diff --git a/shibboleth-integration/mp-gr/midpoint-server/Dockerfile b/shibboleth-integration/mp-gr/midpoint-server/Dockerfile index 2448907..ed8352c 100644 --- a/shibboleth-integration/mp-gr/midpoint-server/Dockerfile +++ b/shibboleth-integration/mp-gr/midpoint-server/Dockerfile @@ -6,20 +6,6 @@ FROM tier/shibboleth_sp MAINTAINER info@evolveum.com -RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem - -COPY container_files/httpd/* /etc/httpd/conf.d/ -COPY container_files/shibboleth/* /etc/shibboleth/ -COPY container_files/usr-local-bin/ /usr/local/bin/ - -RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \ - && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \ - && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \ - && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \ - && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \ - && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \ - && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf - # TODO switch to other appropriate Java implementation RUN yum -y install java-1.8.0-openjdk @@ -39,6 +25,23 @@ RUN echo 'Extracting midPoint archive...' \ VOLUME ${MP_DIR}/var +RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem + +COPY container_files/httpd/conf/* /etc/httpd/conf.d/ +COPY container_files/httpd/possible-conf/* /etc/httpd/possible-conf/ +COPY container_files/shibboleth/* /etc/shibboleth/ +COPY container_files/usr-local-bin/ /usr/local/bin/ + +RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \ + && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \ + && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \ + && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \ + && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \ + && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \ + && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf + + + ENV REPO_HOST midpoint-data ENV REPO_PORT 3306 ENV REPO_USER root diff --git a/shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/ssl-enable.conf b/shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/conf/ssl-enable.conf similarity index 100% rename from shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/ssl-enable.conf rename to shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/conf/ssl-enable.conf diff --git a/shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/midpoint-www.conf b/shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/possible-conf/midpoint-www-with-shibboleth-sso.conf similarity index 100% rename from shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/midpoint-www.conf rename to shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/possible-conf/midpoint-www-with-shibboleth-sso.conf diff --git a/shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/possible-conf/midpoint-www-without-shibboleth-sso.conf b/shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/possible-conf/midpoint-www-without-shibboleth-sso.conf new file mode 100644 index 0000000..690a4cd --- /dev/null +++ b/shibboleth-integration/mp-gr/midpoint-server/container_files/httpd/possible-conf/midpoint-www-without-shibboleth-sso.conf @@ -0,0 +1,6 @@ + +Timeout 2400 +ProxyTimeout 2400 +ProxyBadHeader Ignore + +ProxyPass /midpoint ajp://localhost:9090/midpoint timeout=2400 \ No newline at end of file diff --git a/shibboleth-integration/mp-gr/midpoint-server/container_files/usr-local-bin/entrypoint.sh b/shibboleth-integration/mp-gr/midpoint-server/container_files/usr-local-bin/entrypoint.sh index 7f24cb6..28c4bb8 100644 --- a/shibboleth-integration/mp-gr/midpoint-server/container_files/usr-local-bin/entrypoint.sh +++ b/shibboleth-integration/mp-gr/midpoint-server/container_files/usr-local-bin/entrypoint.sh @@ -3,6 +3,10 @@ . /usr/local/bin/library.sh linkSecrets +. /usr/local/bin/library.sh +checkMidpointSecurityProfile + + httpd-shib-foreground & java -Xmx2048M -Xms2048M -Dfile.encoding=UTF8 \ diff --git a/shibboleth-integration/mp-gr/midpoint-server/container_files/usr-local-bin/library.sh b/shibboleth-integration/mp-gr/midpoint-server/container_files/usr-local-bin/library.sh index 9858cc8..7fd1c59 100644 --- a/shibboleth-integration/mp-gr/midpoint-server/container_files/usr-local-bin/library.sh +++ b/shibboleth-integration/mp-gr/midpoint-server/container_files/usr-local-bin/library.sh @@ -11,4 +11,13 @@ linkSecrets(){ ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem fi done +} + + +checkMidpointSecurityProfile(){ + if [[ $ACTIVE_PROFILE = *'sso'* ]]; then + cp /etc/httpd/possible-conf/midpoint-www-with-shibboleth-sso.conf /etc/httpd/conf.d/midpoint-www.conf + else + cp /etc/httpd/possible-conf/midpoint-www-without-shibboleth-sso.conf /etc/httpd/conf.d/midpoint-www.conf + fi } \ No newline at end of file