diff --git a/compose/django/Dockerfile.production b/compose/django/Dockerfile.production index d95f7825a3b83dd65a402b7cbbd229051a6787e3..6a7e8c82bbc858af94d8d5683dbf045369aa40bf 100644 --- a/compose/django/Dockerfile.production +++ b/compose/django/Dockerfile.production @@ -22,10 +22,11 @@ WORKDIR /app # install rdmo and gunicorn RUN apt-get update && apt-get install -y --no-install-recommends \ - python3-pip python3-dev python3-setuptools gcc python3-wheel \ + python3-pip python3-dev python3-setuptools gcc python3-wheel git \ && pip3 install rdmo \ && pip3 install gunicorn \ - && apt-get remove -y python3-pip python3-dev python3-setuptools gcc python3-wheel \ + && pip3 install -r requirements/shibboleth.txt \ + && apt-get remove -y python3-pip python3-dev python3-setuptools gcc python3-wheel git\ && apt-get -y autoremove \ && rm -rf /var/lib/apt/lists/* @@ -33,6 +34,7 @@ COPY ./theme /app/theme COPY ./locale /app/locale COPY ./config/production.py /app/config/settings/local.py +COPY ./config/middleware.py /app/config/middleware.py # download vendor files ENV DJANGO_SECRET_KEY=NOT_SO_SECRET_TEMP_KEY diff --git a/config/middleware.py b/config/middleware.py new file mode 100644 index 0000000000000000000000000000000000000000..2217114fa7a433f4965316b38d79ec0eba987623 --- /dev/null +++ b/config/middleware.py @@ -0,0 +1,12 @@ +# middleware to use shibboleth with gunicorn, e.g. for apache http-proxy + +from shibboleth.middleware import ShibbolethRemoteUserMiddleware +#from pprint import pprint + +class ProxyRemoteUserMiddleware(ShibbolethRemoteUserMiddleware): + header = 'HTTP_REMOTE_USER' + +# def process_request(self, request): +# pprint(vars(request)) + + diff --git a/config/production.py b/config/production.py index 293b36eb56f08dee332bc274ab5ffa2e827e355d..9c1680cc112bcd39e84969fae32892114cf9cd1f 100644 --- a/config/production.py +++ b/config/production.py @@ -1,5 +1,6 @@ import os from . import BASE_DIR +from rdmo.core.settings import INSTALLED_APPS, AUTHENTICATION_BACKENDS, MIDDLEWARE ''' Debug mode, don't use this in production @@ -342,3 +343,33 @@ LOCALE_PATHS = ( os.path.join(BASE_DIR, 'locale'), ) +''' +shibboleth, see https://rdmo.readthedocs.io/en/latest/configuration/authentication/shibboleth.html +''' + +SHIBBOLETH = True +PROFILE_UPDATE = False +PROFILE_DELETE = False + +INSTALLED_APPS += ['shibboleth'] + +AUTHENTICATION_BACKENDS.append('shibboleth.backends.ShibbolethRemoteUserBackend') +MIDDLEWARE.insert( + MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1, + 'shibboleth.middleware.ShibbolethRemoteUserMiddleware' +) +MIDDLEWARE.insert( + MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 2, + 'config.middleware.ProxyRemoteUserMiddleware' +) + +SHIBBOLETH_ATTRIBUTE_MAP = { + 'HTTP_REMOTE_USER': (True, 'username'), + 'HTTP_GIVENNAME': (True, 'first_name'), + 'HTTP_SN': (True, 'last_name'), + 'HTTP_MAIL': (True, 'email'), +} + +LOGIN_URL = '/Shibboleth.sso/Login?target=/projects/' +LOGOUT_URL = '/Shibboleth.sso/Logout' +