Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
canvas-demo-techex17/shib-idp/Dockerfile
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
99 lines (80 sloc)
4.23 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM centos:centos7 | |
MAINTAINER Unicon, Inc. | |
LABEL idp.java.version="8.0.121" \ | |
idp.jetty.version="9.3.16.v20170120" \ | |
idp.version="3.3.2" | |
ENV JETTY_HOME=/opt/jetty-home \ | |
JETTY_BASE=/opt/shib-jetty-base \ | |
JETTY_MAX_HEAP=2048m \ | |
JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=changeme \ | |
JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=changeme \ | |
PATH=$PATH:$JRE_HOME/bin | |
RUN yum -y update \ | |
&& yum -y install wget tar which apache-commons-dbcp apache-commons-pool mysql-connector-java \ | |
&& yum -y clean all | |
RUN set -x; \ | |
java_version=8.0.121; \ | |
zulu_version=8.20.0.5; \ | |
java_hash=e5f4b1d997e50ffe4998c68c8ec45403; \ | |
jetty_version=9.3.16.v20170120; \ | |
jetty_hash=f007648daa13799554a95c5ec31d44deac7e56b8; \ | |
idp_version=3.3.2; \ | |
idp_hash=ed9fbefd273199d2841d4045b2661671c53825ed3c7d52d38bfe516b39d5fc64; \ | |
dta_hash=2f547074b06952b94c35631398f36746820a7697; \ | |
useradd jetty -U -s /bin/false \ | |
# Download Java, verify the hash, and install \ | |
&& cd / \ | |
&& wget http://cdn.azul.com/zulu/bin/zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \ | |
&& echo "$java_hash zulu$zulu_version-jdk$java_version-linux_x64.tar.gz" | md5sum -c - \ | |
&& tar -zxvf zulu$zulu_version-jdk$java_version-linux_x64.tar.gz -C /opt \ | |
&& rm zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \ | |
&& ln -s /opt/zulu$zulu_version-jdk$java_version-linux_x64/jre/ /opt/jre-home \ | |
# Download Jetty, verify the hash, and install, initialize a new base \ | |
&& cd / \ | |
&& wget http://central.maven.org/maven2/org/eclipse/jetty/jetty-distribution/$jetty_version/jetty-distribution-$jetty_version.tar.gz \ | |
&& echo "$jetty_hash jetty-distribution-$jetty_version.tar.gz" | sha1sum -c - \ | |
&& tar -zxvf jetty-distribution-$jetty_version.tar.gz -C /opt \ | |
&& rm jetty-distribution-$jetty_version.tar.gz \ | |
&& ln -s /opt/jetty-distribution-$jetty_version/ /opt/jetty-home \ | |
# Config Jetty \ | |
&& cd / \ | |
&& cp /opt/jetty-home/bin/jetty.sh /etc/init.d/jetty \ | |
&& mkdir -p /opt/shib-jetty-base/modules /opt/shib-jetty-base/lib/ext /opt/shib-jetty-base/resources \ | |
&& cd /opt/shib-jetty-base \ | |
&& touch start.ini \ | |
&& /opt/jre-home/bin/java -jar ../jetty-home/start.jar --add-to-startd=http,https,deploy,ext,annotations,jstl \ | |
# Download Shibboleth IdP, verify the hash, and install \ | |
&& cd / \ | |
&& wget https://shibboleth.net/downloads/identity-provider/$idp_version/shibboleth-identity-provider-$idp_version.tar.gz \ | |
&& echo "$idp_hash shibboleth-identity-provider-$idp_version.tar.gz" | sha256sum -c - \ | |
&& tar -zxvf shibboleth-identity-provider-$idp_version.tar.gz -C /opt \ | |
&& rm /shibboleth-identity-provider-$idp_version.tar.gz \ | |
&& ln -s /opt/shibboleth-identity-provider-$idp_version/ /opt/shibboleth-idp \ | |
# Download the library to allow SOAP Endpoints, verify the hash, and place \ | |
&& cd / \ | |
&& wget https://build.shibboleth.net/nexus/content/repositories/releases/net/shibboleth/utilities/jetty9/jetty9-dta-ssl/1.0.0/jetty9-dta-ssl-1.0.0.jar \ | |
&& echo "$dta_hash jetty9-dta-ssl-1.0.0.jar" | sha1sum -c - \ | |
&& mv jetty9-dta-ssl-1.0.0.jar /opt/shib-jetty-base/lib/ext/ \ | |
# Copy in the MySQL jdbc library and the other stuff Shib needs for datasources | |
&& cd /opt/shib-jetty-base/lib/ext/ \ | |
&& ln -s /usr/share/java/mysql-connector-java.jar mysql-connector-java.jar \ | |
&& ln -s /usr/share/java/commons-pool.jar commons-pool.jar \ | |
&& ln -s /usr/share/java/commons-dbcp.jar commons-dbcp.jar \ | |
# Setting owner ownership and permissions on new items in this command | |
&& chown -R root:jetty /opt \ | |
&& chmod -R 640 /opt \ | |
&& chmod 750 /opt/jre-home/bin/java | |
COPY bin/ /usr/local/bin/ | |
COPY opt/shib-jetty-base/ /opt/shib-jetty-base/ | |
COPY opt/shibboleth-idp/ /opt/shibboleth-idp/ | |
# Setting owner ownership and permissions on new items from the COPY command | |
RUN mkdir /opt/shib-jetty-base/logs \ | |
&& chown -R root:jetty /opt/shib-jetty-base \ | |
&& chmod -R 640 /opt/shib-jetty-base \ | |
&& chmod -R 750 /opt/shibboleth-idp/bin \ | |
&& chmod 750 /usr/local/bin/run-jetty.sh /usr/local/bin/init-idp.sh | |
# copy in the custom configs | |
COPY customized-shibboleth-idp/ /opt/shibboleth-idp/ | |
# Opening 4443 (browser TLS), 8443 (mutual auth TLS) | |
EXPOSE 4443 8443 | |
CMD ["run-jetty.sh"] |