The recommended place of the UI is on the same host where the backend is. This provides the best speed and thus user experience.
If the ui is co-hosted, ther is only one additional php extension you will need
Set up apache + shibboleth protection
You should have an apache+shibboleth deployed beforehand. The shib instance must be configured to your needs and to release an permanent, non-targeted identifier in an Apache Environment variable (e.g. REMOTE USER)
Alias /hexaa /opt/hexaa-newui/web <Directory /opt/hexaa-newui/web> AllowOverride All AuthType shibboleth ShibRequestSetting requireSession 1 require valid-user </Directory>
Getting the code
Get the code by
git clone https://github.com/hexaaproject/hexaa-newui.git
cd hexaa-newui composer install
Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.
The composer will ask for configuration details. These can be adjusted by editing
app/config/parameters.yml also. The values will be described below.
Generate html+css assets
php bin/console assetic:dump
And adjust the following parameters:
- secret: this is a random string necessary for symfony.
The symfony suggestion is to generate this with the following command:
tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=40 count=1 2>/dev/null;echo
This secret is local (i.e. does not have to match the similar variable in backend)
hexaa_base_uri: the URI of the HEXAA API, ending with "/api/" e.g. https://yourserver/hexaa-backend/api/
hexaa_scoped_key This should be the same as defaultMasterKey in the hexaa-backend (the key part), or if you have created any, a scoped key (that allows administering only a subset of resources)
shib_auth_username_attribute The name of the Apache Environment variable in which Shibboleth populates the user name. e.g. REMOTE_USER, eppn
shib_auth_module_attribute The name of the attribute where Shibboleth puts the application ID (e.g Shib-Application-ID : default). This is for checking if there is a shibboleth session at all.
Shib Attribute Map
- eppn: what is the name of the Apache Environment variable that contains the epp?
- displayName: what is the name of the Apache Environment variable containing a displayname?
- mail: what is the name of the Apache Environment variable containing the email?
eppn is mandatory, displayName, Email are optional.
- mailer config: see https://symfony.com/doc/current/reference/configuration/swiftmailer.html
Make sure that cache and logs are writeable:
chown -R root:www-data /opt/hexaa-newui/var chmod -R g+rw /opt/hexaa-newui/var/
Edit web/app_dev.php -> un-comment "if" statement that prevents accessing from anywhere but localhost, or adjust as needed.
Clean the cache
sudo -u www-data bin/console c:c -e prod
Visit the configured web endpoint and try out!