adding of script for change midpoint security profile

shibboleth-integration/mp-gr/midpoint-server/Dockerfile

@@ -6,20 +6,6 @@ FROM tier/shibboleth_sp
 
 MAINTAINER info@evolveum.com
 
-RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem
-
-COPY container_files/httpd/* /etc/httpd/conf.d/
-COPY container_files/shibboleth/* /etc/shibboleth/
-COPY container_files/usr-local-bin/ /usr/local/bin/
-
-RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
-    && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
-    && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
-    && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
-    && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
-    && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
-    && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
-
 # TODO switch to other appropriate Java implementation
 
 RUN yum -y install java-1.8.0-openjdk
@@ -39,6 +25,23 @@ RUN echo 'Extracting midPoint archive...' \
 
 VOLUME ${MP_DIR}/var
 
+RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem
+
+COPY container_files/httpd/conf/* /etc/httpd/conf.d/
+COPY container_files/httpd/possible-conf/* /etc/httpd/possible-conf/
+COPY container_files/shibboleth/* /etc/shibboleth/
+COPY container_files/usr-local-bin/ /usr/local/bin/
+
+RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
+    && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
+    && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
+    && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
+    && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
+    && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
+    && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
+
+
+
 ENV REPO_HOST midpoint-data
 ENV REPO_PORT 3306
 ENV REPO_USER root

shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/possible-conf/midpoint-www-without-shibboleth-sso.conf

@@ -0,0 +1,6 @@
+
+Timeout 2400
+ProxyTimeout 2400
+ProxyBadHeader Ignore
+
+ProxyPass /midpoint ajp://localhost:9090/midpoint  timeout=2400

shibboleth-integration/mp-gr/midpoint-server/container_files/usr-local-bin/entrypoint.sh

@@ -3,6 +3,10 @@
 . /usr/local/bin/library.sh
 linkSecrets
 
+. /usr/local/bin/library.sh
+checkMidpointSecurityProfile
+
+
 httpd-shib-foreground & 
 
 java -Xmx2048M -Xms2048M -Dfile.encoding=UTF8 \

shibboleth-integration/mp-gr/midpoint-server/container_files/usr-local-bin/library.sh

@@ -11,4 +11,13 @@ linkSecrets(){
             ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem
     	fi
      done
+}
+
+
+checkMidpointSecurityProfile(){
+     if [[ $ACTIVE_PROFILE = *'sso'* ]]; then
+	cp /etc/httpd/possible-conf/midpoint-www-with-shibboleth-sso.conf /etc/httpd/conf.d/midpoint-www.conf
+     else
+        cp /etc/httpd/possible-conf/midpoint-www-without-shibboleth-sso.conf /etc/httpd/conf.d/midpoint-www.conf
+     fi
 }