pagopa · lussoluca · Sep 11, 2018 · Aug 10, 2018 · Aug 20, 2018 · Sep 4, 2018
@@ -8,9 +8,9 @@ REDIS_PORT=put_the_azure_redis_port_here
 REDIS_PASSWORD=put_the_azure_redis_password_here
 TOKEN_DURATION_IN_SECONDS=3600
 SAML_CALLBACK_URL="https://italia-backend/assertionConsumerService"
-SAML_ISSUER="http://italia-backend"
+SAML_ISSUER="https://spid.agid.gov.it/cd"
 SAML_ACCEPTED_CLOCK_SKEW_MS=0
-SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX=1
+SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX=0
 PRE_SHARED_KEY="12345"
 ALLOW_NOTIFY_IP_SOURCE_RANGE="::ffff:ac13:1/112"
 AZURE_NH_HUB_NAME=put_nh_hub_name_here
@@ -19,3 +19,5 @@ ALLOW_PAGOPA_IP_SOURCE_RANGE="::ffff:ac13:1/112"
 AUTHENTICATION_BASE_PATH=""
 API_BASE_PATH="/api/v1"
 PAGOPA_BASE_PATH="/pagopa/api/v1"
+SPID_AUTOLOGIN=lussoluca
+SPID_TESTENV_URL=https://spid-testenv2:8088
@@ -84,9 +84,8 @@ The code that manage this flow are in the `src/strategies/bearerSessionTokenStra
 
 * [Docker](https://www.docker.com/) and [Docker Compose](https://github.com/docker/compose)
 
-To fully simulate the SPID authentication process we use the images provided by
-[spid-testenv-backoffice](https://github.com/italia/spid-testenv-backoffice) and
-[spid-testenv-identityserver](https://github.com/italia/spid-testenv-identityserver) projects.
+To fully simulate the SPID authentication process we use the images provided by the 
+[spid-testenv2](https://github.com/italia/spid-testenv2) project.
 
 A Linux/macOS environment is required at the moment.
 
@@ -105,27 +104,23 @@ A Linux/macOS environment is required at the moment.
 11. edit your `/etc/hosts` file by adding:
 
     ```
-    localhost    spid-testenv-identityserver
+    localhost    spid-testenv2
     localhost    italia-backend
     ```
 
-12. wait a couple of minutes to let the IDP start (or monitor the process with `$ tail -f logs/idp/wso2carbon.log`)
-13. run `scripts/import-spid-data.sh` to configure the local IDP
-14. copy `app/.env.example` to `app/.env` and fill the variables with your values
-15. point your browser to [https://italia-backend](https://italia-backend)
+12. copy `app/.env.example` to `app/.env` and fill the variables with your values
+13. point your browser to [https://italia-backend](https://italia-backend)
 
 If you are using Docker with a Docker Machine replace `localhost` with the IP of the Docker Machine
 ([More details here](https://docs.docker.com/machine/reference/ip/)).
 
 ### Container description
 
 * `backend`: the backend Node application that serves the web and mobile applications
-* `spid-testenv-identityserver`: the test IDP server
-* `spid-testenv-backoffice`: simple configuration interface to manage the test IDP server
+* `spid-testenv2`: the test IDP server
 
 Nginx is reachable at [https://italia-backend:80]() \
-IDP is reachable at [https://spid-testenv-identityserver:9443]() (user: `admin`, password: `admin`) \
-IDP simple backoffice is reachable at [https://spid-testenv-identityserver:8080]()
+IDP is reachable at [https://spid-testenv2:8088]() \
 
 ### Environment variables
 
@@ -147,6 +142,11 @@ Those are all Environment variables needed by the application:
 | ALLOW_NOTIFY_IP_SOURCE_RANGE           | The range in CIDR form of allowed IPs for the webhook notifications               | string |
 | AZURE_NH_HUB_NAME                      | The hub name configured in the Azure Notification HUB                             | string |
 | AZURE_NH_ENDPOINT                      | The endpoint URL configured in the Azure Notification HUB                         | string |
+| ALLOW_PAGOPA_IP_SOURCE_RANGE           | The range in CIDR form of allowed IPs for the PagoPA API                          | string |
+| AUTHENTICATION_BASE_PATH               | The root path for the authentication endpoints                                    | string |
+| API_BASE_PATH                          | The root path for the api endpoints                                               | string |
+| PAGOPA_BASE_PATH                       | The root path for the PagoPA endpoints                                            | string | 
+| SPID_AUTOLOGIN                         | The user used in the autologin feature, omit this to disable autologin            | string |
 
 ### Logs
 
@@ -155,8 +155,8 @@ Application logs are saved into the logs folder.
 ### SPID user management
 
 The setup procedure adds some test users to the test IDP server, the full list could be retrieved in
-`spid-batch-import/spid-users.json`. To add more users connect to [https://spid-testenv-identityserver:8080]() and
-navigate to: *service provider > Servizi registrati* and click on *Utenti*.
+`testenv2/conf/users.json`. To add more users simply add more items to this file and restart the `spid-testenv2`
+container.
 
 ---
 
@@ -249,11 +249,5 @@ This problem seems to be dependent on how Docker for Mac (doesn't) manage well t
 Docker Toolbox it works fine (and can [coexist](https://docs.docker.com/docker-for-mac/docker-toolbox/#setting-up-to-run-docker-for-mac))
 (Read more at [https://medium.com/@itseranga/set-hosts-in-docker-for-mac-2029276fd448](https://medium.com/@itseranga/set-hosts-in-docker-for-mac-2029276fd448))
 
-**When i run the scripts/import-spid-data.sh file, after the first entries the script display a lot of errors like
-`# users imported: -- Error [object Object]`**
-
-Have you waited the IDP to start successfully? Wait a minute and retry.
-
-
 ## License
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fteamdigitale%2Fitalia-backend.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fteamdigitale%2Fitalia-backend?ref=badge_large)
@@ -16,26 +16,13 @@ services:
       - "./certs:/usr/src/app/certs:delegated"
     working_dir: "/usr/src/app"
 
-  spid-testenv-identityserver:
-    container_name: spid-testenv-identityserver
-    image: italia/spid-testenv-identityserver:docker-compose
+  spid-testenv2:
+    container_name: spid-testenv2
+    image: italia/spid-testenv2:latest
     ports:
-      - "9443:9443"
+      - "8088:8088"
     volumes:
-      - "./logs/idp:/spid-testenvironment/is/identity-server/repository/logs:delegated"
-
-  spid-testenv-backoffice:
-    container_name: spid-testenv-backoffice
-    depends_on:
-      - spid-testenv-identityserver
-    environment:
-      - NODE_ENV=development
-      - NODE_TLS_REJECT_UNAUTHORIZED=0
-    image: italia/spid-testenv-backoffice:latest
-    ports:
-      - "8080:8080"
-    volumes:
-      - "./docker/spid/config.js:/spid-testenvironment/bo/backoffice/server/wso2/config.js:delegated"
+      - "./testenv2/conf:/app/conf"
 
   redis:
     container_name: redis

@@ -1,6 +1,6 @@
 {
   "name": "italia-backend",
-  "version": "0.0.54",
+  "version": "0.0.55",
   "description": "Italia app and web backend",
   "main": "index.js",
   "engines": {

@@ -0,0 +1,13 @@
+patch-package
+--- a/node_modules/spid-passport/index.js
++++ b/node_modules/spid-passport/index.js
+@@ -371,8 +371,7 @@ const generateAuthorizeRequest = function(req, samlClient, callback) {
+       if (samlClient.options.identifierFormat) {
+         request["samlp:AuthnRequest"]["samlp:NameIDPolicy"] = {
+           "@xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol",
+-          "@Format": samlClient.options.identifierFormat,
+-          "@AllowCreate": "true"
++          "@Format": samlClient.options.identifierFormat
+         };
+       }
+
@@ -0,0 +1,13 @@
+patch-package
+--- a/node_modules/xml-crypto/lib/signed-xml.js
++++ b/node_modules/xml-crypto/lib/signed-xml.js
+@@ -345,7 +345,8 @@ SignedXml.prototype.validateReferences = function(doc) {
+     var hash = this.findHashAlgorithm(ref.digestAlgorithm)
+     var digest = hash.getHash(canonXml)
+
+-    if (digest!=ref.digestValue) {
++    var digestValueWithoutLineBreaks = ref.digestValue.replace(/\r\n|\r|\n/g, '')
++    if (digest!=digestValueWithoutLineBreaks) {
+       this.validationErrors.push("invalid signature: for uri " + ref.uri +
+                                 " calculated digest is "  + digest +
+                                 " but the xml to validate supplies digest " + ref.digestValue)
@@ -17,8 +17,8 @@
   <h1>Choose an IDP</h1>
 
   <ul>
-    <li><a href="login?entityID=spid-testenv-identityserver&authLevel=SpidL1">Test SPID provider - level 1</a></li>
-    <li><a href="login?entityID=spid-testenv-identityserver&authLevel=SpidL2">Test SPID provider - level 2</a></li>
+    <li><a href="login?entityID=xx_testenv2&authLevel=SpidL1">Test SPID provider - level 1</a></li>
+    <li><a href="login?entityID=xx_testenv2&authLevel=SpidL2">Test SPID provider - level 2</a></li>
     <li>IDP2</li>
     <li>IDP3</li>
   </ul>