CU Auth

[woodseowl]

Changes

• Composer updates
• .env.example updates to get a little closer to good defaults
• Requires cornell-custom-dev/laravel-cu-auth
• Wraps /examples in authorization with CUAuthorizeUser for user provisioning and adds Log In / Log Out to utility nav
• Documents how to useCUAuth

Review

Setup

• Pull files locally and run composer setup to assure things are installed
  • You may need to add an auth.json if you haven't before. I can help with credentials needs for Flux
• Update your .env file to include: REMOTE_USER=test123, but with your netid instead of "test123"
• Run php artisan optimize to load the updated config

Feature Test

• Visit the site and see "Log In" in the utility nav at the top
• Go to one of the examples in the main menu and see that the utility nav now shows "Log Out"
• Click "Log Out" and see that you go back to the home page and "Log In" shows in the utility nav again

Code Review

• See how /routes/examples.php has the CUAuth middleware to wrap any pages that need an authenticated user
• Review how /app/Listeners/CUAuthorizeUser.php grabs the information from the identity to create a user. This listener is likely to need to be adjusted for the particular needs of each app that uses cd-laravel-base.
• Review /config/cu-auth.php, which generally has defaults that do not need to be changed, but allows for configuration to be set here per app or per installation.
• Review README.md updates for clarity and accuracy.

Additional Context

• This setup is defaulting to use mod_shib, which requires Media3 to set it up and has more admin overhead than the SAML PHP Toolkit option
• The SAML PHP Toolkit is NOT SimpleSAMLphp. It is the same SAML PHP Toolkit used by our WP and Drupal SAML modules.
• If you change your local .env to have CU_AUTH_IDENTITY_MANAGER=php-saml (i.e., SAML PHP Toolkit) you can fully test the Cornell shibboleth integration locally instead of spoofing it with a REMOTE_USER