Skip to content

Configure Yubico cloud API keys first #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
quartje merged 1 commit into from
Sep 22, 2023
Merged

Configure Yubico cloud API keys first #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 9 additions & 21 deletions stepup/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,23 +20,28 @@ First, you need to create an entry in your hosts file (/etc/hosts on *nix system
```
127.0.0.1 selfservice.dev.openconext.local webauthn.dev.openconext.local ssp.dev.openconext.local gateway.dev.openconext.local middleware.dev.openconext.local ra.dev.openconext.local demogssp.dev.openconext.local
```
You can then bring up the docker-compose:

```
docker-compose up -d
Secondly you need to create the `stepup/gateway/surfnet_yubikey.yaml` filewith your Yubikey API credentials. If you do not have API credentials, you can get them at <https://upgrade.yubico.com/getapikey/>. You require a Yubikey to get an API key.

```yaml
surfnet_yubikey_api_client:
credentials:
client_id: 'YOUR_CLIENT_ID'
client_secret: 'YOUR_SECRET'
```

You should then get the apps initialised
You can then bring up the containers using docker compose:

Initialise the middelware database:
```
docker compose exec middleware /var/www/html/bin/console doctrine:migrations:migrate --env=prod --em=deploy
docker-compose up -d
```

Then the webauthn db
```
docker compose exec webauthn /var/www/html/bin/console doctrine:migrations:migrate --env=prod

```

Then you will need to provision the middleware config:
Expand All @@ -51,23 +56,6 @@ Then, bootstrap the SRAA. For this, you will need to have a Yubikey. Replace Yub
docker compose exec middleware /var/www/html/bin/console middleware:bootstrap:identity-with-yubikey urn:collab:person:dev.openconext.local:admin dev.openconext.local "Your Name" Your@email nl_NL Yubikey_ID
```

You also need a Yubikey API key for your Yubikey to work. You can get it here:
https://upgrade.yubico.com/getapikey/
Create the following file "stepup/gateway/surfnet_yubikey.yaml" which should contain:

```
surfnet_yubikey_api_client:
credentials:
client_id: 'YOUR_CLIENT_ID'
client_secret: 'YOUR_SECRET'
```

After this, the cache of the gateway needs to be cleared:
```
docker compose exec gateway rm -rf var/cache/prod

```

Mailcatcher is included. You can view the email by going to http://localhost:1080

A SimpleSAMLPHP sp is included. It can be accessed at https://ssp.dev.openconext.local/simplesaml/sp.php
Expand Down
6 changes: 6 additions & 0 deletions stepup/gateway/surfnet_yubikey.yaml.dist
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

surfnet_yubikey_api_client:
credentials:
# Get your client_id and client_secret from https://upgrade.yubico.com/getapikey/
client_id: 'YOUR_CLIENT_ID'
client_secret: 'YOUR_SECRET'