Commit Graph

8 Commits (2395789c9d712233b9e37d55532448f864cab313)

Author SHA1 Message Date
Evilham 8cbff5b8c6
[saml] Rework SAML handling
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 08:39:40 +02:00
elena 993b5f0e24 fixed mysql-connector-python version. fixed mariadb conection user and pwd 2022-08-30 16:58:30 +02:00
Evilham cf05b9675c
[dd-sso] Fix minio issue and MailViews API
Email service sends a JSON with: {"config": {...}, "users": [...]}
2022-08-03 08:16:19 +02:00
Evilham ac66814947
[sso-admin] Fix permsissions for node_modules, ncq
node_modules needs proper permissions on image build and the Nextcloud
queue on run-time.

We also realised the user must be www-data for compatibility with the NC
image.
2022-08-01 23:04:39 +02:00
Evilham 7bf216ef69
[sso-admin] Change container not to run as root 2022-08-01 12:47:30 +02:00
Evilham c19ff6cd8d
[sso-admin] Add third-party integrations
The endpoints for the mail integration are added here.

The ThirdPartyIntegrationKeys class in admin.lib.keys is intended to be
used on both the sending and receiving part of communications.

Implementations in other languages should closely follow its design, so
we are sure communication happens as it is expected.

Broadly speaking:

- Each party receives a name (DD is always "DD") that is well-known to
  all communicating parties
- Each party sets up an endpoint sharing their public key in JWK format
  See: https://datatracker.ietf.org/doc/html/rfc7517
  And the many JWK implementations around. This class uses python-jose's
- In a key_store folder, the remote party's public key will be cached
  and the local private key will be generated and saved
- Any data exchanged between the two parties must:
  - Be first encrypted with the remote party's public key
    See: https://datatracker.ietf.org/doc/html/rfc7516
  - Then signed with the local party's private key, by adding its
    payload to a 'data' claim.
    See: https://datatracker.ietf.org/doc/html/rfc7515
  - Have an Authorization header with a signed JWT containing the local
    party's name as the 'kid' header.
    This aids the remote party in deciding which key needs to be used.
2022-07-31 12:18:13 +02:00
Evilham 64c0869e46
[sso-admin] Update requirements file 2022-07-29 19:28:42 +02:00
Evilham 78b0254ba0
DD education workspace
DD is the education workspace generated within the framework of Xnet's
Democratic Digitalisation Plan. It has been created and powered by Xnet,
families and promoting centres, IsardVDI, 3iPunt, MaadiX, eXO.cat,
Evilham and funded by the Directorate for Democratic Innovation, the
Barcelona City Council's Digital Innovation Commissioner, Social Economy
Commissioner, in collaboration with the Barcelona Education Consortium,
aFFaC and AirVPN.

DD can be used freely as long as this footer is included and the AGPLv3
license (https://www.gnu.org/licenses/agpl-3.0.en.html) is respected.

Trobareu meś informació en català a la documentació:
[https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.ca/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.ca/).

Más información en castellano en la documentación:
[https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.es/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.es/).

More info in English in the documentation:
[https://dd.digitalitzacio-democratica.xnet-x.net/docs/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/).

We thank the help of Miriam Carles, Cristian Ruiz, Anna Francàs,
Christopher Millard.
2022-07-10 12:15:47 +02:00