Updated README

README.md

-# RAP IA2
+# Remote Authentication Portal
 
-## Installation and configuration
+An authentication portal supporting eduGAIN (using Shibboleth SP), social logins (Google, LinkedIn and Facebook) and X.509 certificates. Caller services always see an OIDC flow. Account linking and merging is supported. Currently used for authenticating on [IA2 services](https://sso.ia2.inaf.it).
 
-Requirements:
+## Docker demo
+
+A working demo using Docker Compose is available on docker folder. It includes also [IA2 Group Membership Service](https://www.ict.inaf.it/gitlab/ia2/ia2-gms) (groups management). The demo is configured only with the fake login mode (for functional testing purposes), but you can configure any social login (see config-example.yaml). eduGAIN and X.509 can't work inside this setup since proper TLS certificates and Shibboleth SP need to be installed.
+
+To start the demo:
+
+    docker-compose pull
+    docker-compose build
+    docker-compose up -d
+
+RAP is available on http://localhost:8080/rap-ia2
+
+After you performed a first login you can set your user as superadmin on GMS by running the following command:
+
+    docker exec -it <gms-db-container-id> bash -c "echo \"INSERT INTO gms_permission (group_id, user_id, permission, group_path) VALUES('ROOT', '1', 'ADMIN', '')\" | psql -U postgres"
 
-* Apache httpd server (tested on Apache/2.4.6)
-* PHP (5.4+), composer for dependecies
-* MySQL/MariaDB (tested on MariaDB 5.5.52)
-* PHP MySQL module
+Then you can create groups and memberships using the GMS UI (http://localhost:8081/gms).
 
-On Ubuntu:
+Cleanup:
 
-    sudo apt install apache2 mariadb-server libapache2-mod-php mariadb-server php7.2-xml php7.2-mbstring php-mysql php-curl php-yaml
+    docker-compose down
+    docker volume prune
 
-### PHP
+## Manual Installation
 
-Put RAP sources in `/var/www/html/rap-ia2`
+Requirements:
+
+* Apache httpd server
+* PHP (and composer for retrieving dependecies)
+* MySQL/MariaDB
 
-For installing PHP dependencies run:
+See the complete list of packages inside [base Dockerfile](docker/base-Dockerfile).
 
-    composer install
+Put RAP sources in `/var/www/html/rap-ia2` and install PHP dependencies with `composer install`.
 
 Install also the bcmath PHP package (used in X.509 parser).
 
@@ -31,70 +47,13 @@ Create a dedicated database and user:
     CREATE USER rap@localhost IDENTIFIED BY 'XXXXXX';
     GRANT ALL PRIVILEGES ON rap.* TO rap@localhost;
 
-Enable the event scheduler:
-
-* open MySQL configuration file (e.g. /etc/my.cnf, or /etc/mysql/mariadb.conf.d/*-server.cnf for MariaDB)
-* under the section [mysqld] set `event_scheduler=1`
-* restart MySQL
-
 Then run the setup script:
 
     mysql -u root -p <  sql/setup-database.sql
 
 ### Apache (httpd)
 
-* Enable .htaccess in rap folder:
-
-In Apache configuration (e.g. /etc/apache2/apache2.conf) add:
-
-    <Directory /var/www/html/rap-ia2/>
-        AllowOverride All
-    </Directory>
-
-* Enable Apache mod rewrite: `sudo a2enmod rewrite`
-* Configure a valid HTTPS certificate on the server
-* Configure X.509 client certificate authentication:
-
-        <Directory /var/www/html/rap-ia2/auth/x509/>
-            Options Indexes FollowSymLinks
-            AllowOverride None
-            Order allow,deny
-            allow from all
-            SSLVerifyClient require
-            SSLVerifyDepth 10
-            SSLOptions +ExportCertData
-        </Directory>
-
-* Shibboleth authentication:
-
-        <Directory /var/www/html/rap-ia2/auth/saml2/>
-            AuthType shibboleth
-            ShibRequestSetting requireSession 1
-            Require valid-user
-        </Directory>
-
-* Protect log directory:
-
-        <Directory /var/www/html/rap-ia2/logs/>
-            Order deny,allow
-            Deny From All
-        </Directory>
-
-* Protect RAP Web Service in Basic-Auth:
-
-        <Location "/rap-ia2/ws">
-            AuthType basic
-            AuthName RAP
-            AuthUserFile apachepasswd
-            Require valid-user
-        </Location>
-
-* Then creates a password file for RAP Web Service Basic-Auth:
-    * `cd /etc/httpd/`
-    * `htpasswd -c apachepasswd rap`
-        * The last command creates an hashed password for an user "rap" and store it in a file named apachepasswd.
-
-* Finally, restart the Apache server.
+See the [configuration file](docker/rap.conf) used in Docker image.
 
 ### Social networks
 
@@ -106,12 +65,14 @@ Before using social API it is necessary to register an application on each socia
 
 ### Configuration file
 
-Copy the `config-example.php` into `config.php` and edit it for matching your needs.
+Copy the `config-example.yaml` into `config.yaml` and edit it for matching your needs.
 
 ### Generate keypair
 
     php exec/generate-keypair.php
 
+A cron job for key rotation has to be set up.
+
 ### Logs directory
 
 Create the logs directory and assign ownership to the Apache user (usually www-data or apache)
@@ -119,21 +80,17 @@ Create the logs directory and assign ownership to the Apache user (usually www-d
     mkdir logs
     sudo chown www-data logs
 
-### Docker
-
-Database image:
-
-    docker build -f docker/db-Dockerfile --tag rap-ia2/database .
-
 ### Run Unit Tests and build code coverage report
 
 (XDebug or another code coverage driver needs to be installed; e.g. `sudo apt install php-xdebug`)
 
     ./vendor/bin/phpunit --bootstrap vendor/autoload.php --coverage-html build/coverage-report tests/
 
+DAO tests are disabled by default, unless the environment variable `TEST_DAO` has been set to `true`. DAO tests require a test database up and running (it can be started using the related Docker image).
+
 ## Additional information and developer guide
 
-See the wiki: https://www.ict.inaf.it/gitlab/zorba/rap-ia2/wikis/home
+See the wiki: https://www.ict.inaf.it/gitlab/ia2/rap-ia2/wikis/home
 
 ## Troubleshooting