shibui
Requirements_
- Java 17 (note that ONLY Java 17 is supported at this time; other later versions might work)
Running
There are currently 3 ways to run the application:
- As an executable WAR using Java
- Deployed in a Java Servlet 3.0 container such as Tomcat or Jetty
- Via Docker container - see instructions at https://spaces.at.internet2.edu/display/SMMU/Shibboleth+IdP+UI+Deployment+Instructions
Note that some features require encoded slashes in the URL. In tomcat (which is embedded in the war), this can be allowed with:
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
In Apache HTTPD, you'll need something like:
<VirtualHost *:80>
AllowEncodedSlashes NoDecode
ServerName shibui.unicon.net
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
Running as an executable
java -jar shibui.war
For complete information on overriding default configuration, see [https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html].
Deploying as a WAR
The application can be deployed as a WAR file in a Java Servlet 3.0 container.
To override default configuration, see [https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html]. The easiest way to do this in a servlet container is through the use of system properties
Authentication
Currently, the application is wired with very simple authentication. A password for the user root
can be set with the shibui.default-password property.
Default Properties
This is a reflection of the default application.properties file included in the distribution. Note that lines
beginning with # are commented out.
# Server Configuration
#server.port=8080
# Logging Configuration
#logging.config=classpath:log4j2.xml
#logging.level.org.springframework.web=ERROR
# Database Credentials
spring.datasource.username=shibui
spring.datasource.password=shibui
# Database Configuration H2
spring.datasource.url=jdbc:h2:mem:shibui;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
spring.datasource.platform=h2
spring.datasource.driverClassName=org.h2.Driver
spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
spring.h2.console.enabled=true
# Database Configuration PostgreSQL
#spring.datasource.url=jdbc:postgresql://localhost:5432/shibui
#spring.datasource.driverClassName=org.postgresql.Driver
#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
#Maria/MySQL DB
#spring.datasource.url=jdbc:mariadb://localhost:3306/shibui
#spring.datasource.driverClassName=org.mariadb.jdbc.Driver
#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MariaDBDialect
#Tomcat specific DataSource props. Do we need these?
#spring.datasource.tomcat.maxActive=100
#spring.datasource.tomcat.minIdle=10
#spring.datasource.tomcat.maxIdle=10
#spring.datasource.tomcat.initialSize=50
#spring.datasource.tomcat.validationQuery=select 1
# Hibernate properties
# for production never ever use create, create-drop. It's BEST to use validate
spring.jpa.hibernate.ddl-auto=create
spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyJpaCompliantImpl
spring.jpa.show-sql=false
spring.jpa.properties.hibernate.format_sql=false
spring.jpa.hibernate.use-new-id-generator-mappings=true
shibui.metadata-dir=/opt/shibboleth-idp/metadata/generated
shibui.logout-url=/dashboard
spring.profiles.active=default
# Password for the default user. If not set, a password will be generated at startup
#shibui.default-password=
springdoc.use-management-port=true
springdoc.pathsToMatch=/entities, /api/**
# This property enables the openapi and swagger-ui endpoints to be exposed beneath the actuator base path.
management.endpoints.web.exposure.include=openapi, swagger-ui
management.server.port=9090
Random SQL
Get Release attributes for a given entity id
select xs_stringvalue
from xsstring
where id in (select attribute_values_id
from attribute_abstractxmlobject
where attribute_id = (select id
from attribute
where id in (select attributes_id
from entity_attributes_attribute
where entity_attributes_id = (select unknownxmlobjects_id
from abstract_element_extensiblexmlobject_abstractxmlobject
where abstract_element_extensiblexmlobject_id =
(select extensions_id from entity_descriptor where entityid = 'someentityid')))
and name = 'http://shibboleth.net/ns/attributes/releaseAllValues'))Get Relying Party Overrides by entity id
with join_table as (select rpo.id1,
rpo.id2
from (select attribute_id id1, attribute_values_id id2
from attribute_abstractxmlobject
where attribute_id in (select id
from attribute
where id in (select attributes_id
from entity_attributes_attribute
where entity_attributes_id = (select unknownxmlobjects_id
from abstract_element_extensiblexmlobject_abstractxmlobject
where abstract_element_extensiblexmlobject_id =
(select extensions_id from entity_descriptor where entityid = 'someentityid'))))) as rpo)
select attribute_1.name relying_party_override,
attribute_2.value
from join_table
inner join
attribute as attribute_1
on join_table.id1 = attribute_1.id
inner join
(select id, stored_value value from xsboolean
UNION
select id, CAST(int_value AS varchar) value from xsinteger
UNION
select id, xs_stringvalue value from xsstring
UNION
select id, text_context value from xsany) as attribute_2
on join_table.id2 = attribute_2.id
where value is not null and value != ''
