Configure SimplesaSAML using Vagrant in a trice.
Vagrant box and Drupal 7
The porpuse of this article is to help you to get started with SSO using Drupal 7 and simpleSAMLphp. While developing a custom solution for SSO I found myself reinventing the wheel every now and then; reinstalling all the libraries needed to set up my testing SSO environment.
That's why I decided to create a box with the tools needed to start testing out SSO with SimpleSAMLphp and Drupal. This box assumes you are using Drupal 7, SimpleSAMLphp 1.3 and simplesamlphp_auth or multiple_idp_simplesamlphp.
Taking advantages of tools like Vagrant, Ansible, Phansible, etc. I decided to take some of my favorites articles to automate Drupal development, here. This article assumes you have followed @dev_meshev's instructions to setup a Vagrant machine using Phansible at least through part 2 of the No More Excuses Series. This is her release and here is my release which you can use to follow the following steps.
Vagrant box SimpleSAMLphp
The next step is to set up simpleSAMLphp so Nginx recognizes it. We are using the same Vagrant configuration from part 2 of the No More Excuses Series. So far we have Drupal 7 under the directory www.
Go ahead and download simplesamlphp and place it into a folder named simplesamlphp
next to the www
directory.
You'll have something like this:
Open build/install.sh
and add: sudo ln -sf $base/simplesamlphp /var/simplesaml under the symlink to the settings.php
#!/bin/bash set -e base=$(cd $path/.. && pwd) #keep track of root directory drush="drush $drush_flags -y -r $base/www" #prepare drush command to receive argument and always accept(Y) echo "Symlink settings.php into our Drupal. " ln -sf $base/cnf/settings.php $base/www/sites/default/ #from host to guest (vagrant/* folders are already sync by VirtualBox) sudo ln -sf $base/simplesamlphp /var/simplesaml #from host to guest (vagrant/* folders are already sync by VirtualBox) echo "Installing Drupal like a boss." $drush si --site-name=no-excuses --account-pass=admin
The later lets us keep our library "outside" the Vagrant machine (in the shared directory). We will be editing several files in this directory and seems like the easiest solution. I'm sure there are better ways to handle the autoprovisioning of Drupal and SAML(i.e. using Composer), but let's keep it simple.
SimpleSAMLphp Nginx
We have to tell Nginx that 192.168.33.90/simplesaml points to /var/simplesaml/www. To do this, let's edit the ansible role ngix. We will add an alias. Add this to the template default.tpl
located in ansible/roles/ngix/templates.
server { listen 80; root {{ nginx.docroot }}; index index.html index.php; server_name {{ nginx.servername }}; location / { try_files $uri $uri/ /index.php?$query_string; } location /simplesaml { alias /var/simplesaml/www; try_files $uri $uri/ /index.php?$query_string; location ~ \.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; } } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/www; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
Once your Vagrant machine is running take a look at /etc/nginx/sites-enabled
and you'll see the template there.
Memcache
To configure Drupal 7 with simpleSAMLphp you need to store sessions in Memcache or Slq. We'll use Memcache. Add memcached to our Phansible config file all.yml
: packages: [git, vim, sendmail, drush, unzip, zip, g++, libssl-dev, apache2-utils, openssl-blacklist, memcached]. And add the memcache and memcached to the PHP packages: [php5-gd, php5-cli, php5-curl, php5-mcrypt, php5-mysql, php5-xdebug, php5-memcached, php5-memcache, php5-dev, php5-ldap, php5-gmp, php5-common, php-pear]
all.yml
will look like this:
--- server: install: '1' packages: [git, vim, sendmail, drush, unzip, zip, g++, libssl-dev, apache2-utils, openssl-blacklist, memcached] timezone: America/Chicago locale: en_US.UTF-8 vagrant_local: install: '1' vm: { base_box: trusty64, hostname: drupal7, ip: 192.168.33.99, memory: '2048', sharedfolder: ./, useVagrantCloud: '1', syncType: nfs } nginx: install: '1' docroot: /vagrant/www servername: myApp.vb mariadb: install: '1' root_password: drupal7 database: drupal7 user: drupal7 password: drupal7 dump: '' php: install: '1' ppa: php5-5.6 packages: [php5-gd, php5-cli, php5-curl, php5-mcrypt, php5-mysql, php5-xdebug, php5-memcached, php5-memcache, php5-dev, php5-ldap, php5-gmp, php5-common, php-pear]
Default SAML Configuration
In order to use simpleSAMLphp we need to configure the file simplesamlphp/config/config.php
. I'll add my config.php
file to cnf/
. The minimum settings that have to be modified are:
- 'auth.adminpassword' => '1234',
- 'secretsalt' => 'defaultsecretsalt2',
- 'technicalcontact_email' => 'na2@example.org',
- 'store.type' => 'memcache',
- 'memcache_store.prefix' => 'd7',
I'll replace simplesaml/config/config.php
with cnf/config.php
in the provisioning script build/install.sh
#!/bin/bash set -e base=$(cd $path/.. && pwd) #keep track of root directory drush="drush $drush_flags -y -r $base/www" #prepare drush command to receive argument and always accept(Y) echo "Symlink settings.php into our Drupal. " ln -sf $base/cnf/settings.php $base/www/sites/default/ #from host to guest (vagrant/* folders are already sync by VirtualBox) echo "Installing Drupal like a boss." $drush si --site-name=no-excuses --account-pass=admin echo "Configuring simplesamlphp." cp $base/cnf/config.php $base/simplesamlphp/config/ #Use our settings sudo ln -sf $base/simplesamlphp /var/simplesaml #from host to guest (vagrant/* folders are already sync by VirtualBox) echo "Done."
Now you can run the Vagrant machine ($ vagrant up
). Wait a few minutes and enjoy a fresh installation of Drupal 7 and SimpleSAMLphp.
You should see something similar to this:
Visit http://192.168.33.99 and http://192.168.33.99/simplesamlphp. You should be all set to start implementing SSO.
Our last step is to install & configure the Drupal simplesamlphp_auth module. From this point you can proceed and install your modules in /vagrant/www/sites/all/modules
. However, it is not a good CI approach for our box. To accomplish a good CI you could download Drupal using the provisioning script (or following the no-excuses tutorial).
Simplesamlphp_auth
Based on the Drupal module instructions, at this point we have done the following steps:
Installation Overview
Install SimpleSAMLphp- Configure SimpleSAMLphp as a Service Provider
Install Drupal (if you haven't already)- Install simplesamlphp_auth module
- Configure simplesamlphp_auth module
- Activate the simplesamlphp_auth module
Don't know how to configure a Service Provider using simpleSAMLphp? Check out this article.
Last but not least, enjoy the release of the Vagrant box in github. If you didn't follow the instructions of this article just download-clone the repo/release and the provising script will download and configure Drupal and simplesamlphp under www
and simplesamlphp
directories (next to the ansible, cnf
and build
folders).
TODOs
Autoprovision SimpleSAMLphp and DrupalConfigure SPConfigure IdP- Configure https://www.drupal.org/node/2573451
References
https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-virtual-hosts-server-blocks-on-ubuntu-12-04-lts--3
http://stackoverflow.com/questions/21399789/nginx-how-to-create-an-alias-url-route
http://casadelkrogh.dk/code/2014/09/30/embedding-simplesamlphp-using-nginx/