diff --git a/Gemfile b/Gemfile index d8ed78475fd..03ddced4f21 100644 --- a/Gemfile +++ b/Gemfile @@ -21,6 +21,7 @@ gem 'hashie' gem 'hiredis' gem 'http_accept_language' gem 'httparty' +gem 'identity-hostdata', github: '18F/identity-hostdata', branch: 'master' gem 'json-jwt' gem 'lograge' gem 'net-sftp' diff --git a/Gemfile.lock b/Gemfile.lock index de1fe741916..d0c1b8e57d3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,6 +11,13 @@ GIT logger savon +GIT + remote: https://github.com/18F/identity-hostdata.git + revision: b439d933afd8b1be0c89b3d76bb76ac73c0797cf + branch: master + specs: + identity-hostdata (0.2.0) + GIT remote: https://github.com/18F/identity-proofer-gem.git revision: b25f4f40e6b61fc9f586d870e5aaa90f1449c5d9 @@ -701,6 +708,7 @@ DEPENDENCIES http_accept_language httparty i18n-tasks + identity-hostdata! json-jwt lograge mandrill_dm diff --git a/config/service_providers.yml b/config/service_providers.yml index 9381036961b..6a9115cdad8 100644 --- a/config/service_providers.yml +++ b/config/service_providers.yml @@ -149,98 +149,29 @@ production: attribute_bundle: - email - 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:dev': - acs_url: 'https://sp-sinatra.dev.login.gov/consume' - assertion_consumer_logout_service_url: 'https://sp-sinatra.dev.login.gov/slo_logout' - sp_initiated_login_url: 'https://sp-sinatra.dev.login.gov/test/saml' + <% if LoginGov::Hostdata.in_datacenter? %> + 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:<%= LoginGov::Hostdata.env %>': + acs_url: 'https://sp-sinatra.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>/consume' + assertion_consumer_logout_service_url: 'https://sp-sinatra.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>/slo_logout' + sp_initiated_login_url: 'https://sp-sinatra.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>/test/saml' block_encryption: 'aes256-cbc' cert: 'sp_sinatra_demo' attribute_bundle: - email - 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:demo': - acs_url: 'https://sp-sinatra.demo.login.gov/consume' - assertion_consumer_logout_service_url: 'https://sp-sinatra.demo.login.gov/slo_logout' - sp_initiated_login_url: 'https://sp-sinatra.demo.login.gov/test/saml' - block_encryption: 'aes256-cbc' - cert: 'sp_sinatra_demo' - attribute_bundle: - - email - - 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:pt': - acs_url: 'https://sp-sinatra.pt.login.gov/consume' - assertion_consumer_logout_service_url: 'https://sp-sinatra.pt.login.gov/slo_logout' - sp_initiated_login_url: 'https://sp-sinatra.pt.login.gov/test/saml' - block_encryption: 'aes256-cbc' - cert: 'sp_sinatra_demo' - attribute_bundle: - - email - - 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:rails-dev': - acs_url: 'https://sp.dev.login.gov/auth/saml/callback' - assertion_consumer_logout_service_url: 'https://sp.dev.login.gov/auth/saml/logout' - sp_initiated_login_url: 'https://sp.dev.login.gov/login' - block_encryption: 'aes256-cbc' - cert: 'sp_rails_demo' - agency: 'A Gov Agency' - friendly_name: 'Demo SP Application' - logo: 'generic.svg' - return_to_sp_url: 'https://sp.dev.login.gov' - attribute_bundle: - - email - - 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:rails-demo': - acs_url: 'https://sp.demo.login.gov/auth/saml/callback' - assertion_consumer_logout_service_url: 'https://sp.demo.login.gov/auth/saml/logout' - sp_initiated_login_url: 'https://sp.demo.login.gov/login' - block_encryption: 'aes256-cbc' - cert: 'sp_rails_demo' - agency: 'A Gov Agency' - friendly_name: 'Demo SP Application' - logo: 'generic.svg' - return_to_sp_url: 'https://sp.demo.login.gov' - attribute_bundle: - - email - - 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:rails-int': - acs_url: 'https://sp.int.login.gov/auth/saml/callback' - assertion_consumer_logout_service_url: 'https://sp.int.login.gov/auth/saml/logout' - sp_initiated_login_url: 'https://sp.int.login.gov/login' + 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:rails-<%= LoginGov::Hostdata.env %>': + acs_url: 'https://sp.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>/auth/saml/callback' + assertion_consumer_logout_service_url: 'https://sp.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>/auth/saml/logout' + sp_initiated_login_url: 'https://sp.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>/login' block_encryption: 'aes256-cbc' cert: 'sp_rails_demo' agency: 'A Gov Agency' friendly_name: 'Demo SP Application' logo: 'generic.svg' - return_to_sp_url: 'https://sp.int.login.gov' - attribute_bundle: - - email - - - 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:rails-pt': - acs_url: 'https://sp.pt.login.gov/auth/saml/callback' - assertion_consumer_logout_service_url: 'https://sp.pt.login.gov/auth/saml/logout' - sp_initiated_login_url: 'https://sp.pt.login.gov/login' - block_encryption: 'aes256-cbc' - cert: 'sp_rails_demo' - agency: 'A Gov Agency' - friendly_name: 'Demo SP Application' - logo: 'generic.svg' - return_to_sp_url: 'https://sp.pt.login.gov' - attribute_bundle: - - email - - 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:rails-qa': - acs_url: 'https://sp.qa.login.gov/auth/saml/callback' - assertion_consumer_logout_service_url: 'https://sp.qa.login.gov/auth/saml/logout' - sp_initiated_login_url: 'https://sp.qa.login.gov/login' - block_encryption: 'aes256-cbc' - cert: 'sp_rails_demo' - agency: 'A Gov Agency' - friendly_name: 'Demo SP Application' - logo: 'generic.svg' - return_to_sp_url: 'https://sp.qa.login.gov' + return_to_sp_url: 'https://sp.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>' attribute_bundle: - email + <% end %> # Micro-purchase 'urn:gov:gsa:SAML:2.0.profiles:sp:sso:localhost-micropurchase': @@ -284,65 +215,19 @@ production: - email # Dashboard - 'https://dashboard.demo.login.gov': - friendly_name: 'Dashboard' - agency: 'GSA' - logo: '18f.svg' - acs_url: 'https://dashboard.demo.login.gov/users/auth/saml/callback' - assertion_consumer_logout_service_url: 'https://dashboard.demo.login.gov/users/auth/saml/logout' - sp_initiated_login_url: 'https://dashboard.demo.login.gov/users/auth/saml' - block_encryption: 'aes256-cbc' - cert: 'identity_dashboard_cert' - attribute_bundle: - - email - - 'https://dashboard.int.login.gov': - friendly_name: 'Dashboard' - agency: 'GSA' - logo: '18f.svg' - acs_url: 'https://dashboard.int.login.gov/users/auth/saml/callback' - assertion_consumer_logout_service_url: 'https://dashboard.int.login.gov/users/auth/saml/logout' - sp_initiated_login_url: 'https://dashboard.int.login.gov/users/auth/saml' - block_encryption: 'aes256-cbc' - cert: 'identity_dashboard_cert' - attribute_bundle: - - email - - 'https://dashboard.pt.login.gov': - friendly_name: 'Dashboard' - agency: 'GSA' - logo: '18f.svg' - acs_url: 'https://dashboard.pt.login.gov/users/auth/saml/callback' - assertion_consumer_logout_service_url: 'https://dashboard.pt.login.gov/users/auth/saml/logout' - sp_initiated_login_url: 'https://dashboard.pt.login.gov/users/auth/saml' - block_encryption: 'aes256-cbc' - cert: 'identity_dashboard_cert' - attribute_bundle: - - email - - 'https://dashboard.qa.login.gov': - friendly_name: 'Dashboard' - agency: 'GSA' - logo: '18f.svg' - acs_url: 'https://dashboard.qa.login.gov/users/auth/saml/callback' - assertion_consumer_logout_service_url: 'https://dashboard.qa.login.gov/users/auth/saml/logout' - sp_initiated_login_url: 'https://dashboard.qa.login.gov/users/auth/saml' - block_encryption: 'aes256-cbc' - cert: 'identity_dashboard_cert' - attribute_bundle: - - email - - 'https://dashboard.dev.login.gov': + <% if LoginGov::Hostdata.in_datacenter? %> + 'https://dashboard.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>': friendly_name: 'Dashboard' agency: 'GSA' logo: '18f.svg' - acs_url: 'https://dashboard.dev.login.gov/users/auth/saml/callback' - assertion_consumer_logout_service_url: 'https://dashboard.dev.login.gov/users/auth/saml/logout' - sp_initiated_login_url: 'https://dashboard.dev.login.gov/users/auth/saml' + acs_url: 'https://dashboard.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>/users/auth/saml/callback' + assertion_consumer_logout_service_url: 'https://dashboard.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>/users/auth/saml/logout' + sp_initiated_login_url: 'https://dashboard.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>/users/auth/saml' block_encryption: 'aes256-cbc' cert: 'identity_dashboard_cert' attribute_bundle: - email + <% end %> 'urn:gov:gsa:openidconnect:sp:sinatra': agency: 'GSA' @@ -351,12 +236,9 @@ production: logo: '18f.svg' redirect_uris: - 'http://localhost:9292/' - - 'https://sp-oidc-sinatra.dev.login.gov/' - - 'https://sp-oidc-sinatra.dm.login.gov/' - - 'https://sp-oidc-sinatra.int.login.gov/' - - 'https://sp-oidc-sinatra.pt.login.gov/' - - 'https://sp-oidc-sinatra.qa.login.gov/' - - 'https://sp-oidc-sinatra.staging.login.gov/' + <% if LoginGov::Hostdata.in_datacenter? %> + - 'https://sp-oidc-sinatra.<%= LoginGov::Hostdata.env %>.<%= LoginGov::Hostdata.domain %>/' + <% end %> # CBP Jobs 'urn:gov:dhs.cbp.jobs:openidconnect:cert': diff --git a/db/seeds.rb b/db/seeds.rb index 71e5d4f3c36..6445f22dd25 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -4,8 +4,8 @@ end # add config/service_providers.yml -service_providers = YAML.load_file(Rails.root.join('config', 'service_providers.yml')). - fetch(Rails.env, {}) +content = ERB.new(Rails.root.join('config', 'service_providers.yml').read).result +service_providers = YAML.load(content).fetch(Rails.env, {}) service_providers.each do |issuer, config| next if Figaro.env.chef_env == 'prod' && config['allow_on_prod_chef_env'] != 'true'