trustchain-oc1-orchestral
/
idhub-docker
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: trustchain-oc1-orchestral:b791ee5c854e74ae6698908d6691c7846c7e4a3f
Branches Tags
trustchain-oc1-orchestral:main
..
compare: trustchain-oc1-orchestral:cd796ce26233440b52a7b7f0bf649bfa6588d2cd
Branches Tags
trustchain-oc1-orchestral:main

No commits in common. "b791ee5c854e74ae6698908d6691c7846c7e4a3f" and "cd796ce26233440b52a7b7f0bf649bfa6588d2cd" have entirely different histories.
b791ee5c85 ... cd796ce262

7 changed files with 4 additions and 142 deletions
Show Stats Expand all files Collapse all files

26
README.md
View File

@ -1,35 +1,22 @@
# Docker deployment of IdHub and tools # Docker deployment of IdHub and tools
## About the pilots and instances that this repository deploys ## About the pilots that this repository deploys
### Pilots
- **XO9B**: - **XO9B**:
- Instances:
- https://idhub1-xo9b.demo.pangea.org
- https://idhub2-xo9b.demo.pangea.org
- Motivation: The aim is to support an accreditation program for vulnerable people, exploring the value of using verifiable credentials to get services/benefits. - Motivation: The aim is to support an accreditation program for vulnerable people, exploring the value of using verifiable credentials to get services/benefits.
- Scenario: A vulnerable family obtains a benefit (internet connection fee discount) by presenting a verifiable credential to a connectivity provider entity. - Scenario: A vulnerable family obtains a benefit (internet connection fee discount) by presenting a verifiable credential to a connectivity provider entity.
Actors-> **XO9B**: IdHub1 (acting as a user wallet for families holding credentials issued by a social support organisation), **Connectivity provider entity**: Demo portal, IdHub2 (acting as verifier). The verifier portal incorporates verification capabalities and support to establish an OIDC4VP dialog with the user wallet for credential presentation (accreditation). Actors-> **XO9B**: IdHub1 (acting as a user wallet for families holding credentials issued by a social support organisation), **Connectivity provider entity**: Demo portal, IdHub2 (acting as verifier). The verifier portal incorporates verification capabalities and support to establish an OIDC4VP dialog with the user wallet for credential presentation (accreditation).
- **Setem**: - **Setem**:
- Instances:
- https://idhub1-setem.demo.pangea.org
- https://idhub2-setem.demo.pangea.org
- Motivation: Since SETEM is a federation, members of one of the federated entities (Setem BCN) can accredit their membership to other federation members (Setem Madrid) presenting a verifiable credential to obtain a discount. - Motivation: Since SETEM is a federation, members of one of the federated entities (Setem BCN) can accredit their membership to other federation members (Setem Madrid) presenting a verifiable credential to obtain a discount.
Actors-> **Setem BCN**: IdHub1 (acting as a user wallet for their members holding credentials issued by Setem BCN), **Setem Madrid**: Demo portal, IdHub 2 (acting as verifier). The verifier portal incorporates verification capabilities and support to establish an OIDC4VP dialog with the user wallet for credential presentation (accreditation). Actors-> **Setem BCN**: IdHub1 (acting as a user wallet for their members holding credentials issued by Setem BCN), **Setem Madrid**: Demo portal, IdHub 2 (acting as verifier). The verifier portal incorporates verification capabilities and support to establish an OIDC4VP dialog with the user wallet for credential presentation (accreditation).
- **Lafede**: - **Lafede**:
- Instance:
- https://idhub1-lafede.demo.pangea.org
- Motivation: Implementation of dual EIDAS1 and EIDAS2 compliant attestations as signed PDFS with public verifiable credentials exported as QR codes embedded in these documents. Member organisations and related persons of the Lafede federation request membership and training certificates. - Motivation: Implementation of dual EIDAS1 and EIDAS2 compliant attestations as signed PDFS with public verifiable credentials exported as QR codes embedded in these documents. Member organisations and related persons of the Lafede federation request membership and training certificates.
Actors-> **Lafede**: idHub Actors-> **Lafede**: idHub
- **Pangea**: - **Pangea**:
- Instances:
- https://idhub1-pangea.demo.pangea.org
- https://idhub2-pangea.demo.pangea.org
- Motivation: The case of Pangea as a web/internet service provider, with member organisations that receive services. These organisations have allocated several resources units (mail accounts, blogs, etc.). Only authorised users with a specific role should be able to access the Musician (Administration Control Panel of resources). - Motivation: The case of Pangea as a web/internet service provider, with member organisations that receive services. These organisations have allocated several resources units (mail accounts, blogs, etc.). Only authorised users with a specific role should be able to access the Musician (Administration Control Panel of resources).
- Scenarios: - Scenarios:
- Scenario 1-> 'Login with Organisation A (Idp)'. The staff members of organisation A, with the appropiate role, can authenticate themselves by providing their organisation credentials (username and password) to access a service in Pangea (Musician). - Scenario 1-> 'Login with Organisation A (Idp)'. The staff members of organisation A, with the appropiate role, can authenticate themselves by providing their organisation credentials (username and password) to access a service in Pangea (Musician).
@ -41,17 +28,8 @@
- Scenario 2-> 'Present a verifiable credential'. The staff members of organisation A, with the appropiate credentials, present them to Pangea in order to access the Musician service. - Scenario 2-> 'Present a verifiable credential'. The staff members of organisation A, with the appropiate credentials, present them to Pangea in order to access the Musician service.
Actors-> **Pangea**: IdP (goauthentik), IdHub (as verifier), Musician, Orchestra (with also nginx API rproxy). **Organisation A**: IdHub (as user wallet) Actors-> **Pangea**: IdP (goauthentik), IdHub (as verifier), Musician, Orchestra (with also nginx API rproxy). **Organisation A**: IdHub (as user wallet)
- **generic**: https://idhub.demo.pangea.org
- Motivation: For demo purposes, for showing other people different than the intended pilot what we do. It is currently similar to lafede pilot
### Instances - **test**: intended for software quality such as testing, CI/CD, etc.
- **autotest**:
- Instance: https://idhub-autotest.demo.pangea.org
- Motivation: regenerated on each commit, intended for automated and fast testing
- **nightly**:
- Instance: https://idhub-nightly.demo.pangea.org
- Motivation: intended for manual testing
## Installation ## Installation

2
build__all.sh
View File

@ -17,8 +17,6 @@ main() {
./build__pilot-lafede.sh ./build__pilot-lafede.sh
./build__instance-autotest.sh ./build__instance-autotest.sh
./build__pilot-generic.sh
./build__instance-nightly.sh
# pangea pilot the last because is the heavier # pangea pilot the last because is the heavier
# TODO enable it, temp disabled to optimize server resources # TODO enable it, temp disabled to optimize server resources

26
build__instance-nightly.sh
View File

@ -1,26 +0,0 @@
#!/bin/sh
set -e
set -u
# DEBUG
set -x
main() {
cd "$(dirname "${0}")"
# includes functions:
# common_start
# common_end
. ./build__common.sh
# vars used in common_start and end
target='instance-nightly'
persistence='n'
idhubs='idhub'
common_start
common_end
}
main "${@}"

25
build__pilot-generic.sh
View File

@ -1,25 +0,0 @@
#!/bin/sh
set -e
set -u
# DEBUG
set -x
main() {
cd "$(dirname "${0}")"
# includes functions:
# common_start
# common_end
. ./build__common.sh
# vars used in common_start and end
target='pilot-generic'
idhubs='idhub'
common_start
common_end
}
main "${@}"

4
docker-compose__instance-autotest.yml
View File

@ -17,8 +17,8 @@ services:
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER} - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD} - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL} - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=https://idhub-autotest.demo.pangea.org - DOMAIN=https://idhub.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub-autotest.demo.pangea.org - CSRF_TRUSTED_ORIGINS=https://idhub.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}

33
docker-compose__instance-nightly.yml
View File

@ -1,33 +0,0 @@
version: "3.9"
services:
idhub:
init: true
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
environment:
#- DEPLOYMENT=${IDHUB_PILOT_TEST__IDHUB_DEPLOYMENT}
# temp disable 2fa login
- DEPLOYMENT=DEVELOPMENT
- ADMIN_EMAIL=${IDHUB_PILOT_TEST__ADMIN_EMAIL}
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=https://idhub-nightly.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub-nightly.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- SUPPORTED_CREDENTIALS=['FederationMembership', 'CourseCredential']
ports:
- 9061:9001
volumes:
- ./idhub__instance-nightly:/opt/idhub

30
docker-compose__pilot-generic.yml
View File

@ -1,30 +0,0 @@
version: "3.9"
services:
idhub1:
init: true
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
environment:
- DEPLOYMENT=${IDHUB_DEPLOYMENT}
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- DOMAIN=https://idhub.demo.pangea.org
- CSRF_TRUSTED_ORIGINS=https://idhub.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- SUPPORTED_CREDENTIALS=['FederationMembership', 'CourseCredential']
ports:
- 9051:9001
volumes:
- ./idhub1__pilot-generic:/opt/idhub