Skip to content
Permalink
Newer
Older
100644 65 lines (45 sloc) 3.08 KB
Oct 13, 2017
1
## Overview
2
This set of docker images supports a demonstration of the TIER architecture, and
3
how it can be used for role-based access control (RBAC) in a complex setting.
4
For more information about this demo, see [Tier Canvas Provisioning Demo -
5
TechEx
6
2017](https://docs.google.com/presentation/d/1RT448nvR3gZ2hFUteqSQ6LgOYMwlgua0x0hQBZFrVWE/edit#slide=id.p)
7
babb
Oct 13, 2017
8
The Group Docker image is based on Unicon's work, and relies on a seperate MySQL container for subject source and grouper's own database. The Grouper component has the Grouper UI, Grouper Web Services, and an active Grouper Daemon which runs the Grouper Loader. The Grouper loader kicks off all loader jobs and AMQP Message Publisher every 10 seconds, so changes are rapidly propagated through the demo.
Oct 13, 2017
9
10
> This image does not follow best Docker practices. It is intended from demo/class usage. It can also be useful for use as a base image for Grouper development.
11
babb
Oct 13, 2017
12
This demo also includes a working version of using an attribute on a group to restrict release of group information via isMemberOf to only specific SPs. Original write-up: https://spaces.internet2.edu/display/Grouper/UW-Madison+Group+Membership+Delivery+to+Shibboleth
13
Oct 13, 2017
14
## Building
15
16
To build the demo:
17
18
```
19
./build.sh
20
```
21
In order to configure the Canvas provisioning components, you'll need a Canvas
22
instance and will need to generate an API key. Please see [Getting Started With
23
the Canvas
24
API](https://canvas.instructure.com/courses/785215/pages/getting-started-with-the-api)
25
for more information about this.
26
27
There are a number of containers in the demo, so you may need to increase RAM
babb
Oct 13, 2017
28
devoted to Docker. The demo seems to run well with 4 CPUs and 8GB.
Oct 13, 2017
29
30
## Running
31
32
To run the demo:
33
34
```
35
$ docker-compose up
Oct 13, 2017
36
```
37
babb
Oct 13, 2017
38
You can log into the Grouper UI with "tjordan/12345". The account is a sysadmin. Through the back door (port 8080), anyone can access Grouper but through the portal proxy, the user will need to be a member of app:grouper:users. There are lots of "user" accounts that can be enrolled in courses and granted access to various parts of the demo. You can view them all at http://localhost:3000/users.
Oct 13, 2017
39
babb
Oct 13, 2017
40
The LDAP admin bind account is "cn=admin,dc=example,dc=edu/password". The MySql admin account is "root/<nopassword>". There are a few schemas here for the SIS app (used as subject source) and Grouper's own database
Oct 13, 2017
41
babb
Oct 13, 2017
42
## Published Ports / Where to Go
43
babb
Oct 13, 2017
44
* https://localhost:9443 -> Portal/Proxy web app
45
* https://localhost:443 -> ShibIdP
46
* localhost:3306 -> MySQL Database
47
* localhost:389 -> LDAP...used only for authentication
48
* http://localhost:8080 -> Grouper Back Door. Uses LDAP auth.
49
* http://localhost:15672 -> RabbitMQ Web Interface (log in with guest/guest)
50
* http://localhost:3000 -> SIS Web App. Use to add / edit users, and enroll them in courses
Oct 13, 2017
51
52
53
## Authors
54
* James Babb (james.babb@wisc.edu)
55
* Tom Jordan (tom.jordan@wisc.edu)
babb
Oct 13, 2017
56
* Jon Miner (jon.miner@wisc.edu)
Oct 13, 2017
57
* TIER API & Entity Registry Working Group (tier-api@internet2.edu)
58
59
* Based on Unicon Grouper Demo Container by:
60
* John Gasper (jgasper@unicon.net)
61
* David Langenberg (dlangenberg@unicon.net)
62
63
## LICENSE
64
65
You can’t perform that action at this time.