diff --git a/configBuilder.sh b/configBuilder.sh new file mode 100644 index 0000000..e5d6366 --- /dev/null +++ b/configBuilder.sh @@ -0,0 +1,669 @@ +#!/bin/bash + +#temp for container version +cd /scriptrun + + +# script config items +SHB_CFG_URL=https://github.internet2.edu/docker/shib-idp-conftree/archive/3.3release.zip +TOM_CFG_URL=https://github.internet2.edu/docker/shib-idp-tomcat-config/archive/master.zip +TMP_DIR_S=/tmp/3.3release +TMP_DIR_T=/tmp/tomcfg + +# default directories +TOMCFG=config/tomcat +TOMLOG=logs/tomcat +TOMCERT=credentials/tomcat +TOMWWWROOT=wwwroot +SHBCFG=config/shib-idp/conf +SHBCREDS=credentials/shib-idp +SHBVIEWS=config/shib-idp/views +SHBEDWAPP=config/shib-idp/edit-webapp +SHBMSGS=config/shib-idp/messages +SHBMD=config/shib-idp/metadata +SHBLOG=logs/shib-idp + +# logs +LOGFILE=${PWD}/setup.log + +# script variables (do not edit) +ORACLE_JAVA_APPROVAL=None +FQDN=None +SCOPE=None +LDAPURL=None +LDAPBASEDN=None +LDAPDN=None +LDAPPWD=None +SEALERPWD=None +TIER_TESTBED=None +BURNMOUNT=None + + +################################## +### ensure directory structure ### +################################## +mkdir -p config/tomcat +mkdir -p logs/tomcat +mkdir -p credentials/tomcat +mkdir -p wwwroot +mkdir -p config/shib-idp/conf +mkdir -p credentials/shib-idp +mkdir -p config/shib-idp/views +mkdir -p config/shib-idp/edit-webapp +mkdir -p config/shib-idp/messages +mkdir -p config/shib-idp/metadata +mkdir -p logs/shib-idp + + +############################################################## +### download default/TIER config for both shibb and tomcat ### +############################################################## +# +# first, check for wget +command -v wget >/dev/null 2>&1 || { echo >&2 "ERROR: wget is required, but doesn't appear to be installed. Aborting..."; exit 1; } + +wget -q -O ${TMP_DIR_S}.zip ${SHB_CFG_URL} > /dev/null +wget -q -O ${TMP_DIR_T}.zip ${TOM_CFG_URL} > /dev/null + + +###################### +### expand to /tmp ### +###################### +unzip -o -d ${TMP_DIR_S} ${TMP_DIR_S}.zip > /dev/null 2>&1 +unzip -o -d ${TMP_DIR_T} ${TMP_DIR_T}.zip > /dev/null 2>&1 + +################################################################################ +### cp relevant folders from expanded zip to appropriate locations at $PWD/* ### +################################################################################ +cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/conf/* ${SHBCFG} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/views/* ${SHBVIEWS} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/edit-webapp/* ${SHBEDWAPP} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/messages/* ${SHBMSGS} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/metadata/* ${SHBMD} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/credentials/* ${SHBCREDS} +cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/conf/* ${TOMCFG} +cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/wwwroot/* ${TOMWWWROOT} + + +##################################################### +### ask setup questions to aid in config building ### +##################################################### +# +# Get Oracle license agreement from the user +# +echo "" +echo "The Shibboleth IdP requires that you use Oracle Java. The Docker container " +echo "should be configured to download it for you as part of the Docker image build " +echo "process, but, before we proceed, you must agree to the Oracle Binary Code " +echo "License Agreement for Java SE (\"Oracle License\"). Please review:" +echo "" +echo " http://www.oracle.com/technetwork/java/javase/terms/license/index.html" +echo "" +echo "By agreeing to the Oracle License, you acknowledge that Internet2 is not" +echo "distributing the Java software and, to the extent an issue arises" +echo "related to your use of Oracle Java in the TIER software package, you and" +echo "Internet2 agree to hold each other harmless from any third party claims." +echo ""${PWD} +# +while [ ${ORACLE_JAVA_APPROVAL} == "None" ]; do + echo -n "Do you agree to the terms of the Oracle license [Yes/No]? " + read response + case $response in + Yes) + ORACLE_JAVA_APPROVAL=$response + ;; + No) + ORACLE_JAVA_APPROVAL=$response + ;; + *) + echo "Please respond with Yes or No" + esac +done +if [ ${ORACLE_JAVA_APPROVAL} != "Yes" ]; then + echo "" + echo "In order to use this implementation of the Shibboleth IdP, you must" + echo "use Oracle Java and thus agree to the terms of the Oracle license." + exit 0 +fi +# +# Get the FQDN of the server +# +echo "" +echo "" +echo "Please supply the Fully Qualified Domain Name (FQDN) of your Shibboleth IdP." +echo "We will use the information you enter here to configure your IdP." +echo "Note: for testing without DNS support (a common case), simply enter" +echo " the IPv4 address of your VM at the prompt below" +echo "" +while [ ${FQDN} == "None" ]; do + echo -n "Enter the FQDN or IP address of your server: " + read response + if [ ${#response} -lt 8 ]; then + echo "Remember, you need a FQDN or IP address" + continue + fi + echo -n "You entered: ${response} Is this correct [Yes/No]? " + read yesno + case $yesno in + Yes|yes|Y|y) + FQDN=$response + ;; + esac +done +#echo "FQDN is: $FQDN" + +# +# Get the Scope used for this IdP +# +echo "" +echo "" +echo "Please supply the correct scope for this IdP." +echo "This is typically your base domain: domain.edu" +echo "Enter your IP address if you are just testing." +echo "" +echo "We will use the information you enter here to configure your IdP." +echo "" +while [ ${SCOPE} == "None" ]; do + echo -n "Enter the Scope for your IdP: " + read response + if [ ${#response} -lt 5 ]; then + echo "Remember, you need domain - domain.edu or similar" + continue + fi + echo -n "You entered: ${response} Is this correct [Yes/No]? " + read yesno + case $yesno in + Yes|yes|Y|y) + SCOPE=$response + ;; + esac +done +#echo "Scope is: $SCOPE" + +# +# Get the LDAP URL for this deployment +# +echo "" +echo "" +echo "Please supply the full LDAP URL for your backend authentication and/or " +echo "attribute store used by your Shibboleth IdP. (e.g. ldap://myldap.domain.edu)" +echo "We will use the information you enter here to configure your IdP." +echo "" +while [ ${LDAPURL} == "None" ]; do + echo -n "Enter the LDAP URL used for your IdP: " + read response + if [ ${#response} -lt 10 ]; then + echo "Remember, you need a full LDAP URL (starts with ldap:// or ldaps://)" + continue + fi + echo -n "You entered: ${response} Is this correct [Yes/No]? " + read yesno + case $yesno in + Yes|yes|Y|y) + LDAPURL=$response + ;; + esac +done +#echo "LDAP URL is: $LDAPURL" + +# +# Get the LDAP BaseDN for this deployment +# +echo "" +echo "" +echo "Please supply the LDAP Base DN for your LDAP Server " +echo " (e.g. ou=people,dc=example,dc=org)." +echo "We will use the information you enter here to configure your IdP." +echo "" +while [ ${LDAPBASEDN} == "None" ]; do + echo -n "Enter the LDAP Base DN used for your LDAP Server: " + read response + if [ ${#response} -lt 10 ]; then + echo "Remember, you need the full LDAP Base DN." + continue + fi + echo -n "You entered: ${response} Is this correct [Yes/No]? " + read yesno + case $yesno in + Yes|yes|Y|y) + LDAPBASEDN=$response + ;; + esac +done +#echo "LDAP Base DN is: $LDAPBASEDN" + +# +# Get the LDAP DN for this deployment +# +echo "" +echo "" +echo "Please supply the full LDAP DN (DistinguishedName) for the account " +echo "used to access your LDAP (only read access is necessary). " +echo "(e.g. uid=myservice,ou=system)" +echo "We will use the information you enter here to configure your IdP." +echo "" +while [ ${LDAPDN} == "None" ]; do + echo -n "Enter the LDAP DN for the service account used by your IdP: " + read response + if [ ${#response} -lt 8 ]; then + echo "Remember, you need the full LDAP DN" + continue + fi + echo -n "You entered: ${response} Is this correct [Yes/No]? " + read yesno + case $yesno in + Yes|yes|Y|y) + LDAPDN=$response + ;; + esac +done +#echo "LDAP DN is: $LDAPDN" + +# +# Get the LDAP PWD for this deployment +# +echo "" +echo "" +echo "Please supply the password for the LDAP DN just specified " +echo "for access your LDAP" +echo "" +echo "We will use the information you enter here to configure your IdP." +echo "" +while [ ${LDAPPWD} == "None" ]; do + echo -n "Enter the password for the account just specified: " + read response + if [ ${#response} -lt 2 ]; then + echo "You should use a stronger password." + continue + fi + echo -n "You entered: ${response} Is this correct [Yes/No]? " + read yesno + case $yesno in + Yes|yes|Y|y) + LDAPPWD=$response + ;; + esac +done + + +# +# Ask the installer about burned versus mountedd config +# +echo "" +echo "" +echo "Would you like your Shibboleth IdP containers to utilize a " +echo "Shibboleth config which has been \"burned\" (copied) into each " +echo "container, or would you like your IdP containers to instead " +echo "mount all of their configuration from the container host's local " +echo "filesystem or would you like to use a hybrid config utilizing secrets (requires a swarm)?" +echo "" +while [ ${BURNMOUNT} == "None" ]; do + echo -n "Please select your choice (please enter either \"burn\" or \"mount\" or \"hybrid\"): " + read response + case $response in + Mount|mount|M|m) + BURNMOUNT=mount + ;; + Burn|burn|B|b) + BURNMOUNT=burn + ;; + Hybrid|hybrid|H|h) + BURNMOUNT=hybrid + ;; + *) + echo "You must choose either \"burn\" or \"mount\" or \"hybrid\"." + esac +done +#echo "Burn/Mount option choice is: $BURNMOUNT" + + +############################################################ +### generate credentials/certs for tomcat and shibboleth ### +############################################################ + +# ensure openssl +command -v openssl >/dev/null 2>&1 || { echo >&2 "ERROR: openssl is required, but doesn't appear to be installed. Aborting..."; exit 1; } + +echo "" +echo "Generating credentials..." +echo "" +# +mkdir -p crypto-work-tmp +cd crypto-work-tmp +#IdP Signing key/cert +openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=${FQDN}" -batch -keyout idp-signing.key -out idp-signing.csr >> ${LOGFILE} 2>&1 +echo '[SAN]' > extensions +echo "subjectAltName=DNS:${FQDN},URI:https://${FQDN}/idp/shibboleth" >>extensions +echo "subjectKeyIdentifier=hash" >> extensions +openssl x509 -req -days 1825 -in idp-signing.csr -signkey idp-signing.key -extensions SAN -extfile extensions -out idp-signing.crt >> ${LOGFILE} 2>&1 +# +# IdP Encryption Key +openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=${FQDN}" -batch -keyout idp-encryption.key -out idp-encryption.csr >> ${LOGFILE} 2>&1 +openssl x509 -req -days 1825 -in idp-encryption.csr -signkey idp-encryption.key -extensions SAN -extfile extensions -out idp-encryption.crt >> ${LOGFILE} 2>&1 +# +cp *.key *.crt ../${SHBCREDS} + +# build self-signed cert for Tomcat to use with https +# +# ensure keytool +command -v keytool >/dev/null 2>&1 || { echo >&2 "ERROR: keytool is required, but doesn't appear to be installed. Aborting..."; exit 1; } + +if test -f ssl_keystore.jks; then + mv ssl_keystore.jks ssl_keystore.jks.old +fi + +cat > data.conf << EOF +${FQDN} +SUBJ_OU +SUBJ_O +SUBJ_CITY +SUBJ_STATE +SUBJ_COUNTRY +yes + + +EOF + +STOREPWD=$(uuidgen) +keytool -genkey -keyalg RSA -alias selfsigned -keystore ssl_keystore.jks -storepass $STOREPWD -validity 360 -keysize 2048 < data.conf >> ${LOGFILE} 2>&1 +cp ssl_keystore.jks ../${TOMCERT}/keystore.jks + +# +# OK, next build the shibboleth sealer java keystore +# +echo "" +echo "Creating Shibboleth sealer keystore" +echo "" +# +rm -f mysealer.jks +SEALERPWD=$(uuidgen) +keytool -genseckey -storetype jceks -alias secret1 -providername SunJCE -keyalg AES -keysize 256 -storepass ${SEALERPWD} -keypass ${SEALERPWD} -keystore mysealer.jks >> ${LOGFILE} 2>&1 +cp mysealer.jks ../${SHBCREDS}/sealer.jks + + +# return to previous work directory +cd .. +#remove work dir +rm -rf crypto-work-tmp/* +rmdir crypto-work-tmp + + +############################# +### generate new metadata ### +############################# +CERTFILE=${SHBCREDS}/idp-signing.crt +CERT="$(grep -v '^-----' $CERTFILE)" +ENTITYID=https://${FQDN}/idp/shibboleth/ +BASEURL=https://${FQDN} + +cat > ${SHBMD}/idp-metadata.xml < + + + $SCOPE + + + + + +$CERT + + + + + + + + + + +EOF + + + +############################################################################## +### make needed adjustments to IdP config and Dockerfile and Tomcat config ### +############################################################################## +# +#ensure sed +command -v sed >/dev/null 2>&1 || { echo >&2 "ERROR: sed is required, but doesn't appear to be installed. Aborting..."; exit 1; } + +# set entityID, sealer pwd in idp.properties +echo "" +echo "Updating your IdP config and Dockerfile to match the info" +echo " you supplied and with the auto-generated key password." +echo "" +IDP_PROP=${SHBCFG}/idp.properties + +if test \! -f ${IDP_PROP}.dist; then + cp ${IDP_PROP} ${IDP_PROP}.dist +fi +sed "s/example.org/${SCOPE}/" ${IDP_PROP}.dist > ${IDP_PROP}.tmp +sed "s#Password= changeit#Password= ${SEALERPWD}#" ${IDP_PROP}.tmp > ${IDP_PROP} +rm -f ${IDP_PROP}.tmp +# + +# set ldap URL, baseDN, svcDN, pwd in ldap.properties +LDAP_PROP=${SHBCFG}/ldap.properties +if test \! -f ${LDAP_PROP}.dist; then + cp ${LDAP_PROP} ${LDAP_PROP}.dist +fi +sed "s#ldap://localhost:10389#${LDAPURL}#" ${LDAP_PROP}.dist > ${LDAP_PROP}.tmp +sed "s#uid=myservice,ou=system#${LDAPDN}#" ${LDAP_PROP}.tmp > ${LDAP_PROP}.tmp2 +sed "s#myServicePassword#${LDAPPWD}#" ${LDAP_PROP}.tmp2 > ${LDAP_PROP}.tmp3 +sed "s#ou=people,dc=example,dc=org#${LDAPBASEDN}#" ${LDAP_PROP}.tmp3 > ${LDAP_PROP} + +rm -f ${LDAP_PROP}.tmp +rm -f ${LDAP_PROP}.tmp2 +rm -f ${LDAP_PROP}.tmp3 + +# adjust Dockerfile for java and for a burned-in config, if needed +# +#java first +if test \! -f Dockerfile.dist; then + cp Dockerfile Dockerfile.dist +fi +cat < docker_edit.sed +s/^# ENV /ENV / +s/^# RUN /RUN / +s/^# yum/ yum/ +s/^# rm/ rm/ +s/^# alternatives/ alternatives/ +s/^# http/ http/ +s/^# \&\&/ \&\&/ +EOF +sed -f docker_edit.sed Dockerfile.dist > Dockerfile +rm -f docker_edit.sed + + +if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then + echo "Configuring Docker for burned-in configuration." + + mv -f Dockerfile Dockerfile.setup + cat < docker_edit.sed +s/^## ADD /ADD / +/^VOLUME/,+10 s/^/#/ +EOF + sed -f docker_edit.sed Dockerfile.setup > Dockerfile + rm -f Dockerfile.setup + rm -f docker_edit.sed + +fi + + +# configure SSL keystore password in tomcat's config file: +# conf/tomcat/server.xml replace: keystorePass="password" +# +echo "Updating Tomcat's server.xml with the generated password" + +if test \! -f ${TOMCFG}/server.xml.dist; then + cp ${TOMCFG}/server.xml ${TOMCFG}/server.xml.dist +fi +sed "s#keystorePass=\"password\"#keystorePass=\"${STOREPWD}\"#" ${TOMCFG}/server.xml.dist > ${TOMCFG}/server.xml + + +echo "" +echo "Archiving generated config..." +echo "" +#ensure zip +command -v zip >/dev/null 2>&1 || { echo >&2 "ERROR: zip is required, but doesn't appear to be installed. Aborting..."; exit 1; } +FILENAME=./shib-idp-config_`date +%m%d%Y-%H%M%S`.zip +zip -r ${FILENAME} ./* > /dev/null + +#special for the special-purpose container +cp ${FILENAME} /output +zip -d /output/${FILENAME:2} "configBuilder.sh" +zip -d /output/${FILENAME:2} "Dockerfile" +zip -d /output/${FILENAME:2} "setup.log" +echo copied archive to output location... + +# if the user chose a hybrid config, then generate a directory containing the config with secrets removed +# copy files +if [ ${BURNMOUNT} == "hybrid" ]; then + echo "" + echo "Creating sanitized config for hybrid build..." + echo "" + destPath=./ConfigNoSecrets + destPathName=ConfigNoSecrets + # check for rsync + command -v rsync >/dev/null 2>&1 || { echo >&2 "ERROR: rsync is required, but doesn't appear to be installed. Aborting..."; exit 1; } + rsync -a . ${destPath} --exclude ${destPathName} + mkdir -p ${destPath}/SECRETS + + +# move secrets +mv -f $destPath/config/shib-idp/conf/idp.properties $destPath/SECRETS/idp.properties > /dev/null +mv -f $destPath/config/shib-idp/conf/ldap.properties $destPath/SECRETS/ldap.properties > /dev/null +mv -f $destPath/credentials/shib-idp/sealer.jks $destPath/SECRETS/sealer.jks > /dev/null +mv -f $destPath/credentials/shib-idp/sealer.kver $destPath/SECRETS/sealer.kver > /dev/null +mv -f $destPath/credentials/shib-idp/idp-signing.key $destPath/SECRETS/idp-signing.key > /dev/null +mv -f $destPath/credentials/shib-idp/idp-signing.crt $destPath/SECRETS/idp-signing.crt > /dev/null +mv -f $destPath/credentials/shib-idp/idp-encryption.key $destPath/SECRETS/idp-encryption.key > /dev/null +mv -f $destPath/credentials/shib-idp/idp-encryption.crt $destPath/SECRETS/idp-encryption.crt > /dev/null +mv -f $destPath/credentials/tomcat/keystore.jks $destPath/SECRETS/keystore.jks > /dev/null +mv -f $destPath/config/shib-idp/conf/relying-party.xml $destPath/SECRETS/relying-party.xml > /dev/null +mv -f $destPath/config/shib-idp/conf/attribute-filter.xml $destPath/SECRETS/attribute-filter.xml > /dev/null +mv -f $destPath/config/shib-idp/conf/attribute-resolver.xml $destPath/SECRETS/attribute-resolver.xml > /dev/null +mv -f $destPath/config/shib-idp/conf/metadata-providers.xml $destPath/SECRETS/metadata-providers.xml > /dev/null + +echo "" +echo Your secrets were removed from the main config and stored in $destPath/SECRETS +echo "" + +fi + + +############################################################################################################################ +### notify user of next steps (docker build and docker run commands, based on burn/mount and chosen directory locations) ### +############################################################################################################################ +echo "" +echo "Your initial configuration has been successfully setup. The entire configuration has been archived to ${PWD}/shib-idp-config_`date +%m%d%Y-%H%M%S`.zip" +echo "" +echo "" +if [ ${BURNMOUNT} == "burn" ]; then + echo "Since you have elected to use a burned-in config, the steps for " + echo " you to build and run a TIER Shibboleth-IdP container are below." + echo "BUILD" + echo " It will be necessary to specify where to find your config at build-time, " + echo " so that it can be copied into the container." + echo "" + echo " If you are using the default config locations (used/created by the configBuilder.sh script), then the following command would be correct:" + echo " docker build --rm -t my/shibb-idp-tier ." + echo "" + echo " If you have an existing config or otherwise need to supply non-default paths for your config bits, " + echo " that can be done by overriding the default values in the build command like this " + echo " (the values below are all the default values - modify as appropriate):" + echo "" + echo " docker build --rm -t my/shibb-idp-tier --build-arg TOMCFG=config/tomcat \\ + --build-arg TOMLOG=logs/tomcat \\ + --build-arg TOMCERT=credentials/tomcat \\ + --build-arg TOMWWWROOT=wwwroot \\ + --build-arg SHBCFG=config/shib-idp/conf \\ + --build-arg SHBCREDS=credentials/shib-idp \\ + --build-arg SHBVIEWS=config/shib-idp/views \\ + --build-arg SHBEDWAPP=config/shib-idp/edit-webapp \\ + --build-arg SHBMSGS=config/shib-idp/messages \\ + --build-arg SHBMD=config/shib-idp/metadata \\ + --build-arg SHBLOG=logs/shib-idp ." + echo "" + echo "" + echo "RUN" + echo "" + echo " docker run -d --name shib-idp -p 8443:8443 my/shibb-idp-tier" +elif [ ${BURNMOUNT} == "hybrid" ]; then + echo "Since you have elected to use a hybrid config, the steps for " + echo " you to build and run a TIER Shibboleth-IdP container are below." + echo "BUILD" + echo " It will be necessary to specify where to find your config at build-time, but with a hybrid config, " + echo " you'll want to point it to a config that has no \"secrets\"" + echo "" + echo "To do this, point an environment variable at the alternate location (created by this script):" + echo " export ALTCFG=ConfigNoSecrets" + echo "" + echo " docker build --rm -t my/shibb-idp-tier --build-arg TOMCFG=${ALTCFG}/config/tomcat \\ + --build-arg TOMLOG=${ALTCFG}/logs/tomcat \\ + --build-arg TOMCERT=${ALTCFG}/credentials/tomcat \\ + --build-arg TOMWWWROOT=${ALTCFG}/wwwroot \\ + --build-arg SHBCFG=${ALTCFG}/config/shib-idp/conf \\ + --build-arg SHBCREDS=${ALTCFG}/credentials/shib-idp \\ + --build-arg SHBVIEWS=${ALTCFG}/config/shib-idp/views \\ + --build-arg SHBEDWAPP=${ALTCFG}/config/shib-idp/edit-webapp \\ + --build-arg SHBMSGS=${ALTCFG}/config/shib-idp/messages \\ + --build-arg SHBMD=${ALTCFG}/config/shib-idp/metadata \\ + --build-arg SHBLOG=${ALTCFG}/logs/shib-idp ." + echo "" + echo "Next, you would create the appropriate docker secrets and run as a swarm service. See documentation wiki for more info." + echo "" +else + echo "Since you have elected to use a mounted config, the steps for " + echo " you to build and run a TIER Shibboleth-IdP container are below." + echo "BUILD" + echo " You can build an image for a mounted config quite simply using a command like this:" + echo " (optionally substitute any tag name (after -t) that is appropriate) " + echo "" + echo " docker build --rm -t my/shibb-idp-tier ." + echo "" + echo "" + echo "RUN" + echo " For a mounted config, you will need to supply your config locations at run-time, like this (assuming the default locations for the local config)." + echo "" + echo " docker run -d --name shib-test1 -p 8443:8443 -v ${PWD}/${TOMCFG}:/usr/local/tomcat/conf \\ + -v ${PWD}/${TOMWWWROOT}:/usr/local/tomcat/webapps/ROOT \\ + -v ${PWD}/${TOMLOG}:/usr/local/tomcat/logs \\ + -v ${PWD}/${TOMCERT}:/opt/certs \\ + -v ${PWD}/${SHBCFG}:/opt/shibboleth-idp/conf \\ + -v ${PWD}/${SHBCREDS}:/opt/shibboleth-idp/credentials \\ + -v ${PWD}/${SHBVIEWS}:/opt/shibboleth-idpviews \\ + -v ${PWD}/${SHBEDWAPP}:/opt/shibboleth-idp/edit-webapp \\ + -v ${PWD}/${SHBMSGS}:/opt/shibboleth-idp/messages \\ + -v ${PWD}/${SHBMD}:/opt/shibboleth-idp/metadata \\ + -v ${PWD}/${SHBLOG}:/opt/shibboleth-idp/logs \\ + my/shibb-idp-tier" + + +fi + + + +################################# +### cleanup/remove temp files ### +################################# +rm -f ${TMP_DIR_S}.zip +rm -rf ${TMP_DIR_S}/* +rmdir ${TMP_DIR_S} + +rm -f ${TMP_DIR_T}.zip +rm -rf ${TMP_DIR_T}/* +rmdir ${TMP_DIR_T} + + + + +#copy config to output directory +#cp -rfn config/. /output/config/ +#cp -rfn logs/. /output/logs/ +#cp -rfn credentials/. /output/credentials/ +#cp -rfn wwwroot/. /output/wwwroot/ +echo config saved to ${FILENAME:2} +sleep 5 +