Allow custom config.yml file per Identity Provider

timlegge · timlegge · commit a2ff66280b6e · 2022-02-03T20:28:07.000-04:00
diff --git a/xt/testapp/README.md b/xt/testapp/README.md
@@ -42,24 +42,39 @@ Note that the command requires sudo to allow it to use the default https port of
 
 TODO: maybe change it to use 8443
 
-### Create your metadata.xml and cacert.pem file
+### Configure the testapp to connect to the Identity Provider
 
 The testapp now supports a simplified automatic configuration for testing against multiple Identity Providers (IdPs).
 
    1. Simply create a directory in xt/testapp/IdPs for the name of the IdP (eg. google)
    2. Download the metadata from your IdP and save it as IdPs/google/metadata.xml
    3. Download the cacert.pem from the IdP and save it as IdPs/google/cacert.pem
+   4. Optionally create IdPs/google/config.yml for custom settings for the IdP (if the a custom config.yml does not exist it will refresh the settings from the default config.yml.
 
 The index page will automatically list each configured Identity Provider as a link to initiate login against that IdP.
 
+Your directory structure should look like:
+
+IdPs/
+    auth0/
+        cacert.pem
+        metadata.yml
+    azure/
+        cacert.pem
+        config.yml (optional)
+        metadata.yml
+    google/
+        cacert.pem
+        metadata.yml
+
 ### Run lighttpd to deliver metadata.xml
 
 Net::SAML2 requires access to a URL containing the metadata.  The simplest method to provide this is to run the provided lighttpd-metadata.conf file:
 
    1. cd xt/testapp
    2. lighttpd -D -f lighttpd-metadata.conf
 
-The metadata has been configured to be available at: http://localhost:8880/metadata.xml.  The simplified IdP configuration will automatically access the metadata.xml at http://localhost:8880/IdPs/googlee/metadata.xml (if you followed the instructions above and created the google directory in xt/testapp/IdPs)
+The metadata has been configured to be available at: http://localhost:8880/metadata.xml.  The simplified IdP configuration will automatically access the metadata.xml at http://localhost:8880/IdPs/google/metadata.xml (if you followed the instructions above and created the google directory in xt/testapp/IdPs)
 
 Note that the configuration attempts to only deliver a file named metadata.xml from the xt/testapp directory.  There are no guarantees - this is a test application so verify your own security.
 
diff --git a/xt/testapp/config.yml b/xt/testapp/config.yml
@@ -3,12 +3,10 @@ layout: "main"
 appname: "Saml2Test"
 charset: "UTF-8"
 template: "template_toolkit"
-idp: "http://localhost:8880/metadata.xml"
 issuer: "https://netsaml2-testapp.local"
 url: "https://netsaml2-testapp.local"
 cert: "sign-certonly.pem"
 key: "sign-nopw-cert.pem"
-cacert: "saml_cacert.pem"
 slo_url_soap: "/slo-soap"
 slo_url_redirect: "/sls-redirect-response"
 slo_url_post: "/sls-post-response"
diff --git a/xt/testapp/lib/Saml2Test.pm b/xt/testapp/lib/Saml2Test.pm
@@ -47,10 +47,21 @@ get '/' => sub {
 };
 
 get '/login' => sub {
-    my $tokens = shift;
 
     config->{cacert} = 'IdPs/' . params->{idp} . '/cacert.pem';
     config->{idp} = 'http://localhost:8880/IdPs/' . params->{idp} . '/metadata.xml';
+    if ( -f 'IdPs/' . params->{idp} . '/config.yml' ) {
+        my $config_file = YAML::LoadFile('IdPs/' . params->{idp} . '/config.yml');
+        for my $key (keys %$config_file) {
+            config->{$key} = $config_file->{$key};
+        }
+    } else {
+        my $config_file = YAML::LoadFile('config.yml');
+        for my $key (keys %$config_file) {
+            config->{$key} = $config_file->{$key};
+        }
+
+    }
     my $idp = _idp();
     my $sp = _sp();
     my $authnreq = $sp->authn_request(
diff --git a/xt/testapp/lighttpd.conf b/xt/testapp/lighttpd.conf
@@ -1,6 +1,7 @@
 server.document-root = var.CWD + "/"
 server.modules = (
    "mod_openssl",
+   "mod_rewrite",
    "mod_proxy"
 )
 
@@ -34,9 +35,12 @@ setenv.add-environment = ("PATH" => env.PATH )
 # request debugging - UNCOMMENT TO ENABLE
 debug.log-request-handling = "enable"
 
-$HTTP["host"] == "netsaml2-testapp.local" {
-    proxy.server  = ( "" => ( (
-            "host" => "127.0.0.1",
-            "port" => 3000
-    ) ) )
-}
+url.rewrite-repeat = (
+  "^/bin/login" => "/consumer-post",
+  "^/bin/logout(.*)" => "/sls-redirect-response$1"
+)
+
+proxy.server  = ( "" => ( (
+    "host" => "127.0.0.1",
+    "port" => 3000
+) ) )
