sp/djangosaml2_sp/saml2_sp/views.py

Co-authored-by: Giuseppe De Marco <[email protected]>

* feat: dropdown for profile

* fix: resolved merge conflicts

* chore: removed comments on disco.html file

* feat: improved echo_attributes page

* feat: qrcode loaded by js library

* fix: qrcode_color set by parameter

---------

Co-authored-by: MDreW <[email protected]>
Co-authored-by: Giuseppe De Marco <[email protected]>

* Remove `apply_conf.sh` script (#103)

* fix: remove `apply_conf.sh` script and use ENV vars instead

* fix: remove `apply_conf.sh` script and use ENV vars instead

* fix: delete `apply_conf.sh` file

* fix: separate `SATOSA_BASE_STATIC` from `SATOSA_BASE`

---------

Co-authored-by: Salvatore Laiso <[email protected]>

* Add in "External references" readme section the reference of pyeudiw doc (#104)

* Update CI workflow + ADD django_sp in Docker-compose

* Update CI Workflow - Review 2

* Update CI Workflow - Review 2.1

* Update CI Workflow - Review 2.2

* Update CI workflow + Docker-compose (review 3.1)

* issue #92 - add pyeudiw documentation ref

* issue #92 - add pyeudiw documentation ref (review)

* issue #92 - add pyeudiw documentation ref (review2)

* Fixes pre release 0.8.0 (#105)

* fix: align pyeudiw yaml config file

* fix: align disco page to pyeudiw

* fix: align base html to pyeudiw

* fix: align qrcode to pyeudiw

* fix: change reference to correct bootstrap

* fix: add statics needed by spid_base

* doc: update Configuration by environment variables section

* Fix CI pre-release (#107)

* fix: github action

* fix: temporary retrieve `pyeudiw` from github repo

* fix: add `eudi` branch into CI triggers

* chore: linting and container status info

* fix: missing dependencies in CI host machine

* fix: wait container startup

* fix: add healthcheck

---------

Co-authored-by: Salvatore Laiso <[email protected]>

---------

Co-authored-by: root <root@it-wallet-tmp.mpokl4s14jhunpbwqmmurqxrkb.fx.internal.cloudapp.net>
Co-authored-by: Alessio Murru <[email protected]>
Co-authored-by: MDreW <[email protected]>
Co-authored-by: Gartic99 <[email protected]>
Co-authored-by: Ghenadie Artic <[email protected]>
Co-authored-by: Davide Longo <[email protected]>
Co-authored-by: Salvatore Laiso <[email protected]>
Co-authored-by: Salvatore Laiso <[email protected]>

.dockerignore

@@ -2,6 +2,7 @@
 *
 # Add exception for the directories you actually want to include in the context
 !example
+!example_sp
 !requirements.txt
 !oids.conf
-!build_spid_certs.sh
+!build_spid_certs.sh

.github/workflows/python-app.yml

@@ -5,9 +5,9 @@ name: Satosa-Saml2Spid
 
 on:
   push:
-    branches: [ master, dev ]
+    branches: [ master, dev, eudi ]
   pull_request:
-    branches: [ master, dev ]
+    branches: [ master, dev, eudi ]
 
 jobs:
   build:
@@ -18,64 +18,56 @@ jobs:
       fail-fast: false
       matrix:
         python-version:
-          - '3.9'
           - '3.10'
-          - '3.11'
 
     steps:
     - uses: actions/checkout@v3
+    - name: Install xmlsec1
+      run: sudo apt-get install -y xmlsec1
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v4
       with:
         python-version: ${{ matrix.python-version }}
-    - name: Install system dependencies
-      run: |
-        sudo apt update
-        sudo apt install -y libffi-dev libssl-dev python3-pip xmlsec1 procps libpcre3 libpcre3-dev
     - name: Install dependencies
       run: |
-        python -m pip install --upgrade pip
-        if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi
-        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
-        pip install -r example_sp/djangosaml2_sp/requirements.txt
         pip install spid-sp-test>=1.2.8
         pip install flake8
-        pip install satosa_oidcop>=1.0
     - name: Lint with flake8
       run: |
         ## stop the build if there are Python syntax errors or undefined names
         flake8 --count --select=E9,F63,F7,F82 --show-source --statistics example
         ## exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
         flake8 --max-line-length 120 --count --exit-zero --statistics example
-    - name: run djangosaml2 SP
+    - name: Create docker-example folder
       run: |
-        cd example_sp/djangosaml2_sp/
-        bash run.sh &
-        sleep 5
+        mkdir -p docker-example
+        cp -r example/. docker-example
+    - name: docker compose
+      run: |       
+        cd Docker-compose
+        ./run-docker-compose.sh
+        docker ps -a
     - name: djangosaml2 SP metadata to Proxy
       run: |
         wget http://localhost:8000/saml2/metadata -O example/metadata/sp/djangosaml2_sp.xml
     - name: run satosa-saml2spid
       run: |
-        cd example
+        cd docker-example
         mkdir -p metadata/idp
         mkdir -p metadata/sp
-        export SATOSA_APP=`python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])'`
-        uwsgi --wsgi-file $SATOSA_APP/satosa/wsgi.py  --https 0.0.0.0:10000,./pki/cert.pem,./pki/privkey.pem --callable app -b 32768 &
-        sleep 5
     - name: Metadata proxy to djangosaml2 SP
       run: |
-        wget --no-check-certificate https://localhost:10000/Saml2IDP/metadata -O example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml
+        wget --no-check-certificate https://localhost/Saml2IDP/metadata -O example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml
     - name: spid-sp-test SPID metadata, requests and responses
       run: |
-        cd example
+        cd docker-example
         spid_sp_test --idp-metadata > metadata/idp/spid-sp-test.xml
-        spid_sp_test --metadata-url https://localhost:10000/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost:10000/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr
+        spid_sp_test --metadata-url https://localhost/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr
     - name: spid-sp-test CIE id metadata
       run: |
-        cd example
-        spid_sp_test --profile cie-sp-public --metadata-url https://localhost:10000/cieSaml2/metadata
+        cd docker-example
+        spid_sp_test --profile cie-sp-public --metadata-url https://localhost/cieSaml2/metadata
     - name: spid-sp-test eIDAS FiCEP metadata
       run: |
-        cd example
-        spid_sp_test --profile ficep-eidas-sp --metadata-url https://localhost:10000/spidSaml2/metadata
+        cd docker-example
+        spid_sp_test --profile ficep-eidas-sp --metadata-url https://localhost/spidSaml2/metadata

.gitignore

@@ -16,3 +16,4 @@ example/private/*
 *pyFF_example/entities
 example_sp/djangosaml2_sp/sqlite3.db
 project/*
+docker-example/*

compose-Satosa-Saml2Spid/.env → Docker-compose/.env

@@ -1,3 +1,4 @@
 MONGO_DBUSER=satosa
 MONGO_DBPASSWORD=thatpassword
 HOSTNAME=localhost
+KEYS_FOLDER=./pki

Docker-compose/README.md

@@ -0,0 +1,117 @@
+# Docker Compose
+
+## Table of Contents
+
+1. [What do you need?](#what-do-you-need?)
+2. [Run the composition](#run-the-composition)
+3. [Stop the composition](#stop-the-composition)
+4. [Remove/Delete volumes](#remove/delete-volumes)
+5. [Demo data](#demo-data)
+6. [Env file](#env-file)
+7. [docker-compose.yml](#docker-compose.yml)
+
+## Requirements
+
+In order to execute the run script you need:
+
+* jq
+* docker-compose
+
+Installation example in Ubuntu:
+
+```
+sudo apt install jq docker-compose
+```
+
+For docker-compose you can also [see here](https://docs.docker.com/compose/install/other/).
+
+## Run the composition
+
+Copy the folder `example` to `docker-example` and do your configuration.
+
+### Start the Compose
+
+Execute the run script for the first time:
+
+```
+./run-docker-compose.sh
+```
+
+The following docker volumes are created, if they doesn't exist yet:
+
+* satosa-saml2spid_nginx_certs
+* satosa-saml2spid_mongodata 
+
+The *satosa-saml2spid_nginx_certs* is populated with data from [nginx/certs/](nginx/certs)`,
+*satosa-saml2spid_mongodata* is populated by MongoDB container with its storage.
+
+After having executed the docker compose you can see the logs of the running containers:
+```
+docker-compose -f docker-compose.yml logs -f
+```
+
+After the first run, you can start the docker compose with the run script or by this commands:
+
+```
+docker-compose pull; docker-compose down -v; docker-compose up -d; docker-compose logs -f
+```
+### Where is your data?
+
+Command:
+
+```
+docker volume ls
+```
+
+Output:
+
+```
+DRIVER    VOLUME NAME
+local     satosa-saml2spid_mongodata
+local     satosa-saml2spid_nginx_certs
+```
+
+In RedHat and Ubuntu based OS the Docker volumes directory is at:
+
+```
+# ls -1 /var/lib/docker/volumes/
+satosa-saml2spid_mongodata
+satosa-saml2spid_nginx_certs
+```
+
+## Stop the composition
+
+```
+./stop-docker-compose.sh
+```
+
+This script stops all containers of the composition and detaches the volumes, but keeps the data on the persistent volumes.
+
+## Remove/Delete volumes
+
+If you want to start from scratch, or just clear all persistent data, just run the following script:
+
+```
+./rm-persistent-volumes.sh
+```
+
+First, the containers of the composition are stopped and the volumes are detached.
+
+Then you are asked if you want to delete the volumes and if you answer yes, you have to confirm volume by volume.
+
+## Demo data
+
+Demo data for a test client are inserted into the DB during the first run of the composition.
+
+See [mongo readme](../README.mongo.md) to have some example of demo data.
+
+## Env file
+
+```
+# cat .env
+MONGO_DBUSER=satosa
+MONGO_DBPASSWORD=thatpassword
+HOSTNAME=localhost
+```
+
+See [mongo readme](../README.mongo.md) for explanation of environment variables of MongoDB.

Docker-compose/docker-compose.yml

@@ -0,0 +1,165 @@
+version: '3'
+services:
+  satosa-mongo:
+    image: mongo
+    container_name: satosa-mongo
+    restart: always
+    environment:
+      MONGO_INITDB_DATABASE: oidcop
+      MONGO_INITDB_ROOT_USERNAME: "${MONGO_DBUSER}"
+      MONGO_INITDB_ROOT_PASSWORD: "${MONGO_DBPASSWORD}"
+    volumes:
+      - mongodata:/data/db
+      - /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
+      - ./mongo/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh
+    ports:
+      - '27017-27019:27017-27019'
+    networks:
+      - satosa-saml2spid
+
+  satosa-mongo-express:
+    image: mongo-express
+    container_name: satosa-mongo-express
+    restart: always
+    ports:
+      - 8082:8081
+    environment:
+      ME_CONFIG_BASICAUTH_USERNAME: satosauser
+      ME_CONFIG_BASICAUTH_PASSWORD: satosapw
+      ME_CONFIG_MONGODB_ADMINUSERNAME: "${MONGO_DBUSER}"
+      ME_CONFIG_MONGODB_ADMINPASSWORD: "${MONGO_DBPASSWORD}"
+      ME_CONFIG_MONGODB_URL: mongodb://${MONGO_DBUSER}:${MONGO_DBPASSWORD}@satosa-mongo:27017/
+    networks:
+      - satosa-saml2spid
+  ## START: PARTE NUOVA
+  django_sp:
+    build: 
+        context: ../      
+        args: 
+            - NODE_ENV=local        
+        dockerfile: example_sp/django.Dockerfile
+    container_name: django_sp
+    #restart: always
+    working_dir: /django_sp
+    entrypoint: "sh ../entrypoint.sh"
+    volumes:
+       - /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
+       - ../example_sp/djangosaml2_sp:/django_sp:rw
+    ports:
+      - "8000:8000"
+    networks:
+      - satosa-saml2spid
+## END: PARTE NUOVA
+  satosa-saml2spid:
+    #image: ghcr.io/italia/satosa-saml2spid:latest
+    #image: satosa-saml2spid:latest
+    build: 
+        context: ../      
+        args: 
+            - NODE_ENV=local        
+        dockerfile: satosa.Dockerfile
+    container_name: satosa-saml2spid
+    depends_on:
+      - satosa-mongo
+    environment:
+      - BASE_DIR=/satosa_proxy
+      - SATOSA_BY_DOCKER=1
+
+      - SATOSA_BASE=https://$HOSTNAME
+      - SATOSA_BASE_STATIC=https://$HOSTNAME/static
+      - SATOSA_DISCO_SRV=https://$HOSTNAME/static/disco.html
+      - SATOSA_UNKNOW_ERROR_REDIRECT_PAGE=https://$HOSTNAME/static/error_page.html
+
+      - MONGODB_PASSWORD=${MONGO_DBPASSWORD}
+      - MONGODB_USERNAME=${MONGO_DBUSER}
+
+      - SATOSA_CONTACT_PERSON_EMAIL_ADDRESS=support.example@organization.org
+      - SATOSA_CONTACT_PERSON_TELEPHONE_NUMBER=+3906123456789
+      - SATOSA_CONTACT_PERSON_FISCALCODE=01234567890
+      - SATOSA_CONTACT_PERSON_GIVEN_NAME=Name
+      - SATOSA_CONTACT_PERSON_IPA_CODE=ispra_rm
+      - SATOSA_CONTACT_PERSON_MUNICIPALITY=H501
+      - SATOSA_ENCRYPTION_KEY=CHANGE_ME!
+
+      - SATOSA_ORGANIZATION_DISPLAY_NAME_EN=Resource provided by Example Organization
+      - SATOSA_ORGANIZATION_DISPLAY_NAME_IT=Resource provided by Example Organization
+      - SATOSA_ORGANIZATION_NAME_EN=Resource provided by Example Organization
+      - SATOSA_ORGANIZATION_NAME_IT=Resource provided by Example Organization
+      - SATOSA_ORGANIZATION_URL_EN=https://example_organization.org
+      - SATOSA_ORGANIZATION_URL_IT=https://example_organization.org
+      - SATOSA_PRIVATE_KEY=${KEYS_FOLDER}/privkey.pem
+      - SATOSA_PUBLIC_KEY=${KEYS_FOLDER}/cert.pem
+      - SATOSA_SALT=CHANGE_ME!
+      - SATOSA_STATE_ENCRYPTION_KEY=CHANGE_ME!
+      - SATOSA_UI_DESCRIPTION_EN=Resource description
+      - SATOSA_UI_DESCRIPTION_IT=Resource description
+      - SATOSA_UI_DISPLAY_NAME_EN=Resource Display Name
+      - SATOSA_UI_DISPLAY_NAME_IT=Resource Display Name
+      - SATOSA_UI_INFORMATION_URL_EN=https://example_organization.org/information_url_en
+      - SATOSA_UI_INFORMATION_URL_IT=https://example_organization.org/information_url_en
+      - SATOSA_UI_LOGO_HEIGHT=60
+      - SATOSA_UI_LOGO_URL=https://example_organization.org/logo.png
+      - SATOSA_UI_LOGO_WIDTH=80
+      - SATOSA_UI_PRIVACY_URL_EN=https://example_organization.org/privacy_en
+      - SATOSA_UI_PRIVACY_URL_IT=https://example_organization.org/privacy_en
+      - SATOSA_USER_ID_HASH_SALT=CHANGE_ME!
+      - SATOSA_REQUESTED_ATTRIBUTES=[]
+
+      - GET_IDEM_MDQ_KEY=true
+    expose:
+      - 10000
+    ports:
+      - "10000:10000"
+    volumes:
+       - /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
+       - ../docker-example:/satosa_proxy:rw
+    working_dir: /satosa_proxy
+    entrypoint: "sh entrypoint.sh"
+    networks:
+      - satosa-saml2spid
+    healthcheck:
+      test: curl --fail http://localhost/SAML2IDP/metadata || exit 1
+      interval: 2s
+      retries: 10
+      start_period: 10s
+      timeout: 10s
+
+  satosa-nginx:
+    image: nginx:alpine
+    container_name: satosa-nginx
+    depends_on:
+      - satosa-saml2spid
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx/nginx.conf_uwsgi_pass:/etc/nginx/nginx.conf:ro
+      - ./nginx/50x.html:/usr/share/nginx/html/50x.html:ro
+      - ./nginx/404.html:/usr/share/nginx/html/404.html:ro
+      - ./nginx/403.html:/usr/share/nginx/html/403.html:ro
+      - nginx_certs:/etc/nginx/certs:ro
+      - ../docker-example/static:/var/www/html
+    networks:
+      - satosa-saml2spid
+
+  spid-samlcheck:
+    image: italia/spid-saml-check
+    container_name: spid-samlcheck
+    ports:
+      - "8443:8443"
+    networks:
+      - satosa-saml2spid
+
+volumes:
+
+  mongodata:
+    name: satosa-saml2spid_mongodata
+    external: true
+
+  nginx_certs:
+    name: satosa-saml2spid_nginx_certs
+    external: true
+
+networks:
+  satosa-saml2spid:
+    name: satosa-saml2spid