FIX puid not being stored in cwl data

The OID used for the puid was wrong. So I've set it to the right one.
I've also updated the dev IDP so that it'll send out the puid attribute
on that OID.

I've also changed the eduPersonAffiliation to values that I see in
staging.

I noticed that the dev IDP doesn't have the SP metadata checked in, so
I've added it in.

Also noticed that nodeservices is probably very outdated, although it
still seems to work. Added comments that it might not be necessary in
the next LTS due to deprecations. Couldn't get it to work in dev, but
seems to be working in prod, so not touching it right now.

Author: ionparticle

LocalSettings.php

@@ -643,9 +643,8 @@ function loadenv($envName, $default = "") {
             # UBCAuth required attributes:
             # eduPersonAffiliation, an array of (staff, student, faculty, etc)
             'eduPersonAffiliationAttribute' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',
-            # non-standard attributes, uncertain OIDs
-            # ubc's puid
-            'puidAttribute' => 'ubcEduCwlPuid',
+            # ubc's puid, non-standard attribute/OID
+            'puidAttribute' => 'urn:mace:dir:attribute-def:ubcEduCwlPuid',
         ]
     ];
 

docker-compose.yml

@@ -159,6 +159,9 @@ services:
 #      - MEDIAWIKI_API_URL=http://web/w/api.php
 #      - PARSOID_DOMAIN=localhost
 #      - PARSOID_URL=http://parsoid:8000
+# parsoid is now integrated into mediawiki since 1.35
+# restbase is being deprecated
+# TODO: we might not need nodeservices anymore in the next lts
   nodeservices:
     image: ubcctlt/mediawiki-node-services
     ports:

docker/simplesamlphp/idp/config/authsources.php

@@ -100,30 +100,30 @@
             'student01:student01' => [
                 'uid' => ['student01'],
                 'displayName' => 'Student 01',
-                'ubcEduCwlPuid' => 'PUIDST01',
-                'eduPersonAffiliation' => ['member', 'student'],
+                'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDST01',
+                'eduPersonAffiliation' => ['student'],
                 'mail' => '[email protected]'
             ],
             'instructor01:instructor01' => [
                 'uid' => ['instructor01'],
                 'displayName' => 'Instructor 01',
-                'ubcEduCwlPuid' => 'PUIDIN01',
+                'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDIN01',
                 'alt' => '51092d7f-2f38-4a91-bfb0-13a021c02df3',
-                'eduPersonAffiliation' => ['member', 'student'],
+                'eduPersonAffiliation' => ['faculty', 'student'],
                 'mail' => '[email protected]'
             ],
             'employee:employeepass' => [
                 'uid' => ['employee'],
                 'displayName' => 'Employee 00',
-                'ubcEduCwlPuid' => 'PUIDEM00',
-                'eduPersonAffiliation' => ['member', 'employee'],
+                'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDEM00',
+                'eduPersonAffiliation' => ['staff', 'alumni'],
                 'mail' => '[email protected]'
             ],
             # intended to simulate a basic CWL account
             'blockme01:blockme01' => [
                 'uid' => ['blockme01'],
                 'displayName' => 'Block Me01',
-                'ubcEduCwlPuid' => 'PUIDBM01',
+                'urn:mace:dir:attribute-def:ubcEduCwlPuid' => 'PUIDBM01',
                 'eduPersonAffiliation' => [],
                 'mail' => '[email protected]'
             ],

docker/simplesamlphp/idp/metadata/saml20-sp-remote.php

@@ -0,0 +1,30 @@
+<?php
+
+$metadata['http://wiki.docker:8080/_saml2'] = [
+    'SingleLogoutService' => [
+        [
+            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+            'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-logout.php/wiki-sp',
+        ],
+    ],
+    'AssertionConsumerService' => [
+        [
+            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
+            'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-acs.php/wiki-sp',
+            'index' => 0,
+        ],
+        [
+            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
+            'Location' => 'http://wiki.docker:8080/_saml2/module.php/saml/sp/saml2-acs.php/wiki-sp',
+            'index' => 1,
+        ],
+    ],
+    'contacts' => [
+        [
+            'emailAddress' => '[email protected]',
+            'givenName' => 'UBC LT Hub',
+            'contactType' => 'technical',
+        ],
+    ],
+    'certData' => 'MIIEcTCCAtmgAwIBAgIUWmBx+tf9d7hKrFe9sjuhClKXFZ8wDQYJKoZIhvcNAQELBQAwSDELMAkGA1UEBhMCQ0ExEjAQBgNVBAcMCVZhbmNvdXZlcjEMMAoGA1UECgwDVUJDMRcwFQYDVQQDDA5zcC53aWtpLmRvY2tlcjAeFw0yNDA3MDQwOTA4MzZaFw0zNDA3MDQwOTA4MzZaMEgxCzAJBgNVBAYTAkNBMRIwEAYDVQQHDAlWYW5jb3V2ZXIxDDAKBgNVBAoMA1VCQzEXMBUGA1UEAwwOc3Aud2lraS5kb2NrZXIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDCEa0f5ZJhpSU+Xc0WNohbxTzpmDkqgI0rtWCmL5vqJakPCHnWnq0icCX2/zwh6//WP+9UPgO1ifHUhNC/NEJhBKGJjtNNKaV+AwUzj43IiLMqgkhMEvkqNePuKNBh/lvzjLl3KYMrLAEZKx+AluMaS7us5CmR9lyhY9nHZS0P1FRjwJ6SJ1o0HEuXHkH5eRotaRtrd8L+L93R9SaIBpgAy0XMkgFDqGmX7NbVAMT6cPNEVmj63J5veMtpCN5mQRXpZFPCSbmXOGlyy7S3cilpSk8QA8QOkt4EB+I6G5W/aaG8hNs4QHKkKMReJ/oHQbQXIJ2d4oMsQaEXk3FtTIbl4l7fKS+LvhCHvB9z8q/ueh3bAIcpSxGzg3oTScZM5ZZAqzjYxCMYdI+3h44FPUtDsZdwezFN/B+JsITQouaYzuRxjUV6uNGhZXSRb+st3VYIBg0+mIvowDyBHgQvOaAZ8/UuSqcfrMH/AwTVY2Ej2YzerKDCwchHmpv5sXRY+o8CAwEAAaNTMFEwHQYDVR0OBBYEFIUt4n/0ouPzNfRNonY/EtJhHXPfMB8GA1UdIwQYMBaAFIUt4n/0ouPzNfRNonY/EtJhHXPfMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAAK5QNOmFjLmQZdfWURK+hyCN08RIB6qOgKxuMG6j6u4brKOhktRAx+8hwrgVH96+fW3DkELsNGTTjUzxJvXM01cDDn2lUNMhLA2InHTsFe2zbmKG5sSl0wOFhi0kBnkGL8di3FgnqJJs8sTcQWajoFiEPa0yW3Gad/S6JSPgrHMlPkMPgZ8Vw8aYVprronbj9eiGWzRO5vFrE6YMn2l9es/pVJKzsb362EPhFekJA6f+6Ek2rfPRd0KiF5+Pln8KSooRmXpOZkM2CUfgOmb3lT9mwel2wemnXjUj0sjN5luotbK6YVhnwuq9d1O1a8Lhx8HLLasV7bR1hg9rjz+K2nv1XqWYsiFJelkgD4DOcFP68I/eiUiAf6jqh5+YJuqFXkXS9P6ohOXn5sbiV69+VV64JXG31emPgX/mm/41Bq2j5ESYak1I4RCPdLPpsjPWUMUKAXrRjbj8UZBf5w3Uv7tc4SY+Sc8mcBw0/14Ossz5h2ZLBW0j1QKqDWwSyWn5A==',
+];