Permalink
Find file Copy path
9041b3c Aug 3, 2018
1 contributor

Users who have contributed to this file

executable file 128 lines (107 sloc) 4.35 KB
#!/bin/bash
# COmanage Registry Shibboleth SP Dockerfile entrypoint
#
# Portions licensed to the University Corporation for Advanced Internet
# Development, Inc. ("UCAID") under one or more contributor license agreements.
# See the NOTICE file distributed with this work for additional information
# regarding copyright ownership.
#
# UCAID licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with the
# License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
if [ -n "$COMANAGE_DEBUG" ]
then
OUTPUT=/dev/stdout
else
OUTPUT=/dev/null
fi
# Configuration details that may be injected through environment
# variables or the contents of files.
#
# SHIBBOLETH_SP_METADATA_PROVIDER_XML may also be injected in the
# same way but because of the presence of special characters in the
# XML it is handled differently.
injectable_config_vars=(
SHIBBOLETH_SP_ENTITY_ID
SHIBBOLETH_SP_CERT
SHIBBOLETH_SP_PRIVKEY
SHIBBOLETH_SP_SAMLDS_URL
)
# If the file associated with a configuration variable is present then
# read the value from it into the appropriate variable. So for example
# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its
# value points to a file on the file system then read the contents
# of that file into the variable COMANAGE_REGISTRY_DATASOURCE.
for config_var in "${injectable_config_vars[@]}"
do
eval file_name=\$"${config_var}_FILE";
if [ -e "$file_name" ]; then
payload=`cat $file_name`
declare "${config_var}"="${payload}"
fi
done
# If no shibboleth2.xml file is present then create one using
# injected information or defaults that are not particularly
# useful in a federated context but will allow shibd to start.
if [ ! -e /etc/shibboleth/shibboleth2.xml ]; then
cp /etc/shibboleth/shibboleth2.xml.template /etc/shibboleth/shibboleth2.xml
sed -i -e s@%%SHIBBOLETH_SP_ENTITY_ID%%@"${SHIBBOLETH_SP_ENTITY_ID:-https://comanage.registry/shibboleth}"@ /etc/shibboleth/shibboleth2.xml
sed -i -e s@%%SHIBBOLETH_SP_SAMLDS_URL%%@"${SHIBBOLETH_SP_SAMLDS_URL:-https://localhost/registry/pages/eds/index}"@ /etc/shibboleth/shibboleth2.xml
# The metadata provider injected input most likely contains special characters
# so use a sed script instead of simple substitution on the command line.
if [ -n "$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE" ]; then
xml_content_file="$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE"
else
xml_content_file=`/bin/mktemp`
echo ${SHIBBOLETH_SP_METADATA_PROVIDER_XML:-} > ${xml_content_file}
fi
sed_script_file=`/bin/mktemp`
cat > ${sed_script_file}<<EOF
/%%SHIBBOLETH_SP_METADATA_PROVIDER_XML%%/ {
r ${xml_content_file}
d
}
EOF
sed -i -f ${sed_script_file} /etc/shibboleth/shibboleth2.xml
chmod 0644 /etc/shibboleth/shibboleth2.xml
fi
# If defined use configured location of Shibboleth SP SAML certificate and key.
if [ -n "$SHIBBOLETH_SP_CERT" ]; then
cp "$SHIBBOLETH_SP_CERT" /etc/shibboleth/sp-cert.pem
chown shibd /etc/shibboleth/sp-cert.pem
chmod 0644 /etc/shibboleth/sp-cert.pem
fi
if [ -n "$SHIBBOLETH_SP_PRIVKEY" ]; then
cp "$SHIBBOLETH_SP_PRIVKEY" /etc/shibboleth/sp-key.pem
chown shibd /etc/shibboleth/sp-key.pem
chmod 0600 /etc/shibboleth/sp-key.pem
fi
# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it.
if [[ $ENV =~ .*";".* ]]; then
ENV=`echo $ENV | tr -d ';'`
export ENV
fi
if [[ $USERTOKEN =~ .*";".* ]]; then
USERTOKEN=`echo $USERTOKEN | tr -d ';'`
export USERTOKEN
fi
# If ENV or USERTOKEN as injected by the deployer contain a space remove it.
if [[ $ENV =~ [[:space:]] ]]; then
ENV=`echo $ENV | tr -d [:space:]`
export ENV
fi
if [[ $USERTOKEN =~ [[:space:]] ]]; then
USERTOKEN=`echo $USERTOKEN | tr -d [:space:]`
export USERTOKEN
fi
# Start the daemon.
export LD_LIBRARY_PATH=/opt/shibboleth/lib64
exec /usr/sbin/shibd -f -u shibd -g shibd -c /etc/shibboleth/shibboleth2.xml -p /var/run/shibboleth/shibd.pid -F