Skip to content

/ midPoint_container

Permalink
Browse files

Migrate Shib in demo/shibboleth to TIER one 

Plus a couple of minor fixes.
  • Loading branch information
@mederly
mederly committed Oct 9, 2018
1 parent 94036be commit 0c7d07e22a9dcc3f940c9c2422fa1921f5229f45
8 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
View file
@@ -104,10 +104,10 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://localhost:4443/idp/profile/Shibboleth/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:4443/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost:4443/idp/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:4443/idp/profile/SAML2/Redirect/SSO"/>
<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://localhost/idp/profile/Shibboleth/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/idp/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/idp/profile/SAML2/Redirect/SSO"/>

</IDPSSODescriptor>

8 demo/shibboleth/configs-and-secrets/shibboleth/idp-metadata.xml
View file
@@ -104,10 +104,10 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://localhost:4443/idp/profile/Shibboleth/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:4443/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost:4443/idp/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:4443/idp/profile/SAML2/Redirect/SSO"/>
<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://localhost/idp/profile/Shibboleth/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/idp/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/idp/profile/SAML2/Redirect/SSO"/>

</IDPSSODescriptor>

2 demo/shibboleth/directory/Dockerfile
View file
@@ -27,4 +27,4 @@ EXPOSE 389

# temporary!

CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep 100000000
CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep infinity
2 demo/shibboleth/docker-compose.yml
View file
@@ -76,7 +76,7 @@ services:
depends_on:
- directory
ports:
- 4443:4443
- 443:443
environment:
- JETTY_MAX_HEAP=64m
- JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
2 demo/shibboleth/idp/Dockerfile
View file
@@ -1,4 +1,4 @@
FROM unicon/shibboleth-idp:latest
FROM tier/shib-idp:181001

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"

8 demo/shibboleth/idp/shibboleth-idp/metadata/idp-metadata.xml
View file
@@ -104,10 +104,10 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://localhost:4443/idp/profile/Shibboleth/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:4443/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost:4443/idp/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:4443/idp/profile/SAML2/Redirect/SSO"/>
<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://localhost/idp/profile/Shibboleth/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/idp/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost/idp/profile/SAML2/Redirect/SSO"/>

</IDPSSODescriptor>

14 demo/shibboleth/tests/main.bats
View file
@@ -20,24 +20,28 @@ load ../../../library
wait_for_midpoint_start shibboleth_midpoint_server_1
}

@test "030 Check health" {
@test "030 Check health (midPoint)" {
check_health
}

@test "035 Check health (Shibboleth IdP)" {
check_health_shibboleth_idp
}

@test "040 Check Shibboleth redirection (/midpoint)" {
curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint | grep 'https:\/\/localhost:4443\/idp\/profile\/SAML2\/Redirect'
curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint | grep 'https:\/\/localhost\/idp\/profile\/SAML2\/Redirect'
}

@test "041 Check Shibboleth redirection (/midpoint/)" {
curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/ | grep 'https:\/\/localhost:4443\/idp\/profile\/SAML2\/Redirect'
curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/ | grep 'https:\/\/localhost\/idp\/profile\/SAML2\/Redirect'
}

@test "042 Check Shibboleth redirection (/midpoint/login)" {
curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/login | grep 'https:\/\/localhost:4443\/idp\/profile\/SAML2\/Redirect'
curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/login | grep 'https:\/\/localhost\/idp\/profile\/SAML2\/Redirect'
}

@test "043 Check Shibboleth redirection (/midpoint/something)" {
curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/something | grep 'https:\/\/localhost:4443\/idp\/profile\/SAML2\/Redirect'
curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/something | grep 'https:\/\/localhost\/idp\/profile\/SAML2\/Redirect'
}

@test "044 Check SOAP without Shibboleth redirection (/midpoint/ws/)" {
26 library.bash
View file
@@ -20,14 +20,14 @@ function generic_wait_for_log () {
echo "Waiting $DELAY seconds for $WAITING_FOR (attempt $ATTEMPT) ..."
sleep $DELAY
docker ps
( docker logs $CONTAINER_NAME 2>&1 | grep "$MESSAGE" ) && return 0
( docker logs $CONTAINER_NAME 2>&1 | grep -F "$MESSAGE" ) && return 0
done

echo "$FAILURE" in $(( $MAX_ATTEMPTS * $DELAY )) seconds in $CONTAINER_NAME
echo "========== Container log =========="
docker logs $CONTAINER_NAME 2>&1
echo "========== End of the container log =========="
if [ -n "ADDITIONAL_CONTAINER_NAME" ]; then
if [ -n "$ADDITIONAL_CONTAINER_NAME" ]; then
echo "========== Container log ($ADDITIONAL_CONTAINER_NAME) =========="
docker logs $ADDITIONAL_CONTAINER_NAME 2>&1
echo "========== End of the container log ($DATABASE_CONTAINER_NAME) =========="
@@ -46,10 +46,15 @@ function wait_for_midpoint_start () {
}

# Waits until Shibboleth IDP starts
function wait_for_shibboleth_idp_start () {
function wait_for_shibboleth_idp_start_old () {
generic_wait_for_log $1 "INFO:oejs.Server:main: Started" "shibboleth idp to start" "shibboleth idp did not start" $2
}

# Waits until Shibboleth IDP starts
function wait_for_shibboleth_idp_start () {
generic_wait_for_log $1 "[main] INFO org.apache.catalina.startup.Catalina- Server startup in" "shibboleth idp to start" "shibboleth idp did not start" $2
}

# Waits until Grouper UI starts
function wait_for_grouper_ui_start () {
generic_wait_for_log $1 "INFO org.apache.catalina.startup.Catalina- Server startup in" "grouper ui to start" "grouper ui did not start" $2
@@ -71,7 +76,7 @@ function check_health () {
}

# Checks the health of Shibboleth IDP server
function check_health_shibboleth_idp () {
function check_health_shibboleth_idp_old () {
echo Checking health of shibboleth idp...
status="$(curl -k --write-out %{http_code} --silent --output /dev/null https://localhost:4443/idp/)"
if [ $status -ne 200 ]; then
@@ -84,6 +89,19 @@ function check_health_shibboleth_idp () {
fi
}

function check_health_shibboleth_idp () {
echo Checking health of shibboleth idp...
status="$(curl -k --write-out %{http_code} --silent --output /dev/null https://localhost/idp/)"
if [ $status -ne 200 ]; then
echo Error: Http code of response is $status
docker ps
return 1
else
echo OK
return 0
fi
}

# Result is in OUTFILE
function get_object () {
local TYPE=$1

0 comments on commit 0c7d07e

Please sign in to comment.
You can’t perform that action at this time.