From 617ea7014a268acc1314936976d25e093ab05ce2 Mon Sep 17 00:00:00 2001
From: Chad Redman <chad_redman@unc.edu>
Date: Thu, 28 Jan 2021 00:12:40 -0500
Subject: [PATCH] Remove unneeded intermediate containers in 401.2
---
ex401/ex401.2.2/Dockerfile | 29 ---
.../container_files/seed-data/bootstrap.gsh | 12 --
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/ex401.2.3/Dockerfile | 29 ---
.../container_files/seed-data/bootstrap.gsh | 15 --
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/ex401.2.4/Dockerfile | 30 ---
.../idp/conf/authn/general-authn.xml | 181 ----------------
.../idp/conf/authn/mfa-authn-config.xml | 99 ---------
.../container_files/idp/conf/idp.properties | 195 ------------------
.../flows/authn/Gaspo/gaspo-authn-beans.xml | 25 ---
.../flows/authn/Gaspo/gaspo-authn-flow.xml | 32 ---
.../container_files/idp/views/gaspo.vm | 62 ------
.../container_files/seed-data/bootstrap.gsh | 0
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/ex401.2.5/Dockerfile | 29 ---
.../container_files/seed-data/bootstrap.gsh | 31 ---
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/ex401.2.6/Dockerfile | 29 ---
.../container_files/seed-data/bootstrap.gsh | 47 -----
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/ex401.2.7/Dockerfile | 29 ---
.../container_files/seed-data/bootstrap.gsh | 5 -
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/ex401.2.8/Dockerfile | 29 ---
.../container_files/seed-data/bootstrap.gsh | 21 --
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/ex401.2.9/Dockerfile | 29 ---
.../container_files/seed-data/bootstrap.gsh | 12 --
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
38 files changed, 970 deletions(-)
delete mode 100644 ex401/ex401.2.2/Dockerfile
delete mode 100644 ex401/ex401.2.2/container_files/seed-data/bootstrap.gsh
delete mode 100644 ex401/ex401.2.2/container_files/seed-data/sisData.sql
delete mode 100644 ex401/ex401.2.2/container_files/seed-data/users.ldif
delete mode 100644 ex401/ex401.2.3/Dockerfile
delete mode 100644 ex401/ex401.2.3/container_files/seed-data/bootstrap.gsh
delete mode 100644 ex401/ex401.2.3/container_files/seed-data/sisData.sql
delete mode 100644 ex401/ex401.2.3/container_files/seed-data/users.ldif
delete mode 100644 ex401/ex401.2.4/Dockerfile
delete mode 100644 ex401/ex401.2.4/container_files/idp/conf/authn/general-authn.xml
delete mode 100644 ex401/ex401.2.4/container_files/idp/conf/authn/mfa-authn-config.xml
delete mode 100644 ex401/ex401.2.4/container_files/idp/conf/idp.properties
delete mode 100644 ex401/ex401.2.4/container_files/idp/flows/authn/Gaspo/gaspo-authn-beans.xml
delete mode 100644 ex401/ex401.2.4/container_files/idp/flows/authn/Gaspo/gaspo-authn-flow.xml
delete mode 100644 ex401/ex401.2.4/container_files/idp/views/gaspo.vm
delete mode 100644 ex401/ex401.2.4/container_files/seed-data/bootstrap.gsh
delete mode 100644 ex401/ex401.2.4/container_files/seed-data/sisData.sql
delete mode 100644 ex401/ex401.2.4/container_files/seed-data/users.ldif
delete mode 100644 ex401/ex401.2.5/Dockerfile
delete mode 100644 ex401/ex401.2.5/container_files/seed-data/bootstrap.gsh
delete mode 100644 ex401/ex401.2.5/container_files/seed-data/sisData.sql
delete mode 100644 ex401/ex401.2.5/container_files/seed-data/users.ldif
delete mode 100644 ex401/ex401.2.6/Dockerfile
delete mode 100644 ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh
delete mode 100644 ex401/ex401.2.6/container_files/seed-data/sisData.sql
delete mode 100644 ex401/ex401.2.6/container_files/seed-data/users.ldif
delete mode 100644 ex401/ex401.2.7/Dockerfile
delete mode 100644 ex401/ex401.2.7/container_files/seed-data/bootstrap.gsh
delete mode 100644 ex401/ex401.2.7/container_files/seed-data/sisData.sql
delete mode 100644 ex401/ex401.2.7/container_files/seed-data/users.ldif
delete mode 100644 ex401/ex401.2.8/Dockerfile
delete mode 100644 ex401/ex401.2.8/container_files/seed-data/bootstrap.gsh
delete mode 100644 ex401/ex401.2.8/container_files/seed-data/sisData.sql
delete mode 100644 ex401/ex401.2.8/container_files/seed-data/users.ldif
delete mode 100644 ex401/ex401.2.9/Dockerfile
delete mode 100644 ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh
delete mode 100644 ex401/ex401.2.9/container_files/seed-data/sisData.sql
delete mode 100644 ex401/ex401.2.9/container_files/seed-data/users.ldif
diff --git a/ex401/ex401.2.2/Dockerfile b/ex401/ex401.2.2/Dockerfile
deleted file mode 100644
index 4a0bd39..0000000
--- a/ex401/ex401.2.2/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.2.1-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
- Vendor="TIER" \
- ImageType="Grouper Training" \
- ImageName=$imagename \
- ImageOS=centos7
-
-ENV USERTOKEN=gte-401.2.2
-
-COPY container_files/seed-data/ /seed-data/
-
-# && setupFiles
-RUN . /usr/local/bin/library.sh \
- && prep_conf && prep_finish; \
- (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- (mysqld_safe & ) \
- && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
- cd /opt/grouper/grouperWebapp/WEB-INF \
- && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
- && mysql grouper < /seed-data/sisData.sql \
- && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
- && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
- && pkill -HUP slapd \
- && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
- pkill -u mysql mysqld \
- && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.2.2/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.2/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index 511d532..0000000
--- a/ex401/ex401.2.2/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,12 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-addStem("app", "mfa", "mfa");
-addGroup("app:mfa", "mfa_enabled", "mfa_enabled");
-addGroup("app:mfa", "mfa_enabled_allow", "mfa_enabled_allow");
-addGroup("app:mfa", "mfa_enabled_deny", "mf_enabled_deny");
-addComposite("app:mfa:mfa_enabled", CompositeType.COMPLEMENT, "app:mfa:mfa_enabled_allow", "app:mfa:mfa_enabled_deny");
-
-addStem("app:mfa", "ref", "ref");
-addGroup("app:mfa:ref", "pilot", "pilot");
-
-addMember("app:mfa:mfa_enabled_allow", "app:mfa:ref:pilot");
diff --git a/ex401/ex401.2.2/container_files/seed-data/sisData.sql b/ex401/ex401.2.2/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.2/container_files/seed-data/users.ldif b/ex401/ex401.2.2/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.3/Dockerfile b/ex401/ex401.2.3/Dockerfile
deleted file mode 100644
index bde59eb..0000000
--- a/ex401/ex401.2.3/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.2.2-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
- Vendor="TIER" \
- ImageType="Grouper Training" \
- ImageName=$imagename \
- ImageOS=centos7
-
-ENV USERTOKEN=gte-401.2.3
-
-COPY container_files/seed-data/ /seed-data/
-
-# && setupFiles
-RUN . /usr/local/bin/library.sh \
- && prep_conf && prep_finish; \
- (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- (mysqld_safe & ) \
- && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
- cd /opt/grouper/grouperWebapp/WEB-INF \
- && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
- && mysql grouper < /seed-data/sisData.sql \
- && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
- && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
- && pkill -HUP slapd \
- && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
- pkill -u mysql mysqld \
- && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.2.3/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.3/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index ee6c5af..0000000
--- a/ex401/ex401.2.3/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,15 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-//Assign the PSPNG attribute for the standard groups
-group = GroupFinder.findByName(gs, "app:mfa:mfa_enabled");
-
-# Auto create the PSPNG attributes
-edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfNames");
-
-pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
-//pspngAttributeDef = AttributeDefFinder.findByName("etc:pspng:provision_to_def", true);
-AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
-attributeAssignSave.assignAttributeDefName(pspngAttribute);
-attributeAssignSave.assignOwnerGroup(group);
-attributeAssignSave.addValue("pspng_entitlements");
-attributeAssignSave.save();
\ No newline at end of file
diff --git a/ex401/ex401.2.3/container_files/seed-data/sisData.sql b/ex401/ex401.2.3/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.3/container_files/seed-data/users.ldif b/ex401/ex401.2.3/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.4/Dockerfile b/ex401/ex401.2.4/Dockerfile
deleted file mode 100644
index 1c44768..0000000
--- a/ex401/ex401.2.4/Dockerfile
+++ /dev/null
@@ -1,30 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.2.3-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
- Vendor="TIER" \
- ImageType="Grouper Training" \
- ImageName=$imagename \
- ImageOS=centos7
-
-ENV USERTOKEN=gte-401.2.4
-
-COPY container_files/seed-data/ /seed-data/
-COPY container_files/idp/ /opt/shibboleth-idp/
-
-# && setupFiles
-RUN . /usr/local/bin/library.sh \
- && prep_conf && prep_finish; \
- (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- (mysqld_safe & ) \
- && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
- cd /opt/grouper/grouperWebapp/WEB-INF \
- && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
- && mysql grouper < /seed-data/sisData.sql \
- && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
- && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
- && pkill -HUP slapd \
- && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
- pkill -u mysql mysqld \
- && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.2.4/container_files/idp/conf/authn/general-authn.xml b/ex401/ex401.2.4/container_files/idp/conf/authn/general-authn.xml
deleted file mode 100644
index 152d8e2..0000000
--- a/ex401/ex401.2.4/container_files/idp/conf/authn/general-authn.xml
+++ /dev/null
@@ -1,181 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- This file provisions the IdP with information about the configured login mechanisms available for use.
- The actual beans and subflows that make up those mechanisms are in their own files, but this pulls them
- together with deployer-supplied metadata to describe them to the system.
-
- You can turn on and off individual mechanisms by adding and remove them here. Nothing left out will
- be used, regardless any other files loaded by the Spring container.
-
- Flow defaults include: no support for IsPassive/ForceAuthn, support for non-browser clients enabled,
- and default timeout and lifetime values set via properties. We also default to supporting the SAML 1/2
- expressions for password-based authentication over a secure channel, so anything more exotic requires
- customization, as the examples below for IP address and SPNEGO authentication illustrate.
- -->
-
- <util:list id="shibboleth.AvailableAuthenticationFlows">
-
- <bean id="authn/IPAddress" parent="shibboleth.AuthenticationFlow"
- p:passiveAuthenticationSupported="true"
- p:lifetime="PT60S" p:inactivityTimeout="PT60S">
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" />
- </list>
- </property>
- </bean>
-
- <bean id="authn/SPNEGO" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false">
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="urn:ietf:rfc:1510" />
- </list>
- </property>
- </bean>
-
- <bean id="authn/External" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false" />
-
- <bean id="authn/RemoteUser" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false" />
-
- <bean id="authn/RemoteUserInternal" parent="shibboleth.AuthenticationFlow" />
-
- <bean id="authn/X509" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false">
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:X509" />
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="urn:ietf:rfc:2246" />
- </list>
- </property>
- </bean>
-
- <bean id="authn/X509Internal" parent="shibboleth.AuthenticationFlow">
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:X509" />
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="urn:ietf:rfc:2246" />
- </list>
- </property>
- </bean>
-
- <bean id="authn/Password" parent="shibboleth.AuthenticationFlow"
- p:passiveAuthenticationSupported="true"
- p:forcedAuthenticationSupported="true" />
-
- <bean id="authn/Duo" parent="shibboleth.AuthenticationFlow"
- p:forcedAuthenticationSupported="true"
- p:nonBrowserSupported="false">
- <!--
- The list below should be changed to reflect whatever locally- or
- community-defined values are appropriate to represent MFA. It is
- strongly advised that the value not be specific to Duo or any
- particular technology.
- -->
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="http://example.org/ac/classes/mfa" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="http://example.org/ac/classes/mfa" />
- </list>
- </property>
- </bean>
-
- <!-- A Mock MFA provider for this tutorial -->
- <bean id="authn/Gaspo" parent="shibboleth.AuthenticationFlow"
- p:forcedAuthenticationSupported="true"
- p:nonBrowserSupported="false">
- <!--
- The list below should be changed to reflect whatever locally- or
- community-defined values are appropriate to represent MFA. It is
- strongly advised that the value not be specific to Duo or any
- particular technology.
- -->
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="https://refeds.org/profile/mfa" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="https://refeds.org/profile/mfa" />
- </list>
- </property>
- </bean>
-
- <bean id="authn/MFA" parent="shibboleth.AuthenticationFlow"
- p:passiveAuthenticationSupported="true"
- p:forcedAuthenticationSupported="true">
- <!--
- The list below almost certainly requires changes, and should generally be the
- union of any of the separate factors you combine in your particular MFA flow
- rules. The example corresponds to the example in mfa-authn-config.xml that
- combines GaspoMFA with Password.
- -->
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" />
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="urn:oasis:names:tc:SAML:1.0:am:password" />
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="https://refeds.org/profile/mfa" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="https://refeds.org/profile/mfa" />
-
- </list>
- </property>
- </bean>
-
- </util:list>
-
- <!--
- This is a map used to "weight" particular methods above others if the IdP has to randomly select one
- to insert into a SAML authentication statement. The typical use shown below is to bias the IdP in favor
- of expressing the SAML 2 PasswordProtectedTransport class over the more vanilla Password class on the
- assumption that the IdP doesn't accept passwords via an insecure channel. This map never causes the IdP
- to violate its matching rules if an RP requests a particular value; it only matters when nothing specific
- is chosen. Anything not in the map has a weight of zero.
- -->
-
- <util:map id="shibboleth.AuthenticationPrincipalWeightMap">
- <entry>
- <key>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
- </key>
- <value>1</value>
- </entry>
- </util:map>
-
-</beans>
diff --git a/ex401/ex401.2.4/container_files/idp/conf/authn/mfa-authn-config.xml b/ex401/ex401.2.4/container_files/idp/conf/authn/mfa-authn-config.xml
deleted file mode 100644
index ad07ce9..0000000
--- a/ex401/ex401.2.4/container_files/idp/conf/authn/mfa-authn-config.xml
+++ /dev/null
@@ -1,99 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- This is a map of transition rules that guide the behavior of the MFA flow
- and controls how factors are sequenced, skipped, etc. The key of each entry
- is the name of the step/flow out of which control is passing. The starting
- rule has an empty key.
-
- Each entry is a bean inherited from "shibboleth.authn.MFA.Transition". Per
- the Javadoc for net.shibboleth.idp.authn.MultiFactorAuthenticationTransition:
-
- p:nextFlow (String)
- - A flow to run if the previous step signaled a "proceed" event, for simple
- transitions.
-
- p:nextFlowStrategy (Function<ProfileRequestContext,String>)
- - A function to run if the previous step signaled a "proceed" event, for dynamic
- transitions. Returning null ends the MFA process.
-
- p:nextFlowStrategyMap (Map<String,Object> where Object is String or Function<ProfileRequestContext,String>)
- - Fully dynamic way of expressing control paths. Map is keyed by a previously
- signaled event and the value is a flow to run or a function to
- return the flow to run. Returning null ends the MFA process.
-
- When no rule is provided, there's an implicit "null" that ends the MFA flow
- with whatever event was last signaled. If the "proceed" event from a step is
- the final event, then the MFA process attempts to complete itself successfully.
- -->
- <util:map id="shibboleth.authn.MFA.TransitionMap">
- <!-- First rule runs the IPAddress login flow. -->
- <entry key="">
- <bean parent="shibboleth.authn.MFA.Transition" p:nextFlow="authn/Password" />
- </entry>
-
- <!--
- Second rule runs a function if IPAddress succeeds, to determine whether an additional
- factor is required.
- -->
- <entry key="authn/Password">
- <bean parent="shibboleth.authn.MFA.Transition" p:nextFlowStrategy-ref="checkSecondFactor" />
- </entry>
-
- <!-- An implicit final rule will return whatever the final flow returns. -->
- </util:map>
-
- <!-- Example script to see if second factor is required. -->
- <bean id="checkSecondFactor" parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript"
- p:customObject-ref="shibboleth.AttributeResolverService">
- <constructor-arg>
- <value>
- <![CDATA[
- nextFlow = null;
-
- // Go straight to second factor if we have to, or set up for an attribute lookup first.
- authCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
- mfaCtx = authCtx.getSubcontext("net.shibboleth.idp.authn.context.MultiFactorAuthenticationContext");
- if (mfaCtx.isAcceptable()) {
- // Attribute check is required to decide if first factor alone is enough.
- resCtx = input.getSubcontext(
- "net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext", true);
-
- // Look up the username using a standard function.
- usernameLookupStrategyClass
- = Java.type("net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy");
- usernameLookupStrategy = new usernameLookupStrategyClass();
- resCtx.setPrincipal(usernameLookupStrategy.apply(input));
-
- resCtx.getRequestedIdPAttributeNames().add("eduPersonEntitlement");
- resCtx.resolveAttributes(custom);
-
- // Check for an attribute that authorizes use of first factor.
- attribute = resCtx.getResolvedIdPAttributes().get("eduPersonEntitlement");
- valueType = Java.type("net.shibboleth.idp.attribute.StringAttributeValue");
- if (attribute != null && attribute.getValues().contains(new valueType("http://tier.internet2.edu/mfa/enabled"))) {
- nextFlow = "authn/Gaspo";
- }
-
- input.removeSubcontext(resCtx); // cleanup
- }
-
- nextFlow; // pass control to second factor or end with the first
- ]]>
- </value>
- </constructor-arg>
- </bean>
-
-</beans>
diff --git a/ex401/ex401.2.4/container_files/idp/conf/idp.properties b/ex401/ex401.2.4/container_files/idp/conf/idp.properties
deleted file mode 100644
index 73e64ca..0000000
--- a/ex401/ex401.2.4/container_files/idp/conf/idp.properties
+++ /dev/null
@@ -1,195 +0,0 @@
-# Load any additional property resources from a comma-delimited list
-idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties
-
-# Set the entityID of the IdP
-idp.entityID= https://idptestbed/idp/shibboleth
-
-# Set the scope used in the attribute resolver for scoped attributes
-idp.scope= example.edu
-
-# General cookie properties (maxAge only applies to persistent cookies)
-#idp.cookie.secure = false
-#idp.cookie.httpOnly = true
-#idp.cookie.domain =
-#idp.cookie.path =
-#idp.cookie.maxAge = 31536000
-
-# Set the location of user-supplied web flow definitions
-#idp.webflows = %{idp.home}/flows
-
-# Set the location of Velocity view templates
-#idp.views = %{idp.home}/views
-
-# Settings for internal AES encryption key
-#idp.sealer.storeType = JCEKS
-#idp.sealer.updateInterval = PT15M
-#idp.sealer.aliasBase = secret
-idp.sealer.storeResource= %{idp.home}/credentials/sealer.jks
-idp.sealer.versionResource= %{idp.home}/credentials/sealer.kver
-idp.sealer.storePassword= password
-idp.sealer.keyPassword= password
-
-# Settings for public/private signing and encryption key(s)
-# During decryption key rollover, point the ".2" properties at a second
-# keypair, uncomment in credentials.xml, then publish it in your metadata.
-idp.signing.key= %{idp.home}/credentials/idp-signing.key
-idp.signing.cert= %{idp.home}/credentials/idp-signing.crt
-idp.encryption.key= %{idp.home}/credentials/idp-encryption.key
-idp.encryption.cert= %{idp.home}/credentials/idp-encryption.crt
-#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key
-#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt
-
-# Sets the bean ID to use as a default security configuration set
-#idp.security.config = shibboleth.DefaultSecurityConfiguration
-
-# To default to SHA-1, set to shibboleth.SigningConfiguration.SHA1
-#idp.signing.config = shibboleth.SigningConfiguration.SHA256
-
-# Configures trust evaluation of keys used by services at runtime
-# Defaults to supporting both explicit key and PKIX using SAML metadata.
-#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine
-# To pick only one set to one of:
-# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
-#idp.trust.certificates = shibboleth.ChainingX509TrustEngine
-# To pick only one set to one of:
-# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine
-
-# If true, encryption will happen whenever a key to use can be located, but
-# failure to encrypt won't result in request failure.
-#idp.encryption.optional = false
-
-# Configuration of client- and server-side storage plugins
-#idp.storage.cleanupInterval = PT10M
-#idp.storage.htmlLocalStorage = false
-
-# Set to true to expose more detailed errors in responses to SPs
-#idp.errors.detailed = false
-# Set to false to skip signing of SAML response messages that signal errors
-#idp.errors.signed = true
-# Name of bean containing a list of Java exception classes to ignore
-#idp.errors.excludedExceptions = ExceptionClassListBean
-# Name of bean containing a property set mapping exception names to views
-#idp.errors.exceptionMappings = ExceptionToViewPropertyBean
-# Set if a different default view name for events and exceptions is needed
-#idp.errors.defaultView = error
-
-# Set to false to disable the IdP session layer
-#idp.session.enabled = true
-
-# Set to "shibboleth.StorageService" for server-side storage of user sessions
-#idp.session.StorageService = shibboleth.ClientSessionStorageService
-idp.session.StorageService = shibboleth.StorageService
-
-# Size of session IDs
-#idp.session.idSize = 32
-# Bind sessions to IP addresses
-#idp.session.consistentAddress = true
-# Inactivity timeout
-#idp.session.timeout = PT60M
-# Extra time to store sessions for logout
-#idp.session.slop = PT0S
-# Tolerate storage-related errors
-#idp.session.maskStorageFailure = false
-# Track information about SPs logged into
-#idp.session.trackSPSessions = false
-# Support lookup by SP for SAML logout
-#idp.session.secondaryServiceIndex = false
-# Length of time to track SP sessions
-#idp.session.defaultSPlifetime = PT2H
-
-# Regular expression matching login flows to enable, e.g. IPAddress|Password
-idp.authn.flows= MFA
-
-# Regular expression of forced "initial" methods when no session exists,
-# usually in conjunction with the idp.authn.resolveAttribute property below.
-#idp.authn.flows.initial = Password
-
-# Set to an attribute ID to resolve prior to selecting authentication flows;
-# its values are used to filter the flows to allow.
-#idp.authn.resolveAttribute = eduPersonAssurance
-
-# Default lifetime and timeout of various authentication methods
-#idp.authn.defaultLifetime = PT60M
-#idp.authn.defaultTimeout = PT30M
-
-# Whether to prioritize "active" results when an SP requests more than
-# one possible matching login method (V2 behavior was to favor them)
-#idp.authn.favorSSO = true
-
-# Whether to fail requests when a user identity after authentication
-# doesn't match the identity in a pre-existing session.
-#idp.authn.identitySwitchIsError = false
-
-# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
-#idp.consent.StorageService = shibboleth.ClientPersistentStorageService
-
-# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
-# to key user consent storage records (and set the attribute name)
-#idp.consent.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
-#idp.consent.userStorageKeyAttribute = uid
-
-# Flags controlling how built-in attribute consent feature operates
-#idp.consent.allowDoNotRemember = true
-#idp.consent.allowGlobal = true
-#idp.consent.allowPerAttribute = false
-
-# Whether attribute values and terms of use text are compared
-#idp.consent.compareValues = false
-# Maximum number of consent records for space-limited storage (e.g. cookies)
-#idp.consent.maxStoredRecords = 10
-# Maximum number of consent records for larger/server-side storage (0 = no limit)
-#idp.consent.expandedMaxStoredRecords = 0
-
-# Time in milliseconds to expire consent storage records.
-#idp.consent.storageRecordLifetime = P1Y
-
-# Whether to lookup metadata, etc. for every SP involved in a logout
-# for use by user interface logic; adds overhead so off by default.
-#idp.logout.elaboration = false
-
-# Whether to require logout requests be signed/authenticated.
-#idp.logout.authenticated = true
-
-# Message freshness and replay cache tuning
-#idp.policy.messageLifetime = PT3M
-#idp.policy.clockSkew = PT3M
-
-# Set to custom bean for alternate storage of replay cache
-#idp.replayCache.StorageService = shibboleth.StorageService
-
-# Toggles whether to allow outbound messages via SAML artifact
-#idp.artifact.enabled = true
-# Suppresses typical signing/encryption when artifact binding used
-#idp.artifact.secureChannel = true
-# May differ to direct SAML 2 artifact lookups to specific server nodes
-#idp.artifact.endpointIndex = 2
-# Set to custom bean for alternate storage of artifact map state
-#idp.artifact.StorageService = shibboleth.StorageService
-
-# Name of access control policy for various admin flows
-idp.status.accessPolicy= AccessByIPAddress
-idp.resolvertest.accessPolicy= AccessByIPAddress
-idp.reload.accessPolicy= AccessByIPAddress
-
-# Comma-delimited languages to use if not match can be found with the
-# browser-supported languages, defaults to an empty list.
-idp.ui.fallbackLanguages= en,fr,de
-
-# Storage service used by CAS protocol
-# Defaults to shibboleth.StorageService (in-memory)
-# MUST be server-side storage (e.g. in-memory, memcached, database)
-# NOTE that idp.session.StorageService requires server-side storage
-# when CAS protocol is enabled
-idp.cas.StorageService=shibboleth.StorageService
-
-# CAS service registry implementation class
-#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry
-
-# Profile flows in which the ProfileRequestContext should be exposed
-# in servlet request under the key "opensamlProfileRequestContext"
-#idp.profile.exposeProfileRequestContextInServletRequest = SAML2/POST/SSO,SAML2/Redirect/SSO
-
-# F-TICKS auditing - set salt to include hashed username
-#idp.fticks.federation=MyFederation
-#idp.fticks.algorithm=SHA-256
-#idp.fticks.salt=somethingsecret
diff --git a/ex401/ex401.2.4/container_files/idp/flows/authn/Gaspo/gaspo-authn-beans.xml b/ex401/ex401.2.4/container_files/idp/flows/authn/Gaspo/gaspo-authn-beans.xml
deleted file mode 100644
index 2a19a15..0000000
--- a/ex401/ex401.2.4/container_files/idp/flows/authn/Gaspo/gaspo-authn-beans.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize" default-destroy-method="destroy">
-
- <bean class="org.springframework.context.support.PropertySourcesPlaceholderConfigurer" p:placeholderPrefix="%{"
- p:placeholderSuffix="}" />
-
- <bean class="net.shibboleth.ext.spring.config.IdentifiableBeanPostProcessor" />
- <bean class="net.shibboleth.idp.profile.impl.ProfileActionBeanPostProcessor" />
-
- <!--
- <bean id="ValidateGaspoWebResponse" scope="prototype"
- class="net.shibboleth.idp.authn.gaspo.impl.ValidateGaspoWebResponse"
- p:httpServletRequest-ref="shibboleth.HttpServletRequest"
- p:usernameLookupStrategy-ref="shibboleth.authn.Duo.UsernameLookupStrategy"
- p:duoIntegrationLookupStrategy-ref="shibboleth.authn.Duo.DuoIntegrationStrategy"
- p:addDefaultPrincipals="#{getObject('shibboleth.authn.Duo.addDefaultPrincipals') ?: true}" />
--->
-</beans>
diff --git a/ex401/ex401.2.4/container_files/idp/flows/authn/Gaspo/gaspo-authn-flow.xml b/ex401/ex401.2.4/container_files/idp/flows/authn/Gaspo/gaspo-authn-flow.xml
deleted file mode 100644
index fc1399d..0000000
--- a/ex401/ex401.2.4/container_files/idp/flows/authn/Gaspo/gaspo-authn-flow.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<flow xmlns="http://www.springframework.org/schema/webflow" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd"
- parent="authn.abstract">
-
- <!-- This is a simple login flow for Gaspo MFA authentication. -->
-
- <view-state id="DisplayGaspoWebView" view="gaspo">
- <on-render>
- <evaluate expression="environment" result="viewScope.environment" />
- <evaluate expression="opensamlProfileRequestContext" result="viewScope.profileRequestContext" />
- <evaluate expression="opensamlProfileRequestContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationContext))" result="viewScope.authenticationContext" />
- <evaluate expression="authenticationContext.getSubcontext(T(net.shibboleth.idp.ui.context.RelyingPartyUIContext))" result="viewScope.rpUIContext" />
- <evaluate expression="T(net.shibboleth.utilities.java.support.codec.HTMLEncoder)" result="viewScope.encoder" />
- <evaluate expression="flowRequestContext.getExternalContext().getNativeRequest()" result="viewScope.request" />
- <evaluate expression="flowRequestContext.getExternalContext().getNativeResponse()" result="viewScope.response" />
- <evaluate expression="flowRequestContext.getActiveFlow().getApplicationContext().containsBean('shibboleth.CustomViewContext') ? flowRequestContext.getActiveFlow().getApplicationContext().getBean('shibboleth.CustomViewContext') : null" result="viewScope.custom" />
- </on-render>
-
- <transition on="proceed" to="ValidateGaspoWebResponse" />
- <transition on="cancel" to="ReselectFlow" />
- </view-state>
-
- <action-state id="ValidateGaspoWebResponse">
- <!--<evaluate expression="ValidateGaspoWebResponse" />-->
- <evaluate expression="'proceed'" />
-
- <transition on="proceed" to="proceed" />
- </action-state>
-
- <bean-import resource="gaspo-authn-beans.xml" />
-
-</flow>
diff --git a/ex401/ex401.2.4/container_files/idp/views/gaspo.vm b/ex401/ex401.2.4/container_files/idp/views/gaspo.vm
deleted file mode 100644
index 235d960..0000000
--- a/ex401/ex401.2.4/container_files/idp/views/gaspo.vm
+++ /dev/null
@@ -1,62 +0,0 @@
-##
-## Velocity Template for Gaspo login view-state
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## authenticationContext - context with authentication request information
-## rpUIContext - the context with SP UI information from the metadata
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-<!DOCTYPE html>
-<html>
-<head>
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <title>#springMessageText("idp.title", "Web Login Service")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
-</head>
-<body>
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- </header>
-
- <div class="content">
- <div class="column one">
-
- Please check your authenticator and click proceed below.
-
- <form id="gaspo_form" method="post">
- <input type="hidden" name="_eventId" value="proceed" />
- <input type="submit" value="proceed" />
- </form>
-
- <h3 style="text-align: center">
- <a href="$flowExecutionUrl&_eventId=cancel">Cancel this Request</a>
- </h3>
- </div>
- <div class="column two">
- <ul class="list list-help">
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", "#")"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
- </ul>
- </div>
- </div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
-</body>
-</html>
diff --git a/ex401/ex401.2.4/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.4/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.4/container_files/seed-data/sisData.sql b/ex401/ex401.2.4/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.4/container_files/seed-data/users.ldif b/ex401/ex401.2.4/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.5/Dockerfile b/ex401/ex401.2.5/Dockerfile
deleted file mode 100644
index 3815124..0000000
--- a/ex401/ex401.2.5/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.2.4-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
- Vendor="TIER" \
- ImageType="Grouper Training" \
- ImageName=$imagename \
- ImageOS=centos7
-
-ENV USERTOKEN=gte-401.2.5
-
-COPY container_files/seed-data/ /seed-data/
-
-# && setupFiles
-RUN . /usr/local/bin/library.sh \
- && prep_conf && prep_finish; \
- (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- (mysqld_safe & ) \
- && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
- cd /opt/grouper/grouperWebapp/WEB-INF \
- && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
- && mysql grouper < /seed-data/sisData.sql \
- && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
- && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
- && pkill -HUP slapd \
- && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
- pkill -u mysql mysqld \
- && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.2.5/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.5/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index 6a82a24..0000000
--- a/ex401/ex401.2.5/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,31 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-
-addStem("ref", "dept", "dept");
-addGroup("ref:dept", "Information Technology", "Information Technology");
-addMember("app:mfa:mfa_enabled_allow", "ref:dept:Information Technology");
-
-addGroup("app:mfa:ref", "mfa_bypass", "mfa_bypass");
-
-addMember("app:mfa:mfa_enabled_deny", "app:mfa:ref:mfa_bypass");
-
-
-addGroup("app:mfa:ref", "athletics_dept", "athletics_dept");
-addMember("app:mfa:ref:athletics_dept","jdavis4");
-addMember("app:mfa:ref:athletics_dept","ldavis5");
-addMember("app:mfa:ref:athletics_dept","janderson13");
-addMember("app:mfa:ref:athletics_dept","rdavis16");
-addMember("app:mfa:ref:athletics_dept","cthompson28");
-addMember("app:mfa:ref:athletics_dept","ahenderson36");
-addMember("app:mfa:ref:athletics_dept","amorrison42");
-addMember("app:mfa:ref:athletics_dept","pthompson61");
-addMember("app:mfa:ref:athletics_dept","bsmith65");
-addMember("app:mfa:ref:athletics_dept","jlangenberg100");
-addMember("app:mfa:ref:athletics_dept","nscott103");
-addMember("app:mfa:ref:athletics_dept","jprice108");
-addMember("app:mfa:ref:athletics_dept","jvales117");
-addMember("app:mfa:ref:athletics_dept","mmartinez133");
-addMember("app:mfa:ref:athletics_dept","mgrady137");
-
-
-addMember("app:mfa:mfa_enabled_allow", "app:mfa:ref:athletics_dept");
diff --git a/ex401/ex401.2.5/container_files/seed-data/sisData.sql b/ex401/ex401.2.5/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.5/container_files/seed-data/users.ldif b/ex401/ex401.2.5/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.6/Dockerfile b/ex401/ex401.2.6/Dockerfile
deleted file mode 100644
index e2573f1..0000000
--- a/ex401/ex401.2.6/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.2.5-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
- Vendor="TIER" \
- ImageType="Grouper Training" \
- ImageName=$imagename \
- ImageOS=centos7
-
-ENV USERTOKEN=gte-401.2.6
-
-COPY container_files/seed-data/ /seed-data/
-
-# && setupFiles
-RUN . /usr/local/bin/library.sh \
- && prep_conf && prep_finish; \
- (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- (mysqld_safe & ) \
- && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
- cd /opt/grouper/grouperWebapp/WEB-INF \
- && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
- && mysql grouper < /seed-data/sisData.sql \
- && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
- && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
- && pkill -HUP slapd \
- && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
- pkill -u mysql mysqld \
- && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index ef32cbb..0000000
--- a/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,47 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-addGroup("app:mfa:ref", "NonFacultyBannerINB", "NonFacultyBannerINB");
-addMember("app:mfa:ref:NonFacultyBannerINB","jprice108");
-addMember("app:mfa:ref:NonFacultyBannerINB","mnielson143");
-addMember("app:mfa:ref:NonFacultyBannerINB","mvales154");
-addMember("app:mfa:ref:NonFacultyBannerINB","wclark159");
-addMember("app:mfa:ref:NonFacultyBannerINB","kthompson169");
-addMember("app:mfa:ref:NonFacultyBannerINB","athompson183");
-addMember("app:mfa:ref:NonFacultyBannerINB","sanderson191");
-addMember("app:mfa:ref:NonFacultyBannerINB","jlangenberg194");
-addMember("app:mfa:ref:NonFacultyBannerINB","jwhite222");
-addMember("app:mfa:ref:NonFacultyBannerINB","rwilliams230");
-addMember("app:mfa:ref:NonFacultyBannerINB","pwilliams242");
-addMember("app:mfa:ref:NonFacultyBannerINB","lprice328");
-addMember("app:mfa:ref:NonFacultyBannerINB","dgrady331");
-addMember("app:mfa:ref:NonFacultyBannerINB","edoe348");
-addMember("app:mfa:ref:NonFacultyBannerINB","svales366");
-addMember("app:mfa:ref:NonFacultyBannerINB","mhenderson377");
-addMember("app:mfa:ref:NonFacultyBannerINB","mlewis390");
-addMember("app:mfa:ref:NonFacultyBannerINB","mroberts391");
-addMember("app:mfa:ref:NonFacultyBannerINB","llopez398");
-addMember("app:mfa:ref:NonFacultyBannerINB","amorrison406");
-addMember("app:mfa:ref:NonFacultyBannerINB","janderson459");
-addMember("app:mfa:ref:NonFacultyBannerINB","wmartinez487");
-addMember("app:mfa:ref:NonFacultyBannerINB","lvales502");
-addMember("app:mfa:ref:NonFacultyBannerINB","cvales514");
-addMember("app:mfa:ref:NonFacultyBannerINB","jprice523");
-addMember("app:mfa:ref:NonFacultyBannerINB","rvales544");
-addMember("app:mfa:ref:NonFacultyBannerINB","iprice563");
-addMember("app:mfa:ref:NonFacultyBannerINB","bmartinez592");
-addMember("app:mfa:ref:NonFacultyBannerINB","jnielson598");
-addMember("app:mfa:ref:NonFacultyBannerINB","amartinez605");
-addMember("app:mfa:ref:NonFacultyBannerINB","dprice607");
-addMember("app:mfa:ref:NonFacultyBannerINB","mbutler632");
-addMember("app:mfa:ref:NonFacultyBannerINB","lbutler643");
-addMember("app:mfa:ref:NonFacultyBannerINB","dmartinez657");
-
-
-//Set expiration out 30 days
-java.util.Calendar cal = Calendar.getInstance();
-cal.setTime(new Date());
-cal.add(Calendar.DAY_OF_YEAR, 30);
-
-group = GroupFinder.findByName(gs, "app:mfa:mfa_enabled_allow", true);
-subject = GroupFinder.findByName(gs, "app:mfa:ref:NonFacultyBannerINB", true).toSubject();
-group.addOrEditMember(subject, true, true, cal.getTime(), null, false);
diff --git a/ex401/ex401.2.6/container_files/seed-data/sisData.sql b/ex401/ex401.2.6/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.6/container_files/seed-data/users.ldif b/ex401/ex401.2.6/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.7/Dockerfile b/ex401/ex401.2.7/Dockerfile
deleted file mode 100644
index 2e84e3f..0000000
--- a/ex401/ex401.2.7/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.2.6-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
- Vendor="TIER" \
- ImageType="Grouper Training" \
- ImageName=$imagename \
- ImageOS=centos7
-
-ENV USERTOKEN=gte-401.2.7
-
-COPY container_files/seed-data/ /seed-data/
-
-# && setupFiles
-RUN . /usr/local/bin/library.sh \
- && prep_conf && prep_finish; \
- (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- (mysqld_safe & ) \
- && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
- cd /opt/grouper/grouperWebapp/WEB-INF \
- && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
- && mysql grouper < /seed-data/sisData.sql \
- && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
- && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
- && pkill -HUP slapd \
- && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
- pkill -u mysql mysqld \
- && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.2.7/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.7/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index caf6b16..0000000
--- a/ex401/ex401.2.7/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,5 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-addGroup("app:mfa:ref", "BannerUsersMinusFaculty", "BannerUsersMinusFaculty");
-addComposite("app:mfa:ref:BannerUsersMinusFaculty", CompositeType.COMPLEMENT, "app:mfa:ref:NonFacultyBannerINB", "ref:faculty");
-addMember("app:mfa:mfa_enabled_allow", "app:mfa:ref:BannerUsersMinusFaculty")
\ No newline at end of file
diff --git a/ex401/ex401.2.7/container_files/seed-data/sisData.sql b/ex401/ex401.2.7/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.7/container_files/seed-data/users.ldif b/ex401/ex401.2.7/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.8/Dockerfile b/ex401/ex401.2.8/Dockerfile
deleted file mode 100644
index 589b705..0000000
--- a/ex401/ex401.2.8/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.2.7-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
- Vendor="TIER" \
- ImageType="Grouper Training" \
- ImageName=$imagename \
- ImageOS=centos7
-
-ENV USERTOKEN=gte-401.2.8
-
-COPY container_files/seed-data/ /seed-data/
-
-# && setupFiles
-RUN . /usr/local/bin/library.sh \
- && prep_conf && prep_finish; \
- (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- (mysqld_safe & ) \
- && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
- cd /opt/grouper/grouperWebapp/WEB-INF \
- && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
- && mysql grouper < /seed-data/sisData.sql \
- && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
- && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
- && pkill -HUP slapd \
- && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
- pkill -u mysql mysqld \
- && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.2.8/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.8/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index a05060e..0000000
--- a/ex401/ex401.2.8/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,21 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-addGroup("app:mfa", "mfa_required", "mfa_required");
-addGroup("app:mfa:ref", "mfa_opt_in", "mfa_opt_in");
-addMember("app:mfa:mfa_enabled_allow", "app:mfa:ref:mfa_opt_in");
-
-addStem("app:mfa", "etc", "etc")
-addGroup("app:mfa:etc", "mfa_opt_in_access", "mfa_opt_in_access");
-addGroup("app:mfa:etc", "mfa_opt_in_access_allow", "mfa_opt_in_access_allow");
-addGroup("app:mfa:etc", "mfa_opt_in_access_deny", "mfa_opt_in_access_deny");
-
-addComposite("app:mfa:etc:mfa_opt_in_access", CompositeType.COMPLEMENT, "app:mfa:etc:mfa_opt_in_access_allow", "app:mfa:etc:mfa_opt_in_access_deny");
-
-addMember("app:mfa:etc:mfa_opt_in_access_allow", "ref:faculty");
-addMember("app:mfa:etc:mfa_opt_in_access_allow", "ref:staff");
-addMember("app:mfa:etc:mfa_opt_in_access_allow", "ref:student");
-
-addMember("app:mfa:etc:mfa_opt_in_access_deny", "app:mfa:mfa_required");
-
-grantPriv("app:mfa:ref:mfa_opt_in", "app:mfa:etc:mfa_opt_in_access", AccessPrivilege.OPTIN);
-grantPriv("app:mfa:ref:mfa_opt_in", "app:mfa:etc:mfa_opt_in_access", AccessPrivilege.OPTOUT);
diff --git a/ex401/ex401.2.8/container_files/seed-data/sisData.sql b/ex401/ex401.2.8/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.8/container_files/seed-data/users.ldif b/ex401/ex401.2.8/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.9/Dockerfile b/ex401/ex401.2.9/Dockerfile
deleted file mode 100644
index 7ffef58..0000000
--- a/ex401/ex401.2.9/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.2.8-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
- Vendor="TIER" \
- ImageType="Grouper Training" \
- ImageName=$imagename \
- ImageOS=centos7
-
-ENV USERTOKEN=gte-401.2.9
-
-COPY container_files/seed-data/ /seed-data/
-
-# && setupFiles
-RUN . /usr/local/bin/library.sh \
- && prep_conf && prep_finish; \
- (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- (mysqld_safe & ) \
- && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
- cd /opt/grouper/grouperWebapp/WEB-INF \
- && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
- && mysql grouper < /seed-data/sisData.sql \
- && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
- && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
- && pkill -HUP slapd \
- && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
- pkill -u mysql mysqld \
- && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index dabd890..0000000
--- a/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,12 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-addStem("app:mfa", "basis", "basis");
-
-group = GroupFinder.findByName(gs, "app:mfa:ref:mfa_bypass", true);
-stem = StemFinder.findByName(gs, "app:mfa:basis", true);
-group.move(stem);
-
-addGroup("app:mfa:ref", "mfa_bypass_not_opt_in", "mfa_bypass_not_opt_in");
-addComposite("app:mfa:ref:mfa_bypass_not_opt_in", CompositeType.COMPLEMENT, "app:mfa:basis:mfa_bypass", "app:mfa:ref:mfa_opt_in");
-
-addMember("app:mfa:mfa_enabled_deny", "app:mfa:ref:mfa_bypass_not_opt_in");
diff --git a/ex401/ex401.2.9/container_files/seed-data/sisData.sql b/ex401/ex401.2.9/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.2.9/container_files/seed-data/users.ldif b/ex401/ex401.2.9/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000