Skip to content

Commit a7e3ad5

Browse files
Martin-RehrMartin-Rehr
committed
Merge remote-tracking branch 'origin/master' into edge
2 parents 54c30ac + d3c1fd7 commit a7e3ad5

7 files changed

+100
-54
lines changed

README

Lines changed: 94 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -942,28 +942,31 @@ Finally a storage-only with CentOS 7.x, apache 2.4, WSGI (default web),
942942
optimized SFTP, WebDAVS, strict access control and extensive logging to comply
943943
with the General Data Protection Regulation (GDPR) imposed by EU:
944944
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
945-
./generateconfs.py --source=. --destination=generated-confs \
945+
./generateconfs.py --source=. \
946+
--destination=generated-confs \
946947
--destination_suffix="_svn$(svnversion -n ~/)" \
947948
--support_email="SIF Support <support@sif.erda.dk>" \
948-
--admin_email="SIF admin <info@sif.erda.dk>"
949-
--admin_list="/C=DK/ST=NA/L=NA/O=NBI/OU=NA/CN=Jonas Bardino/emailAddress=bardino@nbi.ku.dk , C=DK/ST=NA/L=NA/O=NBI/OU=NA/CN=Martin Rehr/emailAddress=rehr@nbi.ku.dk" \
949+
--admin_email="SIF Info <info@sif.erda.dk>"
950+
--admin_list="/C=DK/ST=NA/L=NA/O=NBI/OU=NA/CN=Jonas \Bardino/emailAddress=bardino@nbi.ku.dk , /C=DK/ST=NA/L=NA/O=NBI/OU=NA/CN=Martin Rehr/emailAddress=rehr@nbi.ku.dk" \
950951
--auto_add_cert_user=False \
951-
--auto_add_oid_user=True \
952-
--auto_add_oidc_user=False \
953-
--auto_add_filter_fields=full_name --auto_add_filter_method=skip \
952+
--auto_add_oid_user=False \
953+
--auto_add_filter_fields=full_name \
954+
--auto_add_filter_method=skip \
954955
--oid_valid_days=180 \
956+
--daemon_show_address=sif-io.erda.dk \
955957
--base_fqdn=sif.erda.dk \
956958
--public_fqdn=sif-www.erda.dk \
957959
--public_alias_fqdn=sif.ku.dk \
958-
--public_sec_fqdn=sif.ku.dk \
960+
--public_sec_fqdn=sif-www.erda.dk \
959961
--public_use_https=True \
960-
--mig_cert_fqdn= \
961-
--ext_cert_fqdn= \
962+
--mig_cert_fqdn='' \
963+
--ext_cert_fqdn='' \
962964
--mig_oid_fqdn=sif-ext.erda.dk \
963-
--ext_oid_fqdn=sif.erda.dk \
965+
--ext_oid_fqdn=sif-oid.erda.dk \
964966
--sid_fqdn=sif-sid.erda.dk \
965967
--io_fqdn=sif-io.erda.dk \
966-
--user=mig --group=mig \
968+
--user=mig \
969+
--group=mig \
967970
--apache_version=2.4 \
968971
--apache_etc=/etc/httpd \
969972
--apache_run=/var/run/httpd \
@@ -975,58 +978,101 @@ https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
975978
--mig_certs=/etc/httpd/MiG-certificates \
976979
--hg_path='' \
977980
--hgweb_scripts='' \
978-
--trac_admin_path='' --trac_ini_path='' \
979-
--public_http_port=80 --public_https_port=443 \
980-
--ext_cert_port=443 --mig_oid_port=443 \
981-
--ext_oid_port=443 --sid_port=443 \
981+
--trac_admin_path='' \
982+
--trac_ini_path='' \
983+
--public_http_port=80 \
984+
--public_https_port=443 \
985+
--ext_cert_port=443 \
986+
--mig_oid_port=443 \
987+
--mig_oidc_port=443 \
988+
--ext_oid_port=443 \
989+
--sid_port=443 \
982990
--mig_oid_provider=https://sif-ext.erda.dk/openid/ \
983991
--ext_oid_provider=https://openid.ku.dk/ \
984992
--enable_openid=True \
985-
--enable_sftp=True --enable_sftp_subsys=False \
986-
--enable_davs=True --enable_ftps=False \
987-
--enable_sharelinks=False --enable_transfers=False \
988-
--enable_duplicati=False --enable_seafile=False \
989-
--enable_sandboxes=False --enable_vmachines=False \
990-
--enable_crontab=False --enable_jobs=False \
991-
--enable_resources=False --enable_events=False \
992-
--enable_freeze=False --enable_preview=False \
993-
--enable_gdp=True --gdp_email_notify=True \
994-
--enable_notify=True --enable_twofactor=True \
993+
--enable_wsgi=True \
994+
--enable_sftp=True \
995+
--enable_sftp_subsys=False \
996+
--enable_davs=True \
997+
--enable_ftps=False \
998+
--enable_sharelinks=False \
999+
--enable_transfers=False \
1000+
--enable_duplicati=False \
1001+
--enable_seafile=False \
1002+
--enable_sandboxes=False \
1003+
--enable_vmachines=False \
1004+
--enable_crontab=False \
1005+
--enable_jobs=False \
1006+
--enable_resources=False \
1007+
--enable_events=False \
1008+
--enable_freeze=False \
1009+
--enable_preview=False \
1010+
--enable_gdp=True \
1011+
--enable_notify=True \
1012+
--enable_twofactor=True \
9951013
--enable_twofactor_strict_address=True \
996-
--enable_cracklib=True --enable_hsts=True \
997-
--enable_vhost_certs=True --enable_verify_certs=True \
998-
--enable_migadmin=False --enable_peers=True \
999-
--peers_mandatory=True --peers_explicit_fields='full_name email' \
1000-
--peers_contact_hint='employed at UCPH and authorized to invite external users' \
1001-
--user_clause=User --group_clause=Group \
1002-
--listen_clause='#Listen' \
1003-
--serveralias_clause='#ServerAlias' --alias_field=email \
1014+
--enable_cracklib=True \
1015+
--enable_hsts=True \
1016+
--enable_vhost_certs=True \
1017+
--enable_verify_certs=True \
1018+
--user_clause=User \
1019+
--group_clause=Group \
1020+
--listen_clause=#Listen \
1021+
--serveralias_clause=#ServerAlias \
1022+
--alias_field=email \
10041023
--dhparams_path=~/certs/dhparams.pem \
10051024
--daemon_keycert=~/certs/combined.pem \
1006-
--daemon_keycert_sha256='FILE::/etc/httpd/MiG-certificates/combined.pem.sha256' \
10071025
--daemon_pubkey=~/certs/combined.pub \
10081026
--daemon_pubkey_from_dns=True \
1009-
--daemon_pubkey_md5='FILE::/etc/httpd/MiG-certificates/combined.pub.md5' \
1010-
--daemon_pubkey_sha256='FILE::/etc/httpd/MiG-certificates/combined.pub.sha256' \
1011-
--daemon_show_address=sif-io.erda.dk \
1012-
--signup_methods="extoid migoid" \
1013-
--login_methods="extoid migoid" \
1014-
--password_policy=MODERN:12 --password_legacy_policy=HIGH \
1015-
--distro=centos --skin=sif-ucph-science \
1016-
--title="Sensitive Information Facility" \
1017-
--short_title="SIF" \
1018-
--external_doc=https://sif.ku.dk \
1027+
--signup_methods="extoidc migoid" \
1028+
--login_methods="extoidc migoid" \
1029+
--password_policy=MODERN:12 \
1030+
--password_legacy_policy=HIGH \
1031+
--gdp_email_notify=True \
10191032
--mig_oid_title="External" \
10201033
--ext_oid_title="KU/UCPH" \
1034+
--ext_oidc_title="KU/UCPH" \
10211035
--vgrid_label="Project" \
10221036
--vgrid_creators="role:.*(vip|tap)" \
1023-
--csrf_protection="FULL" \
1037+
--vgrid_managers="role:.*(vip|tap)" \
1038+
--smtp_sender='UCPH SIF Server <noreply@sif.erda.dk>' \
1039+
--title="Sensitive Information Facility" \
1040+
--short_title="SIF" \
1041+
--default_menu="files setup close logout" \
1042+
--user_interface="V2" --csrf_protection="FULL" \
10241043
--io_account_expire=True \
1044+
--sftp_port=2222 \
1045+
--sftp_subsys_port=22 \
1046+
--sftp_show_port=22 \
1047+
--davs_port=4443 \
1048+
--davs_show_port=443 \
1049+
--openid_port=8443 \
1050+
--openid_show_port=443 \
10251051
--digest_salt="FILE::/home/mig/state/secrets/digest_salt.hex" \
10261052
--crypto_salt="FILE::/home/mig/state/secrets/crypto_salt.hex" \
1027-
--wsgi_procs=25 --user_interface='V2' \
1028-
--default_menu="files setup close logout" \
1029-
--secscan_addr="130.226.158.3 130.225.213.72 192.38.10.137"
1053+
--distro=centos \
1054+
--skin=sif-ucph-science \
1055+
--wsgi_procs=25 \
1056+
--secscan_addr="130.226.158.3 130.225.213.72 192.38.10.137" \
1057+
--public_sec_fqdn=sif.ku.dk \
1058+
--enable_peers=True \
1059+
--peers_mandatory=True \
1060+
--peers_explicit_fields="full_name email" --peers_contact_hint="employed at UCPH and authorized to invite external users" \
1061+
--enable_migadmin=False \
1062+
--external_doc="https://sif.ku.dk" \
1063+
--oidc_valid_days=180 \
1064+
--ext_oidc_fqdn=sif-oidc.erda.dk \
1065+
--ext_oidc_port=443 \
1066+
--ext_oidc_provider_meta_url=https://id.ku.dk/nidp/oauth/nam/.well-known/openid-configuration \
1067+
--ext_oidc_client_name=erda_sif \
1068+
--ext_oidc_client_id=64ced371-a92d-4182-8e0c-4f66e8088e00 \
1069+
--ext_oidc_scope=AS_SIF-ERDA \
1070+
--ext_oidc_remote_user_claim=upn \
1071+
--ext_oidc_pass_claim_as=both \
1072+
--auto_add_oidc_user=True \
1073+
--daemon_pubkey_sha256="FILE::/etc/httpd/MiG-certificates/combined.pub.sha256" \
1074+
--daemon_keycert_sha256="FILE::/etc/httpd/MiG-certificates/combined.pem.sha256" \
1075+
--daemon_pubkey_md5="FILE::/etc/httpd/MiG-certificates/combined.pub.md5"
10301076

10311077
Most of the arguments should be relatively straight forward, but you
10321078
need to provide the MIG_CERTS path where your apache server key and

mig/images/site-conf-dev-sif.erda.dk.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ function get_site_conf(key) {
1010
} else if (key === 'system_match') {
1111
value = ["ALL", "SIF", "DEV.SIF"];
1212
} else if (key === 'auth_methods') {
13-
value = ["extoid", "migoid"];
13+
value = ["extoidc", "migoid"];
1414
}
1515
return value;
1616
}

mig/images/site-conf-sif.erda.dk.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ function get_site_conf(key) {
1010
} else if (key === 'system_match') {
1111
value = ["ALL", "SIF"];
1212
} else if (key === 'auth_methods') {
13-
value = ["extoid", "migoid"];
13+
value = ["extoidc", "migoid"];
1414
}
1515
return value;
1616
}

mig/images/site-conf-test-sif.erda.dk.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ function get_site_conf(key) {
1010
} else if (key === 'system_match') {
1111
value = ["ALL", "SIF", "TEST.SIF"];
1212
} else if (key === 'auth_methods') {
13-
value = ["extoid", "migoid"];
13+
value = ["extoidc", "migoid"];
1414
}
1515
return value;
1616
}

state/wwwpublic/index-dev-sif.erda.dk-ucph-science.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@
119119
switch_language(user_lang);
120120
$("#langselect").msDropdown().fadeIn(500);
121121

122-
var auth_methods = lookup_site_conf('auth_methods', ['extoid', 'migoid']);
122+
var auth_methods = lookup_site_conf('auth_methods', ['extoidc', 'migoid']);
123123
var query = window.location.search;
124124
const urlParams = new URLSearchParams(query);
125125
var show = [];

state/wwwpublic/index-sif.erda.dk-ucph-science.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@
117117
switch_language(user_lang);
118118
$("#langselect").msDropdown().fadeIn(500);
119119

120-
var auth_methods = lookup_site_conf('auth_methods', ['extoid', 'migoid']);
120+
var auth_methods = lookup_site_conf('auth_methods', ['extoidc', 'migoid']);
121121
var query = window.location.search;
122122
const urlParams = new URLSearchParams(query);
123123
var show = [];

state/wwwpublic/index-test-sif.erda.dk-ucph-science.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@
119119
switch_language(user_lang);
120120
$("#langselect").msDropdown().fadeIn(500);
121121

122-
var auth_methods = lookup_site_conf('auth_methods', ['extoid', 'migoid']);
122+
var auth_methods = lookup_site_conf('auth_methods', ['extoidc', 'migoid']);
123123
var query = window.location.search;
124124
const urlParams = new URLSearchParams(query);
125125
var show = [];

0 commit comments

Comments
 (0)