Skip to content
Permalink
master
Go to file
Slavek Licehammer New SAML2 authN implementation
Latest commit 827d2cf Nov 19, 2020 History
SAML2 authentication is now using Shibboleth SP by default. SP embeded
in midPoint si also available on a different URL.
2 contributors

Users who have contributed to this file

@mederly @skublik
110 lines (83 sloc) 3.78 KB
#
# Building assumes midpoint-dist.tar.gz is present in the current directory.
#
FROM tier/shibboleth_sp:3.0.4_03122019
MAINTAINER info@evolveum.com
RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems
RUN curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo
RUN yum -y update
RUN yum -y install \
zulu-11 \
cron \
supervisor \
libcurl \
&& yum clean -y all
RUN cd /etc/httpd/conf.d/ \
&& rm -f autoindex.conf ssl.conf userdir.conf welcome.conf
COPY container_files/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
COPY container_files/httpd/conf/* /etc/httpd/conf.d/
COPY container_files/usr-local-bin/* /usr/local/bin/
COPY container_files/opt-tier/* /opt/tier/
RUN chmod 755 /opt/tier/setenv.sh \
&& chmod 755 /usr/local/bin/sendtierbeacon.sh \
&& chmod 755 /usr/local/bin/setup-cron.sh \
&& chmod 755 /usr/local/bin/setup-timezone.sh \
&& chmod 755 /usr/local/bin/start-midpoint.sh \
&& chmod 755 /usr/local/bin/start-httpd.sh \
&& chmod 755 /usr/local/bin/startup.sh \
&& chmod 755 /usr/local/bin/healthcheck.sh
RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
&& mkdir /etc/httpd/conf.d/vhosts \
&& rm /etc/httpd/conf.d/shib.conf \
&& sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
&& sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
&& sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
&& echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
# Build arguments
ARG MP_VERSION=4.0.1
ARG MP_DIST_FILE=midpoint-dist.tar.gz
ENV MP_DIR /opt/midpoint
RUN mkdir -p ${MP_DIR}/var
COPY ${MP_DIST_FILE} ${MP_DIR}
COPY container_files/mp-dir/ ${MP_DIR}/
RUN echo 'Extracting midPoint archive...' \
&& tar xzf ${MP_DIR}/${MP_DIST_FILE} -C ${MP_DIR} --strip-components=1
# Disabled because of wider compatibility issues (e.g. AWS)
# TODO: consider all the consequences
#VOLUME ${MP_DIR}/var
# Repository parameters
ENV REPO_DATABASE_TYPE mariadb
ENV REPO_JDBC_URL default
ENV REPO_HOST midpoint_data
ENV REPO_PORT default
ENV REPO_DATABASE registry
ENV REPO_USER registry_user
ENV REPO_PASSWORD_FILE /run/secrets/mp_database_password.txt
ENV REPO_MISSING_SCHEMA_ACTION create
ENV REPO_UPGRADEABLE_SCHEMA_ACTION stop
# Logging parameters
ENV ENV demo
ENV USERTOKEN ""
# Authentication/web
ENV AJP_ENABLED true
ENV AJP_PORT 9090
# Other parameters
ENV MP_KEYSTORE_PASSWORD_FILE /run/secrets/mp_keystore_password.txt
ENV MP_MEM_MAX 2048m
ENV MP_MEM_INIT 1024m
ENV TIMEZONE UTC
ENV TIER_RELEASE not-released-yet
ENV TIER_MAINTAINER tier
# TIER Beacon Opt-out
# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage/midPoint) and version (4.0, etc)
# once daily between midnight and 4am. There is no configuration or private information collected or sent.
# This data helps with the scaling and funding of TIER. Please do not disable it if you find the TIER tools useful.
# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
##### ENV TIER_BEACON_OPT_OUT true
# requires MP_VERSION and TIER_xyz variables so we have to execute it here
RUN /opt/tier/setenv.sh
HEALTHCHECK --interval=1m --timeout=30s --start-period=2m CMD /usr/local/bin/healthcheck.sh
CMD ["/usr/local/bin/startup.sh"]
You can’t perform that action at this time.