From fcb2900cb430f0b3bc4aa59dd577d45df308f387 Mon Sep 17 00:00:00 2001 From: Ubbo Veentjer <veentjer@sub.uni-goettingen.de> Date: Mon, 30 Mar 2020 22:43:57 +0200 Subject: [PATCH 1/3] setup shibboleth login --- compose/django/Dockerfile.production | 2 ++ config/middleware.py | 12 +++++++++++ config/production.py | 30 ++++++++++++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 config/middleware.py diff --git a/compose/django/Dockerfile.production b/compose/django/Dockerfile.production index d95f782..f5dc211 100644 --- a/compose/django/Dockerfile.production +++ b/compose/django/Dockerfile.production @@ -25,6 +25,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ python3-pip python3-dev python3-setuptools gcc python3-wheel \ && pip3 install rdmo \ && pip3 install gunicorn \ + && pip3 install -r requirements/shibboleth.txt \ && apt-get remove -y python3-pip python3-dev python3-setuptools gcc python3-wheel \ && apt-get -y autoremove \ && rm -rf /var/lib/apt/lists/* @@ -33,6 +34,7 @@ COPY ./theme /app/theme COPY ./locale /app/locale COPY ./config/production.py /app/config/settings/local.py +COPY ./config/middleware.py /app/config/middleware.py # download vendor files ENV DJANGO_SECRET_KEY=NOT_SO_SECRET_TEMP_KEY diff --git a/config/middleware.py b/config/middleware.py new file mode 100644 index 0000000..2217114 --- /dev/null +++ b/config/middleware.py @@ -0,0 +1,12 @@ +# middleware to use shibboleth with gunicorn, e.g. for apache http-proxy + +from shibboleth.middleware import ShibbolethRemoteUserMiddleware +#from pprint import pprint + +class ProxyRemoteUserMiddleware(ShibbolethRemoteUserMiddleware): + header = 'HTTP_REMOTE_USER' + +# def process_request(self, request): +# pprint(vars(request)) + + diff --git a/config/production.py b/config/production.py index 293b36e..4e1e943 100644 --- a/config/production.py +++ b/config/production.py @@ -342,3 +342,33 @@ LOCALE_PATHS = ( os.path.join(BASE_DIR, 'locale'), ) +''' +shibboleth, see https://rdmo.readthedocs.io/en/latest/configuration/authentication/shibboleth.html +''' + +SHIBBOLETH = True +PROFILE_UPDATE = False +PROFILE_DELETE = False + +INSTALLED_APPS += ['shibboleth'] + +AUTHENTICATION_BACKENDS.append('shibboleth.backends.ShibbolethRemoteUserBackend') +MIDDLEWARE.insert( + MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1, + 'shibboleth.middleware.ShibbolethRemoteUserMiddleware' +) +MIDDLEWARE.insert( + MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 2, + 'config.middleware.ProxyRemoteUserMiddleware' +) + +SHIBBOLETH_ATTRIBUTE_MAP = { + 'HTTP_REMOTE_USER': (True, 'username'), + 'HTTP_GIVENNAME': (True, 'first_name'), + 'HTTP_SN': (True, 'last_name'), + 'HTTP_MAIL': (True, 'email'), +} + +LOGIN_URL = '/Shibboleth.sso/Login?target=/projects/' +LOGOUT_URL = '/Shibboleth.sso/Logout' + -- GitLab From 85795676b81113122c1070e7eb0d085b6d577739 Mon Sep 17 00:00:00 2001 From: Ubbo Veentjer <veentjer@sub.uni-goettingen.de> Date: Mon, 30 Mar 2020 22:50:25 +0200 Subject: [PATCH 2/3] shibboleth install from pip needs git --- compose/django/Dockerfile.production | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose/django/Dockerfile.production b/compose/django/Dockerfile.production index f5dc211..6a7e8c8 100644 --- a/compose/django/Dockerfile.production +++ b/compose/django/Dockerfile.production @@ -22,11 +22,11 @@ WORKDIR /app # install rdmo and gunicorn RUN apt-get update && apt-get install -y --no-install-recommends \ - python3-pip python3-dev python3-setuptools gcc python3-wheel \ + python3-pip python3-dev python3-setuptools gcc python3-wheel git \ && pip3 install rdmo \ && pip3 install gunicorn \ && pip3 install -r requirements/shibboleth.txt \ - && apt-get remove -y python3-pip python3-dev python3-setuptools gcc python3-wheel \ + && apt-get remove -y python3-pip python3-dev python3-setuptools gcc python3-wheel git\ && apt-get -y autoremove \ && rm -rf /var/lib/apt/lists/* -- GitLab From 164d6c304fdee5605ba6f1a4030b0ce56422aa8c Mon Sep 17 00:00:00 2001 From: Ubbo Veentjer <veentjer@sub.uni-goettingen.de> Date: Mon, 30 Mar 2020 22:57:20 +0200 Subject: [PATCH 3/3] add missing imports to config.py --- config/production.py | 1 + 1 file changed, 1 insertion(+) diff --git a/config/production.py b/config/production.py index 4e1e943..9c1680c 100644 --- a/config/production.py +++ b/config/production.py @@ -1,5 +1,6 @@ import os from . import BASE_DIR +from rdmo.core.settings import INSTALLED_APPS, AUTHENTICATION_BACKENDS, MIDDLEWARE ''' Debug mode, don't use this in production -- GitLab