From fcb2900cb430f0b3bc4aa59dd577d45df308f387 Mon Sep 17 00:00:00 2001
From: Ubbo Veentjer <veentjer@sub.uni-goettingen.de>
Date: Mon, 30 Mar 2020 22:43:57 +0200
Subject: [PATCH 1/3] setup shibboleth login

---
 compose/django/Dockerfile.production |  2 ++
 config/middleware.py                 | 12 +++++++++++
 config/production.py                 | 30 ++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 config/middleware.py

diff --git a/compose/django/Dockerfile.production b/compose/django/Dockerfile.production
index d95f782..f5dc211 100644
--- a/compose/django/Dockerfile.production
+++ b/compose/django/Dockerfile.production
@@ -25,6 +25,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
             python3-pip python3-dev python3-setuptools gcc python3-wheel \
     && pip3 install rdmo \
     && pip3 install gunicorn \
+    && pip3 install -r requirements/shibboleth.txt \
     && apt-get remove -y python3-pip python3-dev python3-setuptools gcc python3-wheel \
     && apt-get -y autoremove \
     && rm -rf /var/lib/apt/lists/*
@@ -33,6 +34,7 @@ COPY ./theme /app/theme
 COPY ./locale /app/locale
 
 COPY ./config/production.py /app/config/settings/local.py
+COPY ./config/middleware.py /app/config/middleware.py
 
 # download vendor files
 ENV DJANGO_SECRET_KEY=NOT_SO_SECRET_TEMP_KEY
diff --git a/config/middleware.py b/config/middleware.py
new file mode 100644
index 0000000..2217114
--- /dev/null
+++ b/config/middleware.py
@@ -0,0 +1,12 @@
+# middleware to use shibboleth with gunicorn, e.g. for apache http-proxy
+
+from shibboleth.middleware import ShibbolethRemoteUserMiddleware
+#from pprint import pprint
+
+class ProxyRemoteUserMiddleware(ShibbolethRemoteUserMiddleware):
+    header = 'HTTP_REMOTE_USER'
+
+#    def process_request(self, request):
+#        pprint(vars(request))
+        
+
diff --git a/config/production.py b/config/production.py
index 293b36e..4e1e943 100644
--- a/config/production.py
+++ b/config/production.py
@@ -342,3 +342,33 @@ LOCALE_PATHS = (
     os.path.join(BASE_DIR, 'locale'),
 )
 
+'''
+shibboleth, see https://rdmo.readthedocs.io/en/latest/configuration/authentication/shibboleth.html
+'''
+
+SHIBBOLETH = True
+PROFILE_UPDATE = False
+PROFILE_DELETE = False
+
+INSTALLED_APPS += ['shibboleth']
+
+AUTHENTICATION_BACKENDS.append('shibboleth.backends.ShibbolethRemoteUserBackend')
+MIDDLEWARE.insert(
+    MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1,
+    'shibboleth.middleware.ShibbolethRemoteUserMiddleware'
+)
+MIDDLEWARE.insert(
+    MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 2,
+    'config.middleware.ProxyRemoteUserMiddleware'
+)
+
+SHIBBOLETH_ATTRIBUTE_MAP = {
+    'HTTP_REMOTE_USER': (True, 'username'),
+    'HTTP_GIVENNAME': (True, 'first_name'),
+    'HTTP_SN': (True, 'last_name'),
+    'HTTP_MAIL': (True, 'email'),
+}
+
+LOGIN_URL = '/Shibboleth.sso/Login?target=/projects/'
+LOGOUT_URL = '/Shibboleth.sso/Logout'
+
-- 
GitLab


From 85795676b81113122c1070e7eb0d085b6d577739 Mon Sep 17 00:00:00 2001
From: Ubbo Veentjer <veentjer@sub.uni-goettingen.de>
Date: Mon, 30 Mar 2020 22:50:25 +0200
Subject: [PATCH 2/3] shibboleth install from pip needs git

---
 compose/django/Dockerfile.production | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/compose/django/Dockerfile.production b/compose/django/Dockerfile.production
index f5dc211..6a7e8c8 100644
--- a/compose/django/Dockerfile.production
+++ b/compose/django/Dockerfile.production
@@ -22,11 +22,11 @@ WORKDIR /app
 
 # install rdmo and gunicorn
 RUN apt-get update && apt-get install -y --no-install-recommends \
-            python3-pip python3-dev python3-setuptools gcc python3-wheel \
+            python3-pip python3-dev python3-setuptools gcc python3-wheel git \
     && pip3 install rdmo \
     && pip3 install gunicorn \
     && pip3 install -r requirements/shibboleth.txt \
-    && apt-get remove -y python3-pip python3-dev python3-setuptools gcc python3-wheel \
+    && apt-get remove -y python3-pip python3-dev python3-setuptools gcc python3-wheel git\
     && apt-get -y autoremove \
     && rm -rf /var/lib/apt/lists/*
     
-- 
GitLab


From 164d6c304fdee5605ba6f1a4030b0ce56422aa8c Mon Sep 17 00:00:00 2001
From: Ubbo Veentjer <veentjer@sub.uni-goettingen.de>
Date: Mon, 30 Mar 2020 22:57:20 +0200
Subject: [PATCH 3/3] add missing imports to config.py

---
 config/production.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/production.py b/config/production.py
index 4e1e943..9c1680c 100644
--- a/config/production.py
+++ b/config/production.py
@@ -1,5 +1,6 @@
 import os
 from . import BASE_DIR
+from rdmo.core.settings import INSTALLED_APPS, AUTHENTICATION_BACKENDS, MIDDLEWARE
 
 '''
 Debug mode, don't use this in production
-- 
GitLab