Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
shib-idp-ui/README.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
167 lines (130 sloc)
6.55 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # shibui | |
| ## Requirements_ | |
| * Java 17 (note that ONLY Java 17 is supported at this time; other later versions might work) | |
| ## Running | |
| There are currently 3 ways to run the application: | |
| 1. As an executable WAR using Java | |
| 1. Deployed in a Java Servlet 3.0 container such as Tomcat or Jetty | |
| 1. Via Docker container - see instructions at https://spaces.at.internet2.edu/display/SMMU/Shibboleth+IdP+UI+Deployment+Instructions | |
| Note that some features require encoded slashes in the URL. In tomcat (which is embedded in the war), this can be | |
| allowed with: | |
| ``` | |
| -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true | |
| ``` | |
| In Apache HTTPD, you'll need something like: | |
| ``` | |
| <VirtualHost *:80> | |
| AllowEncodedSlashes NoDecode | |
| ServerName shibui.unicon.net | |
| ProxyPass / http://localhost:8080/ nocanon | |
| ProxyPassReverse / http://localhost:8080/ | |
| </VirtualHost> | |
| ``` | |
| ### Running as an executable | |
| `java -jar shibui.war` | |
| For complete information on overriding default configuration, see [https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html]. | |
| ### Deploying as a WAR | |
| The application can be deployed as a WAR file in a Java Servlet 3.0 container. | |
| To override default configuration, see [https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html]. | |
| The easiest way to do this in a servlet container is through the use of system properties | |
| ## Authentication | |
| Currently, the application is wired with very simple authentication. A password for the user `root` | |
| can be set with the `shibui.default-password` property. | |
| ## Default Properties | |
| This is a reflection of the default `application.properties` file included in the distribution. Note that lines | |
| beginning with `#` are commented out. | |
| ``` | |
| # Server Configuration | |
| #server.port=8080 | |
| # Logging Configuration | |
| #logging.config=classpath:log4j2.xml | |
| #logging.level.org.springframework.web=ERROR | |
| # Database Credentials | |
| spring.datasource.username=shibui | |
| spring.datasource.password=shibui | |
| # Database Configuration H2 | |
| spring.datasource.url=jdbc:h2:mem:shibui;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE | |
| spring.datasource.platform=h2 | |
| spring.datasource.driverClassName=org.h2.Driver | |
| spring.jpa.database-platform=org.hibernate.dialect.H2Dialect | |
| spring.h2.console.enabled=true | |
| # Database Configuration PostgreSQL | |
| #spring.datasource.url=jdbc:postgresql://localhost:5432/shibui | |
| #spring.datasource.driverClassName=org.postgresql.Driver | |
| #spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect | |
| #Maria/MySQL DB | |
| #spring.datasource.url=jdbc:mariadb://localhost:3306/shibui | |
| #spring.datasource.driverClassName=org.mariadb.jdbc.Driver | |
| #spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MariaDBDialect | |
| #Tomcat specific DataSource props. Do we need these? | |
| #spring.datasource.tomcat.maxActive=100 | |
| #spring.datasource.tomcat.minIdle=10 | |
| #spring.datasource.tomcat.maxIdle=10 | |
| #spring.datasource.tomcat.initialSize=50 | |
| #spring.datasource.tomcat.validationQuery=select 1 | |
| # Hibernate properties | |
| # for production never ever use create, create-drop. It's BEST to use validate | |
| spring.jpa.hibernate.ddl-auto=create | |
| spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyJpaCompliantImpl | |
| spring.jpa.show-sql=false | |
| spring.jpa.properties.hibernate.format_sql=false | |
| spring.jpa.hibernate.use-new-id-generator-mappings=true | |
| shibui.metadata-dir=/opt/shibboleth-idp/metadata/generated | |
| shibui.logout-url=/dashboard | |
| spring.profiles.active=default | |
| # Password for the default user. If not set, a password will be generated at startup | |
| #shibui.default-password= | |
| springdoc.use-management-port=true | |
| springdoc.pathsToMatch=/entities, /api/** | |
| # This property enables the openapi and swagger-ui endpoints to be exposed beneath the actuator base path. | |
| management.endpoints.web.exposure.include=openapi, swagger-ui | |
| management.server.port=9090 | |
| ``` | |
| ## Random SQL | |
| ### Get Release attributes for a given entity id | |
| ```sql | |
| select xs_stringvalue | |
| from xsstring | |
| where id in (select attribute_values_id | |
| from attribute_abstractxmlobject | |
| where attribute_id = (select id | |
| from attribute | |
| where id in (select attributes_id | |
| from entity_attributes_attribute | |
| where entity_attributes_id = (select unknownxmlobjects_id | |
| from abstract_element_extensiblexmlobject_abstractxmlobject | |
| where abstract_element_extensiblexmlobject_id = | |
| (select extensions_id from entity_descriptor where entityid = 'someentityid'))) | |
| and name = 'http://shibboleth.net/ns/attributes/releaseAllValues')) | |
| ``` | |
| ### Get Relying Party Overrides by entity id | |
| ```sql | |
| with join_table as (select rpo.id1, | |
| rpo.id2 | |
| from (select attribute_id id1, attribute_values_id id2 | |
| from attribute_abstractxmlobject | |
| where attribute_id in (select id | |
| from attribute | |
| where id in (select attributes_id | |
| from entity_attributes_attribute | |
| where entity_attributes_id = (select unknownxmlobjects_id | |
| from abstract_element_extensiblexmlobject_abstractxmlobject | |
| where abstract_element_extensiblexmlobject_id = | |
| (select extensions_id from entity_descriptor where entityid = 'someentityid'))))) as rpo) | |
| select attribute_1.name relying_party_override, | |
| attribute_2.value | |
| from join_table | |
| inner join | |
| attribute as attribute_1 | |
| on join_table.id1 = attribute_1.id | |
| inner join | |
| (select id, stored_value value from xsboolean | |
| UNION | |
| select id, CAST(int_value AS varchar) value from xsinteger | |
| UNION | |
| select id, xs_stringvalue value from xsstring | |
| UNION | |
| select id, text_context value from xsany) as attribute_2 | |
| on join_table.id2 = attribute_2.id | |
| where value is not null and value != '' | |
| ``` |