No description, website, or topics provided.
Ruby Perl HTML Shell CSS ApacheConf Other
Switch branches/tags
Nothing to show
Latest commit 6bb982f Oct 13, 2017 @babb babb committed on GitHub Enterprise Update README.md
Permalink
Failed to load latest commit information.
attribute-slammer initial Oct 13, 2017
canvas initial Oct 13, 2017
deps initial Oct 13, 2017
grouper initial Oct 13, 2017
midpoint initial Oct 13, 2017
shib-idp initial Oct 13, 2017
sis-app initial Oct 13, 2017
test-app initial Oct 13, 2017
.gitattributes Initial commit Oct 13, 2017
Makefile initial Oct 13, 2017
README.md Update README.md Oct 13, 2017
build.sh initial Oct 13, 2017
clean.sh initial Oct 13, 2017
docker-compose.yml initial Oct 13, 2017

README.md

Overview

This set of docker images supports a demonstration of the TIER architecture, and how it can be used for role-based access control (RBAC) in a complex setting. For more information about this demo, see Tier Canvas Provisioning Demo - TechEx 2017

The Group Docker image is based on Unicon's work, and relies on a seperate MySQL container for subject source and grouper's own database. The Grouper component has the Grouper UI, Grouper Web Services, and an active Grouper Daemon which runs the Grouper Loader. The Grouper loader kicks off all loader jobs and AMQP Message Publisher every 10 seconds, so changes are rapidly propagated through the demo.

This image does not follow best Docker practices. It is intended from demo/class usage. It can also be useful for use as a base image for Grouper development.

This demo also includes a working version of using an attribute on a group to restrict release of group information via isMemberOf to only specific SPs. Original write-up: https://spaces.internet2.edu/display/Grouper/UW-Madison+Group+Membership+Delivery+to+Shibboleth

Building

To build the demo:

./build.sh

In order to configure the Canvas provisioning components, you'll need a Canvas instance and will need to generate an API key. Please see Getting Started With the Canvas API for more information about this.

There are a number of containers in the demo, so you may need to increase RAM devoted to Docker. The demo seems to run well with 4 CPUs and 8GB.

Running

To run the demo:

$ docker-compose up

You can log into the Grouper UI with "tjordan/12345". The account is a sysadmin. Through the back door (port 8080), anyone can access Grouper but through the portal proxy, the user will need to be a member of app:grouper:users. There are lots of "user" accounts that can be enrolled in courses and granted access to various parts of the demo. You can view them all at http://localhost:3000/users.

The LDAP admin bind account is "cn=admin,dc=example,dc=edu/password". The MySql admin account is "root/". There are a few schemas here for the SIS app (used as subject source) and Grouper's own database

Published Ports / Where to Go

Authors

LICENSE