semantic image tags

Added

• Added semantic version tags to Docker image (e.g. 1.2 for tag 1.2.3).

fix missing controller values

IDP-1043 ssp-base #203: nag.php expects array entries which aren't always being set

Fixed

• Assign all values needed in the state by the nag.php page.

Changed

• Refactor ProfileReview.php redirectToProfileReview and redirectToNag methods to pass fewer parameters and reduce code duplication.

remove dead code

Removed

• Removed code no longer used.

Upgrade SimpleSAMLphp to version 2

This release (10.0.0) incorporates all of the "10.0.0-alpha" release changes plus the following:

Changed (breaking)

• Use the normal SimpleSAMLphp metadata file format while keeping the ability to use multiple files for saml20-sp-remote and saml20-idp-remote

Removed

• Removed unused config options
  • Removed dateFormat from expirychecker module
  • Removed originalUrlParam from expirychecker module
  • Removed excludeByDefault from sildisco module
  • Removed IDP_NAME and IDP_DISPLAY_NAME and use the metadata name property instead
  • Removed SAML20_IDP_ENABLE environment variable
  • Removed SESSION_DURATION environment variable

Fixed

• Rather than fail silently, throw an exception if the state doesn't contain the SP entityID

Changed

• Updated documentation for changes related to SimpleSAMLphp v2 upgrade. Changes are mostly limited to correcting errors and not for general improvement of documentation.
• Simplified sildisco integration tests, removing equivalent scenarios
• Enabled sildisco metadata test scenarios. This feature was fixed earlier, but I forgot to enable the tests.
• Use SimpleSAMLphp's MetaDataStorageHandler in place of Sil\SspUtils\Metadata. This would be necessary to use a Metadata backend other than "flatfile".

miscellaneous fixes

Fixed

• Use preferred ENV=value syntax in Dockerfile
• Correct the Metadata utils path in sildisco/metadata.php
• Added a null coalesce on $state['mfaLearnMoreUrl'] for the review page
  • fixes error: SimpleSAML\Error\Exception: Warning - Undefined array key "mfaLearnMoreUrl" at /data/vendor/simplesamlphp/simplesamlphp/modules/profilereview/public/nag.php:37
• Defined exampleauth:UserPass users in users key
  • fixes error: Module exampleauth:UserPass configured in legacy mode. Please put your username:password entries under the "users" key in your authsource.
• Changed from if to assert to catch error condition earlier
• Stop using the admin module to access the hub discovery page
  • fixes error: Caused by: Twig\Error\RuntimeError: An exception has been thrown during the rendering of a template ("SimpleSAML\XHTML\Template::getEntityDisplayName(): Argument #⁠1 ($data) must be of type array, null given, called in /data/vendor/twig/twig/src/Environment.php(392) : eval()'d code on line 82").
• Filled in missing data in authsources.php
  • fixes error: SimpleSAML\Error\Exception: Warning - Undefined array key "add" at /data/vendor/simplesamlphp/simplesamlphp/modules/profilereview/src/Auth/Process/ProfileReview.php:234

Removed

• Removed browser check for webauthn support
• Removed abandoned package sinergi/browser-detector
• In Dockerfile:
  • Removed ENV REFRESHED_AT
  • Removed RUN mkdir -p /data
  • Removed s3-expand
  • Removed RUN chmod a+x /data/run.sh /data/run-tests.sh
• Removed index.php override, originally added to call autoload.php, no longer needed
• Removed id.php override, originally added for load balancer, no longer needed
• Removed announcement.php placeholder
• Removed material logout template. We have no need of this since logout redirects back to the SP.
• Removed support for the enabled metadata IdP attribute

Changed

• Updated php-env and use null as the default for getArray for TRUSTED_URL_DOMAINS

updated sildisco for SSP 2

Changed

• Re-enabled sildisco for IdP discovery.
• Fixed SP name display on sildisco IdP selection page.
• Use entityDisplayName Twig filter for displaying the IdP and SP names.
• Updated test metadata to include entityid in every entry, and make name an array.
• Patch the standard SP AuthSource to modify behavior when multiple IdPs are available for an SP.
  • When more than one IdP is available, always present the discovery page. Standard behavior is to proceed using an existing IdP session if possible.
  • When re-authentication is required, always present the discovery page. Standard behavior is to let the user choose whether to cancel or continue.

Removed

• Removed source files copied from SimpleSAMLphp that are no longer used.
• Removed leftover dictionary files from pre-SSP2
• Removed actions-services.yml
• Removed patch from run.sh
• Removed "beta test" feature. We do not use this in staging or production.

Fixed

• Fixed the SingleLogoutService on the test IdPs to use the standard saml2-logout.php since it no longer needs to be customized.
• Added use statements to import classes
• Removed unnecessary use statements

More fixes for SimpleSAMLphp 2

Changed

• Update Twig templates to recommended style (space after colon, snake case vars)

Fixed

• Changed getString to getOptionalString (and similar changes)
• Instantiate SimpleSAMLphp Utils classes
• Define variables needed in the header template (analytics_tracking_id and theme_color_scheme)

Update to SimpleSAMLphp 2.2.2

Work in progress

This is still a work in progress. Much of single-IdP functionality is now in place, but IdP proxy (a/k/a "hub") capability is not yet working.

Changed (breaking)

• Updated SimpleSAMLphp to 2.2.2 along with all required dependencies
• Rename all lib directories to src
• Rename all www directories to public
• Added PHP type-hinting in module code
• Updated dockerbuild/config/config.php using the latest SimpleSAMLphp example file (config/config.php.dist).
• Use the config.php file in the ssp-base image for local development and for automated tests, lightly modified.
• Changed NameIDPolicy because it must now be an array. Reference IDP-1115
• The SimpleSAML\Utils classes now require instantiation to call member functions because the methods are no longer static. IDP-1103
• Converted material module templates to use Twig IDP-898
• (Temporary) Disabled sildisco IdP discovery and reverted to standard SimpleSAMLphp IdP discovery.

Changed

• Reformatted PHP code to PSR-12 standard

Added

• Create a cache directory in the Docker image (required by SimpleSAMLphp 2).

Removed

• Removed Vagrantfile
• Removed core:StatisticsWithAttribute authproc as it was moved to another module that is not enabled by default.

Reference

https://itse.youtrack.cloud/issue/IDP-869
https://itse.youtrack.cloud/issue/IDP-900

more cleanup and SSP 2 prep work

Changed (non-breaking)

• Added saml, core, and admin modules to the module.enable config entry to prepare for SimpleSAMLphp 2.x. (IDP-892)

Removed

• Removed memcache option for session storage. (IDP-1041)
• Removed TIMEZONE config option. (IDP-1041)
• Removed GOOGLE_ENABLE option. (IDP-1041)

cleanup, twig prep, typehints

Added

• Local development helps

Changed (breaking)

• Always use the material theme
• Added PHP typehints to module code

Changed (non-breaking)

• Moved PHP code out of templates in preparation for conversion to Twig templating
• Made the ADMIN_EMAIL variable no longer required

Fixed

• Fixed a "not found" error on the simplewebauthn browser.js file, which prevented use of a Webauthn 2sv option at login
• Fixed failure in hub mode due to a missing dependency (AWS SDK)
• Fixed failure to run complete migrations. Reverted the migration namespace back to the original (\Sil\SilAuth\migrations).
• Better error handling for manager "rescue" code request failure