Feature: Add SRAM integration

[johanib]

List of things to discuss before this can be merged:

• Can we add a better description to docs/filter_commands.md?
• The part below * Continue to Consent/StepUp in library/EngineBlock/Corto/Module/Service/SRAMInterrupt.php is largely duplicated, but not 100%. I'm concerned this code has many scenario's that are tested via AssertionConsumer.php. The duplicated code here has no such coverage. So we should probably centralize it. But how?
• How should the merging of the attributes from SBS fuction? See tests/unit/OpenConext/EngineBlockBundle/Sbs/SbsAttributeMergerTest.php

[pablothedude]

This is an initial review mainly focusing on the code. This feature however should be thoroughly reviewed functionally before it's merged back and after all open todo's are addressed.

[pablothedude]

Should this be the default?

[mrvanes]

Ik ben aan het testen, maar loop tegen deze conditie aan in SRAMTestFilter:

if ($this->_serviceProvider->getCoins()->collabEnabled() === false) {
    return;
}

Hoe krijg ik die in manage, onder welke versie van manage (ik draai nu 9.0.0.1)?
Mist er misschien een row in de database voor collab_enabled?

[mrvanes]

Manage collabEnabled() problem has been solved. However, EB now gives me a "Session Lost" on returning to https://engine.dev.openconext.local/authentication/idp/process-sraminterrupt?ID=...
I see you have tested with sram.base_url served by EB itself so you may have lifted on more session information than you can count on in real life?

I suggest you use the SBS stub server that was originally included in my branch to test your redirects:
https://github.com/OpenConext/OpenConext-engineblock/tree/feature/sram-interrupt/sbs-stub

[johanib]

Manage collabEnabled() problem has been solved. However, EB now gives me a "Session Lost" on returning to https://engine.dev.openconext.local/authentication/idp/process-sraminterrupt?ID=... I see you have tested with sram.base_url served by EB itself so you may have lifted on more session information than you can count on in real life?

I suggest you use the SBS stub server that was originally included in my branch to test your redirects: https://github.com/OpenConext/OpenConext-engineblock/tree/feature/sram-interrupt/sbs-stub

The mock SBS does/should not need or rely on any session state. It receives the continue_url on the authz call, like in the example python script, and redirects the browser to that url when the interrupt is performed.
As it's only there for facilitating the functional tests and development, it does not support concurrent requests etc. It just stores the last received authz payload on filesystem.

When testing, does the ID=... contain an actual value?
If so, it seems like that value cannot be matched to a valid message request ID in the browser session.

[mrvanes]

Yes, the ?ID= parameter contains everything in the original continue_url. EngineBlock fails to continue on the contents of this continue_url. That's the bug. I would advice against testing this against an internal EB redirect but externalising, like this will be done in the real deploy.