moved key/cert to priv/keys, deps refreshed as well

.gitignore

@@ -17,6 +17,7 @@ npm-debug.log
 # we ignore priv/static. You may want to comment
 # this depending on your deployment strategy.
 /priv/static/
+/priv/keys/
 
 # Files matching config/*.secret.exs pattern contain sensitive
 # data and you should not commit them into version control.
@@ -25,6 +26,4 @@ npm-debug.log
 # secrets files as long as you replace their contents by environment
 # variables.
 /config/*.secret.exs
-idp_metadata.xml
-samly.crt
-samly.pem
+/*.xml

README.md

@@ -28,17 +28,23 @@ The changes required are confined to the `config/dev.exs` file.
 git clone https://github.com/handnot2/samly_howto
 cd samly_howto
 ./gencert.sh
-cd assets && npm install && cd ..
 mix deps.get
 mix compile
+cd assets && npm install && cd ..
 ```
 
-> Before you can run this application, you need to setup an IdP. Checkout the
-> instructions in the [Samly Documentation](https://hexdocs.pm/samly)
-
-Make sure that the Docker compose based SimpleSAMLphp IdP is setup. Follow
-the instructions there to establish mutual trust between the SimpleSAMLphp
-IdP and this application.
+> Before you can run this application, you need to have a working
+> SAML Identity Provider setup. Checkout the instructions in
+> 
+> [Samly Documentation](https://hexdocs.pm/samly)
+>
+> for configuration related information. The following blog post
+> will be very useful as well (based on Shibboleth SAML IdP):
+>
+> [SAML Authentication for Phoenix](https://handnot2.github.io/blog/auth/saml-auth-for-phoenix)
+>
+> If you want to use `SimpleSAMLphp`, checkout:
+> [`samly_simplesaml`](https://github.com/handnot2/samly_simplesaml).
 
 Start this application by running
 
@@ -47,4 +53,4 @@ Start this application by running
 ```
 
 This application can now be accessed from the browser by visiting the
-URL: `http://samly.howto:4003`.
+URL: `https://samly.howto:4443`.

config/dev.exs

@@ -7,7 +7,13 @@ use Mix.Config
 # watchers to your application. For example, we use it
 # with brunch.io to recompile .js and .css sources.
 config :samly_howto, SamlyHowtoWeb.Endpoint,
-  http: [port: {:system, "PORT"}],
+  #http: [port: {:system, "PORT"}],
+  https: [
+    port: 4443,
+    otp_app: :samly_howto,
+    keyfile: "priv/keys/samly.pem",
+    certfile: "priv/keys/samly.crt"
+  ],
   url: [host: {:system, "HOST"}],
   debug_errors: true,
   code_reloader: true,
@@ -64,46 +70,46 @@ config :samly, Samly.Provider,
   service_providers: [
     %{
       id: "sp1",
-      entity_id: "urn:samly.howto:sp1",
-      certfile: "samly.crt",
-      keyfile: "samly.pem",
+      #entity_id: "urn:samly.howto:sp1",
+      certfile: "priv/keys/samly.crt",
+      keyfile: "priv/keys/samly.pem",
       contact_name: "Samly Howto SP1 Admin",
       contact_email: "[email protected]",
       org_name: "Samly Howto SP1",
       org_displayname: "Samly Howto SP1 Displayname",
-      org_url: "http://samly.howto:4003"
+      org_url: "https://samly.howto:4443"
     },
     %{
       id: "sp2",
-      entity_id: "urn:idp2.samly.howto:sp2",
-      certfile: "samly.crt",
-      keyfile: "samly.pem"
+      #entity_id: "urn:idp2.samly.howto:sp2",
+      certfile: "priv/keys/samly.crt",
+      keyfile: "priv/keys/samly.pem",
       # contact_name: "Samly Howto SP2 Admin",
       # contact_email: "[email protected]",
       # org_name: "Samly Howto SP2",
       # org_displayname: "Samly Howto SP2 Displayname",
-      # org_url: "http://idp2.samly.howto:4003"
+      # org_url: "https://idp2.samly.howto:4443"
     },
     %{
       id: "sp3",
-      entity_id: "urn:idp3.samly.howto:sp3",
-      certfile: "samly.crt",
-      keyfile: "samly.pem"
+      #entity_id: "urn:idp3.samly.howto:sp3",
+      certfile: "priv/keys/samly.crt",
+      keyfile: "priv/keys/samly.pem",
       # contact_name: "Samly Howto SP3 Admin",
       # contact_email: "[email protected]",
       # org_name: "Samly Howto SP3",
       # org_displayname: "Samly Howto SP3 Displayname",
-      # org_url: "http://idp3.samly.howto:4003"
+      # org_url: "https://idp3.samly.howto:4443"
     }
   ],
   identity_providers: [
     %{
       id: "idp1",
       sp_id: "sp1",
-      base_url: "http://samly.howto:4003/sso",
+      base_url: "https://samly.howto:4443/sso",
       metadata_file: "idp_metadata.xml",
-      pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline
-      # use_redirect_for_req: false,
+      pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline,
+      use_redirect_for_req: true,
       # sign_requests: true,
       # sign_metadata: true,
       # signed_assertion_in_resp: true,
@@ -112,10 +118,10 @@ config :samly, Samly.Provider,
     %{
       id: "idp2",
       sp_id: "sp2",
-      base_url: "http://idp2.samly.howto:4003/sso",
+      base_url: "https://idp2.samly.howto:4443/sso",
       metadata_file: "idp_metadata.xml",
-      pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline
-      # use_redirect_for_req: false,
+      pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline,
+      use_redirect_for_req: true,
       # sign_requests: true,
       # sign_metadata: true,
       # signed_assertion_in_resp: true,
@@ -124,10 +130,10 @@ config :samly, Samly.Provider,
     %{
       id: "idp3",
       sp_id: "sp3",
-      base_url: "http://idp3.samly.howto:4003/sso",
+      base_url: "https://idp3.samly.howto:4443/sso",
       metadata_file: "idp_metadata.xml",
-      pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline
-      # use_redirect_for_req: false,
+      pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline,
+      use_redirect_for_req: true,
       # sign_requests: true,
       # sign_metadata: true,
       # signed_assertion_in_resp: true,

gencert.sh

@@ -10,9 +10,11 @@ OU="Howto"
 CN="samly.howto"
 SUBJ="/C=${C}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${CN}"
 
+mkdir -p priv/keys
+
 echo "Generating SP certificate ..."
 openssl req -new -x509 -sha256 -days 365 -nodes \
   -newkey rsa:4096 \
-  -out ${NAME}.crt \
-  -keyout ${NAME}.pem \
+  -out priv/keys/${NAME}.crt \
+  -keyout priv/keys/${NAME}.pem \
   -subj "${SUBJ}"

mix.exs

@@ -4,7 +4,7 @@ defmodule SamlyHowto.Mixfile do
   def project do
     [
       app: :samly_howto,
-      version: "0.6.1",
+      version: "0.7.0",
       elixir: "~> 1.4",
       elixirc_paths: elixirc_paths(Mix.env()),
       compilers: [:phoenix, :gettext] ++ Mix.compilers(),

mix.lock

@@ -1,14 +1,15 @@
 %{"cowboy": {:hex, :cowboy, "1.1.2", "61ac29ea970389a88eca5a65601460162d370a70018afe6f949a29dca91f3bb0", [:rebar3], [{:cowlib, "~> 1.0.2", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3.2", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm"},
   "cowlib": {:hex, :cowlib, "1.0.2", "9d769a1d062c9c3ac753096f868ca121e2730b9a377de23dec0f7e08b1df84ee", [:make], [], "hexpm"},
-  "esaml": {:hex, :esaml, "3.1.0", "76337f00b5953a6c249fa8c322905c7a069b7c20339ece3756072279e6dcb41c", [:rebar3], [{:cowboy, "1.1.2", [hex: :cowboy, repo: "hexpm", optional: false]}], "hexpm"},
+  "esaml": {:hex, :esaml, "3.3.0", "9b675c1201ef2d60e53cf5603a20560e1a688acc128bf0de476812919e4d2c52", [:rebar3], [{:cowboy, "1.1.2", [hex: :cowboy, repo: "hexpm", optional: false]}], "hexpm"},
   "file_system": {:hex, :file_system, "0.2.2", "7f1e9de4746f4eb8a4ca8f2fbab582d84a4e40fa394cce7bfcb068b988625b06", [:mix], [], "hexpm"},
-  "gettext": {:hex, :gettext, "0.13.1", "5e0daf4e7636d771c4c71ad5f3f53ba09a9ae5c250e1ab9c42ba9edccc476263", [:mix], [], "hexpm"},
+  "gettext": {:hex, :gettext, "0.14.0", "1a019a2e51d5ad3d126efe166dcdf6563768e5d06c32a99ad2281a1fa94b4c72", [:mix], [], "hexpm"},
   "mime": {:hex, :mime, "1.1.0", "01c1d6f4083d8aa5c7b8c246ade95139620ef8effb009edde934e0ec3b28090a", [:mix], [], "hexpm"},
   "phoenix": {:hex, :phoenix, "1.3.0", "1c01124caa1b4a7af46f2050ff11b267baa3edb441b45dbf243e979cd4c5891b", [:mix], [{:cowboy, "~> 1.0", [hex: :cowboy, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 1.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"},
-  "phoenix_html": {:hex, :phoenix_html, "2.10.4", "d4f99c32d5dc4918b531fdf163e1fd7cf20acdd7703f16f5d02d4db36de803b7", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
+  "phoenix_html": {:hex, :phoenix_html, "2.10.5", "4f9df6b0fb7422a9440a73182a566cb9cbe0e3ffe8884ef9337ccf284fc1ef0a", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
   "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.1.3", "1d178429fc8950b12457d09c6afec247bfe1fcb6f36209e18fbb0221bdfe4d41", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.0 or ~> 1.2 or ~> 1.3", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm"},
   "phoenix_pubsub": {:hex, :phoenix_pubsub, "1.0.2", "bfa7fd52788b5eaa09cb51ff9fcad1d9edfeb68251add458523f839392f034c1", [:mix], [], "hexpm"},
   "plug": {:hex, :plug, "1.4.3", "236d77ce7bf3e3a2668dc0d32a9b6f1f9b1f05361019946aae49874904be4aed", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1", [hex: :cowboy, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}], "hexpm"},
   "poison": {:hex, :poison, "3.1.0", "d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665", [:mix], [], "hexpm"},
   "ranch": {:hex, :ranch, "1.3.2", "e4965a144dc9fbe70e5c077c65e73c57165416a901bd02ea899cfd95aa890986", [:rebar3], [], "hexpm"},
-  "samly": {:hex, :samly, "0.8.1", "483aaa0191eaf9f0c00c1896da5e7bbd3376804b9a8db88282a27eb20d94e432", [], [{:esaml, "~> 3.1", [hex: :esaml, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"}}
+  "samly": {:hex, :samly, "0.8.4", "cf14c25157f07a85f62c4cac892bb971f3c341dd3209c8957bc601d7db27a82b", [:mix], [{:esaml, "~> 3.3", [hex: :esaml, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}, {:sweet_xml, "~> 0.6", [hex: :sweet_xml, repo: "hexpm", optional: false]}], "hexpm"},
+  "sweet_xml": {:hex, :sweet_xml, "0.6.5", "dd9cde443212b505d1b5f9758feb2000e66a14d3c449f04c572f3048c66e6697", [:mix], [], "hexpm"}}