From 00d889a638d52e28c151075d349ae4ec27dab248 Mon Sep 17 00:00:00 2001 From: John Gasper Date: Thu, 20 Sep 2018 17:07:14 -0700 Subject: [PATCH] RabbitMQ working in 401.3.x --- README.md | 33 ++++++ .../shibboleth-idp/conf/attribute-filter.xml | 84 +++++++------ .../container_files/seed-data/bootstrap.gsh | 2 +- .../container_files/seed-data/bootstrap.gsh | 1 - ex401/ex401.3.4/Dockerfile | 2 + .../container_files/attribute-filter.xml | 79 ++++++++++++ .../container_files/grouper-loader.properties | 18 +++ .../container_files/grouper.client.properties | 112 ++++++++++++++++++ 8 files changed, 285 insertions(+), 46 deletions(-) create mode 100644 ex401/ex401.3.4/container_files/attribute-filter.xml create mode 100644 ex401/ex401.3.4/container_files/grouper.client.properties diff --git a/README.md b/README.md index 3a4390b..6d20c7c 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,16 @@ Current tags: - ex401.2.8 - ex401.2.9 - ex401.2.end +- ex401.3.1 +- ex401.3.2 +- ex401.3.3 +- ex401.3.4 +- ex401.3.5 +- ex401.3.6 +- ex401.3.7 +- ex401.3.end +- ex401.4.1 +- ex401.4.end Browse to `https://localhost/grouper` for Grouper. There is also an app that dumps the SP user attributes at `https://localhost/app`. @@ -50,3 +60,26 @@ Browse to `https://localhost/grouper` for Grouper. There is also an app that dum - phpMyAdmin - https://localhost/phpmyadmin/ - username: `root`, password: (blank) - phpLDAPadmin - https://localhost/phpldapadmin/ - username: `cn=root,dc=internet2,dc=edu`, password: `password` + + +# Course specific notes + +## Notes for the exercises in 401 + +Before connecting to your SSH server, be sure to port forward a local port to the server's port `15672` as well. + +These exercises require Rabbit MQ to be started. Before starting the ex401 Grouper container, run: + +``` +docker run -d -p 15672:15672 --env RABBITMQ_NODENAME=docker-rabbit --hostname rabbitmq --name=rabbitmq rabbitmq:management +``` + +Now browse to http://localhost:15672/ and login with `guest`/`guest`, and create a new queue named `sampleQueue`. + +Now start the ex401 Grouper with this slightly modified command: + +```bash +docker run -d -p 80:80 -p 389:389 -p 443:443 -p 3306:3306 -p 4443:4443 \ + --link rabbitmq:rabbitmq --name gte tier/grouper-training-env:exXXX + +``` diff --git a/base/container_files/shibboleth-idp/conf/attribute-filter.xml b/base/container_files/shibboleth-idp/conf/attribute-filter.xml index 9d78f5b..b811331 100644 --- a/base/container_files/shibboleth-idp/conf/attribute-filter.xml +++ b/base/container_files/shibboleth-idp/conf/attribute-filter.xml @@ -8,62 +8,58 @@ Deployers should refer to the documentation for a complete list of components and their options. --> - + xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd"> - - + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - + + diff --git a/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh index 0b1394b..ef32cbb 100644 --- a/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh @@ -44,4 +44,4 @@ cal.add(Calendar.DAY_OF_YEAR, 30); group = GroupFinder.findByName(gs, "app:mfa:mfa_enabled_allow", true); subject = GroupFinder.findByName(gs, "app:mfa:ref:NonFacultyBannerINB", true).toSubject(); -group.addOrEditMember(subject, false, true, cal.getTime(), null, true); \ No newline at end of file +group.addOrEditMember(subject, true, true, cal.getTime(), null, false); diff --git a/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh index e5d090b..0e2ad1a 100644 --- a/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh @@ -10,4 +10,3 @@ addGroup("app:mfa:ref", "bypass-not-opt-in", "bypass-not-opt-in"); addComposite("app:mfa:ref:bypass-not-opt-in", CompositeType.COMPLEMENT, "app:mfa:basis:mfa_bypass", "app:mfa:ref:mfa_opt_in"); addMember("app:mfa:mfa_enabled_deny", "app:mfa:ref:bypass-not-opt-in"); - diff --git a/ex401/ex401.3.4/Dockerfile b/ex401/ex401.3.4/Dockerfile index 39998c0..1a409e4 100644 --- a/ex401/ex401.3.4/Dockerfile +++ b/ex401/ex401.3.4/Dockerfile @@ -10,6 +10,8 @@ ENV USERTOKEN=ex401.3.4 COPY container_files/seed-data/ /seed-data/ COPY container_files/grouper-loader.properties /opt/grouper/conf/ +COPY container_files/grouper.client.properties /opt/grouper/conf/ +COPY container_files/attribute-filter.xml /opt/shibboleth-idp/conf/ RUN . /usr/local/bin/library.sh \ && prepConf; \ diff --git a/ex401/ex401.3.4/container_files/attribute-filter.xml b/ex401/ex401.3.4/container_files/attribute-filter.xml new file mode 100644 index 0000000..fbdc7b0 --- /dev/null +++ b/ex401/ex401.3.4/container_files/attribute-filter.xml @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/ex401/ex401.3.4/container_files/grouper-loader.properties b/ex401/ex401.3.4/container_files/grouper-loader.properties index 32a07fc..bd51bc9 100644 --- a/ex401/ex401.3.4/container_files/grouper-loader.properties +++ b/ex401/ex401.3.4/container_files/grouper-loader.properties @@ -98,3 +98,21 @@ changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = ${group. changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id} changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=* + +##################################### +## Messaging integration with change log +##################################### +changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ? + +# note, change "messagingSample" in key to be the name of the consumer. e.g. changeLog.consumer.someNameAnyName.class +changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer + +changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher +changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq +# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored. +changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = +## queue or topic +changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue +changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = grouper +## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml +#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email diff --git a/ex401/ex401.3.4/container_files/grouper.client.properties b/ex401/ex401.3.4/container_files/grouper.client.properties new file mode 100644 index 0000000..587f0ab --- /dev/null +++ b/ex401/ex401.3.4/container_files/grouper.client.properties @@ -0,0 +1,112 @@ +# +# Copyright 2014 Internet2 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# +# Grouper client configuration +# $Id: grouper.client.example.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $ +# + +# The grouper client uses Grouper Configuration Overlays (documented on wiki) +# By default the configuration is read from grouper.client.base.properties +# (which should not be edited), and the grouper.client.properties overlays +# the base settings. See the grouper.client.base.properties for the possible +# settings that can be applied to the grouper.client.properties + +######################################## +## LDAP connection settings +######################################## + +# url of directory, including the base DN (distinguished name) +# e.g. ldap://server.school.edu/dc=school,dc=edu +# e.g. ldaps://server.school.edu/dc=school,dc=edu +grouperClient.ldap.url = + +# kerberos principal used to connect to ldap +grouperClient.ldap.login = + +# password for shared secret authentication to ldap +# or you can put a filename with an encrypted password +grouperClient.ldap.password = + +######################################## +## Web service Connection settings +######################################## + +# url of web service, should include everything up to the first resource to access +# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest +# e.g. https://groups.school.edu/grouper-ws/servicesRest +grouperClient.webService.url = https://localhost/grouper-ws/servicesRest + +# kerberos principal used to connect to web service +grouperClient.webService.login = banderson + +# password for shared secret authentication to web service +# or you can put a filename with an encrypted password +grouperClient.webService.password.elConfig = password + + +################################ +## Grouper Messaging System +################################ + +# name of messaging system which is the default +grouper.messaging.default.name.of.messaging.system = rabbitmq + +# name of a messaging system. note, "grouperBuiltinMessaging" can be arbitrary +# grouper.messaging.system.grouperBuiltinMessaging.name = grouperBuiltinMessaging + +# class that implements edu.internet2.middleware.grouperClient.messaging.GrouperMessagingSystem +# grouper.messaging.system.grouperBuiltinMessaging.class = edu.internet2.middleware.grouper.messaging.GrouperBuiltinMessagingSystem + +# name of a messaging system. note, "grouperBuiltinMessaging" can be arbitrary +grouper.messaging.system.rabbitmqSystem.name = rabbitmqSystem + +# class that implements edu.internet2.middleware.grouperClient.messaging.GrouperMessagingSystem +grouper.messaging.system.rabbitmqSystem.class = edu.internet2.middleware.grouperMessagingRabbitmq.GrouperMessagingRabbitmqSystem + +# host address of rabbitmq queue +grouper.messaging.system.rabbitmqSystem.host = rabbitmq + +# virtual host of rabbitmq queue +grouper.messaging.system.rabbitmqSystem.virtualhost = + +# port of rabbitmq queue +grouper.messaging.system.rabbitmqSystem.port = + +grouper.messaging.system.rabbitmqSystem.defaultPageSize = 10 + +grouper.messaging.system.rabbitmqSystem.maxPageSize = 50 + + +# name of a messaging system, required +grouper.messaging.system.rabbitmq.name = rabbitmq + +# default system settings to this messaging system, note, there is only one level of inheritance +grouper.messaging.system.rabbitmq.defaultSystemName = rabbitmqSystem + +grouper.messaging.system.rabbitmq.user = guest + +#pass +grouper.messaging.system.rabbitmq.password.elConfig = guest +# set the following three properties if you want to use TLS connection to rabbitmq. All three need to be populated. +# TLS Version +#grouper.messaging.system.rabbitmqSystem.tlsVersion = TLSv1.1 + +# path to trust store file +#grouper.messaging.system.rabbitmqSystem.pathToTrustStore = + +# trust passphrase +#grouper.messaging.system.rabbitmqSystem.trustPassphrase = \ No newline at end of file