/simplesamlphp-module-material

Partial Material Design theme for use with SimpleSAMLphp

Primary LanguagePHPMIT LicenseMIT

Archived

This repository is no longer maintained. It has been included directly in https://github.com/silinternational/ssp-base.

--

Material Design theme for use with SimpleSAMLphp

Installation

composer.phar require silinternational/simplesamlphp-module-material:dev-master

Configuration

Update /simplesamlphp/config/config.php:

'theme.use' => 'material:material'

ssp-base provides a convenience by loading this config with whatever is in the environment variable THEME_USE.

Google reCAPTCHA

If a site key has been provided in $this->data['recaptcha.siteKey'], the username/password page may require the user prove his/her humanity.

Branding

Update /simplesamlphp/config/config.php:

'theme.color-scheme' => ['indigo-purple'|'blue_grey-teal'|'red-teal'|'orange-light_blue'|'brown-orange'|'teal-blue']

The login page looks for /simplesamlphp/www/logo.png which is NOT provided by default.

Analytics

Update /simplesamlphp/config/config.php:

'analytics.trackingId' => 'G-some-unique-id-for-your-site'

ssp-base provides a convenience by loading this config with whatever is in the environment variable ANALYTICS_ID.

Announcements

Update /simplesamlphp/announcement/announcement.php:

 return 'Some <strong>important</strong> announcement';

ssp-utilities provides whatever is returned by /simplesamlphp/announcement/announcement.php.

If provided, an alert will be shown to the user filled with the content of that announcement. HTML is supported.

Testing theme

Make, Docker and Docker Compose are required.

Setup

  1. Setup localhost (or 192.168.62.54, if using Vagrant) aliases for ssp-hub1.local, ssp-hub2.local, ssp-idp1.local, ssp-idp2.local, ssp-idp3.local, ssp-idp4.local, ssp-sp1.local and ssp-sp2.local. This is typically done in /etc/hosts. Example line: 0.0.0.0 ssp-hub1.local ssp-idp1.local ssp-idp2.local ssp-idp4.local ssp-hub2.local ssp-idp3.local ssp-sp1.local ssp-sp2.local
  2. Start test environment, i.e., make from the command line.

Hub page

  1. Goto Hub 1

Error page

  1. Goto Hub 1
  2. Click Federation tab
  3. Click either Show metadata link
  4. Login as hub administrator: username=admin password=abc123

Logout page

  1. Goto Hub 1
  2. Click Authentication tab
  3. Click Test configured authentication sources
  4. Click admin
  5. Login as hub administrator: username=admin password=abc123
  6. Click Logout

Login page

Without theme in place

  1. Goto SP 1
  2. Click idp1 (first one)
  3. login page should NOT have material design

With theme in place

  1. Goto SP 1
  2. Click idp2 (second one)
  3. login page SHOULD have material design

Forgot password functionality

  1. Goto SP 1
  2. Click idp2 (second one)
  3. Forgot password link should be visible

Helpful links functionality

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Help link should be visible under login form
  4. Profile link should be visible under login form

Expiry functionality

About to expire page (expires in one day)

Note: This nag only works once since choosing later will simply set the nag date into the future a little. If needed, use a new private/incognito browser window to retry.

  1. Goto SP 1
  2. Click idp2 (second one)
  3. Login as an "about to expire" user: username=near_future password=a
  4. Click Later
  5. Click Logout

About to expire page (expires in three days)

Note: This nag only works once since choosing later will simply set the nag date into the future a little. If needed, use a new private/incognito browser window to retry.

  1. Goto SP 1
  2. Click idp2 (second one)
  3. Login as an "about to expire" user: username=near_future password=a
  4. Click Later
  5. Click Logout

Expired page

  1. Goto SP 1
  2. Click idp2 (second one)
  3. Login as an "expired" user: username=already_past password=a

Multi-factor authentication (MFA) functionality

Nag about missing MFA setup

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as an "unprotected" user: username=nag_for_mfa password=a
  4. The "learn more" link should be visible
  5. Click Enable
  6. Click your browser's back button
  7. Click Remind me later
  8. Click Logout

Nag about missing password recovery methods

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as a user without any methods: username=nag_for_method password=a
  4. Enter one of the following codes to verify (94923279, 82743523, 77802769, 01970541, 37771076)
  5. Click Add
  6. Click your browser's back button
  7. Click Remind me later
  8. Click Logout

Force MFA setup

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as an "unsafe" user: username=must_set_up_mfa password=a

Backup code

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as a "backup code" user: username=has_backupcode password=a
  4. Enter one of the following codes to verify (94923279, 82743523, 77802769, 01970541, 37771076)
  5. Click Logout
  6. In order to see the "running low on codes" page, simply log back in and use another code.
  7. In order to see the "out of codes" page, simply log back in and out repeatedly until there are no more codes.

TOTP code

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as a "totp" user: username=has_totp password=a
  4. You should see the form to enter a totp code.
  5. Set up an app using this secret, JVRXKYTMPBEVKXLS
  6. Enter code from app to verify
  7. Click Logout

Key (U2F)

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as a "u2f" user: username=has_u2f password=a
  4. Insert key and press
  5. Click Logout

Key (WebAuthn)

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as a "webauthn" user: username=has_webauthn password=a
  4. Insert key and press
  5. Click Logout

Multiple options

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as a "multiple option" user: username=has_all password=a
  4. Click MORE OPTIONS

Multiple options (legacy, with U2F)

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as a "multiple option" user: username=has_all_legacy password=a
  4. Click MORE OPTIONS

Manager rescue

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as a "multiple option" user: username=has_all password=a
  4. Click MORE OPTIONS
  5. Click the help option
  6. Choose Send

NOTE: At this time, the correct code is not known and can't be tested locally (it's only available in an email to the manager)

Announcements functionality

  1. Goto SP 2
  2. The announcement should be displayed on the hub
  3. Click idp3 (first one)
  4. The announcement should be displayed at the login screen

SP name functionality

  1. Goto SP 1
  2. The sp name should appear in the banner

Profile review functionality

  1. Goto SP 1
  2. Click idp4 (third one)
  3. Login as a "Review needed" user: username=needs_review password=a
  4. Enter one of the following printable codes to verify (94923279, 82743523, 77802769, 01970541, 37771076)
  5. Click the button to update the profile
  6. Click the button to continue
  7. Click Logout

i18n support

Translations are categorized by page in definition files located in the dictionaries directory.

Localization is affected by the configuration setting language.available. Only language codes found in this property will be utilized.
For example, if a translation is provided in Afrikaans for this module, the configuration must be adjusted to make 'af' an available language. If that's not done, the translation function will not utilize the translations even if provided.

Debugging

Xdebug can be enabled by doing the following:

  1. Define REMOTE_DEBUG_IP in local.env. This should be the IP address of your development machine, i.e. the one that is running your IDE. If you're using Linux as your Docker host, you can use 172.17.0.1 here. Note that the IP address shown in your containers' logs may not be your machines actual IP address (it could be for a VM, for example).
  2. Map run-debug.sh into the container you wish to debug. For example:
    volumes:
      - ./development/run-debug.sh:/data/run.sh
  1. Enable debugging in your IDE. See the next section for PhpStorm setup.

Configuring PhpStorm for remote debugging

In PhpStorm go to: Preferences > PHP > Debug > DBGp Proxy and set the following settings:

  • Host: (your IP address or hostname)
  • Port: 9000

Set path mappings in: Preferences > PHP > Servers

  • Add a server, giving it your IP address and a port of 9000, and map the project folder to '/data/vendor/simplesamlphp/simplesamlphp/modules/material'
  • Map other directories as needed. PhpStorm should prompt when an unrecognized path is encountered.

Then start listening by clicking the "listen" button on the PhpStorm toolbar.