From e4fe2659c46b5e11adcc193945d311c0337ce982 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@gazlene.net>
Date: Sat, 3 Nov 2018 21:55:42 +0100
Subject: [PATCH] Switch devstack plugin to samltest.id

testshib.org is no longer maintained and has been broken for some
time[1]. Use the new samltest.id provider instead.

This is not a permanent solution, this is a stopgap measure until we
configure our own IdP in the devstack plugin.

[1] https://marc.info/?l=shibboleth-users&m=154056288800549&w=2

Change-Id: Ifa514395d9cdb2197ef8a43885ec598483dd7a38
---
 devstack/files/federation/attribute-map.xml |  3 +++
 devstack/lib/federation.sh                  | 23 ++++++++++-----------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/devstack/files/federation/attribute-map.xml b/devstack/files/federation/attribute-map.xml
index e651bdb43b..4094caad02 100644
--- a/devstack/files/federation/attribute-map.xml
+++ b/devstack/files/federation/attribute-map.xml
@@ -63,4 +63,7 @@
         <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
     </Attribute>
 
+    <!-- UID attribute used by samltest.id -->
+    <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid" />
+
 </Attributes>
diff --git a/devstack/lib/federation.sh b/devstack/lib/federation.sh
index b93e259f44..774b7c2717 100644
--- a/devstack/lib/federation.sh
+++ b/devstack/lib/federation.sh
@@ -16,15 +16,14 @@ DOMAIN_NAME=${DOMAIN_NAME:-federated_domain}
 PROJECT_NAME=${PROJECT_NAME:-federated_project}
 GROUP_NAME=${GROUP_NAME:-federated_users}
 
-# TODO(rodrigods): remove/update the settings based at testshib
-IDP_ID=${IDP_ID:-testshib}
-IDP_USERNAME=${IDP_USERNAME:-myself}
-IDP_PASSWORD=${IDP_PASSWORD:-myself}
-IDP_REMOTE_ID=${IDP_REMOTE_ID:-https://idp.testshib.org/idp/shibboleth}
-IDP_ECP_URL=${IDP_ECP_URL:-https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP}
-IDP_METADATA_URL=${IDP_METADATA_URL:-http://www.testshib.org/metadata/testshib-providers.xml}
+IDP_ID=${IDP_ID:-samltest}
+IDP_USERNAME=${IDP_USERNAME:-morty}
+IDP_PASSWORD=${IDP_PASSWORD:-panic}
+IDP_REMOTE_ID=${IDP_REMOTE_ID:-https://samltest.id/saml/idp}
+IDP_ECP_URL=${IDP_ECP_URL:-https://samltest.id/idp/profile/SAML2/SOAP/ECP}
+IDP_METADATA_URL=${IDP_METADATA_URL:-https://samltest.id/saml/idp}
 
-MAPPING_REMOTE_TYPE=${MAPPING_REMOTE_TYPE:-eppn}
+MAPPING_REMOTE_TYPE=${MAPPING_REMOTE_TYPE:-uid}
 MAPPING_USER_NAME=${MAPPING_USER_NAME:-"{0}"}
 
 PROTOCOL_ID=${PROTOCOL_ID:-mapped}
@@ -74,7 +73,7 @@ function install_federation {
     fi
 }
 
-function upload_sp_metadata_to_testshib {
+function upload_sp_metadata_to_samltest {
     local metadata_fname=${HOST_IP//./}_"$RANDOM"_sp
     local metadata_url=http://$HOST_IP/Shibboleth.sso/Metadata
 
@@ -84,7 +83,7 @@ function upload_sp_metadata_to_testshib {
         return
     fi
 
-    curl --form userfile=@"$FILES/${metadata_fname}" "https://www.testshib.org/procupload.php"
+    curl --form userfile=@"$FILES/${metadata_fname}" --form "submit=OK" "https://samltest.id/upload.php"
 }
 
 function configure_federation {
@@ -115,8 +114,8 @@ function configure_federation {
 
     # TODO(knikolla): We should not be relying on an external service. This
     # will be removed once we have an idp deployed during devstack install.
-    if [[ "$IDP_ID" == "testshib" ]]; then
-        upload_sp_metadata_to_testshib
+    if [[ "$IDP_ID" == "samltest" ]]; then
+        upload_sp_metadata_to_samltest
     fi
 }