Vagrant: A box with Drupal 7 and simpleSAMLphp

English
Español

Angel Alvarado R.

Soft. and Data engineer.

23 Jan 2017

Vagrant:

A box with Drupal 7 and simpleSAMLphp

Configure SimplesaSAML using Vagrant in a trice.

Body:

Vagrant box and Drupal 7

The porpuse of this article is to help you to get started with SSO using Drupal 7 and simpleSAMLphp. While developing a custom solution for SSO I found myself reinventing the wheel every now and then; reinstalling all the libraries needed to set up my testing SSO environment.

That's why I decided to create a box with the tools needed to start testing out SSO with SimpleSAMLphp and Drupal. This box assumes you are using Drupal 7, SimpleSAMLphp 1.3 and simplesamlphp_auth or multiple_idp_simplesamlphp.

Taking advantages of tools like Vagrant, Ansible, Phansible, etc. I decided to take some of my favorites articles to automate Drupal development, here. This article assumes you have followed @dev_meshev's instructions to setup a Vagrant machine using Phansible at least through part 2 of the No More Excuses Series. This is her release and here is my release which you can use to follow the following steps.

Vagrant box SimpleSAMLphp

The next step is to set up simpleSAMLphp so Nginx recognizes it. We are using the same Vagrant configuration from part 2 of the No More Excuses Series. So far we have Drupal 7 under the directory www. Go ahead and download simplesamlphp and place it into a folder named simplesamlphp next to the www directory.

You'll have something like this:

tree vagrant

Open build/install.sh and add: sudo ln -sf $base/simplesamlphp /var/simplesaml under the symlink to the settings.php

#!/bin/bash
 
set -e
path=$(dirname "$0") #usually .
base=$(cd $path/.. && pwd) #keep track of root directory
drush="drush $drush_flags -y -r $base/www" #prepare drush command to receive argument and always accept(Y)
 
chmod -R +w $base/www/sites/default #Make sure  Drupal does not messes up with our permissions
chmod -R +w $base/cnf # keep our cnf writable
 
echo "Symlink settings.php into our Drupal.  "
ln -sf $base/cnf/settings.php $base/www/sites/default/ #from host to guest (vagrant/* folders are already sync by VirtualBox)
sudo ln -sf $base/simplesamlphp /var/simplesaml #from host to guest (vagrant/* folders are already sync by VirtualBox)
echo "Installing Drupal like a boss."
$drush si --site-name=no-excuses --account-pass=admin

The later lets us keep our library "outside" the Vagrant machine (in the shared directory). We will be editing several files in this directory and seems like the easiest solution. I'm sure there are better ways to handle the autoprovisioning of Drupal and SAML(i.e. using Composer), but let's keep it simple.

SimpleSAMLphp Nginx

We have to tell Nginx that 192.168.33.90/simplesaml points to /var/simplesaml/www. To do this, let's edit the ansible role ngix. We will add an alias. Add this to the template default.tpl located in ansible/roles/ngix/templates.

server {
    listen  80;
 
    root {{ nginx.docroot }};
    index index.html index.php;
 
    server_name {{ nginx.servername }};
 
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
 
    location /simplesaml {
        alias /var/simplesaml/www;
        try_files $uri $uri/ /index.php?$query_string;
        location ~ \.php(/|$) {
         fastcgi_split_path_info ^(.+?\.php)(/.+)$;
         fastcgi_param PATH_INFO $fastcgi_path_info;
         fastcgi_pass unix:/var/run/php5-fpm.sock;
         fastcgi_index index.php;
         include fastcgi_params;
        }
    }
 
    error_page 404 /404.html;
 
    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        root /usr/share/nginx/www;
    }
 
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Once your Vagrant machine is running take a look at /etc/nginx/sites-enabled and you'll see the template there.

Memcache

To configure Drupal 7 with simpleSAMLphp you need to store sessions in Memcache or Slq. We'll use Memcache. Add memcached to our Phansible config file all.yml : packages: [git, vim, sendmail, drush, unzip, zip, g++, libssl-dev, apache2-utils, openssl-blacklist, memcached]. And add the memcache and memcached to the PHP packages: [php5-gd, php5-cli, php5-curl, php5-mcrypt, php5-mysql, php5-xdebug, php5-memcached, php5-memcache, php5-dev, php5-ldap, php5-gmp, php5-common, php-pear]

all.yml will look like this:

---
server:
    install: '1'
    packages: [git, vim, sendmail, drush, unzip, zip, g++, libssl-dev, apache2-utils, openssl-blacklist, memcached]
    timezone: America/Chicago
    locale: en_US.UTF-8
vagrant_local:
    install: '1'
    vm: { base_box: trusty64, hostname: drupal7, ip: 192.168.33.99, memory: '2048', sharedfolder: ./, useVagrantCloud: '1', syncType: nfs }
nginx:
    install: '1'
    docroot: /vagrant/www
    servername: myApp.vb
mariadb:
    install: '1'
    root_password: drupal7
    database: drupal7
    user: drupal7
    password: drupal7
    dump: ''
php:
    install: '1'
    ppa: php5-5.6
    packages: [php5-gd, php5-cli, php5-curl, php5-mcrypt, php5-mysql, php5-xdebug, php5-memcached, php5-memcache, php5-dev, php5-ldap, php5-gmp, php5-common, php-pear]

Default SAML Configuration

In order to use simpleSAMLphp we need to configure the file simplesamlphp/config/config.php. I'll add my config.php file to cnf/. The minimum settings that have to be modified are:

'auth.adminpassword' => '1234',
'secretsalt' => 'defaultsecretsalt2',
'technicalcontact_email' => 'na2@example.org',
'store.type' => 'memcache',
'memcache_store.prefix' => 'd7',

I'll replace simplesaml/config/config.php with cnf/config.php in the provisioning script build/install.sh

#!/bin/bash
 
set -e
path=$(dirname "$0") # .
base=$(cd $path/.. && pwd) #keep track of root directory
drush="drush $drush_flags -y -r $base/www" #prepare drush command to receive argument and always accept(Y)
 
chmod -R +w $base/www/sites/default #Make sure  Drupal does not messes up with our permissions
chmod -R +w $base/cnf # keep our cnf writable
 
echo "Symlink settings.php into our Drupal.  "
ln -sf $base/cnf/settings.php $base/www/sites/default/ #from host to guest (vagrant/* folders are already sync by VirtualBox)
echo "Installing Drupal like a boss."
$drush si --site-name=no-excuses --account-pass=admin
echo "Configuring simplesamlphp."
cp $base/cnf/config.php $base/simplesamlphp/config/ #Use our settings
sudo ln -sf $base/simplesamlphp /var/simplesaml #from host to guest (vagrant/* folders are already sync by VirtualBox)
echo "Done."

Now you can run the Vagrant machine ($ vagrant up). Wait a few minutes and enjoy a fresh installation of Drupal 7 and SimpleSAMLphp.

You should see something similar to this:

Visit http://192.168.33.99 and http://192.168.33.99/simplesamlphp. You should be all set to start implementing SSO.

Our last step is to install & configure the Drupal simplesamlphp_auth module. From this point you can proceed and install your modules in /vagrant/www/sites/all/modules. However, it is not a good CI approach for our box. To accomplish a good CI you could download Drupal using the provisioning script (or following the no-excuses tutorial).

Simplesamlphp_auth

Based on the Drupal module instructions, at this point we have done the following steps:

Installation Overview

~~Install SimpleSAMLphp~~
Configure SimpleSAMLphp as a Service Provider
~~Install Drupal (if you haven't already)~~
Install simplesamlphp_auth module
Configure simplesamlphp_auth module
Activate the simplesamlphp_auth module

Don't know how to configure a Service Provider using simpleSAMLphp? Check out this article.

Last but not least, enjoy the release of the Vagrant box in github. If you didn't follow the instructions of this article just download-clone the repo/release and the provising script will download and configure Drupal and simplesamlphp under www and simplesamlphp directories (next to the ansible, cnf and build folders).