This repository contains the eIDAS Proxy Node implementation, which consists of the following services:
proxy-node-gateway
proxy-node-translator
eidas-saml-parser
stub-idp
stub-connector
The eIDAS Proxy Node also runs the verify-service-provider to build Verify SAML AuthnRequests and parse SAML Responses from the Verify Hub.
The eIDAS Proxy Node does not perform matching.
We record our architectural decisions in doc/adr
A technical overview of the Proxy Node is available here.
./Brewfile
defines system dependencies for this project, notably Docker, Minikube and Kubernetes.
First install homebrew, then run
brew bundle
to install these dependencies.
This will allow minikube
to manage a virtualbox
VM containing a Kubernetes cluster of the eIDAS Proxy Node services.
- Run
./startup.sh
- Visit
http://$(minikube ip):31100/Request
to start a journey fromstub-connector
.
- use
startup.sh
to rebuild services which have changed, in preference to usingshutdown.sh
thenstartup.sh
. The latter will rebuild all services and possibly reassign the minikube ip address. - view logs on the VM with
minikube logs
- ssh onto the VM with
minikube ssh
- if minikube will not initialise the VM, run:
./shutdown.sh
, and remove~/.minikube
directory. - to use hyperkit in preference to virtualbox, first install hyperkit , then run:
minikube stop minikube config set vm-driver hyperkit
- To run the tests manually, execute:
./gradlew clean test
. - Test results are output to
./build/test-results
.
Snyk is run by our Travis builds and does two things, test and monitor. We use the CLI rather than the GitHub integration as the integration has big problems with multi project Gradle builds like we have.
- After the tests are run in the build Travis checks all our dependencies against a database for known vulnerabilities.
- If any are found it exists with a non-zero code and the build fails. The build logs tell you what happened.
- If no vulnerabilities are found then we move on to monitoring.
- Snyk sends a list of all our dependencies to their server, and will alert us via email if any new vulnerabilities are found for them.
- The vulnerabilities can be found in our Snyk dashboard
- You can be added to the Snyk verify-eidas organisation by an existing member.
- The most common issue is a build failing due to a new vulnerability. Follow the link in the logs, or visit the dashboard and see what's up.
- Most issues will have a resolution strategy. Most often you'll need to bump a library verion. This can also be a transitive dependency. Good luck.
- If there is currently no solution, you can temporarily ignore the vulnerability. You'll need the Snyk ID of the issue which you can grab from the last segment of the URL of the issue - find it in the Travis build logs where the vulnerability is reported.
- Run
snyk ignore --id=<IssueID> --reason='The reason you're ignoring it'
and commit the.snyk
file generated. Push.