5.7.0

docker · Dec 29, 2023 · d4500a6 · d4500a6
1 parent 93acf6b
commit d4500a6
Showing 9 changed files with 347 additions and 59 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -8,8 +8,8 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
 
 ARG GROUPER_CONTAINER_VERSION
 
-ENV GROUPER_VERSION=5.6.0 \
-    GROUPER_CONTAINER_VERSION=5.6.0 \
+ENV GROUPER_VERSION=5.7.0 \
+    GROUPER_CONTAINER_VERSION=5.7.0 \
     JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto \
     PATH=$PATH:$JAVA_HOME/bin \
     GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF

diff --git a/container_files/certs/client/localhost.pem b/container_files/certs/client/localhost.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF4zCCA8ugAwIBAgIJAIGLhBfhRQ1IMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD
+VQQGEwJYWDESMBAGA1UECAwJU3RhdGVOYW1lMREwDwYDVQQHDAhDaXR5TmFtZTEU
+MBIGA1UECgwLQ29tcGFueU5hbWUxGzAZBgNVBAsMEkNvbXBhbnlTZWN0aW9uTmFt
+ZTEdMBsGA1UEAwwUQ29tbW9uTmFtZU9ySG9zdG5hbWUwIBcNMjMxMjI5MjAyOTE1
+WhgPMjA1MTA1MTYyMDI5MTVaMIGGMQswCQYDVQQGEwJYWDESMBAGA1UECAwJU3Rh
+dGVOYW1lMREwDwYDVQQHDAhDaXR5TmFtZTEUMBIGA1UECgwLQ29tcGFueU5hbWUx
+GzAZBgNVBAsMEkNvbXBhbnlTZWN0aW9uTmFtZTEdMBsGA1UEAwwUQ29tbW9uTmFt
+ZU9ySG9zdG5hbWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCx09MP
+vAx8q5tzHQ6wdg7E7DtIFpBWds///mM1eP114510kmm4Fe+uleYLXSydzA47fDqH
+HqWOu7mOAyRJuXGGXJ/KWFwBnam0GDhq4kxBUM3wvQbPDcpw1CrUhXaCkeM8ddFI
+wQQ0t0dEzJfRuJgriXk3lIfcPMDgHP16gV7KwFdWKN+JQwGHVYXJabCH93hbr1+d
++pzHWyr/g/DEdWVJ9coGL++w3xLJUxjPX8DzJX55NUIbrBA4JIjZMZh96qPQOXii
+UvfVQaelnQNLF3YD0GkJ7ZdO3AucwGjfyQBtBhaS/wiXe7xm6PxGdWmDa350sWO9
+XVQUx32KJvoW8ViybPceoJkdhN6IE66lNjwJGzQ4zVA2Cs6Tl03DJ9TKiiTi4z2k
+1Yor9l+yYm4c1p74FSOdPcqT8yaoXwW4s7WpSZZMHP0FCzWN2E+Fw+Bp+nnQVI7G
+rVeFiaBm898DBChb1wVZuBHeeXumx89oUKdww+Mly5tmdgtaCI7ac22AauK9SKEL
+xsceWWjz7Y8r8QZNzJpezlT/gmZz+JGg6CuC6oN4Zuu2QbBoaNFOv3Vvs6SFg0T+
+1OZ3hu5aiSpRUDM9qFsaAXxqbFwafd/Yc3rcaKTiUICusjJQjysaT/0ANCDIIooW
+Vc4I01crHQJIRDVm5cLK5psZk4bBDuzioziu9wIDAQABo1AwTjAdBgNVHQ4EFgQU
+oKZqZBHHaKTPJFRj44vl+wQoMtowHwYDVR0jBBgwFoAUoKZqZBHHaKTPJFRj44vl
++wQoMtowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAkvPB/463LNJC
+gmEIpldcse4dHs7o2GrtGLAA3XH0hGRSOa+6revsq/QQTYlYXPz6S2yv+byEA/ru
+nMd33kOYtRTfzajxQ8uNNLf/EycfPvKZhO9S4tPy3HWnLMt+PzTjK2zubyNCilxz
+Y6nfkNwFDl2+mmf+oSE8XqGvcjLAotoAIpp/lrqK224vaLxZrHH/07brmC4cOWWz
+c6ibDhMmvMjcXJh7yQ0RxIAHpUhht7nDJfZMPCdn2PWOtJFwn0ep3lXTc4fjd7qq
+UH+aQyOIVQo3PWa538kR7hBMTTUVgSM9ueeJvQRCwtRp38Yv2+a6gDNZRwE1Nt6V
+apTL99GZqE0WURHIByqV/mHZBVT5tjv9ypv49Cy6HiEo+UtYXbF06qHJqjjhbmb4
+mK/+1F2qmc5apIQPrk+MURF+0N6126OfRMg9nN3epsa13gvFrXi9k8HnwY+SXod6
+eX7/XnZzMWLZHHtsCHAozTFYDQGpihFvq24CH4MlDhGJxFYs53txX7eKcwyKC2i8
+ZPPsHe8/PltHwdnonuHZ1pp0XU6EtjI0n17CVeVFjZI+nfd30MTkBl+tnQm8caYd
+CsxEiUuVzCceJjlqqB/Cug767QWkzxr3HcRYgkQQ5UUW1alqjMgI3mnr6MrqyJFq
+i1A4cbdYt2h0WcSM/5M+ABe4CG8JOgc=
+-----END CERTIFICATE-----
diff --git a/container_files/certs/keys/localhost.key b/container_files/certs/keys/localhost.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCx09MPvAx8q5tz
+HQ6wdg7E7DtIFpBWds///mM1eP114510kmm4Fe+uleYLXSydzA47fDqHHqWOu7mO
+AyRJuXGGXJ/KWFwBnam0GDhq4kxBUM3wvQbPDcpw1CrUhXaCkeM8ddFIwQQ0t0dE
+zJfRuJgriXk3lIfcPMDgHP16gV7KwFdWKN+JQwGHVYXJabCH93hbr1+d+pzHWyr/
+g/DEdWVJ9coGL++w3xLJUxjPX8DzJX55NUIbrBA4JIjZMZh96qPQOXiiUvfVQael
+nQNLF3YD0GkJ7ZdO3AucwGjfyQBtBhaS/wiXe7xm6PxGdWmDa350sWO9XVQUx32K
+JvoW8ViybPceoJkdhN6IE66lNjwJGzQ4zVA2Cs6Tl03DJ9TKiiTi4z2k1Yor9l+y
+Ym4c1p74FSOdPcqT8yaoXwW4s7WpSZZMHP0FCzWN2E+Fw+Bp+nnQVI7GrVeFiaBm
+898DBChb1wVZuBHeeXumx89oUKdww+Mly5tmdgtaCI7ac22AauK9SKELxsceWWjz
+7Y8r8QZNzJpezlT/gmZz+JGg6CuC6oN4Zuu2QbBoaNFOv3Vvs6SFg0T+1OZ3hu5a
+iSpRUDM9qFsaAXxqbFwafd/Yc3rcaKTiUICusjJQjysaT/0ANCDIIooWVc4I01cr
+HQJIRDVm5cLK5psZk4bBDuzioziu9wIDAQABAoICABtZ2TyyT7ldK6uo7Hl3rw3a
+x8NutQSXgaZ+GgQ/d7yKJc2oN1p5BUR1Ccz1p8cde5LqqJXfwNcTSJbvJMWyICPq
+WylkLcKR3Wg10XefFtt08jf02vc9x8VS3MOTQ4cRqUHDXU0zYtI43l1WmoNHQSBx
+JJPH5J2bOo895j7RZyMIMmauIrOZ+sI2BT3VY7GF/p0bfDlwMmz3OMXUJVQSOmIF
+y+znspYhuWH9xfMfZy3+tlUuO9zFujjoZaQCXNIBJPEB5ewRlszWLFLss3T5Rs2P
+YJiGUp9ueNrDPV4uLEKYjSBO2aNzBKdPbn3n0TLFdc28+vpFQIlxpX16QT0GIf4N
+vyCevCj0oRKBSJ5UxMcag/Pj8DXxh+vQ7x+NduYqL8ciNJLHMvyoy4591RJMOQbM
+P3YNqZ/hY8IdPMVMww4t8wm1R7GhHZaVcDAEUiebtE/Wd2pdyPNZ/9d3m91a7MLl
+KnVU3qdDXKmcC0uxat2xlb2sIJthHwjUj2sjNJ+xGxMiqxBbg9VNyQ7DmwKHyTL1
+6YngahdrFQXjA6Df1iuf6Xzh7nNmV5GfT+yKny+rTSszUx5fZNo1qvJ2oTC87gUe
+HV7qYO6+vzaM8hUpb3vSAzmgjynymmq9m8A0Yim/GkxGHt7GJ+JqMrwSKz5zT+3f
+qZJFAuraKJJVZ9A2/C0BAoIBAQDjlRxnXO9Co0OafJcn8ylHEOfcTAKQkb9Ncsoh
+r4LLTmkhZFs830C6WG4PXZOtKbYElqTk2AQZeZlKLN217etMoC6jh1fCjDrlGE9R
+btzWEsT6j+Ol6yOClAznZoQQClyQiI7ycijANrPhnoNKrIqC23L56ZklHQktfWoy
+smwnm6ulNh7UeYkX/jv02j1I1zaUjGWA0CPm/xzpjYeUWkdwgelzqBxPOCzPv9oT
+bvNoyNqSj/5ZuTPBtI+n4GH/tJxk51hYSb9+igpx98wMux7XxHgthwSiqa5Lwlkq
+OJWnTwXFV7heDDcTjVorxXE3lhU3iDbqvqQdQQaUBLQHjhgjAoIBAQDICD868TeV
+r01ab9RrqoDCyl2+hmNh6TBODCDu0eLxewN1kGymVkzdi/VBGEDMhdd3mro/wxTa
+ZXPUrBeznMwvUVlnI2s7RZKrhrf1O5w7Qv4TG09kZKIn4aXYx5uhxxgDgc7aPxjS
+XQAWbAZtbrtFaaXEvC0rsExLatfOJXgURiYDXKBiwV8rg//65YnPtVHBfVGiWF3p
+62EDZYYkGHVuF5UpbVHm0DVT8xW5ixmwhpNcBqKM+WobPaZEwGbULu75bvSqA7Sw
+g4Cz6m7aCL/3TQVEEpdS4HkEqqN7ClsTn+VMqOWPkAbtkzTHmrDjn0n4ZtIw9g/y
+70PgpJXZ7fEdAoIBAApr1I4jIk2h3kGfvOg2aUh4zLU4wdFO6zynqfva5plasNO3
+nbnu2y7tR7Tqaw294DjbkRdtkNp9x/guj8R57ZFnsFsKooklFLlS4Kbw9anT2DNF
+DX6WgtzC3Mhn2FpHry9rIWiWs6kBmEEXmhl8Rydw1xX8jWe2qansmUVTCELUDQsW
+rFi8a/uuR56Rs8a3HCe3Ohqo7UvxmKhVM8UmUSkkucTzCMDT6LFmrpy/MuQ0dlXJ
+xDLlmSogk4dzbelgoty3/0KjteIcfhfz6eMXWnU06O/kw+CS9ok/kAev6aJsqu37
+c1TTKF571Yo1k1ahR71wPluHeUphpOR4Rqol5pMCggEAadaTPiirdHPQxe0tw9nv
+TyGsAEczBndPq7wXIMXFAmhIKEhGdKxs9zw6hDrE7nJS02H28g3SVswfQYPc9pgc
+IV01pLDE6BOjy0X4x7TGsUR9Erb8hu4ILnniOpVC75JcTl68iBWimIvEpBh8PiK8
+y7lekH3QmLErbSwXC2gf5PpI2raD1jziki/BnYseI9yYaXxZWUDQUBjOt/FbzHV0
+jM/FiKnjD/FShhy0ffvvl8tc5PBNybGeRtOTygTTY6mBoFDo+5wCWvL5gjikdpDy
+oXMLOj1r+9nxrlprLYsJLZUIyksDS7a1M7cT0hkzRvzdMqWUyXsobS3UCGSNNUYE
+sQKCAQAgUoFwyU32kbabX1w+rq+mMY5fHtactIGI6Fj+s05jEmiAG0IQDcArA3Yf
+HsU4WD5hSAYJ2Pe4JFBiRT1qaxZGTLGsDHWPf1t/Likx6W7CKvlY1oMd5/48EEkk
+MuGUdor3nlG2FfHeIj/2Qxb5M4wxEnCu5UlHVTwwQq3JKVdjSae0p+DMemE6jt4U
+55ctAR054R1Y+y83KMmjgaoBHFiRjIiN83Rbi/r+9LqJhEgSO4xyJg2munsGhSDc
+TKX2Kq2rbkop9lmIB4dxFlAc0hkYRaErgO6i7eBolhpflw+WRGp1fx1aoJcTrT+1
+64pohvmZMxTgi91XAfPdirMLS7MQ
+-----END PRIVATE KEY-----
diff --git a/container_files/docker-build-bin/containerDockerfileInstall.sh b/container_files/docker-build-bin/containerDockerfileInstall.sh
@@ -165,9 +165,19 @@ returnCode=$?
 echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/certs/anchors, result: $returnCode"
 if [ $returnCode != 0 ]; then exit $returnCode; fi
 
-mv /opt/container_files/certs/* /opt/grouper/certs/
+mkdir -p /opt/grouper/certs/keys
 returnCode=$?
-echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/certs/* /opt/grouper/certs/, result: $returnCode"
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/certs/keys, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+cp -R /opt/container_files/certs/* /opt/grouper/certs/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp -R /opt/container_files/certs/* /opt/grouper/certs/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+rm -rf /opt/container_files/certs
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -rf /opt/container_files/certs, result: $returnCode"
 if [ $returnCode != 0 ]; then exit $returnCode; fi
 
 echo 'umask 002' >> /home/tomcat/.bashrc

diff --git a/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh b/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh
@@ -75,6 +75,11 @@ if [ $lines -ne 0 ]; then
   if [ $returnCode != 0 ]; then exit $returnCode; fi
 fi
 
+chmod 660 /opt/grouper/certs/keys/*
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod 660 /opt/grouper/certs/keys/*, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
 /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /usr/local/bin
 returnCode=$?
 echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /usr/local/bin, result: $returnCode"

diff --git a/container_files/tomcat/conf/server.xml.grouper b/container_files/tomcat/conf/server.xml.grouper
@@ -66,11 +66,12 @@
          APR (HTTP/AJP) Connector: /docs/apr.html
          Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
     -->
-    <Connector port="8080" protocol="HTTP/1.1"
+    <!--GROUPER_HTTP_CONNECTOR-->
+    <!--Connector port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
                redirectPort="8443"
-               maxParameterCount="10000"
-               />
+               maxParameterCount="1000"
+    -->
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
@@ -98,6 +99,7 @@
         </SSLHostConfig>
     </Connector>
     -->
+    <!--GROUPER_HTTPS_CONNECTOR-->
     <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
          This connector uses the APR/native implementation which always uses
          OpenSSL for TLS.
@@ -169,6 +171,8 @@
         -->
         <!--GROUPER_REMOTE_CIDR_VALVE-->
 
+        <!--GROUPER_REMOTE_IP_VALVE-->
+
         <!-- Access log processes all example.
              Documentation at: /docs/config/valve.html
              Note: The pattern used is equivalent to using pattern="common" -->

diff --git a/container_files/tomcat/conf/server.xml.grouper.patch b/container_files/tomcat/conf/server.xml.grouper.patch
@@ -1,15 +1,29 @@
---- server.xml.original	2023-06-27 13:54:24.000000000 -0400
-+++ server.xml.grouper	2023-07-03 02:37:07.000000000 -0400
-@@ -69,7 +69,7 @@
-     <Connector port="8080" protocol="HTTP/1.1"
+--- server.xml.original	2023-08-21 10:59:20.000000000 -0400
++++ server.xml.grouper	2023-12-29 16:10:49.000000000 -0500
+@@ -66,11 +66,12 @@
+          APR (HTTP/AJP) Connector: /docs/apr.html
+          Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+     -->
+-    <Connector port="8080" protocol="HTTP/1.1"
++    <!--GROUPER_HTTP_CONNECTOR-->
++    <!--Connector port="8080" protocol="HTTP/1.1"
                 connectionTimeout="20000"
                 redirectPort="8443"
--               maxParameterCount="1000"
-+               maxParameterCount="10000"
-                />
+                maxParameterCount="1000"
+-               />
++    -->
      <!-- A "Connector" using the shared thread pool-->
      <!--
-@@ -128,7 +128,8 @@
+     <Connector executor="tomcatThreadPool"
+@@ -98,6 +99,7 @@
+         </SSLHostConfig>
+     </Connector>
+     -->
++    <!--GROUPER_HTTPS_CONNECTOR-->
+     <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+          This connector uses the APR/native implementation which always uses
+          OpenSSL for TLS.
+@@ -128,7 +130,8 @@
                 maxParameterCount="1000"
                 />
      -->
@@ -19,11 +33,13 @@
      <!-- An Engine represents the entry point (within Catalina) that processes
           every request.  The Engine implementation for Tomcat stand alone
           analyzes the HTTP headers included with the request, and passes them
-@@ -166,13 +167,12 @@
+@@ -166,13 +169,14 @@
          <!--
          <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
          -->
 +        <!--GROUPER_REMOTE_CIDR_VALVE-->
++
++        <!--GROUPER_REMOTE_IP_VALVE-->
 
          <!-- Access log processes all example.
               Documentation at: /docs/config/valve.html

diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh
@@ -197,53 +197,29 @@ prep_finishBegin() {
       export GROUPER_USE_SSL=true
     fi
     if [ "$GROUPER_USE_SSL" = "true" ]; then
-      if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ -z "$GROUPER_SSL_CERT_FILE" ] && [ ! -f /etc/pki/tls/certs/host-cert.pem ] ; then 
+      if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ -z "$GROUPER_SSL_CERT_FILE" ] && [ ! -f /opt/grouper/certs/client/localhost.pem ] ; then 
 
-        echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) GROUPER_SELF_SIGNED_CERT and GROUPER_SSL_CERT_FILE are not specified and /etc/pki/tls/certs/host-cert.pem does not exist, so: export GROUPER_SELF_SIGNED_CERT=true"
+        echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) GROUPER_SELF_SIGNED_CERT and GROUPER_SSL_CERT_FILE are not specified and /opt/grouper/certs/client/localhost.pem does not exist, so: export GROUPER_SELF_SIGNED_CERT=true"
         export GROUPER_SELF_SIGNED_CERT=true
 
       fi
       if [ "$GROUPER_SELF_SIGNED_CERT" = "true" ]; then
 
         # default the cert path to self signed and no chain file
         if [ -z "$GROUPER_SSL_CERT_FILE" ] ; then 
-          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/localhost.crt"
-          export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/localhost.crt
+          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/opt/grouper/certs/client/localhost.pem"
+          export GROUPER_SSL_CERT_FILE=/opt/grouper/certs/client/localhost.pem
         fi
         if [ -z "$GROUPER_SSL_KEY_FILE" ] ; then 
-          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/localhost.key"
-          export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/localhost.key
+          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/opt/grouper/certs/keys/localhost.key"
+          export GROUPER_SSL_KEY_FILE=/opt/grouper/certs/keys/localhost.key
         fi
         if [ -z "$GROUPER_SSL_CHAIN_FILE" ] && [ -z "$GROUPER_SSL_USE_CHAIN_FILE" ] ; then 
           echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false"
           export GROUPER_SSL_USE_CHAIN_FILE=false
         fi
 
       fi
-      # default the cert path
-      if [ -z "$GROUPER_SSL_CERT_FILE" ] ; then 
-        echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem"
-        export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem
-      fi
-      if [ -z "$GROUPER_SSL_KEY_FILE" ] ; then 
-        echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/host-key.pem"
-        export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/host-key.pem
-      fi
-      if [ -z "$GROUPER_SSL_CHAIN_FILE" ] ; then 
-
-        if [ -f /etc/pki/tls/certs/cachain.pem ]; then
-
-          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=true"
-          export GROUPER_SSL_USE_CHAIN_FILE=true
-          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CHAIN_FILE=/etc/pki/tls/certs/cachain.pem"
-          export GROUPER_SSL_CHAIN_FILE=/etc/pki/tls/certs/cachain.pem
-        else 
-
-          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false"
-          export GROUPER_SSL_USE_CHAIN_FILE=false
-
-        fi
-      fi
       if [ -z "$GROUPER_SSL_USE_CHAIN_FILE" ] ; then 
 
         if [ -z "$GROUPER_SSL_CHAIN_FILE" ]; then
@@ -314,6 +290,10 @@ prep_finishBegin() {
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_HTTP_PORT=8080"
       export GROUPER_TOMCAT_HTTP_PORT=8080
     fi
+    if [ -z "$GROUPER_TOMCAT_HTTPS_PORT" ]; then 
+      echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_HTTPS_PORT=8443"
+      export GROUPER_TOMCAT_HTTP_PORT=8443
+    fi
     if [ -z "$GROUPER_TOMCAT_MAX_HEADER_COUNT" ]; then 
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_MAX_HEADER_COUNT=200"
       export GROUPER_TOMCAT_MAX_HEADER_COUNT=200
@@ -327,6 +307,11 @@ prep_finishBegin() {
       export GROUPER_TOMCAT_SHUTDOWN_PORT=8005
     fi
 
+    if [ -z "$GROUPER_TOMCAT_HTTPS_ALIAS" ] && [ "$GROUPER_SELF_SIGNED_CERT" = "true" ]; then 
+      echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_HTTPS_ALIAS=localhost"
+      export GROUPER_TOMCAT_HTTPS_ALIAS=localhost
+    fi    
+
     if [ -z "$GROUPER_GSH_JVMARGS" ] ; then 
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_GSH_JVMARGS=\"-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts\""
       export GROUPER_GSH_JVMARGS="-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts"
@@ -382,6 +367,10 @@ prep_finishEnd() {
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_TOMCAT_LOG_ACCESS=false"
       export GROUPER_TOMCAT_LOG_ACCESS=false
     fi
+    if [ -z "$GROUPER_TOMCAT_REMOTE_IP_VALVE" ]; then 
+      echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_TOMCAT_REMOTE_IP_VALVE=false"
+      export GROUPER_TOMCAT_REMOTE_IP_VALVE=false
+    fi
     if [ -z "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" ]; then 
       if [ "$GROUPER_PROXY_PASS" = "#" ]; then 
 

diff --git a/container_files/usr-local-bin/librarySetupFilesTomcat.sh b/container_files/usr-local-bin/librarySetupFilesTomcat.sh