The OpenEuropa Authentication module allows authentication against EU Login, the European Commission login service.
Table of contents:
This module requires the following modules:
The recommended way of installing the OpenEuropa Authentication module is via Composer.
composer require openeuropa/oe_authentication
In order to enable the module in your project run:
./vendor/bin/drush en oe_authentication
EU Login service parameters are already set by default when installing the module. Please refer to the EU Login documentation for the available options that can be specified. You can see Project setup section on how to override these parameters.
EU Login service parameters are already set by default when installing the module. Please refer to the EU Login documentation for the available options that can be specified. You can see Project setup section on how to override these parameters.
In the Drupal settings.php
you can override CAS parameters such as the ones below, corresponding to the
cas.settings
and oe_authentication.settings
configuration objects.
$config['cas.settings']['server']['hostname'] = 'authentication';
$config['cas.settings']['server']['port'] = '7002';
$config['cas.settings']['server']['path'] = '/cas';
$config['oe_authentication.settings']['register_path'] = 'register';
$config['oe_authentication.settings']['validation_path'] = 'TicketValidationService';
By default, the development setup is configured via Task Runner to use the demo CAS server provided in the
docker-compose.yml.dist
, i.e. https://authentication:7002
.
If you want to test the module with the actual EU Login service, comment out all the lines above in your settings.php
and clear the cache.
The module enables the option that if a user attempts to login with an account that is not already registered, the account will automatically be created.
See the Cas module for more information.
The module enables the Forced Login feature to force anonymous users to authenticate via CAS when they hit all or some of the pages on your site.
See the Cas module for more information.
The EU Login Authentication server must be accessed over HTTPS and the drupal site will verify the SSL/TLS certificate of the server to be sure it is authentic.
For development, you can configure the module to disable this verification:
$config['cas.settings']['server']['verify'] = '2';
NOTE: DO NOT USE IN PRODUCTION!
See the Cas module for more information.
You can configure the module to "Initialize this client as a proxy" which allows authentication requests to 3rd party services (e.g. ePOETRY).
$config['cas.settings']['proxy']['initialize'] = TRUE;
This option is not enabled by default, if you want to use it please refer to Enable HTTPS PROXY for the drupal site for development. to be sure that your site is available over HTTPS and has good certificates.
See the Cas module for more information.
The OpenEuropa Authentication project contains all the necessary code and tools for an effective development process, such as:
- All PHP development dependencies (Drupal core included) are required by composer.json
- Project setup and installation can be easily handled thanks to the integration with the Task Runner project.
- All system requirements are containerized using Docker Composer
- A mock server for testing.
Download all required PHP code by running:
composer install
This will build a fully functional Drupal test site in the ./build
directory that can be used to develop and showcase
the module's functionality.
Before setting up and installing the site make sure to customize default configuration values by copying runner.yml.dist
to ./runner.yml
and overriding relevant properties.
This command will also:
- Symlink the theme in
./build/modules/custom/oe_authentication
so that it's available for the test site - Setup Drush and Drupal's settings using values from
./runner.yml.dist
. This includes adding parameters for EULogin - Setup PHPUnit and Behat configuration files using values from
./runner.yml.dist
After a successful setup install the site by running:
./vendor/bin/run drupal:site-install
This will:
- Install the test site
- Enable the OpenEuropa Authentication module
Alternatively, you can build a development site using Docker and Docker Compose with the provided configuration.
Docker provides the necessary services and tools such as a web server and a database server to get the site running, regardless of your local host configuration.
By default, Docker Compose reads two files, a docker-compose.yml
and an optional docker-compose.override.yml
file.
By convention, the docker-compose.yml
contains your base configuration and it's provided by default.
The override file, as its name implies, can contain configuration overrides for existing services or entirely new
services.
If a service is defined in both files, Docker Compose merges the configurations.
Find more information on Docker Compose extension mechanism on the official Docker Compose documentation.
To start, run:
docker-compose up
It's advised to not daemonize docker-compose
so you can turn it off (CTRL+C
) quickly when you're done working.
However, if you'd like to daemonize it, you have to add the flag -d
:
docker-compose up -d
Then:
docker-compose exec web composer install
docker-compose exec web ./vendor/bin/run drupal:site-install
To be able to interact with the EULogin Mock Service container you need to add the internal container hostname to the hosts file in your OS.
echo "127.0.1.1 authentication" >> /etc/hosts
Using default configuration, the development site files should be available in the build
directory and the development site should be available at: http://127.0.0.1:8080/build.
To run the grumphp checks:
docker-compose exec web ./vendor/bin/grumphp run
To run the phpunit tests:
docker-compose exec web ./vendor/bin/phpunit
To run the behat tests:
docker-compose exec web ./vendor/bin/behat
EULogin Mock Service container replicates the EU Login service.
To be able to interact with the EULogin Mock Service container you need to add the internal container hostname to the hosts file in your OS.
echo "127.0.1.1 authentication" >> /etc/hosts
To configure the container with User's structures and with some examples of User, you can use files present on the
folder tests/fixtures/mock-server-config/
.
The container docker that provides the EULogin Mock Service ecas-mock-server:4.6.0
is available on a private repo
registry.fpfis.tech.ec.europa.eu
, please contact DEVOPS team to request
access.
See Docker login to connect to the repository.
To enable the https proxy you can uncomment and use the service secureweb
in docker-compose.yml
services:
secureweb:
image: aheimsbakk/https-proxy:4
ports:
- 80:80
- 443:443
links:
- <name of web container>:http
restart: always
volumes:
- ./tests/fixtures/certs/secureweb:/etc/ssl/private
environment:
- SERVER_NAME=secureweb
- SERVER_ADMIN=webmaster@mydomain.com
- PORT_REDIRECT=8080
- SSL_CERT_FILE=/etc/ssl/private/MyKeystore.crt
- SSL_PRIVKEY_FILE=/etc/ssl/private/MyKeystore.key
- SSL_CHAIN_FILE=/etc/ssl/private/MyKeystore.p12
To be able to interact with the https proxy container you need to add the internal container hostname to the hosts file in your OS.
echo "127.0.1.1 secureweb" >> /etc/hosts
Your test site will be available at https://secureweb/build.
Manually disabling Drupal 8 caching is a laborious process that is well described here.
Alternatively you can use the following Drupal Console commands to disable/enable Drupal 8 caching:
./vendor/bin/drupal site:mode dev # Disable all caches.
./vendor/bin/drupal site:mode prod # Enable all caches.
Note: to fully disable Twig caching the following additional manual steps are required:
- Open
./build/sites/default/services.yml
- Set
cache: false
intwig.config:
property. E.g.:
parameters:
twig.config:
cache: false
- Rebuild Drupal cache:
./vendor/bin/drush cr
This is due to the following Drupal Console issue.
Please read the full documentation for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning. For the available versions, see the tags on this repository.