Skip to content

TIER/shib-idp-ui

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
ui
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

shibui

Requirements_

  • Java 17 (note that ONLY Java 17 is supported at this time; other later versions might work)

Running

There are currently 3 ways to run the application:

  1. As an executable WAR using Java
  2. Deployed in a Java Servlet 3.0 container such as Tomcat or Jetty
  3. Via Docker container - see instructions at https://spaces.at.internet2.edu/display/SMMU/Shibboleth+IdP+UI+Deployment+Instructions

Note that some features require encoded slashes in the URL. In tomcat (which is embedded in the war), this can be allowed with:

-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

In Apache HTTPD, you'll need something like:

<VirtualHost *:80>
    AllowEncodedSlashes NoDecode
    ServerName shibui.unicon.net
    ProxyPass / http://localhost:8080/ nocanon
    ProxyPassReverse / http://localhost:8080/
</VirtualHost>

Running as an executable

java -jar shibui.war

For complete information on overriding default configuration, see [https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html].

Deploying as a WAR

The application can be deployed as a WAR file in a Java Servlet 3.0 container.

To override default configuration, see [https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html]. The easiest way to do this in a servlet container is through the use of system properties

Authentication

Currently, the application is wired with very simple authentication. A password for the user root can be set with the shibui.default-password property.

Default Properties

This is a reflection of the default application.properties file included in the distribution. Note that lines beginning with # are commented out.

# Server Configuration
#server.port=8080


# Logging Configuration
#logging.config=classpath:log4j2.xml
#logging.level.org.springframework.web=ERROR

# Database Credentials
spring.datasource.username=shibui
spring.datasource.password=shibui

# Database Configuration H2
spring.datasource.url=jdbc:h2:mem:shibui;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
spring.datasource.platform=h2
spring.datasource.driverClassName=org.h2.Driver
spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
spring.h2.console.enabled=true


# Database Configuration PostgreSQL
#spring.datasource.url=jdbc:postgresql://localhost:5432/shibui
#spring.datasource.driverClassName=org.postgresql.Driver
#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect

#Maria/MySQL DB
#spring.datasource.url=jdbc:mariadb://localhost:3306/shibui
#spring.datasource.driverClassName=org.mariadb.jdbc.Driver
#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MariaDBDialect

#Tomcat specific DataSource props. Do we need these?
#spring.datasource.tomcat.maxActive=100
#spring.datasource.tomcat.minIdle=10
#spring.datasource.tomcat.maxIdle=10
#spring.datasource.tomcat.initialSize=50
#spring.datasource.tomcat.validationQuery=select 1

# Hibernate properties
# for production never ever use create, create-drop. It's BEST to use validate
spring.jpa.hibernate.ddl-auto=create
spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyJpaCompliantImpl
spring.jpa.show-sql=false
spring.jpa.properties.hibernate.format_sql=false

spring.jpa.hibernate.use-new-id-generator-mappings=true

shibui.metadata-dir=/opt/shibboleth-idp/metadata/generated
shibui.logout-url=/dashboard

spring.profiles.active=default

# Password for the default user. If not set, a password will be generated at startup
#shibui.default-password=

springdoc.use-management-port=true
springdoc.pathsToMatch=/entities, /api/**
# This property enables the openapi and swagger-ui endpoints to be exposed beneath the actuator base path.
management.endpoints.web.exposure.include=openapi, swagger-ui
management.server.port=9090

Random SQL

Get Release attributes for a given entity id

select xs_stringvalue
from xsstring
where id in (select attribute_values_id
             from attribute_abstractxmlobject
             where attribute_id = (select id
                                   from attribute
                                   where id in (select attributes_id
                                                from entity_attributes_attribute
                                                where entity_attributes_id = (select unknownxmlobjects_id
                                                                              from abstract_element_extensiblexmlobject_abstractxmlobject
                                                                              where abstract_element_extensiblexmlobject_id =
                                                                                    (select extensions_id from entity_descriptor where entityid = 'someentityid')))
                                     and name = 'http://shibboleth.net/ns/attributes/releaseAllValues'))

Get Relying Party Overrides by entity id

with join_table as (select rpo.id1,
                           rpo.id2
                    from (select attribute_id id1, attribute_values_id id2
                          from attribute_abstractxmlobject
                          where attribute_id in (select id
                                                 from attribute
                                                 where id in (select attributes_id
                                                              from entity_attributes_attribute
                                                              where entity_attributes_id = (select unknownxmlobjects_id
                                                                                            from abstract_element_extensiblexmlobject_abstractxmlobject
                                                                                            where abstract_element_extensiblexmlobject_id =
                                                                                                  (select extensions_id from entity_descriptor where entityid = 'someentityid'))))) as rpo)
select attribute_1.name relying_party_override,
       attribute_2.value
from join_table
         inner join
     attribute as attribute_1
     on join_table.id1 = attribute_1.id
         inner join
     (select id, stored_value value from xsboolean
      UNION
      select id, CAST(int_value AS varchar) value from xsinteger
      UNION
      select id, xs_stringvalue value from xsstring
      UNION
      select id, text_context value from xsany) as attribute_2
     on join_table.id2 = attribute_2.id
where value is not null and value != ''