Custom look and feel for the viaa simplesamlphp idp
Configure the new meemoo theme by making following changes to /usr/local/idp-tst.hetarchief.be/simplesamlphp/config/config.php:
- Add meemoo module to the module.enable section (last line is added)
'module.enable' => [
'idp' => true,
'core' => true,
'admin' => true,
'saml' => true,
'ldap' => true,
'saml-idp' => true,
'authorize' => true,
'meemoo' => true
],
- Change available languages and remove all entries except english and dutch:
'language.available' => array(
'en', 'nl'
),
- Set the correct theme (remove current line 'theme.use' => 'themeviaa:.hetarchief...) and add:
'theme.use' => 'meemoo:meemootheme',
'theme.controller' => '\SimpleSAML\Module\meemoo\Controller\MeemooController',
- Add headers.security with less strict csp headers so that google tag manager and zendesk javascript can be loaded (external source):
'headers.security' => array(
'Content-Security-Policy' =>
"default-src 'self'; " .
"script-src 'self' 'unsafe-inline'; " .
"script-src-elem 'self' 'unsafe-inline' https://static.zdassets.com https://www.googletagmanager.com; " .
"style-src 'self' 'unsafe-inline'; " .
"object-src 'none'; " .
"base-uri 'self'; " .
"connect-src 'self' https://ekr.zdassets.com https://meemoo.zendesk.com https://*.google-analytics.com; " .
"font-src 'self'; " .
"media-src 'self' data:;" .
"img-src 'self' data:; " .
"manifest-src 'self'; ",
'X-Frame-Options' => 'SAMEORIGIN',
'X-Content-Type-Options' => 'nosniff',
'Referrer-Policy' => 'origin-when-cross-origin',
),
- Now copy the meemoo module with themed files and stylesheets to the modules inside the simplesampl deployed application:
cp -r saml-theme/saml_v2/modules/meemoo /usr/local/idp-tst.hetarchief.be/simplesamlphp-2.2.2/modules/
- Copy the locales folder to get correct english and dutch translation strings Inside the saml_v2/locales dir there are two folders nl and en that should be used to override and extend the default simple saml translation strings.
cp -r saml-theme/saml_v2/locales/* /usr/local/idp-tst.hetarchief.be/simplesamlphp-2.2.2/locales
- Set ENV VAR FOR OUR CUSTOM MeemooController that adds returnTo variable and SSUM_URL env var for customization.
Custom controller is located here:
/usr/local/idp-tst.hetarchief.be/simplesamlphp/modules/meemoo/src/Controller/MeemooController.php
(but is copied in previous steps already when we compied the meemoo module)
- Custom function to switch to correct platform language (also in config.php add this under language.cookie line)
'language.get_language_function' => array('\SimpleSAML\Module\meemoo\Controller\MeemooController', 'detectRelayLanguage'),
So now we call a STATIC function inside the custom meemoo controller that is copied in step 5. This reads the RelayState parameter passed by the platform and switches the current locale to correct language to match it.
- Set SSUM_URL environment variable to correct SSUM base url. This can be "https://account-qas.hetarchief.be" or "https://account.hetarchief.be" if this is not set the fallback is "https://account-qas.hetarchief.be". This will be used as the base url for the ssum server.
This can be done in the docker environment or you can directly use an apache config directive:
SetEnv SSUM_URL "https://account.hetarchief.be"
- Custom logout button in case 403 errors happen. The target platforms need to be put in the config/config.php and you can use regex for this like so:
'trusted.url.domains' => ['.*\.meemoo\.be', '.*\.hetarchief\.be'],
'trusted.url.regex' => true,
This allows a custom logout url that works when a login error happened (it allows you to go back to parent platform and try different login method)