-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #55 from rciam/devel
Merge devel and master
- Loading branch information
Showing
147 changed files
with
459 additions
and
148 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,49 +1,103 @@ | ||
| The EGI CheckIn Service provides a secure web interface through which service operators can register their OpenID Connect and SAML based services. Simple users create requests to register reconfigure or delete services which are then reviewed from an administrator. | ||
| # Introduction | ||
| The federation registry provides a secure web interface through which service operators can register and manage their OpenID Connect and Saml based service. A federation registry instance can serve multiple tenants and supports different AAI proxy technologies([SimpleSAMLphp](https://simplesamlphp.org/), [MITREid Connect](https://github.com/mitreid-connect/), SATOSA, Keycloak). Services can be managed through the portal and are deployed by sending configuration messages to [deployment agents](https://github.com/rciam/rciam-federation-registry-agent) that run in parallel with this project. Messages are exchanged using [Argo Messenging Service](https://grnet.gr/en/services/computing-and-storage-services/argo-messaging-service/). | ||
|
|
||
| Federation registry is consisted of three node.js projects | ||
| * federation-registry-frontend: A front-end portal created with Reactjs | ||
| * federation-registry-backend-api: An API created with Expressjs | ||
| * federation-registry-backend-ams-agent: An agent that uses the api and communicates with ams | ||
|
|
||
| # Running the project | ||
| --- | ||
| ### Dependencies | ||
|
|
||
| This project is consisted of three parts | ||
| * service-react-client: A front-end portal created with Reactjs using Formik and React-Bootstrap | ||
| * registry-backend-express: A back-end server that connects Reactjs with a PostgreSQL Database created with express.js using pg-promise | ||
| * ams-agent: A node project pulling pending requests from express backend and posting them at AMS. | ||
| Federation registry requires [Nodejs](https://nodejs.org/en/) and a [PostgreSQL](https://www.postgresql.org/) database to run. | ||
| Versions used in project development: | ||
| node v13.14.0 | ||
| PostgreSQL 12.4 | ||
|
|
||
| ### Database | ||
|
|
||
| A PostgreSQL database should be created using the schema deescribed in **_db_schema.sql_** | ||
|
|
||
| ### Configuration | ||
|
|
||
| ### Environment Configuration | ||
| * service-react-client: Locate package.json and modify proxy property to find express backend | ||
| * registry-backend-express: Locate .env inside Javascript folder and configure it accordingly | ||
| * ams-agent: Configure .env | ||
| If we need to set the project to communicate with deployment agents we will need the following from the ams setup: | ||
| * the base url of the ams installation | ||
| * the project name | ||
| * a user token with access to the publish topics | ||
| * a verification hash for the push endpoint | ||
| * an authorization key for the push endpoint | ||
|
|
||
| ### Installing & Running | ||
|
|
||
| 1. For the front-end portal | ||
| * `cd service-react-client` | ||
| * `yarn install` | ||
| * `sudo yarn start` | ||
| *Note: Default values are configured for a local installation | ||
| ##### **1) Backend Api** | ||
|
|
||
| **Configure Environment File** | ||
| _federation-registry-backend-api/JavaScript/.env_ | ||
| ``` | ||
| REACT_BASE=base_frontend_url | ||
| EXPRESS_BASE=base_api_url | ||
| AMS_AGENT_KEY=authentication_key_for_ams_agent | ||
| REDIRECT_URI=redirection_uri_after_login | ||
| AMS_AUTH_KEY=authorization_key_for_push_subscription | ||
| AMS_VER_HASH=verification_hash_used_to_activate_push_subscription | ||
| ``` | ||
| **Configure Database File** | ||
| _federation-registry-backend-api/db-config/db-config.json_ | ||
|
|
||
| 2. For the back-end server | ||
| * `cd registry-backend-express` | ||
| * `npm install` | ||
| * `cd JavaScript` | ||
| * `node index.js` | ||
| ```json | ||
| { | ||
| "host": "localhost", | ||
| "port": 5432, | ||
| "database": "federation_registry_db", | ||
| "user": "postgres", | ||
| "password":"postgres" | ||
| } | ||
| ``` | ||
|
|
||
| 3. For the ams-agent | ||
| * `cd ams-agent` | ||
| * `npm install` | ||
| * `node app.js` | ||
| ##### **2) Front End** | ||
| For the frontend we just need to configure where the backend api is located | ||
| _federation-registry-frontend/src/config.json_ | ||
| ``` | ||
| { | ||
| "host": "api_base_url" | ||
| } | ||
| ``` | ||
|
|
||
| 4. For the backend server connection with the database a PostgresSQL database must be created using the oidc_db.sql file located in the root folder | ||
| ##### **3) Ams agent** | ||
| To configure the ams we must set the enviromental variables | ||
| ``` | ||
| AMS_PROJECT=ams-project | ||
| AMS_BASE_URL=ams-url | ||
| AMS_USER_TOKEN=user-token | ||
| EXPRESS_URL=base-url-api | ||
| EXPRESS_KEY=authentication_key_for_ams_agent | ||
| ENV=installation_environment | ||
| ``` | ||
|
|
||
| The connection details are declared in rciam-federation-registry/registry-backend-express/db-config.json and might need to be modified. | ||
| ### Installing Node Modules | ||
| Install node modules for all three node projects | ||
| ```sh | ||
| $ cd federation-registry-backend-api | ||
| $ npm install | ||
| $ cd ../federation-registry-frontend | ||
| $ npm install | ||
| $ cd ../federation-registry-backend-ams-agent | ||
| $ npm install | ||
| ``` | ||
|
|
||
| ### Run the project | ||
| To run the federation-registry-backend-api | ||
| ```sh | ||
| $ cd federation-registry-backend-api/JavaScript | ||
| $ node index.js | ||
| ``` | ||
| To run the federation-registry-frontend | ||
| ``` | ||
| $ cd federation-registry-frontend | ||
| $ npm start | ||
| ``` | ||
| To run the federation-registry-backend-ams-agent | ||
| ``` | ||
| $ cd federation-registry-backend-ams-agent | ||
| $ node app.js | ||
| ``` | ||
| { | ||
| "host": "localhost", | ||
| "port": 5432, | ||
| "database": "service_registry", | ||
| "user": "postgres", | ||
| "password":"postgres" | ||
| } | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,259 @@ | ||
| DROP TABLE IF EXISTS user_edu_person_entitlement,tokens,user_info, service_petition_contacts, service_petition_oidc_grant_types, service_petition_oidc_redirect_uris, service_petition_oidc_scopes, | ||
| service_petition_details_oidc,service_petition_details_saml, service_petition_details, service_oidc_scopes,service_contacts,service_oidc_grant_types,service_oidc_redirect_uris,service_details_oidc, | ||
| service_details_saml,service_details,service_state,user_roles,role_actions,role_entitlements,groups,invitations,group_subs,tenant_deployer_agents,tenants,deployment_tasks,service_errors; | ||
|
|
||
| create table tokens ( | ||
| token VARCHAR(1054), | ||
| code VARCHAR(1054) PRIMARY KEY | ||
| ); | ||
|
|
||
| create table tenants ( | ||
| name VARCHAR(256) PRIMARY KEY, | ||
| client_id VARCHAR(256), | ||
| client_secret VARCHAR(1054), | ||
| issuer_url VARCHAR(256), | ||
| logo VARCHAR(256), | ||
| description VARCHAR(1054), | ||
| main_title VARCHAR(256), | ||
| color VARCHAR(128) | ||
| ); | ||
|
|
||
| create table user_info ( | ||
| id SERIAL PRIMARY KEY, | ||
| sub VARCHAR(256), | ||
| preferred_username VARCHAR(256), | ||
| name VARCHAR(256), | ||
| given_name VARCHAR(256), | ||
| family_name VARCHAR(256), | ||
| email VARCHAR(256), | ||
| tenant VARCHAR(256), | ||
| FOREIGN KEY (tenant) REFERENCES tenants(name) | ||
| ); | ||
|
|
||
| create table user_roles ( | ||
| id SERIAL PRIMARY KEY, | ||
| role_name VARCHAR(256), | ||
| tenant VARCHAR(256), | ||
| FOREIGN KEY (tenant) REFERENCES tenants(name) | ||
| ); | ||
|
|
||
| create table role_actions ( | ||
| role_id bigint, | ||
| action VARCHAR(256), | ||
| PRIMARY KEY (role_id,action), | ||
| FOREIGN KEY (role_id) REFERENCES user_roles(id) | ||
| ); | ||
|
|
||
| create table role_entitlements ( | ||
| role_id bigint, | ||
| entitlement VARCHAR(256), | ||
| PRIMARY KEY (role_id,entitlement), | ||
| FOREIGN KEY (role_id) REFERENCES user_roles(id) | ||
| ); | ||
|
|
||
| create table groups ( | ||
| id SERIAL PRIMARY KEY, | ||
| group_name VARCHAR(256) | ||
| ); | ||
|
|
||
| create table invitations ( | ||
| id SERIAL PRIMARY KEY, | ||
| code VARCHAR(1054), | ||
| email VARCHAR(256), | ||
| group_id INTEGER, | ||
| sub VARCHAR(256) DEFAULT NULL, | ||
| invited_by VARCHAR(256), | ||
| date timestamp without time zone DEFAULT NULL, | ||
| group_manager BOOLEAN, | ||
| FOREIGN KEY (group_id) REFERENCES groups(id) | ||
| ); | ||
|
|
||
| create table group_subs ( | ||
| group_id INTEGER, | ||
| sub VARCHAR(256), | ||
| group_manager BOOLEAN, | ||
| PRIMARY KEY (group_id,sub), | ||
| FOREIGN KEY (group_id) REFERENCES groups(id) | ||
| ); | ||
|
|
||
| create table user_edu_person_entitlement ( | ||
| user_id INTEGER, | ||
| edu_person_entitlement VARCHAR(256), | ||
| PRIMARY KEY (user_id,edu_person_entitlement), | ||
| FOREIGN KEY (user_id) REFERENCES user_info(id) | ||
| ); | ||
|
|
||
| create table service_details ( | ||
| id SERIAL PRIMARY KEY, | ||
| external_id INTEGER DEFAULT NULL, | ||
| tenant VARCHAR(256), | ||
| service_name VARCHAR(256), | ||
| group_id INTEGER, | ||
| service_description VARCHAR(1024), | ||
| logo_uri VARCHAR(2048), | ||
| policy_uri VARCHAR(2048), | ||
| integration_environment VARCHAR(256), | ||
| requester VARCHAR(256), | ||
| protocol VARCHAR(256), | ||
| deleted BOOLEAN DEFAULT FALSE, | ||
| FOREIGN KEY (tenant) REFERENCES tenants(name) | ||
| ); | ||
|
|
||
| create table service_details_oidc ( | ||
| id INTEGER PRIMARY KEY, | ||
| client_id VARCHAR(256), | ||
| allow_introspection BOOLEAN, | ||
| code_challenge_method VARCHAR(256), | ||
| device_code_validity_seconds bigint, | ||
| access_token_validity_seconds bigint, | ||
| refresh_token_validity_seconds bigint, | ||
| client_secret VARCHAR(2048), | ||
| reuse_refresh_tokens BOOLEAN, | ||
| clear_access_tokens_on_refresh BOOLEAN, | ||
| id_token_timeout_seconds bigint, | ||
| FOREIGN KEY (id) REFERENCES service_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_state ( | ||
| id bigint PRIMARY KEY, | ||
| state VARCHAR(256), | ||
| deployment_type VARCHAR(256) DEFAULT NULL, | ||
| FOREIGN KEY (id) REFERENCES service_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_errors ( | ||
| service_id bigint, | ||
| date timestamp without time zone DEFAULT NULL, | ||
| error_code bigint, | ||
| error_description VARCHAR(2048), | ||
| archived BOOLEAN DEFAULT FALSE, | ||
| PRIMARY KEY (service_id,date), | ||
| FOREIGN KEY (service_id) REFERENCES service_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_details_saml ( | ||
| id bigint PRIMARY KEY, | ||
| entity_id VARCHAR(256), | ||
| metadata_url VARCHAR(256), | ||
| FOREIGN KEY (id) REFERENCES service_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_contacts ( | ||
| id SERIAL PRIMARY KEY, | ||
| owner_id bigint, | ||
| value VARCHAR(256), | ||
| type VARCHAR(256), | ||
| FOREIGN KEY (owner_id) REFERENCES service_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_oidc_grant_types ( | ||
| id SERIAL PRIMARY KEY, | ||
| owner_id bigint, | ||
| value VARCHAR(256), | ||
| FOREIGN KEY (owner_id) REFERENCES service_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_oidc_redirect_uris ( | ||
| id SERIAL PRIMARY KEY, | ||
| owner_id bigint, | ||
| value VARCHAR(256), | ||
| FOREIGN KEY (owner_id) REFERENCES service_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_oidc_scopes ( | ||
| id SERIAL PRIMARY KEY, | ||
| owner_id bigint, | ||
| value VARCHAR(256), | ||
| FOREIGN KEY (owner_id) REFERENCES service_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_petition_details ( | ||
| id SERIAL PRIMARY KEY, | ||
| service_id INTEGER DEFAULT NULL, | ||
| tenant VARCHAR(256), | ||
| service_description VARCHAR(1024), | ||
| service_name VARCHAR(256), | ||
| logo_uri VARCHAR(2048), | ||
| policy_uri VARCHAR(2048), | ||
| integration_environment VARCHAR(256), | ||
| type VARCHAR(256) DEFAULT 'create', | ||
| status VARCHAR(256) DEFAULT 'pending', | ||
| comment VARCHAR(2024) DEFAULT NULL, | ||
| protocol VARCHAR(256), | ||
| requester VARCHAR(256), | ||
| reviewer VARCHAR(256) DEFAULT NULL, | ||
| group_id INTEGER DEFAULT NULL, | ||
| reviewed_at timestamp without time zone DEFAULT NULL, | ||
| FOREIGN KEY (tenant) REFERENCES tenants(name), | ||
| FOREIGN KEY (service_id) REFERENCES service_details(id) ON DELETE SET NULL | ||
| ); | ||
|
|
||
| create table service_petition_details_oidc ( | ||
| id bigint PRIMARY KEY, | ||
| client_id VARCHAR(256), | ||
| allow_introspection BOOLEAN, | ||
| code_challenge_method VARCHAR(256), | ||
| device_code_validity_seconds bigint, | ||
| access_token_validity_seconds bigint, | ||
| refresh_token_validity_seconds bigint, | ||
| reuse_refresh_tokens BOOLEAN, | ||
| clear_access_tokens_on_refresh BOOLEAN, | ||
| id_token_timeout_seconds bigint, | ||
| client_secret VARCHAR(2048), | ||
| FOREIGN KEY (id) REFERENCES service_petition_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_petition_details_saml ( | ||
| id bigint PRIMARY KEY, | ||
| entity_id VARCHAR(256), | ||
| metadata_url VARCHAR(256), | ||
| FOREIGN KEY (id) REFERENCES service_petition_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_petition_contacts ( | ||
| id SERIAL PRIMARY KEY, | ||
| owner_id bigint, | ||
| value VARCHAR(256), | ||
| type VARCHAR(256), | ||
| FOREIGN KEY (owner_id) REFERENCES service_petition_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_petition_oidc_grant_types ( | ||
| id SERIAL PRIMARY KEY, | ||
| owner_id bigint, | ||
| value VARCHAR(256), | ||
| FOREIGN KEY (owner_id) REFERENCES service_petition_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_petition_oidc_redirect_uris ( | ||
| id SERIAL PRIMARY KEY, | ||
| owner_id bigint, | ||
| value VARCHAR(256), | ||
| FOREIGN KEY (owner_id) REFERENCES service_petition_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table service_petition_oidc_scopes ( | ||
| id SERIAL PRIMARY KEY, | ||
| owner_id bigint, | ||
| value VARCHAR(256), | ||
| FOREIGN KEY (owner_id) REFERENCES service_petition_details(id) ON DELETE CASCADE | ||
| ); | ||
|
|
||
| create table tenant_deployer_agents ( | ||
| id SERIAL PRIMARY KEY, | ||
| tenant VARCHAR(256), | ||
| type VARCHAR(256), | ||
| entity_type VARCHAR(256), | ||
| hostname VARCHAR(256), | ||
| entity_protocol VARCHAR(256), | ||
| FOREIGN KEY (tenant) REFERENCES tenants(name) | ||
| ); | ||
|
|
||
| create table deployment_tasks ( | ||
| agent_id INTEGER, | ||
| service_id INTEGER, | ||
| error BOOLEAN DEFAULT FALSE, | ||
| PRIMARY KEY (agent_id,service_id), | ||
| FOREIGN KEY (agent_id) REFERENCES tenant_deployer_agents(id), | ||
| FOREIGN KEY (service_id) REFERENCES service_details(id) | ||
| ); |
Oops, something went wrong.