Skip to content

Commit

Permalink
proof of concept entitlement attributes; more image name clean-up
Browse files Browse the repository at this point in the history
  • Loading branch information
John Gasper committed Jul 12, 2018
1 parent 83d5307 commit ac5c0a0
Show file tree
Hide file tree
Showing 10 changed files with 41 additions and 14 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ A set of Grouper images that are used during I2/TIER training.

```
docker run -d -p 80:80 -p 389:389 -p 443:443 -p 3306:3306 -p 4443:4443 \
--name grouper-demo tier/grouper_training_full_demo:latest
--name grouper-demo tier/grouper-training-env:full_demo
```

Browse to `https://localhost/grouper`
Expand All @@ -16,7 +16,7 @@ Browse to `https://localhost/grouper`

```
docker run -d -p 80:80 -p 389:389 -p 443:443 -p 3306:3306 -p 4443:4443 \
--name grouper tier/grouper_training_ex###:latest
--name grouper tier/grouper-training-env:exXXX
```

Browse to `https://localhost/grouper` for Grouper. There is also an app that dumps the SP user attributes at `https://localhost/app`.
Expand Down
2 changes: 1 addition & 1 deletion base/container_files/httpd/grouper-testapp.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibRequireSession on
Require shib-attr eduPersonEntitlement admin superuser
Require shib-attr eduPersonEntitlement urn:mace:example.edu:admin urn:mace:example.edu:superUser
ErrorDocument 401 /app/accessError.html

DirectoryIndex index.html
Expand Down
2 changes: 1 addition & 1 deletion base/container_files/seed-data/users.ldif
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ uid: banderson
sn: Anderson
cn: Bob Anderson
userPassword: password
eduPersonEntitlement: admin
eduPersonEntitlement: urn:mace:example.edu:admin

dn: cn=users,ou=Groups,dc=internet2,dc=edu
objectClass: groupOfUniqueNames
Expand Down
2 changes: 1 addition & 1 deletion base/container_files/shibboleth-idp/conf/idp.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /
idp.entityID= https://idptestbed/idp/shibboleth

# Set the scope used in the attribute resolver for scoped attributes
idp.scope= example.org
idp.scope= example.edu

# General cookie properties (maxAge only applies to persistent cookies)
#idp.cookie.secure = false
Expand Down
2 changes: 1 addition & 1 deletion exercise1/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM tier/grouper_training_env:base
FROM tier/grouper-training-env:base

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
Expand Down
2 changes: 1 addition & 1 deletion exercise2/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM tier/grouper_training_env:base
FROM tier/grouper-training-env:base

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
Expand Down
2 changes: 1 addition & 1 deletion full-demo/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM tier/grouper_training_env:base
FROM tier/grouper-training-env:base

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
Expand Down
18 changes: 16 additions & 2 deletions full-demo/container_files/demo.gsh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,12 +221,26 @@ addMember("app:banner:banner_user_allow", "banderson");
# Auto create the PSPNG attributes
edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfUniqueNames");

#Assign the PSPNG attributes

AttributeDef pspngAttributeDef = AttributeDefFinder.findByName("etc:pspng:provision_to_def", true);
AttributeDefName pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);

AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);

#Assign the PSPNG attribute for the standard groups
attributeAssignSave.assignAttributeDefName(pspngAttribute);
attributeAssignSave.assignOwnerStem(testStem);
attributeAssignSave.addValue("pspng_groupOfUniqueNames");
attributeAssignSave.save();

#Assign the PSPNG attribute for the entitlements
AttributeAssignSave attributeAssignSave2 = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
attributeAssignSave2.assignAttributeDefName(pspngAttribute);
attributeAssignSave2.assignOwnerGroup(GroupFinder.findByName(gs, "app:vpn:vpn_user", true));
attributeAssignSave2.addValue("pspng_entitlements");
attributeAssignSave2.save();

attributeAssignSave2 = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
attributeAssignSave2.assignAttributeDefName(pspngAttribute);
attributeAssignSave2.assignOwnerGroup(GroupFinder.findByName(gs, "app:banner:banner_user", true));
attributeAssignSave2.addValue("pspng_entitlements");
attributeAssignSave2.save();
13 changes: 13 additions & 0 deletions full-demo/container_files/grouper-loader.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,3 +88,16 @@ changeLog.consumer.pspng_groupOfUniqueNames.groupCreationLdifTemplate = dn: cn=$
changeLog.consumer.pspng_groupOfUniqueNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu
changeLog.consumer.pspng_groupOfUniqueNames.userSearchFilter = uid=${subject.id}
changeLog.consumer.pspng_groupOfUniqueNames.grouperIsAuthoritative = true
changeLog.consumer.pspng_groupOfUniqueNames.provisionedAttributeName = eduPersonEntitlement
changeLog.consumer.pspng_groupOfUniqueNames.provisionedAttributeValueFormat = g:${group.name}


changeLog.consumer.pspng_entitlements.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
changeLog.consumer.pspng_entitlements.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner
changeLog.consumer.pspng_entitlements.quartzCron = 0 * * * * ?
changeLog.consumer.pspng_entitlements.ldapPoolName = demo
changeLog.consumer.pspng_entitlements.provisionedAttributeName = eduPersonEntitlement
changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = urn:mace:example.edu:${group.extension}
changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu
changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id}
changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=urn:mace:example.edu:
8 changes: 4 additions & 4 deletions manualBuild.sh
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
docker build --tag=tier/grouper_training_env:base base/ \
&& docker build --tag=tier/grouper_training_env:ex1 exercise1 \
&& docker build --tag=tier/grouper_training_env:ex2 exercise2 \
&& docker build --tag=tier/grouper_training_env:full_demo full-demo
docker build --tag=tier/grouper-training-env:base base/ \
&& docker build --tag=tier/grouper-training-env:ex1 exercise1 \
&& docker build --tag=tier/grouper-training-env:ex2 exercise2 \
&& docker build --tag=tier/grouper-training-env:full_demo full-demo

if [[ "$OSTYPE" == "darwin"* ]]; then
say build complete
Expand Down

0 comments on commit ac5c0a0

Please sign in to comment.