Skip to Main Content

Micro Services

Laboratory for Computer Science Research

LCSR User ID Platform Prototype Application Development & Deployment

Requirements

This application requires a modern webserver environment to run.

Dependencies:

  • Modern version of Apache2 (2.4.6 verified)
  • Modern version of PHP 8.1 (8.1.8 verified)
  • Modern version of PHP Composer (2.3.10 verified)

This application requires a TLS certificate to be installed on the web server.

 

Installation on CentOS 7

Installation instructions will vary based on the Linux distribution used. The following guide describes installation on CentOS 7 (in 2022), and will vary. Use the below as a guide and adapt to the specific installation scenario. This guide assumes that the service will be accessible at example.com.

  1. Start with bare CentOS 7 installation (with httpd installed)
  2. Create web root for service “mkdir /var/www/example.com”
  3. Create a virtual host for the service “vim /etc/httpd/conf.d/example.com.conf” with the following text… 
    <VirtualHost *:80> 
  ServerName example.com 

  Redirect / https://example.com/ 
</VirtualHost> 

<VirtualHost *:443> 
  ServerName example.com 
  DocumentRoot /var/www/example.com/public 

  SSLEngine on 
  SSLCertificateFile /etc/httpd/ssl/example.com.crt 
  SSLCertificateKeyFile /etc/httpd/ssl/example.com.key

  <IfModule mod_security2.c>
    SecRuleEngine Off
  </IfModule>

  <Directory /var/www/example.com/public>
    Options Indexes FollowSymLinks
    AllowOverride all
    Require all granted
  </Directory> 
</VirtualHost>
  4. Install TLS certificate as indicated in configuration above
  5. Disable mod_nss (unused, mostly deprecated) “yum remove mod_nss”
  6. Enable Apache2 “systemctl enable apache2”
  7. Start Apache2 “service httpd start”
  8. Confirm Apache2 is accessible via web browser
  9. Remove legacy PHP 5.4 (yum remove php*)
  10. Install modern PHP 8.1 via following commands… 
    yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 
yum update 
yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm 
yum-config-manager --disable 'remi-php*' 
yum-config-manager --enable remi-php81 
yum -y install php php-{cli,fpm,mysqlnd,zip,devel,gd,mbstring,curl,xml,pear,bcmath,json,opcache,redis,memcache}
  11. Verify PHP 8.1 is installed “php -v”
  12. Install PHP Composer via following commands… 
    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" 
php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" 
php composer-setup.php 
php -r "unlink('composer-setup.php');" 
mv composer.phar /usr/bin/composer
  13. Verify Composer installation “composer –version”
  14. Restart Apache2 to apply changes “service httpd restart”
  15. Clone application into previously created web root
  16. In the provided local_deps directory, clone (from Git) both the Laravel ID client package and the Laravel Authz client package. These repositories are available on GitLab. They should be placed as such: 
  17. Upload or create .env file from .env.sample file. Update with applicable configuration settings for database.
  18. Generate a new crypto key “php artisan key:generate”
  19. Ensure webserver user owns service directory “chown -R www-data:www-data /var/www/example.com”
  20. Generate authentication and authorization tokens for the project on both the ID service (using “php artisan auth:newtoken {appId”) and the Authorization service (using “php artisan authz:newtoken {appId}”). Substitute these values into the .env file (“LCSR_AUTH_APP_TOKEN” and “AUTHZ_APP_TOKEN” respectively).
  21. Configure the app’s callback URL as an authorized callback within the ID service (e.x. https://example.com/auth/lcsr-id/callback).
  22. Ensure that the necessary resource and action is available on the Authorization service for the demonstration route (see “app/Http/Controllers/DemonstrationController.php” for specifics). If not, create it.
  23. Confirm service is available via web browser

About

The main page displays a login route that can be used to attempt authentication with the registered LCSR Identity Services instance in the .env file.

The application contains a number of demonstration routes that are available to test the LCSR Authorization Services instance. Out-of-the-box, the application checks policies for two AppRegistrations dubbed “Vouchers” and “GreatApp”. These can be easily changed in the code if necessary (app\Http\Controllers\DemonstrationController).

The application is easily extensible to allow for the testing of additional cases.