This repository has been archived by the owner. It is now read-only.
Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
COmanage/docker-comanage-shibboleth-sp-entrypoint
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
executable file
127 lines (107 sloc)
4.35 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# COmanage Registry Shibboleth SP Dockerfile entrypoint | |
# | |
# Portions licensed to the University Corporation for Advanced Internet | |
# Development, Inc. ("UCAID") under one or more contributor license agreements. | |
# See the NOTICE file distributed with this work for additional information | |
# regarding copyright ownership. | |
# | |
# UCAID licenses this file to you under the Apache License, Version 2.0 | |
# (the "License"); you may not use this file except in compliance with the | |
# License. You may obtain a copy of the License at: | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
if [ -n "$COMANAGE_DEBUG" ] | |
then | |
OUTPUT=/dev/stdout | |
else | |
OUTPUT=/dev/null | |
fi | |
# Configuration details that may be injected through environment | |
# variables or the contents of files. | |
# | |
# SHIBBOLETH_SP_METADATA_PROVIDER_XML may also be injected in the | |
# same way but because of the presence of special characters in the | |
# XML it is handled differently. | |
injectable_config_vars=( | |
SHIBBOLETH_SP_ENTITY_ID | |
SHIBBOLETH_SP_CERT | |
SHIBBOLETH_SP_PRIVKEY | |
SHIBBOLETH_SP_SAMLDS_URL | |
) | |
# If the file associated with a configuration variable is present then | |
# read the value from it into the appropriate variable. So for example | |
# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its | |
# value points to a file on the file system then read the contents | |
# of that file into the variable COMANAGE_REGISTRY_DATASOURCE. | |
for config_var in "${injectable_config_vars[@]}" | |
do | |
eval file_name=\$"${config_var}_FILE"; | |
if [ -e "$file_name" ]; then | |
payload=`cat $file_name` | |
declare "${config_var}"="${payload}" | |
fi | |
done | |
# If no shibboleth2.xml file is present then create one using | |
# injected information or defaults that are not particularly | |
# useful in a federated context but will allow shibd to start. | |
if [ ! -e /etc/shibboleth/shibboleth2.xml ]; then | |
cp /etc/shibboleth/shibboleth2.xml.template /etc/shibboleth/shibboleth2.xml | |
sed -i -e s@%%SHIBBOLETH_SP_ENTITY_ID%%@"${SHIBBOLETH_SP_ENTITY_ID:-https://comanage.registry/shibboleth}"@ /etc/shibboleth/shibboleth2.xml | |
sed -i -e s@%%SHIBBOLETH_SP_SAMLDS_URL%%@"${SHIBBOLETH_SP_SAMLDS_URL:-https://localhost/registry/pages/eds/index}"@ /etc/shibboleth/shibboleth2.xml | |
# The metadata provider injected input most likely contains special characters | |
# so use a sed script instead of simple substitution on the command line. | |
if [ -n "$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE" ]; then | |
xml_content_file="$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE" | |
else | |
xml_content_file=`/bin/mktemp` | |
echo ${SHIBBOLETH_SP_METADATA_PROVIDER_XML:-} > ${xml_content_file} | |
fi | |
sed_script_file=`/bin/mktemp` | |
cat > ${sed_script_file}<<EOF | |
/%%SHIBBOLETH_SP_METADATA_PROVIDER_XML%%/ { | |
r ${xml_content_file} | |
d | |
} | |
EOF | |
sed -i -f ${sed_script_file} /etc/shibboleth/shibboleth2.xml | |
chmod 0644 /etc/shibboleth/shibboleth2.xml | |
fi | |
# If defined use configured location of Shibboleth SP SAML certificate and key. | |
if [ -n "$SHIBBOLETH_SP_CERT" ]; then | |
cp "$SHIBBOLETH_SP_CERT" /etc/shibboleth/sp-cert.pem | |
chown shibd /etc/shibboleth/sp-cert.pem | |
chmod 0644 /etc/shibboleth/sp-cert.pem | |
fi | |
if [ -n "$SHIBBOLETH_SP_PRIVKEY" ]; then | |
cp "$SHIBBOLETH_SP_PRIVKEY" /etc/shibboleth/sp-key.pem | |
chown shibd /etc/shibboleth/sp-key.pem | |
chmod 0600 /etc/shibboleth/sp-key.pem | |
fi | |
# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it. | |
if [[ $ENV =~ .*";".* ]]; then | |
ENV=`echo $ENV | tr -d ';'` | |
export ENV | |
fi | |
if [[ $USERTOKEN =~ .*";".* ]]; then | |
USERTOKEN=`echo $USERTOKEN | tr -d ';'` | |
export USERTOKEN | |
fi | |
# If ENV or USERTOKEN as injected by the deployer contain a space remove it. | |
if [[ $ENV =~ [[:space:]] ]]; then | |
ENV=`echo $ENV | tr -d [:space:]` | |
export ENV | |
fi | |
if [[ $USERTOKEN =~ [[:space:]] ]]; then | |
USERTOKEN=`echo $USERTOKEN | tr -d [:space:]` | |
export USERTOKEN | |
fi | |
# Start the daemon. | |
export LD_LIBRARY_PATH=/opt/shibboleth/lib64 | |
exec /usr/sbin/shibd -f -u shibd -g shibd -c /etc/shibboleth/shibboleth2.xml -p /var/run/shibboleth/shibd.pid -F |