diff --git a/.github/integration/sda-s3-integration.yml b/.github/integration/sda-s3-integration.yml index 59ecdff77..8b2050de0 100644 --- a/.github/integration/sda-s3-integration.yml +++ b/.github/integration/sda-s3-integration.yml @@ -83,7 +83,7 @@ services: context: ../../sda target: debug image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER} - command: [ sda-s3inbox ] + command: [sda-s3inbox] container_name: s3inbox depends_on: credentials: @@ -102,6 +102,8 @@ services: - BROKER_ROUTINGKEY=inbox - DB_PASSWORD=inbox - DB_USER=inbox + extra_hosts: + - "localhost:host-gateway" restart: always volumes: - ./sda/config.yaml:/config.yaml @@ -112,7 +114,7 @@ services: ingest: image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER} - command: [ sda-ingest ] + command: [sda-ingest] container_name: ingest depends_on: credentials: @@ -137,7 +139,7 @@ services: verify: image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER} - command: [ sda-verify ] + command: [sda-verify] container_name: verify depends_on: credentials: @@ -162,7 +164,7 @@ services: finalize: image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER} - command: [ sda-finalize ] + command: [sda-finalize] container_name: finalize depends_on: credentials: @@ -187,7 +189,7 @@ services: mapper: image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER} - command: [ sda-mapper ] + command: [sda-mapper] container_name: mapper depends_on: credentials: @@ -224,7 +226,13 @@ services: extra_hosts: - "localhost:host-gateway" healthcheck: - test: ["CMD", "python3", "-c", 'import requests; print(requests.get(url = "http://localhost:8080/jwk").text)'] + test: + [ + "CMD", + "python3", + "-c", + 'import requests; print(requests.get(url = "http://localhost:8080/jwk").text)', + ] interval: 10s timeout: 2s retries: 6 @@ -237,7 +245,7 @@ services: - shared:/shared api: - command: [ sda-api ] + command: [sda-api] container_name: api depends_on: credentials: @@ -253,6 +261,8 @@ services: - BROKER_USER=api - DB_PASSWORD=api - DB_USER=api + extra_hosts: + - "localhost:host-gateway" image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER} ports: - "8090:8080" @@ -264,7 +274,7 @@ services: reencrypt: image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER} - command: [ sda-reencrypt ] + command: [sda-reencrypt] container_name: reencrypt depends_on: credentials: @@ -282,13 +292,7 @@ services: credentials: condition: service_completed_successfully command: - [ - "python", - "/cega/users.py", - "0.0.0.0", - "8443", - "/shared/users.json" - ] + ["python", "/cega/users.py", "0.0.0.0", "8443", "/shared/users.json"] environment: - CEGA_USERS_PASSWORD=test - CEGA_USERS_USER=test @@ -300,7 +304,7 @@ services: - shared:/shared auth-cega: - command: [ sda-auth ] + command: [sda-auth] container_name: auth-cega depends_on: cega-nss: @@ -313,6 +317,8 @@ services: - AUTH_CEGA_SECRET=test - DB_PASSWORD=auth - DB_USER=auth + extra_hosts: + - "localhost:host-gateway" image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER} ports: - "8888:8080" @@ -321,32 +327,57 @@ services: - ./sda/config.yaml:/config.yaml - shared:/shared - auth-oidc: - command: [ sda-auth ] - container_name: auth-oidc + auth-aai: + command: [sda-auth] + container_name: auth-aai depends_on: - postgres: - condition: service_healthy - oidc: - condition: service_healthy + credentials: + condition: service_completed_successfully + mock-aai: + condition: service_started environment: - AUTH_RESIGNJWT=false - - OIDC_ID=XC56EL11xx - - OIDC_SECRET=wHPVQaYXmdDHg - - OIDC_PROVIDER=http://localhost:8080 - - OIDC_REDIRECTURL=http://localhost:8889/oidc/login - DB_PASSWORD=auth - DB_USER=auth extra_hosts: - "localhost:host-gateway" image: ghcr.io/neicnordic/sensitive-data-archive:PR${PR_NUMBER} ports: - - "8889:8080" + - "8801:8080" restart: always volumes: - ./sda/config.yaml:/config.yaml - shared:/shared - + mock-aai: + container_name: ls-aai-mock + depends_on: + aai-db: + condition: service_healthy + environment: + - DOCKERHOST=localhost + extra_hosts: + - "localhost:host-gateway" + image: registry.gitlab.ics.muni.cz:443/perun/deployment/proxyidp/proxyidp-public-docker-images/ls_aai_mock:2.5.2-broker2.1.10-tomcat9.0-jdk11 + ports: + - "8800:8080" + volumes: + - "./sda/aai-mock:/etc/lsaai-mock" + aai-db: + container_name: ls-aai-db + environment: + MYSQL_ROOT_PASSWORD: "aaiPass" + MYSQL_ROOT_HOST: "%" + MYSQL_DATABASE: "aai" + MYSQL_USER: "aai" + MYSQL_PASSWORD: "aaiPass" + healthcheck: + test: ["CMD", "mysqladmin", "ping", "-h", "localhost"] + interval: 10s + timeout: 2s + retries: 6 + image: mysql/mysql-server:latest + volumes: + - ./sda/aai-mock/aai-mock.sql:/docker-entrypoint-initdb.d/1.sql integration_test: container_name: tester command: @@ -356,7 +387,7 @@ services: depends_on: auth-cega: condition: service_started - auth-oidc: + auth-aai: condition: service_started cega-nss: condition: service_started @@ -371,11 +402,11 @@ services: s3inbox: condition: service_started verify: - condition: service_started + condition: service_started api: - condition: service_started + condition: service_started reencrypt: - condition: service_started + condition: service_started extra_hosts: - "localhost:host-gateway" environment: diff --git a/.github/integration/sda/aai-mock/aai-mock.sql b/.github/integration/sda/aai-mock/aai-mock.sql new file mode 100644 index 000000000..ecc0ad5c2 --- /dev/null +++ b/.github/integration/sda/aai-mock/aai-mock.sql @@ -0,0 +1,206 @@ +CREATE TABLE IF NOT EXISTS access_token ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + token_value VARCHAR(4096), + expiration TIMESTAMP NULL, + token_type VARCHAR(256), + refresh_token_id BIGINT, + client_id VARCHAR(256) NOT NULL, + auth_holder_id BIGINT, + approved_site_id BIGINT +); + +CREATE TABLE IF NOT EXISTS authorization_code ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + code VARCHAR(256), + auth_holder_id BIGINT, + expiration TIMESTAMP NULL +); + +CREATE TABLE IF NOT EXISTS approved_site ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + user_id VARCHAR(256), + client_id VARCHAR(256), + creation_date TIMESTAMP NULL, + access_date TIMESTAMP NULL, + timeout_date TIMESTAMP NULL, + whitelisted_site_id BIGINT +); + +CREATE TABLE IF NOT EXISTS approved_site_scope ( + owner_id BIGINT, + scope VARCHAR(256) +); + +CREATE TABLE IF NOT EXISTS authentication_holder ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + user_auth_id BIGINT, + approved BOOLEAN, + redirect_uri VARCHAR(2048), + client_id VARCHAR(256) +); + +CREATE TABLE IF NOT EXISTS authentication_holder_authority ( + owner_id BIGINT, + authority VARCHAR(256) +); + +CREATE TABLE IF NOT EXISTS authentication_holder_resource_id ( + owner_id BIGINT, + resource_id VARCHAR(2048) +); + +CREATE TABLE IF NOT EXISTS authentication_holder_response_type ( + owner_id BIGINT, + response_type VARCHAR(2048) +); + +CREATE TABLE IF NOT EXISTS authentication_holder_extension ( + owner_id BIGINT, + extension VARCHAR(2048), + val VARCHAR(2048) +); + +CREATE TABLE IF NOT EXISTS authentication_holder_scope ( + owner_id BIGINT, + scope VARCHAR(2048) +); + +CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter ( + owner_id BIGINT, + param VARCHAR(2048), + val TEXT +); + +CREATE TABLE IF NOT EXISTS saved_user_auth ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + acr VARCHAR(1024), + auth_time BIGINT DEFAULT NULL, + name VARCHAR(1024), + authenticated BOOLEAN, + authentication_attributes TEXT +); + +CREATE TABLE IF NOT EXISTS saved_user_auth_authority ( + owner_id BIGINT, + authority VARCHAR(256) +); + +CREATE TABLE IF NOT EXISTS refresh_token ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + token_value VARCHAR(4096), + expiration TIMESTAMP NULL, + auth_holder_id BIGINT, + client_id VARCHAR(256) NOT NULL +); + +CREATE TABLE IF NOT EXISTS token_scope ( + owner_id BIGINT, + scope VARCHAR(2048) +); + +CREATE TABLE IF NOT EXISTS device_code ( + id BIGINT AUTO_INCREMENT PRIMARY KEY, + device_code VARCHAR(1024), + user_code VARCHAR(1024), + expiration TIMESTAMP NULL, + client_id VARCHAR(256), + approved BOOLEAN, + auth_holder_id BIGINT, + recorded_error TEXT DEFAULT NULL +); + +CREATE TABLE IF NOT EXISTS device_code_scope ( + owner_id BIGINT NOT NULL, + scope VARCHAR(256) NOT NULL +); + +CREATE TABLE IF NOT EXISTS device_code_request_parameter ( + owner_id BIGINT, + param VARCHAR(2048), + val VARCHAR(2048) +); + +alter table access_token + add constraint access_token_authentication_holder_id_fk + foreign key (auth_holder_id) references authentication_holder (id) + on update cascade on delete set null; + +alter table access_token + add constraint access_token_refresh_token_id_fk + foreign key (refresh_token_id) references refresh_token (id) + on update cascade on delete set null; + +alter table approved_site_scope + add constraint approved_site_scope_approved_site_id_fk + foreign key (owner_id) references approved_site (id) + on update cascade on delete cascade; + +alter table authentication_holder_authority + add constraint authentication_holder_authority_authentication_holder_id_fk + foreign key (owner_id) references authentication_holder (id) + on update cascade on delete cascade; + +alter table authentication_holder_extension + add constraint authentication_holder_extension_authentication_holder_id_fk + foreign key (owner_id) references authentication_holder (id) + on update cascade on delete cascade; + +alter table authentication_holder_request_parameter + add constraint auth_holder_request_parameter_authentication_holder_id_fk + foreign key (owner_id) references authentication_holder (id) + on update cascade on delete cascade; + +alter table authentication_holder_resource_id + add constraint authentication_holder_resource_id_authentication_holder_id_fk + foreign key (owner_id) references authentication_holder (id) + on update cascade on delete cascade; + +alter table authentication_holder_response_type + add constraint authentication_holder_response_type_authentication_holder_id_fk + foreign key (owner_id) references authentication_holder (id) + on update cascade on delete cascade; + +alter table authentication_holder + add constraint authentication_holder_saved_user_auth_id_fk + foreign key (user_auth_id) references saved_user_auth (id) + on update cascade on delete cascade; + +alter table authentication_holder_scope + add constraint authentication_holder_scope_authentication_holder_id_fk + foreign key (owner_id) references authentication_holder (id) + on update cascade on delete cascade; + +alter table authorization_code + add constraint authorization_code_authentication_holder_id_fk + foreign key (auth_holder_id) references authentication_holder (id) + on update cascade on delete cascade; + +alter table device_code + add constraint device_code_authentication_holder_id_fk + foreign key (auth_holder_id) references authentication_holder (id) + on update cascade on delete set null; + +alter table device_code_request_parameter + add constraint device_code_request_parameter_device_code_id_fk + foreign key (owner_id) references device_code (id) + on update cascade on delete cascade; + +alter table device_code_scope + add constraint device_code_scope_device_code_id_fk + foreign key (owner_id) references device_code (id) + on update cascade on delete cascade; + +alter table refresh_token + add constraint refresh_token_authentication_holder_id_fk + foreign key (auth_holder_id) references authentication_holder (id) + on update cascade on delete set null; + +alter table saved_user_auth_authority + add constraint saved_user_auth_authority_saved_user_auth_id_fk + foreign key (owner_id) references saved_user_auth (id) + on update cascade on delete cascade; + +alter table token_scope + add constraint token_scope_refresh_token_id_fk + foreign key (owner_id) references access_token (id) + on update cascade on delete cascade; \ No newline at end of file diff --git a/.github/integration/sda/aai-mock/application.properties b/.github/integration/sda/aai-mock/application.properties new file mode 100644 index 000000000..c5c30f8d1 --- /dev/null +++ b/.github/integration/sda/aai-mock/application.properties @@ -0,0 +1,12 @@ +main.oidc.issuer.url=http://${DOCKERHOST}:8800/oidc/ +web.baseURL=https://${DOCKERHOST}:8800/oidc + +# GA4GH broker +ga4gh.broker.url=http://${DOCKERHOST}:8800/ga4gh-broker/ +ga4gh.broker.username=broker-aai-user +ga4gh.broker.password=broker-aai-pass + +# DATABASE +jdbc.url=jdbc:mysql://ls-aai-db:3306/aai +jdbc.user=aai +jdbc.password=aaiPass \ No newline at end of file diff --git a/.github/integration/sda/aai-mock/clients/aai-auth.yaml b/.github/integration/sda/aai-mock/clients/aai-auth.yaml new file mode 100644 index 000000000..e785e83cf --- /dev/null +++ b/.github/integration/sda/aai-mock/clients/aai-auth.yaml @@ -0,0 +1,8 @@ +client-name: "auth" +client-id: "XC56EL11xx" +client-secret: "wHPVQaYXmdDHg" +redirect-uris: ["http://localhost:8801/oidc/login"] +token-endpoint-auth-method: "client_secret_basic" +scope: ["openid", "profile", "email", "ga4gh_passport_v1", "eduperson_entitlement"] +grant-types: ["authorization_code"] +post-logout-redirect-uris: ["http://localhost:8801/oidc/login"] \ No newline at end of file diff --git a/.github/integration/sda/aai-mock/ga4gh-broker.sql b/.github/integration/sda/aai-mock/ga4gh-broker.sql new file mode 100644 index 000000000..424907c50 --- /dev/null +++ b/.github/integration/sda/aai-mock/ga4gh-broker.sql @@ -0,0 +1,11 @@ +CREATE TABLE IF NOT EXISTS visas( + id BIGINT AUTO_INCREMENT NOT NULL, + user_id VARCHAR(255) NOT NULL, + source VARCHAR(1024) NOT NULL, + linked_identity VARCHAR(1024) NOT NULL, + exp datetime NOT NULL, + jwt LONGTEXT NOT NULL, + CONSTRAINT pk_visas PRIMARY KEY (id) +); + +CREATE INDEX idx_visaentity_user_id_source ON visas (user_id, source); \ No newline at end of file diff --git a/.github/integration/sda/aai-mock/ga4gh-broker/application.yaml b/.github/integration/sda/aai-mock/ga4gh-broker/application.yaml new file mode 100644 index 000000000..47fa94f03 --- /dev/null +++ b/.github/integration/sda/aai-mock/ga4gh-broker/application.yaml @@ -0,0 +1,63 @@ +--- + +spring: + main: + allow-bean-definition-overriding: true + mvc: + pathmatch: + matching-strategy: ant_path_matcher + +logging: + level: + root: info + cz.muni.ics: debug + +mock-broker: + enabled: True + issuer: http://${DOCKERHOST}:8080/oidc/ + jku: http://${DOCKERHOST}:8800/ga4gh-broker/jwk + path-to-jwk-file: /etc/lsaai-mock/keys.jwks + visa-configs-path: /etc/lsaai-mock/ga4gh-broker/users/ + passport-repositories: [] +# Sample configuration for repository +# passport-repositories: +# - name: REMS-LOCAL-API +# url: http://rems-api.local/api/permissions/{user_id} +# jwks: http://rems-api.local/api/jwk +# headers: +# - header: x-rems-api-key +# value: api-key +# - header: x-rems-user-id +# value: user-id + +visa-writers: + enabled: False +# Uncomment to enable writing from visa sources +# enabled: True +# db: +# url: jdbc:mysql://localhost:3307/broker +# username: brokerUser +# password: brokerPass +# driver: "com.mysql.cj.jdbc.Driver" +# repositories: +# - name: Local REMS +# jwks: http://rems.local/api/jwk +# auth: +# api-key: +# api-key-header: X-visa-writer +# api-key-value: X-vis-writer-key + +passport-v1-0: + enabled: True + auth: + - username: "broker-aai-user" + password: "broker-aai-pass" + +passport-v1-2: + enabled: False +# Uncomment to enable token-exchange integration with AAI mock +# enabled: True +# auth: +# introspection-client-id: broker +# introspection-client-secret: broker-secret +# introspection-uri: http://localhost:8080/oidc/introspect \ No newline at end of file diff --git a/.github/integration/sda/aai-mock/ga4gh-broker/users/test-user-visa.yaml b/.github/integration/sda/aai-mock/ga4gh-broker/users/test-user-visa.yaml new file mode 100644 index 000000000..dbdcc3515 --- /dev/null +++ b/.github/integration/sda/aai-mock/ga4gh-broker/users/test-user-visa.yaml @@ -0,0 +1,34 @@ +--- +# Identifier of the user - has to match the value of 'sub' claim in AAI +userId: "testu@lifescience-ri.eu" +visas: + - source: https://dummy.uni/ + expires: 1893452400 + asserted: 1683049328 + value: "affiliate@dummy.uni" + type: "AffiliationAndRole" + by: "system" + - source: https://dummy.uni/ + expires: 1893452400 + asserted: 1683049328 + value: "faculty@dummy.uni" + type: "AffiliationAndRole" + by: "system" + - source: https://dummy.uni/ + expires: 1893452400 + asserted: 1683049328 + value: "https://lifescience-ri.eu/ls-login/ls-aai-aup.html" + type: "AcceptedTermsAndPolicies" + by: "system" + - source: https://dummy.uni/ + expires: 1893452400 + asserted: 1683049328 + value: "https://doi.org/10.1038/s41431-018-0219-y" + type: "ResearcherStatus" + by: "system" + - source: https://dummy.uni/ + expires: 1893452400 + asserted: 1683049328 + value: "urn:sampledataset:gdi:testcase" + type: "ControlledAccessGrants" + by: "system" \ No newline at end of file diff --git a/.github/integration/sda/aai-mock/keys.jwks b/.github/integration/sda/aai-mock/keys.jwks new file mode 100644 index 000000000..e95becd28 --- /dev/null +++ b/.github/integration/sda/aai-mock/keys.jwks @@ -0,0 +1,18 @@ +{ + "keys": [ + { + "n": "4bmY8T5jhlCFtS4ccyn8ZDftWk27yOcPgKbak991_m1rs3474RKHYjc9GwX0ICSaUN02fCdSGaTNhU586MfhRsSj3uU_TIJ4M3eDengcllT16DTJOyHZgVzHT2QRUsozFuG2tTBCwqYildOXXuCeaKUQ8Jh5sjKmCcQZO_Ht4omGIsVZPo9SrvshZeHdkdvctvjvT5WXoCZaHvBRpyiBmQKUv_LfYsgpF4PFm40j84GAk0CsZ_xOJXBnU6wLfzHCq1pgLqaXK_q6T_gSJ5t5eWbv0IkUmXDG-TuOtKIz_Xip2lJQ6Rmb_QmOY-MeJavL41NpCu-2FwTvCNqMbHuWuQ", + "e": "AQAB", + "d": "BbwSX6anHqVzECxQurhJWj51gELTT4JXSXxztygJNmKPRushGFHBMMSYf9RB5IMpjH5iQPs6wb4HHqjk0YEqfwLF6wbF-eqipSQXKghdKZCVAsY8io0MmpXB1omDSygp7h3j52yHdayE2muav-VTAPOYn5QwG0_gGgVqYrR9x7CMiTuyOIuGNO4Wlly4_5RhLtSo0pal9AgBvX4crtVEwN8tPgqPVo9w71bSROt9EVNI3cZiFFrrapYiifckIGiPGQYQUd5ej9Mq_77Fa0fv0pk0ONQV8HwstQ5HY2WwJWsnmccF9plVTzem7N_vo-T-hFRPUO9TZUao91mMV8iV5Q", + "p": "9Z2W0FtzR3aJdH1wPJ8OSUZEy2cdc3GeZd-llT5MAoyTsl0Nr1h5uJc-xfNUa_HUJzCi1jAyo6wU_Q237MWCtm2MRDUtVv5_tIziGl_-_dg2PbX1-77x1PchknaCROaLOgxgh2CJzg9MZ0Zp5d70u4Cr_Jog8A8xbG47Q4Oln0s", + "q": "60S5Jpn2QjHJiwNNmEqxKwJVLHrsmne5WBxCQKVyn59utohxC5UGtszgWaSRlyHB7DX9VxqTHlOaR_iCyhOGOam3JavgMxQnGZwRVHw3msJlnVeRSajQ3dS_DG_GhPuqtGOazW90S-wNsqR9mXmCkhqR89wu0Z-Slr6FgF0Vq4s", + "dp": "h-G8St8dIr8YgoLXMiKIw88FRkZwy6pjCFc3gx6o7IwbNgU3Cff3t0CtcNQSs3lhdqD4pWiay2PrZKhPRcVrcEOg4ydMQyGfQyLh_9d1-bfBIljlknXr0nc6co3vufCVu_KXAK5O7toV2djhw1Oar5UbES-v4z90h1lgnhRZ74s", + "dq": "ai8zTavRjKDB8R8Fh4W2ns3HuXKllTYSDiV69Yh2ynp_0pyUQQD67chcPblcCJUw3Dal6AlTey2KhY8xIJldTGtAAR2o7ATdfN6Gp9YElrHEgRZDubYaxvQ9YhSUyfJ4YkBOXwg9ugKJUCaTlZBVETIyy5iF_RCDbcwBnyTkIe8", + "qi": "mbnk1BlUoAQMZ3hrbWpMNxF120_DAvag_eprSBsaThgVFQKtf32Eh6M5O9BbXF_q8bFN3sTVCLO8Wx7jJHNlErJchzsMJx3M6ekytJ3X5pfBm1EctLDQQNLo9Z4ll2MlgfGXZikCYx1RF1wZOsdvpv_q-FT3T7EvXgJfsDCh-n8", + "use": "sig", + "alg": "RS256", + "kty": "RSA", + "kid": "rsa1" + } + ] +} \ No newline at end of file diff --git a/.github/integration/sda/aai-mock/userinfos/dummy-user.yaml b/.github/integration/sda/aai-mock/userinfos/dummy-user.yaml new file mode 100644 index 000000000..ae0ef3b97 --- /dev/null +++ b/.github/integration/sda/aai-mock/userinfos/dummy-user.yaml @@ -0,0 +1,33 @@ +web-display-name: "Dummy User - submitter" + +sub: "test@dummy.org" + +name: "Dummy User" +preferred-username: "dummyu" +given-name: "Dummy" +family-name: "User" +middle-name: "" +nickname: "duus" +locale: "EN" + +email: "test@dummy.org" +email-verified: True + +country: "eu" + +eduperson-entitlement: ["urn:geant:lifescience-ri.eu:group:researchers#lifescience-ri.eu"] + +voperson-external-affiliation: ["unknown@orcid.org", "affiliate@dummy.uni", "faculty@dummy.uni"] + +eduperson-orcid: "https://orcid.org/0000-0000-XXXX-XXXX" + +schac-home-organization: ["dummy.uni", "orcid.org"] + +eduperson-scoped-affiliation: ["affiliate@lifescience-ri.eu", "member@lifescience-ri.eu"] + +voperson-current-external-affiliation: ["affiliate@dummy.uni", "faculty@dummy.uni"] + +authenticating-entity: "https://idp.dummy.uni/mock" + +acr: "https://refeds.org/profile/mfa" +authn-instant: "2023-01-01T10:15:30Z" \ No newline at end of file diff --git a/.github/integration/sda/aai-mock/userinfos/test-user.yaml b/.github/integration/sda/aai-mock/userinfos/test-user.yaml new file mode 100644 index 000000000..54c2bd745 --- /dev/null +++ b/.github/integration/sda/aai-mock/userinfos/test-user.yaml @@ -0,0 +1,33 @@ +web-display-name: "Test User - admin" + +sub: "testu@lifescience-ri.eu" + +name: "Test User" +preferred-username: "testu" +given-name: "Test" +family-name: "User" +middle-name: "dummy" +nickname: "tedu" +locale: "EN" + +email: "testu@dummy.uni" +email-verified: True + +country: "eu" + +eduperson-entitlement: ["urn:geant:lifescience-ri.eu:group:researchers#lifescience-ri.eu"] + +voperson-external-affiliation: ["unknown@orcid.org", "affiliate@dummy.uni", "faculty@dummy.uni"] + +eduperson-orcid: "https://orcid.org/0000-0000-XXXX-XXXX" + +schac-home-organization: ["dummy.uni", "orcid.org"] + +eduperson-scoped-affiliation: ["affiliate@lifescience-ri.eu", "member@lifescience-ri.eu"] + +voperson-current-external-affiliation: ["affiliate@dummy.uni", "faculty@dummy.uni"] + +authenticating-entity: "https://idp.dummy.uni/mock" + +acr: "https://refeds.org/profile/mfa" +authn-instant: "2023-05-01T10:15:30Z" \ No newline at end of file diff --git a/.github/integration/sda/config.yaml b/.github/integration/sda/config.yaml index 50dfe73a2..e11150a37 100644 --- a/.github/integration/sda/config.yaml +++ b/.github/integration/sda/config.yaml @@ -77,17 +77,17 @@ c4gh: passphrase: "c4ghpass" oidc: - id: - jwkPath: /jwk - provider: http://oidc:8080 - redirectUrl: http://auth_oidc:8080/oidc/login - secret: + id: XC56EL11xx + jwkPath: jwk + provider: http://localhost:8800/oidc/ + redirectUrl: http://localhost:8801/oidc/login + secret: wHPVQaYXmdDHg server: cert: "" key: "" - jwtpubkeypath: "/shared/keys/pub/" - jwtpubkeyurl: "http://oidc:8080/jwk" + # jwtpubkeypath: "/shared/keys/pub/" + jwtpubkeyurl: "http://localhost:8800/oidc/jwk" sync: api: