Installation of hexaa-ui (for v2 RC)


The recommended place of the UI is on the same host where the backend is. This provides the best speed and thus user experience.

If the ui is co-hosted, ther is only one additional php extension you will need

  • php-mbstring

Set up apache + shibboleth protection

You should have an apache+shibboleth deployed beforehand. The shib instance must be configured to your needs and to release an permanent, non-targeted identifier in an Apache Environment variable (e.g. REMOTE USER)

Alias /hexaa /opt/hexaa-newui/web
<Directory /opt/hexaa-newui/web>
  AllowOverride All
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  require valid-user

Getting the code

Get the code by

git clone

Run composer

cd hexaa-newui
composer install

Expected warning.:

Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.

The composer will ask for configuration details. These can be adjusted by editing app/config/parameters.yml also. The values will be described below.

Generate html+css assets

php bin/console assetic:dump




And adjust the following parameters:

  • secret: this is a random string necessary for symfony.

The symfony suggestion is to generate this with the following command:

tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=40 count=1 2>/dev/null;echo

This secret is local (i.e. does not have to match the similar variable in backend)

  • hexaa_base_uri: the URI of the HEXAA API, ending with "/api/" e.g. https://yourserver/hexaa-backend/api/

  • hexaa_scoped_key This should be the same as defaultMasterKey in the hexaa-backend (the key part), or if you have created any, a scoped key (that allows administering only a subset of resources)

  • shib_auth_username_attribute The name of the Apache Environment variable in which Shibboleth populates the user name. e.g. REMOTE_USER, eppn

  • shib_auth_module_attribute The name of the attribute where Shibboleth puts the application ID (e.g Shib-Application-ID : default). This is for checking if there is a shibboleth session at all.

  • Shib Attribute Map

    • eppn: what is the name of the Apache Environment variable that contains the epp?
    • displayName: what is the name of the Apache Environment variable containing a displayname?
    • mail: what is the name of the Apache Environment variable containing the email?

eppn is mandatory, displayName, Email are optional.

Make sure that cache and logs are writeable:

chown -R root:www-data /opt/hexaa-newui/var
chmod -R g+rw /opt/hexaa-newui/var/

Edit web/app_dev.php -> un-comment "if" statement that prevents accessing from anywhere but localhost, or adjust as needed.

Clean the cache

sudo -u www-data bin/console c:c -e prod

Visit the configured web endpoint and try out!