Merge branch 'eudi' of github.com:Gartic99/Satosa-Saml2Spid into eudi

.github/workflows/python-app.yml

@@ -18,9 +18,7 @@ jobs:
       fail-fast: false
       matrix:
         python-version:
-          - '3.9'
           - '3.10'
-          - '3.11'
 
     steps:
     - uses: actions/checkout@v3

README-Setup.md

@@ -24,6 +24,8 @@ sudo yum install -y python3-wheel python3-devel
 
 ###### Prepare environment
 
+Within the directory `/{your path}/Satosa-Saml2Spid` execute the following commands:
+
 ```
 pip install --upgrade pip
 pip install virtualenv
@@ -39,7 +41,7 @@ pip install -r requirements.txt
 
 ## Configure the Proxy
 
-- Create certificates for SPID see [psmiraglia](https://github.com/italia/spid-compliant-certificates).
+- Create certificates for SPID, using [spid-compliant-certificates](https://github.com/italia/spid-compliant-certificates) or [spid-compliant-certificates-python](https://github.com/italia/spid-compliant-certificates-python)
 - Copy `repository/example/*` contents (`cp -R repository/example/* .`) and **edit the files below** 
 
   - `proxy_conf.yaml`

README.md

@@ -6,13 +6,14 @@ with the  **Italian Digital Identity Systems**.
 
 ## Table of Contents
 
-1. [Goal](#goal)
-2. [Demo components](#demo-components)
-3. [Docker](#docker)
-6. [Setup](README-Setup.md)
-8. [For Developers](#for-developers)
-9. [Author](#authors)
-10. [Credits](#credits)
+1. [Glossary](#Glossary)
+2. [General features](#general-features)
+3. [Introduction](#introduction)
+4. [Demo components](#demo-components)
+5. [Setup](#setup)
+6. [For Developers](#for-developers)
+7. [Author](#authors)
+8. [Credits](#credits)
 
 
 ## Glossary
@@ -59,15 +60,11 @@ limitations, traditionally could not interact each other.
 
 ## Demo components
 
-The example project comes with the following demo pages, served
-with the help of an additional webserver dedicated for static contents:
+The example project comes with some preconfigured static pages.
 
+<img src="gallery/disco_page.png" width="512">
 
-###### Discovery Service page
-
-<img src="gallery/disco.png" width="512">
-
-See other page screenshot [here](README-GALLERY.md).
+for other page screenshots, see [here](README-GALLERY.md).
 
 These demo pages are static files, available in `example/static`.
 To get redirection to these pages, or redirection to third-party services, it is required to configure the files below:
@@ -76,41 +73,61 @@ To get redirection to these pages, or redirection to third-party services, it is
 - file: `example/plugins/{backends,frontends}/$filename`, example value: `disco_srv: "https://static-contents.example.org/static/disco.html"`
 
 
-## Docker
+## Usage
+
+The average time to set up this project for your needs takes roughly 1 hour. 
+This time may vary depending on your configuration, how many backend and 
+frontend you configure, the machine's resources and the type of network 
+connection for the download of the docker images.
+
+For the setup of this project, the following dependency must be installed in your machine:
+
+  - Python 3.10 or higher
+  - Git
+  - Docker
+
+### Setup
+
+All the setup instructions for your Satosa-Saml2spid configuration are available in [README-SETUP.md](README-Setup.md).
+
+### Docker Compose
+
+This project uses Docker, all the instructions to configure this project using the official docker images are available in [Docker-compose](Docker-compose/README.md).
+
+The docker compose may use the [enviroment variables](README-Setup.md#configuration-by-environment-variables) 
+to configure Satosa-Saml2Spid.
 
 <img src="gallery/docker-design.svg" width="512">
 
 The official Satosa-Saml2SPID docker image is available at 
 [italia/satosa-saml2spid](https://ghcr.io/italia/satosa-saml2spid).
 
-Below some quick commands:
+To install it, you can execute the following command: `sudo docker pull ghcr.io/italia/satosa-saml2spid:latest`.
 
-- Install it, execute the following command: `sudo docker pull ghcr.io/italia/satosa-saml2spid:latest`.
-- Build locally the image, execute the following command: `docker build -t satosa-saml2spid .`.
-- Inspect the image content: `docker run -it -v $(pwd)/example:/satosa_proxy --entrypoint sh satosa-saml2spid`.
+Otherwise you can build the image executing the following command: `docker build -t satosa-saml2spid .`.
 
+Then you can even inspect the image content, by running the following command: `docker run -it -v $(pwd)/example:/satosa_proxy --entrypoint sh satosa-saml2spid`.
 
-### Docker compose
 
-Satosa-Saml2Spid image is built with production ready logic.
-The docker compose may use the [enviroment variables](#configuration-by-environment-variables) 
-to configure Satosa-Saml2Spid.
+### Setup a Djangosaml2 example Service Provider
 
-See [Docker-compose](Docker-compose) for details.
+This project provides an example SAML2 Service Provider for demo purposes, 
+this Service Provider is executed by default in the Docker Compose.
 
+For any further detail about its configuration, see [example_sp/djangosaml2_sp/README.md](example_sp/djangosaml2_sp/README.md).
 
-## Setup
+Below the demo using the djangosaml2 Service Provider with the Wallet authentication [OpenID4VP ](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html).
 
-See [README-SETUP.md](README-Setup.md).
+<img src="gallery/wallet-demo.gif" width="768">
 
 
 ## For Developers
 
-If you're doing tests and you don't want to pass through the Discovery page each time you can use `idphinting` if your SP support it.
+If you're running tests and you don't want to pass through the Discovery page each time you can use `idphinting` if your SP support it.
 Below an example using a djangosaml2 Service Provider:
 
 ```
-http://localhost:8000/saml2/login/?idp=https://localhost:10000/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080
+http://localhost:8000/saml2/login/?idp=https://localhost/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080
 ```
 
 If you're going to test Satosa-Saml2Spid with spid-sp-test, take a look to

example/README.md

@@ -0,0 +1,31 @@
+### Pre-requirements
+
+Make sure that the following Docker containers are up and running 
+<img src="../gallery/docker_container.png">
+
+
+
+> **NOTE**
+> - use the following command to check if everythings is correctly running ``docker ps -a``
+> - use the following command to start a stopped container ``docker start <NAME>``
+
+<hr>
+
+if everything is okay, you will be able to access the login Saml2 service provider page
+
+
+<img src="../gallery/disco_page.png">
+
+
+### To log in, follow the steps described in the image below:
+
+![result](../gallery/screen.gif)
+
+> #### NOTE:
+>
+> - Use "Entra con SPID" and select "Spid_Test" Method 
+> - Use the following credential -> user: validator | psw: validator
+> - Use the following link to Load Metadata `https://satosa-nginx/spidSaml2/metadata`
+>
+
+

example_sp/djangosaml2_sp/README.md

@@ -1,3 +1,8 @@
+# How to run the Demo Django template
+
+
+ Within the directory `/{your path}/Satosa-Saml2Spid/example_sp` execute the following commands
+
 ### djangosaml2-sp (SP server)
 ````
 sudo apt install xmlsec1 python3-dev python3-pip libssl-dev
@@ -8,7 +13,7 @@ source env/bin/activate
 
 cd djangosaml2_sp
 # download idp metadata to sp, not needed if remote options is enabled
-wget https://localhost:10000/Saml2IDP/metadata/ -O saml2_sp/saml2_config/satosa-saml2spid.xml --no-check-certificate
+wget https://localhost/Saml2IDP/metadata/ -O saml2_sp/saml2_config/satosa-saml2spid.xml --no-check-certificate
 
 # install prerequisite
 pip install -r requirements.txt
@@ -20,6 +25,23 @@ python manage.py migrate
 ./manage.py runserver 0.0.0.0:8000
 ````
 
+At the end of the execution, the server will be started at the following link: http://0.0.0.0:8000
+and you will be able to view the project's demo page (see below)
+
+
+
+<img src="../../gallery/djangosaml2_sp.png">
+
+
+
+
+Now click on "Accedi all'area personale" (at the top right of the page header). 
+You will be redirect to the Saml2 Service Provider page [Service Provider page](../../example/README.md)
+
+
+
+
+
 ### Add SP metadata to Satosa server
 ```
 # put sp metadata to satosa 

example_sp/djangosaml2_sp/djangosaml2_sp/sp_pysaml2_satosa.py

@@ -207,6 +207,8 @@
     'eduPersonEntitlement': ('eduPersonEntitlement',),
     'schacPersonalUniqueCode': ('schacPersonalUniqueCode',),
 
+    "givenName": ('first_name', ),
+
     # spid related
     'name': ('first_name', ),
     'familyName': ('last_name', ),

example_sp/djangosaml2_sp/djangosaml2_sp/urls.py

@@ -4,6 +4,8 @@
 from django.contrib.auth.views import LogoutView
 from django.urls import include, path
 
+from saml2_sp.views import amministrazione, index, echo_attributes
+
 urlpatterns = [
     path('admin/', admin.site.urls),
 ]
@@ -13,17 +15,22 @@
     SAML2_URL_PREFIX = 'saml2'
 
     urlpatterns.extend([
-        path('', include((saml2_sp.urls, 'sp',))),
+        #path('', include((saml2_sp.urls, 'sp',))),
+        path(f'', index, name='index'),
+        path(f'amministrazione/', amministrazione, name='amministrazione'),
+        path(f'echo_attributes/', echo_attributes, name='echo_attributes'),
+
         path(f'{SAML2_URL_PREFIX}/login/', views.LoginView.as_view(), name='saml2_login'),
         path(f'{SAML2_URL_PREFIX}/acs/', views.AssertionConsumerServiceView.as_view(), name='saml2_acs'),
         path(f'{SAML2_URL_PREFIX}/logout/', views.LogoutInitView.as_view(), name='saml2_logout'),
         path(f'{SAML2_URL_PREFIX}/ls/', views.LogoutView.as_view(), name='saml2_ls'),
         path(f'{SAML2_URL_PREFIX}/ls/post/', views.LogoutView.as_view(), name='saml2_ls_post'),
         path(f'{SAML2_URL_PREFIX}/metadata/', views.MetadataView.as_view(), name='saml2_metadata'),
-        path(f'{SAML2_URL_PREFIX}/echo_attributes', views.EchoAttributesView.as_view(), name='saml2_echo_attributes'),
+        #  path(f'{SAML2_URL_PREFIX}/echo_attributes', views.EchoAttributesView.as_view(), name='saml2_echo_attributes'),
         path('logout/', LogoutView.as_view(), {'next_page': settings.LOGOUT_REDIRECT_URL}, name='logout')
     ])
 
+
 if 'djangosaml2_spid' in settings.INSTALLED_APPS:
     import djangosaml2_spid.urls
 

example_sp/djangosaml2_sp/saml2_sp/templates/echo_attributes.html

@@ -1,30 +1,37 @@
 {% extends "base.html" %}
 {% load i18n %}
 {% load static %}
-{% block container %}
 
+{% block container %}
 <section id="area-riservata">
   <div class="container">
     <div class="row">
       <div class="nav-tabs-hidescroll mt-4 mt-md-5">
         <div class="tab-content">
             <div id="profile" class="tab-pane fade show active">
-                <h5 class="mb-4">Profilo Utente</h5>
+                <h5 class="mb-4">Benvenuto {{ user.first_name }}</h5>
+
+                <p>Di seguito la lista dei tuoi dati personali.</p>
+
                 <table class="table table-striped">
-                <thead>
-                  <tr>
-                    <th scope="col">Nome</th>
-                    <th scope="col">Valore</th>
-                  </tr>
-                </thead>
-                <tbody class="table-group-divider">
-                {% for name, value in user.attrs %}
-                      <tr>
-                        <td>{{ name }}</td>
-                        <td>{{ value }}</td>
-                      </tr>
-                {% endfor %}
-                </tbody>
+                  <thead>
+                    <tr>
+                      <th scope="col">Nome</th>
+                      <th scope="col">Valore</th>
+                    </tr>
+                  </thead>
+                  <tbody class="table-group-divider">
+                    {% for name, value in user.attrs %}
+                        {% if name == "_state" or name == "id" or name == "username" or not value or name == "password" %}
+                               <!-- continue on {{ name }}: {{ value }} -->
+                        {% else %}
+                            <tr>
+                              <td>{{ name }}</td>
+                              <td>{{ value }}</td>
+                            </tr>
+                        {% endif %}
+                    {% endfor %}
+                  </tbody>
                 </table>
               </div>
             </div>
@@ -33,6 +40,7 @@ <h5 class="mb-4">Profilo Utente</h5>
     </div>
   </div>
 </section>
+<br>
 {% endblock %}
 
-
+

example_sp/djangosaml2_sp/saml2_sp/views.py

@@ -47,16 +47,18 @@
 def index(request):
     """ Barebone 'diagnostics' view, print user attributes if logged in + login/logout links.
     """
-    return render(request,"base.html",context)
+    return render(request, "base.html", context)
+
 
 def amministrazione(request):
-    return render(request,"amministrazione.html",context)
+    return render(request, "amministrazione.html", context)
+
 
 def echo_attributes(request):
-    context['attribute_display_names']=attribute_display_names
-    return render(request,"echo_attributes.html",context)
+    context['attribute_display_names'] = attribute_display_names
+    return render(request, "echo_attributes.html", context)
+
 
-# TODO fix this in IdP side?
 @receiver(pre_user_save, sender=User)
 def custom_update_user(sender, instance, attributes, user_modified, **kargs):
     """ Default behaviour does not play nice with booleans encoded in SAML as u'true'/u'false'.
@@ -66,4 +68,4 @@ def custom_update_user(sender, instance, attributes, user_modified, **kargs):
         u = set.intersection(set(v), set([u'true', u'false']))
         if u:
             setattr(instance, k, u.pop() == u'true')
-    return True  # I modified the user object
+    return True