initial for IdP 4.1.0

Dockerfile.template

@@ -11,7 +11,7 @@ ARG SHBEDWAPP=config/shib-idp/edit-webapp
 ARG SHBMSGS=config/shib-idp/messages
 ARG SHBMD=config/shib-idp/metadata
 
-# copy in the needed config files
+# copy in those needed config files
 ADD ${TOMCFG} /usr/local/tomcat/conf
 ADD ${TOMCERT} /opt/certs
 ADD ${TOMWWWROOT} /usr/local/tomcat/webapps/ROOT
@@ -22,4 +22,12 @@ ADD ${SHBCREDS} /opt/shibboleth-idp/credentials
 #ADD ${SHBMSGS} /opt/shibboleth-idp/messages
 ADD ${SHBMD} /opt/shibboleth-idp/metadata
 
+# new for 4.1.0: install the Duo OIDC integration
+#      https://wiki.shibboleth.net/confluence/display/IDPPLUGINS/DuoOIDCAuthnConfiguration
+# For unattended install of plugins, trust must be manually bootstrapped.  You should never automate the retreival of this file (like this) for production.
+#ADD https://github.internet2.edu/raw/docker/ShibbIdP_ConfigBuilder_Container/master/oidc-common-truststore.asc /opt/shibboleth-idp/credentials/net.shibboleth.idp.plugin.authn.duo.nimbus/truststore.asc
+#ADD https://github.internet2.edu/raw/docker/ShibbIdP_ConfigBuilder_Container/master/duo-oidc-truststore.asc /opt/shibboleth-idp/credentials/net.shibboleth.oidc.common/truststore.asc
+#install the plugins
+#RUN /opt/shibboleth-idp/bin/plugin.sh --noPrompt -i https://shibboleth.net/downloads/identity-provider/plugins/oidc-common/1.0.0/oidc-common-dist-1.0.0.zip
+#RUN /opt/shibboleth-idp/bin/plugin.sh --noPrompt -i https://shibboleth.net/downloads/identity-provider/plugins/duo-oidc/1.0.0/idp-plugin-duo-nimbus-dist-1.0.0.zip
 

common.bash

@@ -2,4 +2,4 @@ registry="docker.io"
 maintainer="tier"
 basename="shibbidp_configbuilder_container"
 imagename="shibbidp_configbuilder_container"
-version="0.5"
+version="0.7"

configBuilder.sh

@@ -7,9 +7,9 @@ cd /scriptrun
 
 
 # script config items
-SHB_CFG_URL=https://github.internet2.edu/docker/shib-idp-conftree/archive/4.0-InCommon.zip
+SHB_CFG_URL=https://github.internet2.edu/docker/shib-idp-conftree/archive/4.1-InCommon.zip
 TOM_CFG_URL=https://github.internet2.edu/docker/shib-idp-tomcat-config/archive/master.zip
-TMP_DIR_S=/tmp/4.0-InCommon
+TMP_DIR_S=/tmp/4.1-InCommon
 TMP_DIR_T=/tmp/tomcfg
 TMP_DIR_D=/tmp/buildfiles
 
@@ -78,14 +78,14 @@ unzip -o -d ${TMP_DIR_T} ${TMP_DIR_T}.zip > /dev/null 2>&1
 ### cp relevant folders from expanded zip to appropriate locations at $PWD/* ###
 ################################################################################
 #
-cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/idp.properties ${SHBCFG}
-cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/ldap.properties ${SHBCFG}
-cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/metadata-providers.xml ${SHBCFG}
-cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/attribute-resolver.xml ${SHBCFG}
-cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/attribute-filter.xml ${SHBCFG}
-cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/logback.xml ${SHBCFG}
-cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/credentials/inc-md-cert-mdq.pem ${SHBCREDS}
-cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/credentials/sealer.kver ${SHBCREDS}
+cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.1-InCommon/conf/idp.properties ${SHBCFG}
+cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.1-InCommon/conf/ldap.properties ${SHBCFG}
+cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.1-InCommon/conf/metadata-providers.xml ${SHBCFG}
+cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.1-InCommon/conf/attribute-resolver.xml ${SHBCFG}
+cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.1-InCommon/conf/attribute-filter.xml ${SHBCFG}
+cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.1-InCommon/conf/logback.xml ${SHBCFG}
+cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.1-InCommon/credentials/inc-md-cert-mdq.pem ${SHBCREDS}
+cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.1-InCommon/credentials/sealer.kver ${SHBCREDS}
 cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/conf/* ${TOMCFG}
 cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/wwwroot/* ${TOMWWWROOT}