Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
base repository: docker/ShibbIdP_noVM_Windows
Choose a Base Repository
base: 17110
head repository: docker/ShibbIdP_noVM_Windows
Choose a Head Repository
compare: master
Commits on Jan 22, 2018
Commits on May 17, 2018
Commits on May 20, 2018
Commits on Jul 06, 2018
Commits on Nov 06, 2018
IdP 3.4.1 and bump java,tomcat
Commits on Nov 20, 2018
Commits on Nov 21, 2018
181102 3.4.1
Commits on Nov 26, 2018
Commits on Dec 19, 2018
Commits on Jan 14, 2019
Commits on Feb 12, 2019
Commits on Apr 11, 2019
merge latest
Commits on Apr 17, 2019
Commits on Apr 19, 2019
Commits on Apr 22, 2019
Commits on Apr 23, 2019
Commits on Apr 27, 2019
Commits on Apr 28, 2019
fix
Commits on Jul 10, 2019
20190701 3.4.4
Commits on Aug 20, 2019
Commits on Aug 21, 2019
bump java and tomcat
Commits on Sep 23, 2019
bump IdP to 3.4.5 and Tomcat to 9.0.26
Commits on Oct 03, 2019
bump IdP to 3.4.6
Commits on Oct 17, 2019
bump java to 8-232 and tomcat to 9.0.27
Commits on Dec 06, 2019
bump tomcat to 9.0.29
Commits on Jan 09, 2020
bump tomcat
Showing with 527,874 additions and 160 deletions.
  1. +168 −160 Dockerfile
  2. +117 −0 Jenkinsfile
  3. +2 −0 common.cmd
  4. BIN container_files/Sealer_Key_Rotation_Task.xml
  5. BIN { → container_files}/TIER_Beacon_Task.xml
  6. +2 −0 container_files/config.ini
  7. BIN { → container_files}/keystore.jks
  8. +77 −0 container_files/rotateSealerKey.ps1
  9. 0 { → container_files}/sendtierbeacon.ps1
  10. 0 { → container_files}/server.xml
  11. +2 −0 test-compose/compose.ps1
  12. +3 −0 test-compose/decompose.ps1
  13. +42 −0 test-compose/docker-compose.yml
  14. +15 −0 test-compose/getIPs.ps1
  15. +39 −0 test-compose/idp/Dockerfile
  16. +1 −0 test-compose/idp/compose.ps1
  17. +68 −0 test-compose/idp/container_files/config/shib-idp/conf/access-control.xml
  18. +53 −0 test-compose/idp/container_files/config/shib-idp/conf/admin/general-admin.xml
  19. +129 −0 test-compose/idp/container_files/config/shib-idp/conf/admin/metrics.xml
  20. +118 −0 test-compose/idp/container_files/config/shib-idp/conf/attribute-filter.xml
  21. +96 −0 test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver-default.xml
  22. +320 −0 test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver-full.xml
  23. +94 −0 test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver-ldap.xml
  24. +288 −0 test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver.xml
  25. +32 −0 test-compose/idp/container_files/config/shib-idp/conf/audit.xml
  26. +77 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/authn-comparison.xml
  27. +18 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/authn-events-flow.xml
  28. +25 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/duo-authn-config.xml
  29. +9 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/duo.properties
  30. +70 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/external-authn-config.xml
  31. +156 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/general-authn.xml
  32. +37 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/ipaddress-authn-config.xml
  33. +27 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/jaas-authn-config.xml
  34. +11 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/jaas.config
  35. +31 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/krb5-authn-config.xml
  36. +135 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/ldap-authn-config.xml
  37. +94 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/mfa-authn-config.xml
  38. +121 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/password-authn-config.xml
  39. +75 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/remoteuser-authn-config.xml
  40. +63 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/remoteuser-internal-authn-config.xml
  41. +74 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/spnego-authn-config.xml
  42. +44 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/x509-authn-config.xml
  43. +21 −0 test-compose/idp/container_files/config/shib-idp/conf/authn/x509-internal-authn-config.xml
  44. +44 −0 test-compose/idp/container_files/config/shib-idp/conf/c14n/attribute-sourced-subject-c14n-config.xml
  45. +27 −0 test-compose/idp/container_files/config/shib-idp/conf/c14n/simple-subject-c14n-config.xml
  46. +18 −0 test-compose/idp/container_files/config/shib-idp/conf/c14n/subject-c14n-events-flow.xml
  47. +109 −0 test-compose/idp/container_files/config/shib-idp/conf/c14n/subject-c14n.xml
  48. +37 −0 test-compose/idp/container_files/config/shib-idp/conf/c14n/x500-subject-c14n-config.xml
  49. +84 −0 test-compose/idp/container_files/config/shib-idp/conf/cas-protocol.xml
  50. +65 −0 test-compose/idp/container_files/config/shib-idp/conf/credentials.xml
  51. +120 −0 test-compose/idp/container_files/config/shib-idp/conf/errors.xml
  52. +53 −0 test-compose/idp/container_files/config/shib-idp/conf/global.xml
  53. +195 −0 test-compose/idp/container_files/config/shib-idp/conf/idp.properties
  54. +195 −0 test-compose/idp/container_files/config/shib-idp/conf/idp.properties.dist
  55. +136 −0 test-compose/idp/container_files/config/shib-idp/conf/intercept/consent-intercept-config.xml
  56. +42 −0 test-compose/idp/container_files/config/shib-idp/conf/intercept/context-check-intercept-config.xml
  57. +37 −0 ...compose/idp/container_files/config/shib-idp/conf/intercept/expiring-password-intercept-config.xml
  58. +18 −0 test-compose/idp/container_files/config/shib-idp/conf/intercept/intercept-events-flow.xml
  59. +54 −0 test-compose/idp/container_files/config/shib-idp/conf/intercept/profile-intercept.xml
  60. +63 −0 test-compose/idp/container_files/config/shib-idp/conf/ldap.properties
  61. +63 −0 test-compose/idp/container_files/config/shib-idp/conf/ldap.properties.dist
  62. +186 −0 test-compose/idp/container_files/config/shib-idp/conf/logback.xml
  63. +86 −0 test-compose/idp/container_files/config/shib-idp/conf/metadata-providers.xml
  64. +23 −0 test-compose/idp/container_files/config/shib-idp/conf/mvc-beans.xml
  65. +72 −0 test-compose/idp/container_files/config/shib-idp/conf/relying-party.xml
  66. +35 −0 test-compose/idp/container_files/config/shib-idp/conf/saml-nameid.properties
  67. +62 −0 test-compose/idp/container_files/config/shib-idp/conf/saml-nameid.xml
  68. +65 −0 test-compose/idp/container_files/config/shib-idp/conf/services.properties
  69. +144 −0 test-compose/idp/container_files/config/shib-idp/conf/services.xml
  70. +45 −0 test-compose/idp/container_files/config/shib-idp/conf/session-manager.xml
  71. +150 −0 test-compose/idp/container_files/config/shib-idp/edit-webapp/css/consent.css
  72. +12 −0 test-compose/idp/container_files/config/shib-idp/edit-webapp/css/logout.css
  73. +163 −0 test-compose/idp/container_files/config/shib-idp/edit-webapp/css/main.css
  74. BIN test-compose/idp/container_files/config/shib-idp/edit-webapp/images/dummylogo-mobile.png
  75. BIN test-compose/idp/container_files/config/shib-idp/edit-webapp/images/dummylogo.png
  76. BIN test-compose/idp/container_files/config/shib-idp/edit-webapp/images/failure-32x32.png
  77. BIN test-compose/idp/container_files/config/shib-idp/edit-webapp/images/success-32x32.png
  78. +240 −0 test-compose/idp/container_files/config/shib-idp/messages/messages.properties
  79. +36 −0 test-compose/idp/container_files/config/shib-idp/metadata/idp-metadata.xml
  80. +515,249 −0 test-compose/idp/container_files/config/shib-idp/metadata/localCopyFromInCommon.xml
  81. +109 −0 test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml
  82. +53 −0 test-compose/idp/container_files/config/shib-idp/views/client-storage/client-storage-read.vm
  83. +53 −0 test-compose/idp/container_files/config/shib-idp/views/client-storage/client-storage-write.vm
  84. +83 −0 test-compose/idp/container_files/config/shib-idp/views/duo.vm
  85. +72 −0 test-compose/idp/container_files/config/shib-idp/views/error.vm
  86. +158 −0 test-compose/idp/container_files/config/shib-idp/views/intercept/attribute-release.vm
  87. +54 −0 test-compose/idp/container_files/config/shib-idp/views/intercept/expiring-password.vm
  88. +67 −0 test-compose/idp/container_files/config/shib-idp/views/intercept/terms-of-use.vm
  89. +24 −0 test-compose/idp/container_files/config/shib-idp/views/login-error.vm
  90. +140 −0 test-compose/idp/container_files/config/shib-idp/views/login.vm
  91. +59 −0 test-compose/idp/container_files/config/shib-idp/views/logout-complete.vm
  92. +58 −0 test-compose/idp/container_files/config/shib-idp/views/logout-propagate.vm
  93. +91 −0 test-compose/idp/container_files/config/shib-idp/views/logout.vm
  94. +49 −0 test-compose/idp/container_files/config/shib-idp/views/spnego-unavailable.vm
  95. +45 −0 test-compose/idp/container_files/config/shib-idp/views/user-prefs.js
  96. +60 −0 test-compose/idp/container_files/config/shib-idp/views/user-prefs.vm
  97. +260 −0 test-compose/idp/container_files/config/tomcat/catalina.policy
  98. +150 −0 test-compose/idp/container_files/config/tomcat/catalina.properties
  99. +36 −0 test-compose/idp/container_files/config/tomcat/context.xml
  100. +64 −0 test-compose/idp/container_files/config/tomcat/logging.properties
  101. +25 −0 test-compose/idp/container_files/config/tomcat/server.xml
  102. +25 −0 test-compose/idp/container_files/config/tomcat/server.xml.dist
  103. +44 −0 test-compose/idp/container_files/config/tomcat/tomcat-users.xml
  104. +59 −0 test-compose/idp/container_files/config/tomcat/tomcat-users.xsd
  105. +4,684 −0 test-compose/idp/container_files/config/tomcat/web.xml
  106. +19 −0 test-compose/idp/container_files/credentials/shib-idp/idp-encryption.crt
  107. +28 −0 test-compose/idp/container_files/credentials/shib-idp/idp-encryption.key
  108. +19 −0 test-compose/idp/container_files/credentials/shib-idp/idp-signing.crt
  109. +28 −0 test-compose/idp/container_files/credentials/shib-idp/idp-signing.key
  110. +21 −0 test-compose/idp/container_files/credentials/shib-idp/inc-md-cert.pem
  111. BIN test-compose/idp/container_files/credentials/shib-idp/sealer.jks
  112. +1 −0 test-compose/idp/container_files/credentials/shib-idp/sealer.kver
  113. BIN test-compose/idp/container_files/credentials/tomcat/keystore.jks
  114. +2 −0 test-compose/idp/container_files/wwwroot/robots.txt
  115. +2 −0 test-compose/idp/decompose.ps1
  116. +29 −0 test-compose/idp/docker-compose.yml
  117. +43 −0 test-compose/sp/Dockerfile
  118. +1 −0 test-compose/sp/compose.ps1
  119. +36 −0 test-compose/sp/container_files/idp-metadata.xml
  120. BIN test-compose/sp/container_files/my-certificate.p12
  121. +166 −0 test-compose/sp/container_files/shibboleth2.xml
  122. +24 −0 test-compose/sp/container_files/sp-encrypt-cert.pem
  123. +40 −0 test-compose/sp/container_files/sp-encrypt-key.pem
  124. +24 −0 test-compose/sp/container_files/sp-signing-cert.pem
  125. +40 −0 test-compose/sp/container_files/sp-signing-key.pem
  126. +2 −0 test-compose/sp/decompose.ps1
  127. +61 −0 test-compose/sp/www-content/default.aspx
  128. +61 −0 test-compose/sp/www-content/secure/default.aspx
  129. +23 −0 tests/runtests.ps1

Large diffs are not rendered by default.

@@ -0,0 +1,117 @@
// Licensed to the University Corporation for Advanced Internet Development,
// Inc. (UCAID) under one or more contributor license agreements. See the
// NOTICE file distributed with this work for additional information regarding
// copyright ownership. The UCAID licenses this file to You under the Apache
// License, Version 2.0 (the "License"); you may not use this file except in
// compliance with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
node('windows') {

stage 'Checkout'

checkout scm

stage 'Acquire util files'

powershell(returnStatus: true, script: 'New-Item -ItemType directory -Path ./tmp')
powershell(returnStatus: true, script: 'Remove-Item ./bin -Force -Recurse')
dir('tmp'){
git([ url: "https://github.internet2.edu/docker/util.git",
credentialsId: "jenkins-github-access-token" ])
powershell(returnStatus: true, script: 'Move-Item -Path ./bin/ -Destination ../bin/')
}
powershell(returnStatus: true, script: 'Remove-Item ./tmp -Force -Recurse')


stage 'Setting build context'

def maintainer = maintainer()
def imagename = imagename()
def tag

// Tag images created on master branch with 'latest'
if(env.BRANCH_NAME == "master"){
tag = "latest"
}else{
tag = env.BRANCH_NAME
}

if(!imagename){
echo "You must define an imagename in common.cmd"
currentBuild.result = 'FAILURE'
}
if(maintainer){
echo "Building ${imagename}:${tag} for ${maintainer}"
}

stage 'Build'

try{
powershell(returnStatus: true, script: '& ./bin/windows/rebuild.ps1 > ./debug')
} catch(error) {
def error_details = readFile('./debug');
def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
powershell(returnStatus: true, script: 'Remove-Item -Force ./debug')
currentBuild.result = 'FAILURE'
handleError(message)
}
/*def status = powershell(returnStatus: true, script: '& ./bin/windows/rebuild.ps1 > ./debug')
if (status == 0) {
echo "build success"
} else {
def error_details = readFile('./debug');
def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
handleError(message)
powershell(returnStatus: true, script: 'Remove-Item -Force ./debug')
}*/

stage 'Test'

try{
powershell(returnStatus: true, script: '& ./tests/runtests.ps1 > ./debug')
} catch(error) {
def error_details = readFile('./debug');
def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
powershell(returnStatus: true, script: 'Remove-Item -Force ./debug')
currentBuild.result = 'FAILURE'
handleError(message)
}


stage 'Push'

docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
def baseImg = docker.build("$maintainer/$imagename")
baseImg.push("$tag")
}

stage 'Notify'

slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub"

}

def maintainer() {
def matcher = readFile('common.cmd') =~ 'maintainer="(.+)"'
matcher ? matcher[0][1] : 'tier'
}

def imagename() {
def matcher = readFile('common.cmd') =~ 'imagename="(.+)"'
matcher ? matcher[0][1] : null
}

def handleError(String message){
echo "${message}"
currentBuild.setResult("FAILED")
slackSend color: 'danger', message: "${message} (<${env.BUILD_URL}|Open>)"
bat exit 1
}
@@ -0,0 +1,2 @@
maintainer="tier"
imagename="shib-idp-windows"
Binary file not shown.
File renamed without changes.
@@ -0,0 +1,2 @@
JavaHome=C:/Program Files/Amazon Corretto/jdk1.8.0_232

File renamed without changes.
@@ -0,0 +1,77 @@
#this script reads the sealer key configuration from the IdP's idp.properties file and rotates the sealer key
Try {
$ENABLE_SEALER_KEY_ROTATION = $env:ENABLE_SEALER_KEY_ROTATION
}
Catch {
$ENABLE_SEALER_KEY_ROTATION = 'True'
}

If ($ENABLE_SEALER_KEY_ROTATION -eq 'True') {
#assure IDP_HOME
Try {
$IDP_HOME = $env:IDP_HOME
If ($IDP_HOME = null$) {
$IDP_HOME="c:\opt\shibboleth-idp"
}
}
Catch {
$IDP_HOME="c:\opt\shibboleth-idp"
}
#assure JAVA_HOME
Try {
$JAVA_HOME = $env:JAVA_HOME
If ($JAVA_HOME = null$) {
$JAVA_HOME="c:\zulujava\zulu-8"
}
}
Catch {
$JAVA_HOME="c:\zulujava\zulu-8"
}

#settings
$IDPPROP=$IDP_HOME + "\conf\idp.properties"
#item below is only used if you have configured additional hosts to sync your sealer to
$SYNC_CRED="domain\user"

#get config from properties file
$storefile = (cat $IDPPROP | where { $_ -match "idp.sealer.storeResource"}).Split("=")[1].Trim().Replace("%{idp.home}", $IDP_HOME).Replace("/","\")
$versionfile = (cat $IDPPROP | where { $_ -match "idp.sealer.versionResource"}).Split("=")[1].Trim().Replace("%{idp.home}", $IDP_HOME).Replace("/","\")
$storepass = (cat $IDPPROP | where { $_ -match "idp.sealer.storePassword"}).Split("=")[1].Trim().Replace("{","`{").Replace("}","`}")
$alias = (cat $IDPPROP | where { $_ -match "idp.sealer.aliasBase"}).Split("=")[1].Trim()
try {
$count = (cat $IDPPROP | where { $_ -match "idp.sealer._count"}).Split("=")[1].Trim()
}
catch {
$count = 30
}
try {
$sync_hosts = (cat $IDPPROP | where { $_ -match "idp.sealer._sync_hosts"}).Split("=")[1].Trim()
}
catch {
$sync_hosts = $env:COMPUTERNAME
}

#Write-Host "Keystore:" $storefile
#Write-Host "Version File:" $versionfile
#Write-Host "Store Pass:" $storepass
#Write-Host "Alias:" $alias
#Write-Host "Count:" $count
#Write-Host "Sync Hosts:" $sync_hosts

#rotate key
$cmd = "${IDP_HOME}\bin\runclass.bat net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategyTool --storefile $storefile --storepass `$storepass --versionfile $versionfile --alias $alias --count $count"
Invoke-Expression $cmd

#display current/new version
Write-Host "Current Key Version:" (cat $versionfile).split("=")[2].Trim()

#sync to other hosts
$sync_hosts.split(" ") | ForEach {
If ($_.Trim() = $env:COMPUTERNAME) {Write-Host "***skipping sync to local host"} Else {
Write-Host "Syncing to: $_"
$Session = New-PSSession -ComputerName "$_" -Credential $SYNC_CRED
Copy-Item $versionfile -Destination $IDP_HOME\credentials -ToSession $Session
}
}

}
File renamed without changes.
File renamed without changes.
@@ -0,0 +1,2 @@
docker-compose up --build -d

@@ -0,0 +1,3 @@
docker-compose kill
docker-compose rm

@@ -0,0 +1,42 @@

version: "3.3"

services:
idp:
build:
context: ./idp/
args:
TOMCFG: ./container_files/config/tomcat
TOMCERT: ./container_files/credentials/tomcat
TOMWWWROOT: ./container_files/wwwroot
SHBCFG: ./container_files/config/shib-idp/conf
SHBCREDS: ./container_files/credentials/shib-idp
SHBVIEWS: ./container_files/config/shib-idp/views
SHBEDWAPP: ./container_files/config/shib-idp/edit-webapp
SHBMSGS: ./container_files/config/shib-idp/messages
SHBMD: ./container_files/config/shib-idp/metadata
expose:
- "443"
ports:
- "443:443"
dns:
- 8.8.8.8
- 4.4.4.4

sp:
build: ./sp/
expose:
- "8443"
ports:
- "8443:8443"
dns:
- 8.8.8.8
- 4.4.4.4

networks:
default:
external:
name: nat



@@ -0,0 +1,15 @@

$idpcid = docker ps | Select-String 'idp' | ForEach-Object { $_.Line.split(' ')[0] }
$spcid = docker ps | Select-String 'sp' | ForEach-Object { $_.Line.split(' ')[0] }

If ($idpcid -ne $null) {$idpip = (docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" $idpcid)} Else {$idpip = "Not-Found"}
If ($spcid -ne $null) {$spip = (docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" $spcid)} Else {$spip = "Not-Found"}

$msg = $($idpip.Trim()) + ' idp.example.edu' + "`r`n" + $($spip.Trim()) + ' sptest.example.edu'

Set-Clipboard -Value $msg

Write-Host ''
Write-Host $($msg + "`r`n")
Write-Host ' **above entries copied to clipboard'
Write-Host ''
@@ -0,0 +1,39 @@
FROM tier/shib-idp-windows:20200109_3.4.6

#params for supplying your IdP config to your container (can be overridden at build-time using build-args)
ARG TOMCFG=config\\tomcat
ARG TOMLOG=logs\\tomcat
ARG TOMCERT=credentials\\tomcat
ARG TOMWWWROOT=wwwroot
ARG SHBCFG=config\\shib-idp\\conf
ARG SHBCREDS=credentials\\shib-idp
ARG SHBVIEWS=config\\shib-idp\\views
ARG SHBEDWAPP=config\\shib-idp\\edit-webapp
ARG SHBMSGS=config\\shib-idp\\messages
ARG SHBMD=config\\shib-idp\\metadata
ARG SHBLOG=logs\\shib-idp

ADD $TOMCFG c:\\Tomcat\\conf
ADD $TOMCERT c:\\opt\\certs
ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT
ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf
ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials
ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views
ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp
ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages
ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata

# Uncomment if using secrets; removes existing files from the container so that secrets can propagate (issue with Windows containers)
# RUN del c:\opt\shibboleth-idp\conf\idp.properties
# RUN del c:\opt\shibboleth-idp\conf\ldap.properties
# RUN del c:\opt\shibboleth-idp\conf\relying-party.xml
# RUN del c:\opt\shibboleth-idp\conf\attribute-filter.xml
# RUN del c:\opt\shibboleth-idp\conf\attribute-resolver.xml
# RUN del c:\opt\shibboleth-idp\conf\metadata-providers.xml
# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.key
# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.crt
# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.key
# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.crt
# RUN del c:\opt\shibboleth-idp\credentials\sealer.jks
# RUN del c:\opt\shibboleth-idp\credentials\sealer.kver

@@ -0,0 +1 @@
docker-compose up --build -d
@@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"

default-init-method="initialize"
default-destroy-method="destroy">

<!--
Map of access control policies used to limit access to administrative functions.
The purpose of the map is to label policies with a key/name so they can be reused.
-->

<!--
Use the "shibboleth.IPRangeAccessControl" parent bean for IP-based access control.
The ranges provided MUST be CIDR network expressions. To specify a single address,
add "/32" or "/128" for IPv4 or IPv6 respectively.
The additional examples below demonstrate how to control access by username
and by attribute(s), in the case of authenticated access to admin functions.
-->

<util:map id="shibboleth.AccessControlPolicies">

<entry key="AccessByIPAddress">
<bean id="AccessByIPAddress" parent="shibboleth.IPRangeAccessControl"
p:allowedRanges="#{ {'127.0.0.1/32', '::1/128', '172.17.0.0/24', '172.18.0.0/24', '10.255.0.0/16'} }" />
</entry>

<!--
<entry key="AccessByUser">
<bean parent="shibboleth.PredicateAccessControl">
<constructor-arg>
<bean parent="shibboleth.Conditions.SubjectName" c:collection="#{'jdoe'}" />
</constructor-arg>
</bean>
</entry>
-->

<!--
<entry key="AccessByAttribute">
<bean parent="shibboleth.PredicateAccessControl">
<constructor-arg>
<bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate">
<property name="attributeValueMap">
<map>
<entry key="eduPersonEntitlement">
<list>
<value>https://example.org/entitlement/idpadmin</value>
</list>
</entry>
</map>
</property>
</bean>
</constructor-arg>
</bean>
</entry>
-->

</util:map>

</beans>

No commit comments for this range

You can’t perform that action at this time.