SAML Config Refactor (#2953)

* Default to db storage based on environment variable. * Update saml config to resolve acquia function errors. * Removes extra bracket. * Fix syntax error. * Add ACE compatibility, update helptext and Acquia docs.
acquia · Aug 9, 2018 · 312d471 · 312d471
1 parent 316967d
commit 312d471
Showing 1 changed file with 64 additions and 155 deletions.
diff --git a/scripts/simplesamlphp/acquia_config.php b/scripts/simplesamlphp/acquia_config.php
@@ -4,29 +4,19 @@
  * @file
  * SimpleSamlPhp Acquia Configuration.
  *
- * This file was last modified on Nov 4, 2015.
+ * This file was last modified on in July 2018.
  *
  * All custom changes below. Modify as needed.
  */
 
 /**
- * Defines Acquia account specific options in $ah_options keys.
+ * Defines Acquia account specific options in $config keys.
  *
- *   - 'database_name': Should be the Acquia Cloud workflow database name which
- *     will store SAML session information.set
- *     You can use any database that you have defined in your workflow.
- *     Use the database "role" without the stage ("dev", "stage", "test", etc.)
- *   - 'session_store': Define the session storage service to use in each
- *     Acquia environment ("memcache" or "database").
+ *   - 'store.sql.name': Defines the Acquia Cloud database name which
+ *     will store SAML session information.
+ *   - 'store.type: Define the session storage service to use in each
+ *     Acquia environment ("defualts to sql").
  */
-$ah_options = [
-  'database_name' => 'mydatabasename',
-  'session_store' => [
-    'prod' => 'database',
-    'test' => 'database',
-    'dev'  => 'database',
-  ],
-];
 
 // Set some security and other configs that are set above, however we
 // overwrite them here to keep all changes in one area.
@@ -38,172 +28,91 @@
 $config['auth.adminpassword'] = 'mysupersecret';
 
 /**
- * Multi-site installs.
+ * Support SSL Redirects to SAML login pages.
  *
- * Support multi-site installations at different base URLs.
- */
-# $config['baseurlpath'] = "https://{$_SERVER['SERVER_NAME']}/simplesaml/";
-
-/**
- * Cookies No Cache.
- *
- * Allow users to be automatically logged in if they signed in via the same
- * SAML provider on another site.
- *
- * Warning: This has performance implications for anonymous users.
+ * Uncomment the code following code block to set
+ * server port to 443 on HTTPS environment.
  *
- * @link https://docs.acquia.com/articles/using-simplesamlphp-acquia-cloud-site
- */
-# setcookie('NO_CACHE', '1');
-
-if (!getenv('AH_SITE_ENVIRONMENT')) {
-  // Add your local configuration here.
-}
-else {
-  $ah_options['env'] = getenv('AH_SITE_ENVIRONMENT');
-  $config = acquia_logging_config($config);
-  $config = acquia_session_store_config($config, $ah_options);
-}
-
-/**
- * Get session storage configuration defined by Acquia.
+ * This is a requirement in SimpleSAML when providing a redirect path.
  *
- * @param array $config
- *   Current configuration.
- * @param array $ah_options
- *   Acquia account specific options.
+ * @link https://github.com/simplesamlphp/simplesamlphp/issues/450
  *
- * @return array
- *   Updated configuration.
  */
-function acquia_session_store_config(array $config, array $ah_options) {
-  if ($ah_options['session_store'][$ah_options['env']] == 'memcache') {
-    $config = mc_session_store($config);
-  }
-  elseif ($ah_options['session_store'][$ah_options['env']] == 'database') {
-    $config = sql_session_store($config, $ah_options['database_name']);
-  }
-
-  return $config;
-}
+/* $_SERVER['SERVER_PORT'] = 443;
+$_SERVER['HTTPS'] = 'true';
+$protocol = 'https://';
+$port = ':' . $_SERVER['SERVER_PORT'];*/
 
 /**
- * Get logging configuration defined by Acquia.
- *
- * @param array $config
- *   Current configuration.
+ * Support multi-site and single site installations at different base URLs.
  *
- * @return array
- *   Updated configuration.
+ * Overide $config['baseurlpath'] = "https://{yourdomain}/simplesaml/"
+ * to customize the default Acquia configuration.
  */
-function acquia_logging_config(array $config) {
-  $config['logging.handler'] = 'file';
-  $config['loggingdir'] = dirname(getenv('ACQUIA_HOSTING_DRUPAL_LOG'));
-  $config['logging.logfile'] = 'simplesamlphp-' . date('Ymd') . '.log';
-
-  return $config;
-}
+$config['baseurlpath'] = $protocol . $_SERVER['HTTP_HOST'] . $port . '/simplesaml/';
 
 /**
- * Get memcache session storage config.
+ * Cookies No Cache.
  *
- * @param array $config
- *   Current configuration.
+ * Allow users to be automatically logged in if they signed in via the same
+ * SAML provider on another site by uncommenting the setcookie line below.
  *
- * @return array
- *   Updated configuration.
- */
-function mc_session_store(array $config, array $ah_options) {
-  $config['store.type'] = 'memcache';
-  $config['memcache_store.servers'] = mc_info();
-  $config['memcache_store.prefix'] = $ah_options['database_name'];
-
-  return $config;
-}
-
-/**
- * Get memcache information.
+ * Warning: This has performance implications for anonymous users.
  *
- * @return array
- *   Memcache server pool information.
+ * @link https://docs.acquia.com/resource/using-simplesamlphp-acquia-cloud-site
  */
-function mc_info() {
-  $creds_json = file_get_contents('/var/www/site-php/' . getenv('AH_SITE_NAME') . '/creds.json');
-  $creds = json_decode($creds_json, TRUE);
-  $mc_server = [];
-  $mc_pool = [];
-  foreach ($creds['memcached_servers'] as $fqdn) {
-    $mc_server['hostname'] = preg_replace('/:.*?$/', '', $fqdn);
-    array_push($mc_pool, $mc_server);
-  }
-
-  return [$mc_pool];
-}
-
+// setcookie('NO_CACHE', '1');.
 /**
- * Set SQL database session storage.
+ * Generate Acquia session storage via hosting creds.json.
  *
- * @param array $config
- *   Current configuration.
- * @param string $database_name
- *   The name of a MySQL database.
+ * Session sorage defaults using the database for the current request.
  *
- * @return array
- *   Updated configuration.
+ * @link https://docs.acquia.com/resource/using-simplesamlphp-acquia-cloud-site/#storing-session-information-using-the-acquia-cloud-sql-database
  */
-function sql_session_store(array $config, $database_name) {
-  $creds = db_info($database_name);
+
+if (!getenv('AH_SITE_ENVIRONMENT')) {
+  // Add / modify your local configuration here.
   $config['store.type'] = 'sql';
-  $config['store.sql.dsn'] = sprintf('mysql:host=%s;port=%s;dbname=%s', $creds['host'], $creds['port'], $creds['name']);
-  $config['store.sql.username'] = $creds['user'];
-  $config['store.sql.password'] = $creds['pass'];
+  $config['store.sql.dsn'] = sprintf('mysql:host=%s;port=%s;dbname=%s', '127.0.0.1', '', 'drupal');
+  $config['store.sql.username'] = 'drupal';
+  $config['store.sql.password'] = 'drupal';
   $config['store.sql.prefix'] = 'simplesaml';
+  $config['certdir'] = "/var/www/simplesamlphp/cert/";
+  $config['metadatadir'] = "/var/www/simplesamlphp/metadata";
+  $config['baseurlpath'] = 'simplesaml/';
+  $config['loggingdir'] = '/var/www/simplesamlphp/log/';
 
-  return $config;
 }
-
-/**
- * Get SQL database information.
- *
- * @param string $db_name
- *   The name of a MySQL database.
- *
- * @return array
- *   Database information.
- */
-function db_info($db_name) {
-  $creds_json = file_get_contents('/var/www/site-php/' . getenv('AH_SITE_NAME') . '/creds.json');
+elseif (getenv('AH_SITE_ENVIRONMENT')) {
+  // Set  ACE ad ACSF sites based on hosting database and site name.
+  $config['certdir'] = "/mnt/www/html/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/cert/";
+  $config['metadatadir'] = "/mnt/www/html/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/metadata";
+  $config['baseurlpath'] = 'simplesaml/';
+  // Setup basic logging.
+  $config['logging.handler'] = 'file';
+  $config['loggingdir'] = dirname(getenv('ACQUIA_HOSTING_DRUPAL_LOG'));
+  $config['logging.logfile'] = 'simplesamlphp-' . date('Ymd') . '.log';
+  $creds_json = file_get_contents('/var/www/site-php/' . $_ENV['AH_SITE_GROUP'] . '.' . $_ENV['AH_SITE_ENVIRONMENT'] . '/creds.json');
   $databases = json_decode($creds_json, TRUE);
-  $db = $databases['databases'][$db_name];
-  $db['host'] = ($host = ah_db_current_host($db['db_cluster_id'])) ? $host : key($db['db_url_ha']);
-
-  return $db;
-}
-
-/**
- * Get the SQL database current host.
- *
- * @param string $db_cluster_id
- *   The MySQL database cluster id.
- *
- * @return string
- *   The database host to use if found else empty.
- */
-function ah_db_current_host($db_cluster_id) {
-  require_once '/usr/share/php/Net/DNS2_wrapper.php';
+  $creds = $databases['databases'][$_ENV['AH_SITE_GROUP']];
+  require_once "/usr/share/php/Net/DNS2_wrapper.php";
   try {
-    $resolver = new \Net_DNS2_Resolver([
-      'nameservers' => [
+    $resolver = new Net_DNS2_Resolver(array(
+      'nameservers' => array(
         '127.0.0.1',
         'dns-master',
-      ],
-    ]);
-    $response = $resolver->query("cluster-{$db_cluster_id}.mysql", 'CNAME');
-    $cached_id = $response->answer[0]->cname;
+      ),
+    ));
+    $response = $resolver->query("cluster-{$creds['db_cluster_id']}.mysql", 'CNAME');
+    $creds['host'] = $response->answer[0]->cname;
   }
-  catch (\Net_DNS2_Exception $e) {
-    $cached_id = '';
+  catch (Net_DNS2_Exception $e) {
+    $creds['host'] = "";
   }
-
-  return $cached_id;
+  $config['store.type'] = 'sql';
+  $config['store.sql.dsn'] = sprintf('mysql:host=%s;port=%s;dbname=%s', $creds['host'], $creds['port'], $creds['name']);
+  $config['store.sql.username'] = $creds['user'];
+  $config['store.sql.password'] = $creds['pass'];
+  $config['store.sql.prefix'] = 'simplesaml';
+}
 }