diff --git a/.dockerignore b/.dockerignore
deleted file mode 100644
index 3cf5f0e..0000000
--- a/.dockerignore
+++ /dev/null
@@ -1,3 +0,0 @@
-demo
-.git
-tests
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 1de18f0..0000000
--- a/Dockerfile
+++ /dev/null
@@ -1,91 +0,0 @@
-#
-# Building assumes midpoint-dist.tar.gz is present in the current directory.
-#
-
-FROM i2incommon/shibboleth_sp:3.4.1_06122023_rocky8_multiarch
-
-MAINTAINER info@evolveum.com
-
-RUN rpm --import https://yum.corretto.aws/corretto.key
-RUN curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo
-RUN yum -y update
-RUN yum -y install \
- java-17-amazon-corretto-devel \
- cronie \
- supervisor \
- libcurl-minimal \
- && yum clean -y all
-
-RUN cd /etc/httpd/conf.d/ \
- && rm -f autoindex.conf ssl.conf userdir.conf welcome.conf
-
-COPY container_files/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
-COPY container_files/httpd/conf/* /etc/httpd/conf.d/
-COPY container_files/usr-local-bin/* /usr/local/bin/
-COPY container_files/opt-tier/* /opt/tier/
-
-RUN chmod 755 /opt/tier/setenv.sh \
- && chmod 755 /usr/local/bin/sendtierbeacon.sh \
- && chmod 755 /usr/local/bin/setup-cron.sh \
- && chmod 755 /usr/local/bin/setup-timezone.sh \
- && chmod 755 /usr/local/bin/start-midpoint.sh \
- && chmod 755 /usr/local/bin/start-httpd.sh \
- && chmod 755 /usr/local/bin/startup.sh \
- && chmod 755 /usr/local/bin/healthcheck.sh
-
-RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
- && mkdir /etc/httpd/conf.d/vhosts \
- && rm /etc/httpd/conf.d/shib.conf \
- && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
- && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
- && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
- && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
- && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
- && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
-
-# Build arguments
-
-ARG MP_DIST_FILE=midpoint-dist.tar.gz
-
-ENV MP_DIR /opt/midpoint
-
-RUN mkdir -p ${MP_DIR}/var
-
-COPY ${MP_DIST_FILE} ${MP_DIR}
-COPY container_files/mp-dir/ ${MP_DIR}/
-
-RUN echo 'Extracting midPoint archive...' \
- && tar xzf ${MP_DIR}/${MP_DIST_FILE} -C ${MP_DIR} --strip-components=1
-
-# Disabled because of wider compatibility issues (e.g. AWS)
-# TODO: consider all the consequences
-#VOLUME ${MP_DIR}/var
-
-# Logging parameters
-
-ENV ENV demo
-ENV USERTOKEN ""
-
-# Other parameters
-
-ENV MP_MEM_MAX 2048m
-ENV MP_MEM_INIT 1024m
-ENV TIMEZONE UTC
-ENV TIER_RELEASE not-released-yet
-ENV TIER_MAINTAINER tier
-
-# TIER Beacon Opt-out
-# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
-# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage/midPoint) and version (4.0, etc)
-# once daily between midnight and 4am. There is no configuration or private information collected or sent.
-# This data helps with the scaling and funding of TIER. Please do not disable it if you find the TIER tools useful.
-# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
-##### ENV TIER_BEACON_OPT_OUT true
-
-# requires MP_VERSION and TIER_xyz variables so we have to execute it here
-
-RUN /opt/tier/setenv.sh
-
-HEALTHCHECK --interval=1m --timeout=30s --start-period=2m CMD /usr/local/bin/healthcheck.sh
-
-CMD ["/usr/local/bin/startup.sh"]
diff --git a/Jenkinsfile b/Jenkinsfile
deleted file mode 100644
index 9d5e4bf..0000000
--- a/Jenkinsfile
+++ /dev/null
@@ -1,122 +0,0 @@
-pipeline {
- agent any
- environment {
- maintainer = "t"
- imagename = 'm'
- tag = 'l'
- }
- stages {
- stage ('Setting build context') {
- steps {
- script {
- maintainer = maintain()
- imagename = imagename()
- tag = tag()
- if (!imagename) {
- echo "You must define imagename in common.bash"
- currentBuild.result = 'FAILURE'
- }
- sh 'mkdir -p bin'
- sh 'mkdir -p tmp'
- dir ('tmp') {
- git([ url: "https://github.internet2.edu/docker/util.git", credentialsId: "jenkins-github-access-token" ])
- sh 'ls -l'
- sh 'ls -lR ../bin'
- sh 'rm -r ../bin/windows || true'
- sh 'mv bin/* ../bin/.'
- }
- // Build and test scripts expect that 'tag' is present in common.bash. This is necessary for both Jenkins and standalone testing.
- // We don't care if there are more 'tag' assignments there. The latest one wins.
- sh "echo >> common.bash ; echo \"tag=\\\"${tag}\\\"\" >> common.bash ; echo common.bash ; cat common.bash"
- }
- }
- }
- stage ('Build') {
- steps {
- script {
- try {
- // using custom ./build.sh instead of bin/rebuild.sh because the bin/ version does not support building specific tag yet
- sh './build.sh -r 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
- } catch (error) {
- def error_details = readFile('./debug')
- def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
- sh "rm -f ./debug"
- handleError(message)
- }
- }
- }
- }
- stage ('Test') {
- steps {
- script {
- try {
- sh 'echo Docker containers before root tests ; docker ps -a' // temporary
- sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
- sh 'echo Docker containers before compositions tests ; docker ps -a' // temporary
-
- sh '(cd demo/simple ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
- sh '(cd demo/shibboleth ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
- sh '(cd demo/grouper ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
- } catch (error) {
- def error_details = readFile('./debug')
- def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
- sh "rm -f ./debug"
- handleError(message)
- }
- }
- }
- }
- stage ('Push') {
- steps {
- script {
- docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-tier") {
- def baseImg = docker.image("$maintainer/$imagename:$tag")
- baseImg.push("$tag")
-
- if (env.BRANCH_NAME == "master") {
- baseImg.push("latest")
- }
- }
- }
- }
- }
- stage ('Notify') {
- steps {
- echo "$maintainer"
- slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub"
- }
- }
- }
- post {
- always {
- echo 'Done Building.'
- }
- failure {
- // slackSend color: 'good', message: "Build failed"
- handleError("BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}.")
- }
- }
-}
-
-
-def maintain() {
- def matcher = readFile('common.bash') =~ 'maintainer="(.+)"'
- matcher ? matcher[0][1] : 'tier'
-}
-
-def imagename() {
- def matcher = readFile('common.bash') =~ 'imagename="(.+)"'
- matcher ? matcher[0][1] : null
-}
-
-def tag() {
- def matcher = readFile('common.bash') =~ 'tag="(.+)"'
- matcher ? matcher[0][1] : latest
-}
-
-def handleError(String message) {
- echo "${message}"
- currentBuild.setResult("FAILED")
- slackSend color: 'danger', message: "${message}"
- sh 'exit 1'
-}
diff --git a/README.md b/README.md
index 144ec64..657fa3c 100644
--- a/README.md
+++ b/README.md
@@ -1,27 +1,5 @@
-[](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/midPoint_container/3.9)
+This repository contains demos for midPoint in InCommon Trusted Access Platform.
-This repository contains sources for TIER-supported [midPoint](http://midpoint.evolveum.com) image.
-
-The image contains the midPoint application along with some TIER-specific components: Apache reverse proxy with optional Shibboleth filter and TIER Beacon.
-
-# Supported tags
-- latest
-- midPoint version-specific branches, e.g. 3.9, 3.9.1, 4.0, etc.
-
-# Content
-- the root directory contains build instructions for the `midpoint` image
-- `demo` directory contains a couple of demonstration scenarios:
- - `simple` to show simple composition of midPoint with the repository,
- - `shibboleth` to show integration with Shibboleth IdP,
- - `postgresql` to show how to use alternative dockerized repository,
- - `extrepo` to show how to use external repository,
- - `grouper` to demonstrate more complex deployment of midPoint in a sample university environment, featuring midPoint along with Grouper, LDAP directory, RabbitMQ, Shibboleth IdP, source and target systems.
-
-# Build instructions
-```
-$ ./build.sh
-```
-You can then continue with one of demo compositions.
# Documentation
Please see the [Getting Started with midPoint](https://spaces.at.internet2.edu/x/fBbtBw) wiki page.
diff --git a/build.sh b/build.sh
deleted file mode 100755
index d7951c6..0000000
--- a/build.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/bash
-
-cd "$(dirname "$0")"
-source common.bash
-
-SKIP_DOWNLOAD=0
-REFRESH=""
-while getopts "nhr?" opt; do
- case $opt in
- n)
- SKIP_DOWNLOAD=1
- ;;
- r)
- result=$(docker ps -a | grep $maintainer/$imagename:$tag)
- if [ ! -z "$result" ]; then
- echo "Cleaning up $maintainer/$imagename:$tag..."
- docker rm -f $(docker ps -a | grep $maintainer/$imagename:$tag | awk '{print $1}')
- docker rmi -f $maintainer/$imagename:$tag
- echo "Done"
- fi
- REFRESH="--no-cache --pull"
- echo "Using 'refresh' mode: $REFRESH"
- ;;
- h | ?)
- echo "Options: -n skip download"
- echo " -r refresh mode: uses --no-cache --pull and removes container and image before build"
- exit 0
- ;;
- *)
- echo "Unknown option: $opt"
- exit 1
- ;;
- esac
-done
-if [ "$SKIP_DOWNLOAD" = "0" ]; then ./download-midpoint.sh || exit 1; fi
-docker build $REFRESH --tag $maintainer/$imagename:$tag --build-arg maintainer=$maintainer --build-arg imagename=$imagename . || exit 1
-echo "---------------------------------------------------------------------------------------"
-echo "The midPoint containers were successfully built. To start them, execute the following:"
-echo ""
-echo "(for simple demo)"
-echo ""
-echo "$ cd" $(pwd)/demo/simple
-echo "$ docker-compose up"
-echo ""
-echo "(for Grouper integration demo)"
-echo ""
-echo "$ cd" $(pwd)/demo/grouper
-echo "$ docker-compose up --build"
diff --git a/common.bash b/common.bash
deleted file mode 100644
index 08d7cd7..0000000
--- a/common.bash
+++ /dev/null
@@ -1,3 +0,0 @@
-maintainer="i2incommon"
-imagename="midpoint"
-tag="4.8.2"
diff --git a/container_files/httpd/conf/midpoint.conf b/container_files/httpd/conf/midpoint.conf
deleted file mode 100644
index 656489c..0000000
--- a/container_files/httpd/conf/midpoint.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-
-Timeout 2400
-ProxyTimeout 2400
-ProxyBadHeader Ignore
-
-ProxyPass /midpoint ajp://localhost:9090/midpoint secret=s3cr3t timeout=2400 retry=0
diff --git a/container_files/httpd/conf/midpoint.conf.auth.internal b/container_files/httpd/conf/midpoint.conf.auth.internal
deleted file mode 100644
index 57a9992..0000000
--- a/container_files/httpd/conf/midpoint.conf.auth.internal
+++ /dev/null
@@ -1,6 +0,0 @@
-
-Timeout 2400
-ProxyTimeout 2400
-ProxyBadHeader Ignore
-
-ProxyPass /midpoint ajp://localhost:9090/midpoint secret=s3cr3t timeout=2400 retry=0
diff --git a/container_files/httpd/conf/ssl-enable.conf b/container_files/httpd/conf/ssl-enable.conf
deleted file mode 100644
index a756e78..0000000
--- a/container_files/httpd/conf/ssl-enable.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# modern configuration, tweak to your needs
-SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
-SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
-SSLHonorCipherOrder on
-SSLCompression off
-
-# OCSP Stapling, only in httpd 2.3.3 and later
-SSLUseStapling on
-SSLStaplingResponderTimeout 5
-SSLStaplingReturnResponderErrors off
-SSLStaplingCache shmcb:/var/run/ocsp(128000)
-
-Listen 443 https
-
- RewriteEngine on
- RewriteRule "^/$" "/midpoint/" [R]
-
-
- SSLEngine on
- SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem
-
- SSLCertificateFile /etc/pki/tls/certs/host-cert.pem
-
- SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem
-
- # HSTS (mod_headers is required) (15768000 seconds = 6 months)
- Header always set Strict-Transport-Security "max-age=15768000"
-
- IncludeOptional conf.d/vhosts/*.conf
-
diff --git a/container_files/mp-dir/active-spring-profiles b/container_files/mp-dir/active-spring-profiles
deleted file mode 100755
index 40058e6..0000000
--- a/container_files/mp-dir/active-spring-profiles
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-case $AUTHENTICATION in
- shibboleth)
- echo "default,sso"
- ;;
- internal)
- echo "default"
- ;;
- *)
- echo "default"
-esac
-
diff --git a/container_files/mp-dir/repository-url b/container_files/mp-dir/repository-url
deleted file mode 100755
index 6977cbf..0000000
--- a/container_files/mp-dir/repository-url
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/bash
-
-function resolvePort() {
- if [[ $REPO_PORT == "default" ]]; then
- case $REPO_DATABASE_TYPE in
- mariadb)
- echo 3306
- ;;
- mysql)
- echo 3306
- ;;
- oracle)
- echo 1521
- ;;
- postgresql)
- echo 5432
- ;;
- sqlserver)
- echo 1433
- ;;
- *)
- echo "~~~~~ please supply JDBC port for your repository ~~~~~"
- esac
- else
- echo $REPO_PORT
- fi
-}
-
-if [[ $REPO_JDBC_URL == "default" ]]; then
- REPO_PORT=$( resolvePort )
- case $REPO_DATABASE_TYPE in
- mariadb)
- echo "jdbc:mariadb://$REPO_HOST:$REPO_PORT/$REPO_DATABASE?characterEncoding=utf8"
- ;;
- mysql)
- echo "jdbc:mysql://$REPO_HOST:$REPO_PORT/$REPO_DATABASE?characterEncoding=utf8"
- ;;
- oracle)
- echo "jdbc:oracle:thin:@$REPO_HOST:$REPO_PORT/xe"
- ;;
- postgresql)
- echo "jdbc:postgresql://$REPO_HOST:$REPO_PORT/$REPO_DATABASE"
- ;;
- sqlserver)
- echo "jdbc:sqlserver://$REPO_HOST:$REPO_PORT;database=$REPO_DATABASE"
- ;;
- *)
- echo "~~~~~ please supply JDBC URL for your repository ~~~~~"
- esac
-else
- echo $REPO_JDBC_URL
-fi
diff --git a/container_files/opt-tier/setenv.sh b/container_files/opt-tier/setenv.sh
deleted file mode 100755
index f876f7a..0000000
--- a/container_files/opt-tier/setenv.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^MP_VERSION" > /opt/tier/env.bash
-printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^TIER_RELEASE" >> /opt/tier/env.bash
-printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^TIER_MAINTAINER" >> /opt/tier/env.bash
-
-echo "/opt/tier/env.bash is:"
-cat /opt/tier/env.bash
diff --git a/container_files/supervisor/supervisord.conf b/container_files/supervisor/supervisord.conf
deleted file mode 100644
index a1dc9bf..0000000
--- a/container_files/supervisor/supervisord.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-[supervisord]
-logfile=/tmp/logsuperd
-logfile_maxbytes=0
-loglevel=error
-nodaemon=true
-user=root
-
-[program:httpd]
-command=/bin/bash -c "/usr/local/bin/start-httpd.sh"
-stdout_logfile=/tmp/loghttpd
-stdout_logfile_maxbytes=0
-redirect_stderr=true
-
-[program:midpoint]
-command=/bin/bash -c "/usr/local/bin/start-midpoint.sh"
-stdout_logfile=/dev/fd/2
-stdout_logfile_maxbytes=0
-redirect_stderr=true
-autorestart=false
-
-[program:shibboleth]
-command=/usr/sbin/shibd -f
-stdout_logfile=/dev/fd/2
-stdout_logfile_maxbytes=0
-redirect_stderr=true
-autorestart=false
-
-[program:crond]
-command=/usr/sbin/crond -n -i -m off
-stdout_logfile=/tmp/logcrond
-stdout_logfile_maxbytes=0
-redirect_stderr=true
diff --git a/container_files/usr-local-bin/healthcheck.sh b/container_files/usr-local-bin/healthcheck.sh
deleted file mode 100755
index 99f8963..0000000
--- a/container_files/usr-local-bin/healthcheck.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-(set -o pipefail ; curl -k -f https://localhost:443/midpoint/actuator/health | tr -d '[:space:]' | grep -q "\"status\":\"UP\"") || exit 1
diff --git a/container_files/usr-local-bin/setup-cron.sh b/container_files/usr-local-bin/setup-cron.sh
deleted file mode 100755
index 9ec9705..0000000
--- a/container_files/usr-local-bin/setup-cron.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-CRONFILE=/opt/tier/tier-cron
-
-echo "#send daily \"beacon\" to central" > ${CRONFILE}
-echo $(expr $RANDOM % 60) $(expr $RANDOM % 4) "* * * /usr/local/bin/sendtierbeacon.sh >> /tmp/logcrond 2>&1" >> ${CRONFILE}
-#echo "* * * * * /usr/local/bin/sendtierbeacon.sh >> /tmp/logcrond 2>&1" >> ${CRONFILE} # for testing
-
-chmod 644 ${CRONFILE}
-crontab ${CRONFILE}
diff --git a/container_files/usr-local-bin/setup-timezone.sh b/container_files/usr-local-bin/setup-timezone.sh
deleted file mode 100755
index b01eb8e..0000000
--- a/container_files/usr-local-bin/setup-timezone.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-if [[ -n $TIMEZONE ]]; then
- echo "*** Setting timezone to '$TIMEZONE'"
- if [[ -e /usr/share/zoneinfo/$TIMEZONE ]]; then
- unlink /etc/localtime
- ln -s /usr/share/zoneinfo/$TIMEZONE /etc/localtime
- echo "date (UTC) is: $(date -u)"
- echo "date (current timezone) is $(date)"
- else
- echo "Error: time zone '$TIMEZONE' is unknown; not setting it."
- fi
-fi
diff --git a/container_files/usr-local-bin/start-httpd.sh b/container_files/usr-local-bin/start-httpd.sh
deleted file mode 100755
index 787d293..0000000
--- a/container_files/usr-local-bin/start-httpd.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-echo "Linking secrets"
-for filepath in /run/secrets/*; do
- label_file=`basename $filepath`
- if [ "$label_file" == "mp_host-key.pem" ]; then
- ln -sf /run/secrets/mp_host-key.pem /etc/pki/tls/private/host-key.pem
- fi
-done
-
-rm -f /etc/httpd/logs/httpd.pid /run/httpd/httpd.pid
-httpd -DFOREGROUND
diff --git a/container_files/usr-local-bin/start-midpoint.sh b/container_files/usr-local-bin/start-midpoint.sh
deleted file mode 100755
index abccd4b..0000000
--- a/container_files/usr-local-bin/start-midpoint.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/bash
-
-function check () {
- local VARNAME=$1
- if [ -z ${!VARNAME} ]; then
- echo "*** Couldn't start midPoint: $VARNAME variable is undefined. Please check your Docker composition."
- exit 1
- fi
-}
-
-echo "Linking secrets"
-for filepath in /run/secrets/*; do
- label_file=`basename $filepath`
- if [ "$label_file" == "mp_shibboleth_sp_keys.jks" ]; then
- if [ ! -d "/etc/pki/mp" ]; then
- mkdir /etc/pki/mp
- fi
- ln -sf /run/secrets/mp_shibboleth_sp_keys.jks /etc/pki/mp/sp-shibboleth-keys.jks
- fi
-done
-
-# These variables have reasonable defaults in Dockerfile. So we will _not_ supply defaults here.
-# The composer or user has to make sure they are well defined.
-
-check MP_MEM_MAX
-check MP_MEM_INIT
-check MP_DIR
-
-
-export MP_SET_midpoint_logging_alt_enabled=true
-export MP_SET_midpoint_logging_alt_filename=/tmp/logmidpoint
-export MP_SET_spring_profiles_active="`$MP_DIR/active-spring-profiles`"
-export MP_SET_logging_path=/tmp/logtomcat
-
-/opt/midpoint/bin/midpoint.sh 'container' &>/tmp/logmidpoint-console
\ No newline at end of file
diff --git a/container_files/usr-local-bin/startup.sh b/container_files/usr-local-bin/startup.sh
deleted file mode 100755
index 9f11831..0000000
--- a/container_files/usr-local-bin/startup.sh
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-
-# normalizing logging variables as required by TIER
-export ENV=${ENV//[; ]/_}
-export USERTOKEN=${USERTOKEN//[; ]/_}
-
-/usr/local/bin/setup-timezone.sh
-
-# this is to be executed at run time, not at build time -- to ensure sufficient variability of execution times
-/usr/local/bin/setup-cron.sh
-
-# generic console logging pipe for anyone
-mkfifo -m 666 /tmp/logpipe
-cat <> /tmp/logpipe 1>&2 &
-
-mkfifo -m 666 /tmp/loghttpd
-(cat <> /tmp/loghttpd | awk '{printf "%s\n", $0; fflush()}' 1>/tmp/logpipe) &
-
-mkfifo -m 666 /tmp/logshib
-(cat <> /tmp/logshib | awk '{printf "%s\n", $0; fflush()}' 1>/tmp/logpipe) &
-
-mkfifo -m 666 /tmp/logcrond
-(cat <> /tmp/logcrond | awk -v ENV="$ENV" -v USERTOKEN="$USERTOKEN" '{line=sprintf ("crond;console;%s;%s;%s:%s", ENV, USERTOKEN, strftime("%F %T%z", systime(), 1), $0); print line >> "/tmp/logpipe"; print line >> "/var/log/cron.log"; fflush()}') &
-
-mkfifo -m 666 /tmp/logsuperd
-(cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v USERTOKEN="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, USERTOKEN, $0; fflush()}' 1>/tmp/logpipe) &
-
-mkfifo -m 666 /tmp/logtomcat
-(cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v USERTOKEN="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, USERTOKEN, $0; fflush()}' 1>/tmp/logpipe) &
-
-mkfifo -m 666 /tmp/logmidpoint
-(cat <> /tmp/logmidpoint | awk -v ENV="$ENV" -v USERTOKEN="$USERTOKEN" '{printf "midpoint;midpoint.log;%s;%s;%s\n", ENV, USERTOKEN, $0; fflush()}' 1>/tmp/logpipe) &
-
-mkfifo -m 666 /tmp/logmidpoint-console
-(cat <> /tmp/logmidpoint-console | awk -v ENV="$ENV" -v USERTOKEN="$USERTOKEN" '{printf "midpoint;console;%s;%s;%s\n", ENV, USERTOKEN, $0; fflush()}' 1>/tmp/logpipe) &
-
-/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
diff --git a/demo/grouper/.env b/demo/grouper/.env
deleted file mode 100644
index e927f1c..0000000
--- a/demo/grouper/.env
+++ /dev/null
@@ -1,4 +0,0 @@
-ENV=demo
-MP_MEM_MAX=2048m
-MP_MEM_INIT=1024m
-TIMEZONE=UTC
diff --git a/demo/grouper/README.md b/demo/grouper/README.md
deleted file mode 100644
index a0e5d88..0000000
--- a/demo/grouper/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-This is a demonstration of using midPoint dockerization for TIER environment in a broader context. It is a work in progress.
-
-# Building and execution
-```
-$ ../../build.sh
-$ docker-compose up --build
-```
-
-Please see a detailed description [here](https://spaces.at.internet2.edu/x/VhLtBw).
diff --git a/demo/grouper/add-ref-groups.gsh b/demo/grouper/add-ref-groups.gsh
deleted file mode 100644
index b4561f9..0000000
--- a/demo/grouper/add-ref-groups.gsh
+++ /dev/null
@@ -1,21 +0,0 @@
-
-def addGroups(gs,stem,owner,regexp) {
- for (group in stem.childGroups) {
- if (!group.name.endsWith('_includes') &&
- !group.name.endsWith('_excludes') &&
- !group.name.endsWith('_systemOfRecord') &&
- !group.name.endsWith('_systemOfRecordAndIncludes') &&
- (regexp == null || group.extension ==~ regexp)) {
- println 'Adding: ' + group
- def s = SubjectFinder.findById(group.getId(), 'group', 'g:gsa')
- owner.addMember(s, false)
- } else {
- println 'Ignoring: ' + group
- }
- }
-}
-
-gs = GrouperSession.startRootSession()
-def cs = GroupFinder.findByName(gs, "app:cs", true)
-
-addGroups(gs, StemFinder.findByName(gs, 'ref:course'), cs, /CS.*/)
diff --git a/demo/grouper/add-ref-groups.sh b/demo/grouper/add-ref-groups.sh
deleted file mode 100755
index bfb93cf..0000000
--- a/demo/grouper/add-ref-groups.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-source ../../library.bash
-
-execute_gsh grouper_grouper_daemon_1 add-ref-groups.gsh
diff --git a/demo/grouper/after-installation.sh b/demo/grouper/after-installation.sh
deleted file mode 100755
index aefe3b1..0000000
--- a/demo/grouper/after-installation.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-B='\033[1;33m'
-N='\033[0m'
-
-echo -e "${B} * Uploading objects...${N}"
-$(dirname "$0")/upload-objects.sh
-
-echo -e "${B} * Testing resources...${N}"
-$(dirname "$0")/test-resources.sh
-
-echo -e "${B} * Recomputing Grouper admin group and user object...${N}"
-$(dirname "$0")/recompute.sh
-
-echo -e "${B} * Done${N}"
diff --git a/demo/grouper/beacon/Dockerfile b/demo/grouper/beacon/Dockerfile
new file mode 100644
index 0000000..256352c
--- /dev/null
+++ b/demo/grouper/beacon/Dockerfile
@@ -0,0 +1,15 @@
+FROM rockylinux:9.3
+
+COPY container_files/* /opt/tier/
+
+RUN dnf update -y --disablerepo=\* --enablerepo=baseos && \
+ dnf install -y cronie-anacron crontabs cronie --disablerepo=\* --enablerepo=baseos && \
+ dnf clean all -y ; \
+ rm -rf /var/cache/dnf ; \
+ /opt/tier/setup-cron.sh ;
+
+ENV TIER_RELEASE=not-released-yet \
+ TIER_MAINTAINER=tier \
+ MP_VERSION=4.8
+
+CMD [ "/usr/sbin/crond", "-n", "-i", "-m", "off" ]
diff --git a/container_files/usr-local-bin/sendtierbeacon.sh b/demo/grouper/beacon/container_files/sendtierbeacon.sh
similarity index 85%
rename from container_files/usr-local-bin/sendtierbeacon.sh
rename to demo/grouper/beacon/container_files/sendtierbeacon.sh
index 2f263bb..8f066f7 100755
--- a/container_files/usr-local-bin/sendtierbeacon.sh
+++ b/demo/grouper/beacon/container_files/sendtierbeacon.sh
@@ -25,13 +25,15 @@ EOF
# echo "going to send TIER beacon to ${LOGHOST}:${LOGPORT}:"
# cat $messagefile
- curl -s -XPOST "${LOGHOST}:${LOGPORT}/" -H 'Content-Type: application/json' -T $messagefile 1>/dev/null 2>&1
+ curl -s -XPOST "${LOGHOST}:${LOGPORT}/" -H 'Content-Type: application/json' -T $messagefile >/dev/null 2>&1
if [ $? -eq 0 ]; then
- echo "TIER beacon sent"
+ echo "TIER beacon sent"
else
echo "Failed to send TIER beacon"
fi
rm -f $messagefile 1>/dev/null 2>&1
+else
+ echo "TIER beacon skipped - scheduled but Opted out"
fi
diff --git a/demo/grouper/beacon/container_files/setup-cron.sh b/demo/grouper/beacon/container_files/setup-cron.sh
new file mode 100755
index 0000000..2d33d3a
--- /dev/null
+++ b/demo/grouper/beacon/container_files/setup-cron.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+CRONFILE=/opt/tier/tier-cron
+
+echo "#send daily \"beacon\" to central" > ${CRONFILE}
+echo "" >> ${CRONFILE}
+echo "# ┌───────────── minute (0–59)" >> ${CRONFILE}
+echo "# │ ┌───────────── hour (0–23)" >> ${CRONFILE}
+echo "# │ │ ┌───────────── day of the month (1–31)" >> ${CRONFILE}
+echo "# │ │ │ ┌───────────── month (1–12)" >> ${CRONFILE}
+echo "# │ │ │ │ ┌───────────── day of the week (0–6) (Sunday to Saturday;" >> ${CRONFILE}
+echo "# │ │ │ │ │ 7 is also Sunday on some systems)" >> ${CRONFILE}
+echo "# │ │ │ │ │" >> ${CRONFILE}
+echo "# │ │ │ │ │" >> ${CRONFILE}
+echo "# * * * * * " >> ${CRONFILE}
+echo "" >> ${CRONFILE}
+echo "$(expr $RANDOM % 60) $(expr $RANDOM % 4) * * * /opt/tier/sendtierbeacon.sh 2>&1 | tee /proc/1/fd/1 >> /tmp/logcrond" >> ${CRONFILE}
+echo "" >> ${CRONFILE}
+echo "# List the current setting of the crontab to the log (when is the beacon scheduled)" >> ${CRONFILE}
+echo "@reboot crontab -l >/proc/1/fd/1" >> ${CRONFILE}
+echo "" >> ${CRONFILE}
+
+chmod 644 ${CRONFILE}
+crontab ${CRONFILE}
diff --git a/demo/grouper/configs-and-secrets/grouper/application/grouper-loader.properties b/demo/grouper/configs-and-secrets/grouper/application/grouper-loader.properties
old mode 100644
new mode 100755
index 62ef5f0..fe0865b
--- a/demo/grouper/configs-and-secrets/grouper/application/grouper-loader.properties
+++ b/demo/grouper/configs-and-secrets/grouper/application/grouper-loader.properties
@@ -51,6 +51,57 @@ db.sis.pass = 49321420423
db.sis.url = jdbc:mysql://sources:3306/sis
db.sis.driver = com.mysql.jdbc.Driver
+# midpoint External System
+db.midPoint.driver = org.postgresql.Driver
+#db.midPoint.pass = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
+db.midPoint.pass = password
+db.midPoint.url = jdbc:postgresql://grouper_data:5432/grouper_to_midpoint?CharSet=utf8
+db.midPoint.user = grouper
+
+# provisioner midpoint
+provisioner.midPoint.class = edu.internet2.middleware.grouper.app.midpointProvisioning.MidPointProvisioner
+provisioner.midPoint.configureMetadata = true
+provisioner.midPoint.customizeEntityCrud = true
+provisioner.midPoint.customizeGroupCrud = true
+provisioner.midPoint.customizeMembershipCrud = true
+provisioner.midPoint.dbExternalSystemConfigId = midPoint
+provisioner.midPoint.deleteEntities = true
+provisioner.midPoint.deleteEntitiesIfNotExistInGrouper = false
+provisioner.midPoint.deleteEntitiesIfGrouperDeleted = true
+provisioner.midPoint.deleteGroups = true
+provisioner.midPoint.deleteGroupsIfNotExistInGrouper = true
+provisioner.midPoint.deleteMemberships = true
+provisioner.midPoint.deleteMembershipsIfNotExistInGrouper = false
+provisioner.midPoint.deleteMembershipsIfGrouperDeleted = true
+provisioner.midPoint.makeChangesToEntities = true
+provisioner.midPoint.metadata.0.name = md_grouper_emailListName
+provisioner.midPoint.metadata.0.showForGroup = true
+provisioner.midPoint.midPointDeletedColumnName = deleted
+provisioner.midPoint.midPointLastModifiedColumnName = last_modified
+provisioner.midPoint.midPointLastModifiedColumnType = long
+provisioner.midPoint.midPointTablesPrefix = gr
+provisioner.midPoint.numberOfGroupAttributes = 1
+provisioner.midPoint.numberOfMetadata = 1
+provisioner.midPoint.operateOnGrouperEntities = true
+provisioner.midPoint.operateOnGrouperGroups = true
+provisioner.midPoint.operateOnGrouperMemberships = true
+provisioner.midPoint.provisioningType = membershipObjects
+provisioner.midPoint.selectAllEntities = true
+provisioner.midPoint.startWith = this is start with read only
+provisioner.midPoint.subjectSourcesToProvision = ldap
+provisioner.midPoint.targetGroupAttribute.0.name = emailListName
+provisioner.midPoint.targetGroupAttribute.0.translateExpression = \u0024{grouperProvisioningGroup.retrieveAttributeValueString('md_grouper_emailListName')}
+provisioner.midPoint.targetGroupAttribute.0.translateExpressionType = translationScript
+
+# changeLog/FullSync midPoint
+changeLog.consumer.midPoint.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+changeLog.consumer.midPoint.provisionerConfigId = midPoint
+changeLog.consumer.midPoint.publisher.class = edu.internet2.middleware.grouper.app.provisioning.ProvisioningConsumer
+changeLog.consumer.midPoint.quartzCron = 0/10 * * * * ?
+otherJob.midPoint_FullSync.class = edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningFullSyncJob
+otherJob.midPoint_FullSync.provisionerConfigId = midPoint
+otherJob.midPoint_FullSync.quartzCron = 0 0 4 * * ?
+
#####################################
## Messaging integration with change log
diff --git a/demo/grouper/configs-and-secrets/grouper/application/grouper.hibernate.properties b/demo/grouper/configs-and-secrets/grouper/application/grouper.hibernate.properties
old mode 100644
new mode 100755
index deb0d75..a334fda
--- a/demo/grouper/configs-and-secrets/grouper/application/grouper.hibernate.properties
+++ b/demo/grouper/configs-and-secrets/grouper/application/grouper.hibernate.properties
@@ -20,10 +20,13 @@
# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
# e.g. postgres: jdbc:postgresql://localhost:5432/database
# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper
-hibernate.connection.url = jdbc:mysql://grouper_data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
+hibernate.connection.url = jdbc:postgresql://grouper-data:5432/grouper
-hibernate.connection.username = root
+hibernate.connection.username = grouper
# If you are using an empty password, depending upon your version of
# Java and Ant you may need to specify a password of "".
# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
+# hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
+hibernate.connection.password = password
+hibernate.c3p0.max_size = 200
+
diff --git a/demo/grouper/configs-and-secrets/grouper/application/grouper.properties b/demo/grouper/configs-and-secrets/grouper/application/grouper.properties
old mode 100644
new mode 100755
index c931287..086d9a6
--- a/demo/grouper/configs-and-secrets/grouper/application/grouper.properties
+++ b/demo/grouper/configs-and-secrets/grouper/application/grouper.properties
@@ -23,3 +23,9 @@ groups.wheel.group = etc:sysadmingroup
# Used to allow Include Exclude groups
grouperIncludeExclude.use = true
grouperIncludeExclude.requireGroups.use = true
+
+# to allow periods in id paths, changed with grouper 2.5.49
+stem.validateExtensionByDefault = false
+group.validateExtensionByDefault = false
+attributeDef.validateExtensionByDefault = false
+attributeDefName.validateExtensionByDefault = false
diff --git a/demo/grouper/configs-and-secrets/grouper/application/grouper.text.en.us.properties b/demo/grouper/configs-and-secrets/grouper/application/grouper.text.en.us.properties
new file mode 100644
index 0000000..148ca04
--- /dev/null
+++ b/demo/grouper/configs-and-secrets/grouper/application/grouper.text.en.us.properties
@@ -0,0 +1,3 @@
+md_grouper_emailListName_midPoint_description = Enter the email list description
+md_grouper_emailListName_midPoint_label = Email list name
+
diff --git a/demo/grouper/configs-and-secrets/grouper/application/rabbitmq_password.txt b/demo/grouper/configs-and-secrets/grouper/application/rabbitmq_password.txt
index 158f675..f3097ab 100644
--- a/demo/grouper/configs-and-secrets/grouper/application/rabbitmq_password.txt
+++ b/demo/grouper/configs-and-secrets/grouper/application/rabbitmq_password.txt
@@ -1 +1 @@
-guest
\ No newline at end of file
+password
diff --git a/demo/grouper/configs-and-secrets/grouper/application/subject.properties b/demo/grouper/configs-and-secrets/grouper/application/subject.properties
old mode 100644
new mode 100755
index 577db03..5bd2388
--- a/demo/grouper/configs-and-secrets/grouper/application/subject.properties
+++ b/demo/grouper/configs-and-secrets/grouper/application/subject.properties
@@ -56,7 +56,7 @@ subjectApi.source.ldap.param.searchAttribute0.value = searchAttribute0
#searchSubject: find a subject by ID. ID is generally an opaque and permanent identifier, e.g. 12345678.
# Each subject has one and only on ID. Returns one result when searching for one ID.
-subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM%)(objectclass=person))
+subjectApi.source.ldap.search.searchSubject.param.filter.value = (&(uid=%TERM%)(objectClass=person))
subjectApi.source.ldap.search.searchSubject.param.scope.value = SUBTREE_SCOPE
subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people
@@ -64,7 +64,7 @@ subjectApi.source.ldap.search.searchSubject.param.base.value = ou=people
# identifies the user, e.g. jsmith or jsmith@institution.edu.
# Subjects can have multiple identifiers. Note: it is nice to have if identifiers are unique
# even across sources. Returns one result when searching for one identifier.
-subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(|(uid=%TERM%)(employeeNumber=%TERM%))(objectclass=person))
+subjectApi.source.ldap.search.searchSubjectByIdentifier.param.filter.value = (&(|(uid=%TERM%)(employeeNumber=%TERM%)(incwbPersonEmployeeID=%TERM%)(incwbPersonStudentID=%TERM%)(incwbPersonGuestID=%TERM%))(objectClass=person))
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.scope.value = SUBTREE_SCOPE
subjectApi.source.ldap.search.searchSubjectByIdentifier.param.base.value = ou=people
diff --git a/demo/grouper/configs-and-secrets/grouper/httpd/cachain-cer.pem b/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
old mode 100644
new mode 100755
similarity index 100%
rename from demo/grouper/configs-and-secrets/grouper/httpd/cachain-cer.pem
rename to demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
diff --git a/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/grouper.client.properties b/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/grouper.client.properties
new file mode 100755
index 0000000..e69de29
diff --git a/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties b/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
new file mode 100755
index 0000000..e69de29
diff --git a/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/grouper.properties b/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/grouper.properties
new file mode 100755
index 0000000..e69de29
diff --git a/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/grouperText/grouper.text.en.us.properties b/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/grouperText/grouper.text.en.us.properties
new file mode 100755
index 0000000..e69de29
diff --git a/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/subject.properties b/demo/grouper/configs-and-secrets/grouper/grouperWebapp/WEB-INF/classes/subject.properties
new file mode 100755
index 0000000..e69de29
diff --git a/demo/grouper/configs-and-secrets/grouper/httpd/host-cert.pem b/demo/grouper/configs-and-secrets/grouper/httpd/host-cert.pem
deleted file mode 100644
index 9cc228a..0000000
--- a/demo/grouper/configs-and-secrets/grouper/httpd/host-cert.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDPDCCAiQCCQDNZe8r0hVtuTANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxFzAVBgNVBAMMDnNwLmV4YW1wbGUub3JnMB4XDTE3MDkyMjE5
-NTAzNVoXDTI3MDkyMDE5NTAzNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1J
-MRIwEAYDVQQHDAlBbm4gQXJib3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcw
-FQYDVQQDDA5zcC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMTNJmsNpTpR4NrDJwOgK/o3UYlNdi1c6xBflt+liLAsQc160QReV4dS
-SGK8LZvN58a/BTIsH8dLhQlUQ8qQUY2AfolVrNxb7Waumeh/POzYUTRylnoGpU3W
-bGMEPxE/AdgP5U/adYvyu4XI5epv7wjZJOTqcVag15SalY+aso+ZC/5l+UzRxmWB
-ZxKTsSL1y7PFehY4/Zl3Y3oGVsVl/zspt5lteoZQeeVxUX29S3Af11yHY4xpEp+7
-rvAzY/nlsTiHAsUoCFK/NFQ2evvSRx52B9Fk1cWP1MDVDm2QjQqD9xBGYSnX6bhQ
-ejVx7JUJHlblu2Q5p5XdW0BihgFluoECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-n/qhYnIviPs4tglCdrw+M7gbqKNWadDC3F9HDYzlJMFeS/ae2turhEUgQPbYPDQQ
-eO3oOILtvCXNFUPM58jf8V5YFRrOqrTgx44kexQDaHO5YYNft5tF5TdvBYE2gOVr
-GdYrH2iSP8WX+Yy7JH5uqkfwWzEntWHJdey39rCWKAUCCB35+/2b4N53Qmlv2+ug
-CpNJYFtXInd4YMmM5HjXLyoWXtjnKiwDqYUCeYPSwAajnCqRqRXUX0gYTFDRiwRP
-HbmO9We0nqoc/71nikmGGoSRMO/zWVMFjwmAx1fGiWdU61sjGX8sHifzmVyJVEBI
-Z75p+JrWYZJYrx/vpWxL8g==
------END CERTIFICATE-----
diff --git a/demo/grouper/configs-and-secrets/grouper/httpd/host-key.pem b/demo/grouper/configs-and-secrets/grouper/httpd/host-key.pem
deleted file mode 100644
index 1b0b579..0000000
--- a/demo/grouper/configs-and-secrets/grouper/httpd/host-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEzSZrDaU6UeDa
-wycDoCv6N1GJTXYtXOsQX5bfpYiwLEHNetEEXleHUkhivC2bzefGvwUyLB/HS4UJ
-VEPKkFGNgH6JVazcW+1mrpnofzzs2FE0cpZ6BqVN1mxjBD8RPwHYD+VP2nWL8ruF
-yOXqb+8I2STk6nFWoNeUmpWPmrKPmQv+ZflM0cZlgWcSk7Ei9cuzxXoWOP2Zd2N6
-BlbFZf87KbeZbXqGUHnlcVF9vUtwH9dch2OMaRKfu67wM2P55bE4hwLFKAhSvzRU
-Nnr70kcedgfRZNXFj9TA1Q5tkI0Kg/cQRmEp1+m4UHo1ceyVCR5W5btkOaeV3VtA
-YoYBZbqBAgMBAAECggEAA/5t0ypZug9DUu0283niqpdIzlKGHXGPS6vE8hD37ytW
-wobFiyMm/5YJ5gcPnePV2lCyGEyQ8Ih10LSnE4tOPGLpLnxQn8A11ymf8fnzEJNr
-Qnc42o0b+bJqTLAfX4g5z1qzOqWiUQ7CA3sKP3G6FiHh/8tKNYnaFif09Q8cpJFb
-YDDkvm48NJgsrIoCgmaFIQIn+yDzGQKWwTNMIks+RByWpc67j1x1kiyQM1RfrEev
-Yyq/ZkP66IYZzmZKpFCWGs5qbRZdxyXNpq85DjwA99lAH7vxtMJHQM4z1h1eDH4L
-Ma5hEnmmHu4D5lF2GDQYflvuFdDGH5tThO6MV0IrSQKBgQD+kvEtNxJCMxLOVFyV
-NWF3pk/i2nkD+53t/VPXjMPtW7IesouEGzU82I/fT2wUTkNwFdkVpv37qoLypKZm
-npJFxr6abQNjiDh2Fsh8/iuJfvdZUFJbCEY6NS58qgjix8XCQKRD06EugK7uekIZ
-zJnttF3qVBBD8Z8Uwxz8i+jF1wKBgQDF51y/5XB6Bz47cdxw7P8NsfnTz2V3H0HU
-OnlEBANbhmBadjU8dqbM54Nxbn7VOdooXPuSnAKJ9vPDg1n5Y/GO+lgldNzfyK6g
-HnbldSu0zBvAaGvmAjLjetEtOkBqYkrHJlT6JAems/Kc/YX5uooAz9/jNJFXP9++
-KbjH3CzHZwKBgQC6ppxEDZPKi83nD/2NvMTIyFzcNFj0LaEepFW7vc7NkiSn0zrt
-0lEXWqUqEv5oaPWTEcHH2VdxFRTLuSL0LKGMnWqUqQcKDA9xrcSzuFvNhRTwHC81
-5XwwI1wBNV4sgFKj2WdW/6y2/szDt0oNxnC50zvkmlwOpPKBc4kmNaKmowKBgBmC
-uXIDIXyZcmw3QTNNWZNqXcnv8iRo4xN4dilOWyBxMfp3QmWI5feD4G2+0Jqr2nNZ
-iRRdB/bA3qtVQ0PinkDQBIzPg6lVNS1uv+TUNc4YgXtL+pyrq+Om8U/jMmqEQR9q
-0YltG49houSZyatnYGK6aSHgpNuaYD0jI66fsyYBAoGAMefyD0I/ncArjuf58hVQ
-zSjxfcvlja9okrC8ZgqsVluezcm4rQNcSjBnESGTCjJC7O29AofGLHkvnsBQDiGk
-hE38IRisd+okXdApr41ifWDhmtASud5q6wlhOpMmQxg+OALf1rTvFYhbnFEXV/KY
-e5A4iXLRIbxbmXZDa35Rebw=
------END PRIVATE KEY-----
diff --git a/demo/grouper/configs-and-secrets/grouper/httpd/shib.conf b/demo/grouper/configs-and-secrets/grouper/httpd/shib.conf
new file mode 100755
index 0000000..9c33671
--- /dev/null
+++ b/demo/grouper/configs-and-secrets/grouper/httpd/shib.conf
@@ -0,0 +1,54 @@
+# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
+
+# RPM installations on platforms with a conf.d directory will
+# result in this file being copied into that directory for you
+# and preserved across upgrades.
+
+# For non-RPM installs, you should copy the relevant contents of
+# this file to a configuration location you control.
+
+#
+# Load the Shibboleth module.
+#
+LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
+
+#
+# Turn this on to support "require valid-user" rules from other
+# mod_authn_* modules, and use "require shib-session" for anonymous
+# session-based authorization in mod_shib.
+#
+ShibCompatValidUser Off
+
+#
+# Ensures handler will be accessible.
+#
+
+ AuthType None
+ Require all granted
+ SetHandler shib
+
+
+#
+# Used for example style sheet in error templates.
+#
+
+
+ AuthType None
+ Require all granted
+
+ Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
+
+
+#
+# Configure the module for content.
+#
+# You MUST enable AuthType shibboleth for the module to process
+# any requests, and there MUST be a require command as well. To
+# enable Shibboleth but not specify any session/access requirements
+# use "require shibboleth".
+#
+
+ AuthType shibboleth
+ ShibRequestSetting requireSession 1
+ require shib-session
+
diff --git a/demo/grouper/configs-and-secrets/grouper/shibboleth/idp-metadata.xml b/demo/grouper/configs-and-secrets/grouper/shibboleth/idp-metadata.xml
deleted file mode 100644
index 4fa67a7..0000000
--- a/demo/grouper/configs-and-secrets/grouper/shibboleth/idp-metadata.xml
+++ /dev/null
@@ -1,207 +0,0 @@
-
-
-
-
-
-
-
- example.org
-
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
-
-
-
-
-
-
-
-
-
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
-
-
-
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
- localhost
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
-
-
-
-
-
-
-
-
-
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
-
-
-
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/demo/grouper/configs-and-secrets/grouper/shibboleth/shibboleth2.xml b/demo/grouper/configs-and-secrets/grouper/shibboleth/shibboleth2.xml
old mode 100644
new mode 100755
index 0c38f82..e2d12ab
--- a/demo/grouper/configs-and-secrets/grouper/shibboleth/shibboleth2.xml
+++ b/demo/grouper/configs-and-secrets/grouper/shibboleth/shibboleth2.xml
@@ -1,60 +1,53 @@
-
+
+
-
-
+ REMOTE_USER="uid"
+ cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">
-
+
-
- SAML2
-
+ -->
+
+ SAML2
+
SAML2 Local
-
+
+
+
+
-
+
@@ -65,19 +58,25 @@
-
+
+
+
+
-
-
+
+
+
-
-
-
-
-
-
-
+
+
- Example of a second application (for a second vhost) that has a different entityID.
- Resources on the vhost would map to an applicationId of "admin":
- -->
-
diff --git a/demo/grouper/configs-and-secrets/grouper/shibboleth/sp-cert.pem b/demo/grouper/configs-and-secrets/grouper/shibboleth/sp-cert.pem
deleted file mode 100644
index 9cc228a..0000000
--- a/demo/grouper/configs-and-secrets/grouper/shibboleth/sp-cert.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDPDCCAiQCCQDNZe8r0hVtuTANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxFzAVBgNVBAMMDnNwLmV4YW1wbGUub3JnMB4XDTE3MDkyMjE5
-NTAzNVoXDTI3MDkyMDE5NTAzNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1J
-MRIwEAYDVQQHDAlBbm4gQXJib3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcw
-FQYDVQQDDA5zcC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMTNJmsNpTpR4NrDJwOgK/o3UYlNdi1c6xBflt+liLAsQc160QReV4dS
-SGK8LZvN58a/BTIsH8dLhQlUQ8qQUY2AfolVrNxb7Waumeh/POzYUTRylnoGpU3W
-bGMEPxE/AdgP5U/adYvyu4XI5epv7wjZJOTqcVag15SalY+aso+ZC/5l+UzRxmWB
-ZxKTsSL1y7PFehY4/Zl3Y3oGVsVl/zspt5lteoZQeeVxUX29S3Af11yHY4xpEp+7
-rvAzY/nlsTiHAsUoCFK/NFQ2evvSRx52B9Fk1cWP1MDVDm2QjQqD9xBGYSnX6bhQ
-ejVx7JUJHlblu2Q5p5XdW0BihgFluoECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-n/qhYnIviPs4tglCdrw+M7gbqKNWadDC3F9HDYzlJMFeS/ae2turhEUgQPbYPDQQ
-eO3oOILtvCXNFUPM58jf8V5YFRrOqrTgx44kexQDaHO5YYNft5tF5TdvBYE2gOVr
-GdYrH2iSP8WX+Yy7JH5uqkfwWzEntWHJdey39rCWKAUCCB35+/2b4N53Qmlv2+ug
-CpNJYFtXInd4YMmM5HjXLyoWXtjnKiwDqYUCeYPSwAajnCqRqRXUX0gYTFDRiwRP
-HbmO9We0nqoc/71nikmGGoSRMO/zWVMFjwmAx1fGiWdU61sjGX8sHifzmVyJVEBI
-Z75p+JrWYZJYrx/vpWxL8g==
------END CERTIFICATE-----
diff --git a/demo/grouper/configs-and-secrets/grouper/shibboleth/sp-key.pem b/demo/grouper/configs-and-secrets/grouper/shibboleth/sp-key.pem
deleted file mode 100644
index 1b0b579..0000000
--- a/demo/grouper/configs-and-secrets/grouper/shibboleth/sp-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEzSZrDaU6UeDa
-wycDoCv6N1GJTXYtXOsQX5bfpYiwLEHNetEEXleHUkhivC2bzefGvwUyLB/HS4UJ
-VEPKkFGNgH6JVazcW+1mrpnofzzs2FE0cpZ6BqVN1mxjBD8RPwHYD+VP2nWL8ruF
-yOXqb+8I2STk6nFWoNeUmpWPmrKPmQv+ZflM0cZlgWcSk7Ei9cuzxXoWOP2Zd2N6
-BlbFZf87KbeZbXqGUHnlcVF9vUtwH9dch2OMaRKfu67wM2P55bE4hwLFKAhSvzRU
-Nnr70kcedgfRZNXFj9TA1Q5tkI0Kg/cQRmEp1+m4UHo1ceyVCR5W5btkOaeV3VtA
-YoYBZbqBAgMBAAECggEAA/5t0ypZug9DUu0283niqpdIzlKGHXGPS6vE8hD37ytW
-wobFiyMm/5YJ5gcPnePV2lCyGEyQ8Ih10LSnE4tOPGLpLnxQn8A11ymf8fnzEJNr
-Qnc42o0b+bJqTLAfX4g5z1qzOqWiUQ7CA3sKP3G6FiHh/8tKNYnaFif09Q8cpJFb
-YDDkvm48NJgsrIoCgmaFIQIn+yDzGQKWwTNMIks+RByWpc67j1x1kiyQM1RfrEev
-Yyq/ZkP66IYZzmZKpFCWGs5qbRZdxyXNpq85DjwA99lAH7vxtMJHQM4z1h1eDH4L
-Ma5hEnmmHu4D5lF2GDQYflvuFdDGH5tThO6MV0IrSQKBgQD+kvEtNxJCMxLOVFyV
-NWF3pk/i2nkD+53t/VPXjMPtW7IesouEGzU82I/fT2wUTkNwFdkVpv37qoLypKZm
-npJFxr6abQNjiDh2Fsh8/iuJfvdZUFJbCEY6NS58qgjix8XCQKRD06EugK7uekIZ
-zJnttF3qVBBD8Z8Uwxz8i+jF1wKBgQDF51y/5XB6Bz47cdxw7P8NsfnTz2V3H0HU
-OnlEBANbhmBadjU8dqbM54Nxbn7VOdooXPuSnAKJ9vPDg1n5Y/GO+lgldNzfyK6g
-HnbldSu0zBvAaGvmAjLjetEtOkBqYkrHJlT6JAems/Kc/YX5uooAz9/jNJFXP9++
-KbjH3CzHZwKBgQC6ppxEDZPKi83nD/2NvMTIyFzcNFj0LaEepFW7vc7NkiSn0zrt
-0lEXWqUqEv5oaPWTEcHH2VdxFRTLuSL0LKGMnWqUqQcKDA9xrcSzuFvNhRTwHC81
-5XwwI1wBNV4sgFKj2WdW/6y2/szDt0oNxnC50zvkmlwOpPKBc4kmNaKmowKBgBmC
-uXIDIXyZcmw3QTNNWZNqXcnv8iRo4xN4dilOWyBxMfp3QmWI5feD4G2+0Jqr2nNZ
-iRRdB/bA3qtVQ0PinkDQBIzPg6lVNS1uv+TUNc4YgXtL+pyrq+Om8U/jMmqEQR9q
-0YltG49houSZyatnYGK6aSHgpNuaYD0jI66fsyYBAoGAMefyD0I/ncArjuf58hVQ
-zSjxfcvlja9okrC8ZgqsVluezcm4rQNcSjBnESGTCjJC7O29AofGLHkvnsBQDiGk
-hE38IRisd+okXdApr41ifWDhmtASud5q6wlhOpMmQxg+OALf1rTvFYhbnFEXV/KY
-e5A4iXLRIbxbmXZDa35Rebw=
------END PRIVATE KEY-----
diff --git a/demo/grouper/configs-and-secrets/midpoint/httpd/host-cert.pem b/demo/grouper/configs-and-secrets/midpoint/httpd/host-cert.pem
deleted file mode 100644
index 9b1021b..0000000
--- a/demo/grouper/configs-and-secrets/midpoint/httpd/host-cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
-DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
-cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
-a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
-lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
-8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
-f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
-vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
-AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
-FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
-h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
-BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
-JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
-GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
-Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
------END CERTIFICATE-----
diff --git a/demo/grouper/configs-and-secrets/midpoint/httpd/host-key.pem b/demo/grouper/configs-and-secrets/midpoint/httpd/host-key.pem
deleted file mode 100644
index 5746e59..0000000
--- a/demo/grouper/configs-and-secrets/midpoint/httpd/host-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
-cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
-KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
-xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
-3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
-RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
-IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
-Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
-2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
-NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
-HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
-V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
-yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
-LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
-VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
-76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
-LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
-LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
-QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
-5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
-JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
-0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
-VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
-bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
-4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
-CWYCgOnmiTHcj83UaTqEXtmv
------END PRIVATE KEY-----
diff --git a/demo/grouper/configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks b/demo/grouper/configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
deleted file mode 100644
index af2e8f4..0000000
Binary files a/demo/grouper/configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks and /dev/null differ
diff --git a/demo/grouper/create-ref-loaders.gsh b/demo/grouper/create-ref-loaders.gsh
deleted file mode 100644
index 0cfdcdf..0000000
--- a/demo/grouper/create-ref-loaders.gsh
+++ /dev/null
@@ -1,31 +0,0 @@
-gs = GrouperSession.startRootSession()
-
-group = new GroupSave(gs).assignName("etc:affiliationLoader").assignCreateParentStemsIfNotExist(true).save()
-group.addType(GroupTypeFinder.find("grouperLoader"))
-group.setAttribute("grouperLoaderDbName", "sis")
-group.setAttribute("grouperLoaderType", "SQL_GROUP_LIST")
-group.setAttribute("grouperLoaderScheduleType", "CRON")
-group.setAttribute("grouperLoaderQuartzCron", "0 * * * * ?")
-group.setAttribute("grouperLoaderDbName", "sis")
-group.setAttribute("grouperLoaderGroupTypes", "addIncludeExclude")
-group.setAttribute("grouperLoaderQuery", "SELECT concat('ref:affiliation:',affiliation,'_systemOfRecord') as GROUP_NAME, uid as SUBJECT_ID, 'ldap' as SUBJECT_SOURCE_ID from SIS_AFFILIATIONS")
-
-group = new GroupSave(gs).assignName("etc:deptLoader").assignCreateParentStemsIfNotExist(true).save()
-group.addType(GroupTypeFinder.find("grouperLoader"))
-group.setAttribute("grouperLoaderDbName", "sis")
-group.setAttribute("grouperLoaderType", "SQL_GROUP_LIST")
-group.setAttribute("grouperLoaderScheduleType", "CRON")
-group.setAttribute("grouperLoaderQuartzCron", "0 * * * * ?")
-group.setAttribute("grouperLoaderDbName", "sis")
-group.setAttribute("grouperLoaderQuery", "SELECT concat('ref:dept:',department) as GROUP_NAME, uid as SUBJECT_ID, 'ldap' as SUBJECT_SOURCE_ID from SIS_PERSONS where department is not null")
-
-group = new GroupSave(gs).assignName("etc:coursesLoader").assignCreateParentStemsIfNotExist(true).save()
-group.addType(GroupTypeFinder.find("grouperLoader"))
-group.setAttribute("grouperLoaderDbName", "sis")
-group.setAttribute("grouperLoaderType", "SQL_GROUP_LIST")
-group.setAttribute("grouperLoaderScheduleType", "CRON")
-group.setAttribute("grouperLoaderQuartzCron", "0 * * * * ?")
-group.setAttribute("grouperLoaderDbName", "sis")
-group.setAttribute("grouperLoaderQuery", "SELECT concat('ref:course:',courseId) as GROUP_NAME, uid as SUBJECT_ID, 'ldap' as SUBJECT_SOURCE_ID from SIS_COURSES")
-
-edu.internet2.middleware.grouper.app.loader.GrouperLoaderType.scheduleLoads()
diff --git a/demo/grouper/create-ref-loaders.sh b/demo/grouper/create-ref-loaders.sh
deleted file mode 100755
index c9cd9cc..0000000
--- a/demo/grouper/create-ref-loaders.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-source ../../library.bash
-
-execute_gsh grouper_grouper_daemon_1 create-ref-loaders.gsh
diff --git a/demo/grouper/directory/Dockerfile b/demo/grouper/directory/Dockerfile
index 6e34ead..9a0948d 100644
--- a/demo/grouper/directory/Dockerfile
+++ b/demo/grouper/directory/Dockerfile
@@ -1,28 +1,39 @@
-FROM centos:centos7
-
-LABEL author="tier-packaging@internet2.edu "
-
-RUN yum install -y epel-release \
- && yum update -y \
- && yum install -y 389-ds-base \
- && yum clean all \
- && rm -rf /var/cache/yum
-
-COPY container_files/seed-data/ /seed-data/
-
-RUN useradd ldapadmin \
- && rm -fr /var/lock /usr/lib/systemd/system \
- # The 389-ds setup will fail because the hostname can't reliable be determined, so we'll bypass it and then install. \
- && sed -i 's/checkHostname {/checkHostname {\nreturn();/g' /usr/lib64/dirsrv/perl/DSUtil.pm \
- # Not doing SELinux \
- && sed -i 's/updateSelinuxPolicy($inf);//g' /usr/lib64/dirsrv/perl/* \
- # Do not restart at the end \
- && sed -i '/if (@errs = startServer($inf))/,/}/d' /usr/lib64/dirsrv/perl/* \
- && setup-ds.pl --silent --file /seed-data/ds-setup.inf \
- && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- ldapadd -H ldap:/// -f /seed-data/data.ldif -x -D "cn=Directory Manager" -w password
-
-EXPOSE 389
-
-CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep infinity
+FROM rockylinux:9.3 as baseinst
+
+RUN dnf update -y && \
+ dnf install -y --enablerepo=devel openldap openldap-clients openldap-servers && \
+ dnf clean all && \
+ rm -rf /var/cache/dnf
+
+EXPOSE 389/tcp
+
+VOLUME /var/lib/ldap
+
+FROM baseinst
+
+#LABEL author="tier-packaging@internet2.edu "
+
+ARG ldapDomain="dc=internet2,dc=edu"
+ARG ldapPw="password"
+
+ADD https://raw.githubusercontent.com/REFEDS/eduperson/master/schema/openldap/eduperson.ldif /etc/openldap/schema
+
+COPY container_files/* /opt
+
+RUN cd /opt ; \
+ /opt/update_schema /etc/openldap/slapd.d/cn\=config/cn\=schema/cn\=\{0\}core.ldif groupOfUniqueNames uniqueMember cn ; \
+ /opt/update_schema /etc/openldap/slapd.d/cn\=config/cn\=schema/cn\=\{0\}core.ldif groupOfNames member cn ; \
+ /opt/slapd.sh -init ; \
+ /opt/gen_config_update "${ldapDomain}" "${ldapPw}" "0" "0" ;\
+ cat 999_schema-list | while read line ; do \
+ ldapadd -H ldapi:/// -f /etc/openldap/schema/${line}.ldif ; \
+ done ; \
+ for s in 0 1 2 3 4 5 6 7 8 9 ; do \
+ find -type f -name "${s}[0-4]?_*.ldif" -exec ldapmodify -H ldapi:/// -f /opt/\{\} \; ; \
+ find -type f -name "${s}[5-9]?_*.ldif" -exec ldapadd -H ldapi:/// -f /opt/\{\} \; ; \
+ done ; \
+ rm /opt/[0-9]* && \
+ /opt/slapd.sh -stop ;
+
+CMD [ "/opt/slapd.sh", "-limit", "1024", "-debug", "256" ]
+
diff --git a/demo/grouper/directory/container_files/gen_config_update b/demo/grouper/directory/container_files/gen_config_update
new file mode 100755
index 0000000..a2d5647
--- /dev/null
+++ b/demo/grouper/directory/container_files/gen_config_update
@@ -0,0 +1,241 @@
+#!/bin/bash
+domain="${1:-dc=example,dc=com}"
+if [ $(echo -n ${domain} | wc -c ) -eq $(echo -n ${domain} | tr -d "," | wc -c) ]
+then
+ subDomain="${domain:4}"
+else
+ subDomain="$(echo -n ${domain:4} | cut -d , -f 1)"
+fi
+userpw="${2:-change_me}"
+cleartext="${3:-0}"
+locDebug="${4:-0}"
+
+function genPass() {
+ retVal="userPassword:"
+ if [ "${cleartext}" != "1" ]
+ then
+ secPw="$(slappasswd -s ${userpw})"
+ secPw2="$(echo -n ${secPw} | base64 )"
+ [ "${locDebug}" != "0" ] && echo "${userpw} => ${secPw} => ${secPw2}" >&2
+ retVal="${retVal}: ${secPw2}"
+ else
+ [ "${locDebug}" != "0" ] && echo "${userpw}" >&2
+ retVal="${retVal} ${userpw}"
+ fi
+ while [ ${#retVal} -gt 78 ]
+ do
+ echo "${retVal:0:78}"
+ retVal=" ${retVal:78}"
+ done
+ if [ ${#retVal} -gt 2 ]
+ then
+ echo "${retVal}"
+ fi
+}
+
+cat >999_schema-list <001_monitor-diff.ldif <101_mdb-diff.ldif <251_mod_config.ldif <151_default_structure.ldif <252_default_policy.ldif <851_default_structure.ldif <959_default_structure.ldif <&2
+ ulimit -n ${localLimit}
+ exec /usr/sbin/slapd -4 -h "ldapi:///" -u ldap -g ldap
+ exit 0
+ ;;
+ stop)
+ while read line
+ do
+ kill ${line}
+ count=0
+ while [ -e /proc/${line} ]
+ do
+ [ ${count} -gt 10 ] && kill -9 ${line}
+ echo "Waiting to terminate the process"
+ count=$(( ${count} + 1 ))
+ sleep 1
+ done
+ echo "Terminated..."
+ ${0} -stop
+ done < <( grep "^slapd$" /proc/*/comm | head -1 | cut -d / -f 3 )
+ exit 0
+ ;;
+ esac
+done
+
+ulimit -n ${localLimit}
+
+
+if [ -z ${LDAP_INIT+x} ]
+then
+ [ ! -z ${LDAP_INFO+x} ] && echo "uLimit : ${localLimit} / debug level : ${debugLevel}" >&2
+ exec /usr/sbin/slapd -h "ldap://0.0.0.0:389 ldapi:///" -u ldap -g ldap -d ${debugLevel}
+else
+ [ ! -z ${LDAP_INFO+x} ] && echo "uLimit : ${localLimit}" >&2
+ exec /usr/sbin/slapd -4 -h "ldapi:///" -u ldap -g ldap
+fi
+
diff --git a/demo/grouper/directory/container_files/update_schema b/demo/grouper/directory/container_files/update_schema
new file mode 100755
index 0000000..9fccca9
--- /dev/null
+++ b/demo/grouper/directory/container_files/update_schema
@@ -0,0 +1,103 @@
+#!/bin/bash
+[ "${1}" == "" ] && exit 1
+
+function getLines {
+ nLine=1
+ grep -n ^olc "${1}" | \
+ grep -A 1 "${2}" | \
+ cut -d : -f 1 | \
+ while read line
+ do
+ if [ ${nLine} -eq 1 ]
+ then
+ echo -n "${line},"
+ else
+ echo "$(( ${line} - 1))"
+ fi
+ nLine=$(( ${nLine} + 1 ))
+ done
+}
+
+function getCurrent {
+ sed -n "${2}p" "${1}" | sed "s/^ //g" | tr -d "\n"
+ echo
+}
+
+function convertToOptional {
+ if [ "${2}" != "" ]
+ then
+ original="${1} \$ ${2}"
+ else
+ original="${1}"
+ fi
+ read line
+ if [ $( echo "${line}" | grep -c "MUST ( ${original} )" ) -gt 0 ]
+ then
+ echo "${line}" | sed "s/MUST ( ${original} )/MUST ( ${2:-} )/; s/MAY (/MAY ( ${1} \$/"
+ else
+ echo "${line}"
+ fi
+}
+
+function wrapLine() {
+ lineToWrap="${1:-}"
+ while [ ${#lineToWrap} -gt 0 ]
+ do
+ if [ ${#lineToWrap} -ge 78 ]
+ then
+ echo "${lineToWrap:0:78}"
+ lineToWrap=" ${lineToWrap:78}"
+ else
+ echo "${lineToWrap}"
+ lineToWrap=""
+ fi
+ done
+}
+
+function replaceLine {
+ newline=$( echo -n ${2} | cut -d , -f 1)
+ sed -i "${2}d" "${1}"
+ firstLine=1
+ while read line
+ do
+ if [ ${firstLine} -eq 1 ]
+ then
+ sed -i "${newline} i ${line}" "${1}"
+ firstLine=0
+ else
+ sed -i "${newline} i\ ${line}" "${1}"
+ fi
+ newline=$(( ${newline} + 1 ))
+ done
+}
+
+function updateModifyTimestamp {
+ sed -i "s/^modifyTimestamp:.*/modifyTimestamp: $(date -u +%Y%m%d%H%M%SZ)/" "${1}"
+}
+
+
+function calculateCRC {
+ tail -n +3 "${1}" | \
+ gzip -1 -c | \
+ tail -c8 | \
+ hexdump -n4 | \
+ head -1 | \
+ sed "s/[^[:space:]]*[[:space:]]\([^[:space:]]*\)[[:space:]]\([^[:space:]]*\)/# CRC32 \2\1/"
+}
+
+function updateCRC {
+ sed -i "s/# CRC32.*/$(calculateCRC "${1}")/" "${1}"
+}
+
+lines="$(getLines "${1}" "${2}")"
+origLine="$(getCurrent "${1}" "${lines}")"
+newLine="$(echo ${origLine} | convertToOptional "${3}" "${4}")"
+if [ "${origLine}" != "${newLine}" ]
+then
+ echo "updating... / ${1} : ${2} ( ${3} : MUST => MAY) "
+ wrapLine "${newLine}" | replaceLine "${1}" "${lines}"
+ updateModifyTimestamp "${1}"
+ updateCRC "${1}"
+else
+ echo "nothing to update... / ${1} : ${2} ( ${3} : MUST => MAY) "
+fi
diff --git a/demo/grouper/docker-compose.yml b/demo/grouper/docker-compose.yml
index a80751a..b96f1d7 100644
--- a/demo/grouper/docker-compose.yml
+++ b/demo/grouper/docker-compose.yml
@@ -1,164 +1,326 @@
version: "3.3"
services:
+ prereq:
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+ command: >
+ bash -c "
+ echo ' - - - - - - -' ;
+ cd /mnt/security ;
+ if [ ! -e key.pem ] ;
+ then
+ echo 'Certificate has not been found. Generating of the new one...' ;
+ if [ -e /mnt/grouper-http/host-cert.pem -a -e /mnt/grouper-http/host-key.pem ] ;
+ then
+ echo 'Taking existing http certs... ';
+ cp /mnt/grouper-http/host-cert.pem cert.pem ;
+ cp /mnt/grouper-http/host-key.pem key.pem ;
+ else
+ echo 'Generating existing http certs... ';
+ openssl req -newkey rsa:2048 -keyout key.pem -nodes -subj '/C=US/ST=MI/L=Ann Arbor/O=Internet2\\/TIER/CN=midpoint.sp.example.org' -addext 'subjectAltName = DNS:midpoint.sp.example.org, DNS:midpoint_server, DNS:directory, DNS:idp, DNS: localhost, DNS: localhost.localdomain, IP:127.0.0.1, IP:::1' -out cert.pem -days 1825 -x509 -addext "basicConstraints=CA:FALSE";
+ fi ;
+ openssl req -newkey rsa:2048 -keyout sp-key.pem -nodes -subj '/C=US/ST=MI/L=Ann Arbor/O=Internet2\\/TIER/CN=sp.example.org' -out sp-cert.pem -days 3650 -x509 ;
+ openssl req -newkey rsa:3072 -keyout sp-signing-key.pem -nodes -subj '/CN=sptest.example.edu' -addext 'subjectAltName = DNS:sptest.example.edu' -out sp-signing-cert.pem -days 3650 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-backchannel.key -nodes -subj '/CN=idptestbed' -addext 'subjectAltName = DNS:idptestbed, URI:https://idptestbed/idp/shibboleth' -out idp-backchannel.crt -days 7300 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-encryption.key -nodes -subj '/CN=idptestbed' -addext 'subjectAltName = DNS:idptestbed, URI:https://idptestbed/idp/shibboleth' -out idp-encryption.crt -days 7300 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-signing.key -nodes -subj '/CN=idptestbed' -addext 'subjectAltName = DNS:idptestbed, URI:https://idptestbed/idp/shibboleth' -out idp-signing.crt -days 7300 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-browser.key -nodes -subj '/CN=idp.ccc.local' -addext 'authorityKeyIdentifier = keyid:always,issuer:always' -out idp-browser.crt -days 10585 -x509 ;
+ openssl x509 -noout -fingerprint -sha256 -in cert.pem ;
+ openssl pkcs12 -export -in sp-signing-cert.pem -inkey sp-signing-key.pem -out signing-key.p12 -passout pass:password -name signing-key ;
+ openssl pkcs12 -export -in cert.pem -inkey key.pem -out keystore.p12 -passout pass:password -name selfsigned ;
+ keytool -importkeystore -srckeystore signing-key.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias signing-key -destkeystore shibboleth_sp_keys.jks -deststoretype jks -deststorepass changeit -noprompt -destalias signing-key ;
+ keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias selfsigned -destkeystore keystore.jks -deststoretype jks -deststorepass password -noprompt -destalias selfsigned ;
+ keytool -list -keystore shibboleth_sp_keys.jks -storetype jceks -storepass changeit ;
+ keytool -list -keystore keystore.jks -storetype jceks -storepass password ;
+ openssl pkcs12 -export -in idp-backchannel.crt -inkey idp-backchannel.key -out idp-backchannel.p12 -passout pass:password -name idptestbed ;
+ openssl pkcs12 -export -in idp-browser.crt -inkey idp-browser.key -out idp-browser.p12 -passout pass:password -name myAlias ;
+ for s in *ert.pem *.crt ; do echo ' - - - - - ' ; echo $${s} ; openssl x509 -noout -fingerprint -sha256 -in $${s} ; echo ; openssl x509 -noout -subject -subject_hash -dates -in $${s} ; done ;
+ echo ' - - - - - ' ;
+ mkdir /mnt/midpoint/var/shibboleth ;
+ cp shibboleth_sp_keys.jks /mnt/midpoint/var/shibboleth ;
+ cp cert.pem /mnt/midpoint/var ;
+ cp key.pem /mnt/midpoint/var ;
+ cp cert.pem /mnt/nginx-cert ;
+ cp key.pem /mnt/nginx-cert ;
+ echo ' server {' >> /mnt/nginx-conf/default.conf ;
+ echo ' listen 80 default_server;' >> /mnt/nginx-conf/default.conf ;
+ echo ' server_name localhost;' >> /mnt/nginx-conf/default.conf ;
+ echo '' >> /mnt/nginx-conf/default.conf ;
+ echo ' return 301 https://$server_name$request_uri;' >> /mnt/nginx-conf/default.conf ;
+ echo '}' >> /mnt/nginx-conf/default.conf ;
+ echo ' server {' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' listen 443 ssl default_server;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' server_name localhost;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo '' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' ssl_certificate /etc/nginx/certs/cert.pem;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' ssl_certificate_key /etc/nginx/certs/key.pem;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo '' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' location / {' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' rewrite ^/$ /midpoint/ last;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' rewrite ^/midpoint$ /midpoint/ last;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo '' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' proxy_set_header X-Real-IP $$remote_addr;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' proxy_set_header X-Forwarded-Host: $$host;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' proxy_set_header X-Forwarded-Proto: $$scheme;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' proxy_pass http://midpoint-container:8080/;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo '' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' }' >> /mnt/nginx-conf/midpoint.conf ;
+ echo '' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' location /idp {' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' proxy_set_header Host localhost;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' proxy_pass https://idp:443/idp ;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' }' >> /mnt/nginx-conf/midpoint.conf ;
+ echo '' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' location /grouper {' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' rewrite ^/(.*)$ https://localhost:4443/$1 ;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' }' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' location /grouperSSO {' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' rewrite ^/(.*)$ https://localhost:4443/$1 ;' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' }' >> /mnt/nginx-conf/midpoint.conf ;
+ echo ' }' >> /mnt/nginx-conf/midpoint.conf ;
+ cp idp-backchannel.crt /mnt/shibboleth-idp/credentials ;
+ cp idp-backchannel.p12 /mnt/shibboleth-idp/credentials ;
+ cp idp-browser.p12 /mnt/shibboleth-idp/credentials ;
+ cp idp-encryption.crt /mnt/shibboleth-idp/credentials ;
+ cp idp-encryption.key /mnt/shibboleth-idp/credentials ;
+ cp idp-signing.crt /mnt/shibboleth-idp/credentials ;
+ cp idp-signing.key /mnt/shibboleth-idp/credentials ;
+ cp sp-signing-cert.pem /mnt/shibboleth-idp/credentials ;
+ cp sp-cert.pem /mnt/shibboleth-idp/credentials ;
+ cp keystore.jks /mnt/shibboleth/certs ;
+ cp cert.pem /mnt/grouper-http/host-cert.pem ;
+ cp key.pem /mnt/grouper-http/host-key.pem ;
+ chmod -R 744 /mnt/grouper-http ;
+ chown -R --reference=/mnt/grouper-http /mnt/grouper-http ;
+ cp sp-cert.pem /mnt/grouper-shibboleth/sp-cert.pem ;
+ cp sp-key.pem /mnt/grouper-shibboleth/sp-key.pem ;
+ chmod -R 744 /mnt/grouper-shibboleth ;
+ chown -R --reference=/mnt/grouper-shibboleth /mnt/grouper-shibboleth ;
+ echo ' - - - - - ' ;
+ find -type f ;
+ echo ' - - - - - - -' ;
+ find /mnt/shibboleth-idp/ -type f ;
+ echo ' - - - - - - -' ;
+ find /mnt/shibboleth -type f ;
+ echo ' - - - - - - -' ;
+ find /mnt/midpoint/ -type f ;
+ echo ' - - - - - - -' ;
+ find /mnt/grouper*/ -type f ;
+ echo ' - - - - - - -' ;
+ else echo 'certificate already exists... (skip new cert generation)' ;
+ fi ;
+ if [ ! -e /mnt/shared_pw/db_pass ] ; then
+ echo 'Generating password for DB connection...';
+ dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d -c [0-9a-z] | cut -c 1-32 | tr -d [[:space:]] > /mnt/shared_pw/db_pass ;
+ fi ;
+ "
+ networks:
+ - net
+ volumes:
+ - security_object:/mnt/security
+ - shared_pw:/mnt/shared_pw
+ - idp_credentials:/mnt/shibboleth-idp/credentials
+ - idp_certs:/mnt/shibboleth/certs
+ - proxy_conf:/mnt/nginx-conf
+ - proxy_cert:/mnt/nginx-cert
+ - midpoint_home:/mnt/midpoint/var
+ - ./configs-and-secrets/grouper/httpd:/mnt/grouper-http
+ - ./configs-and-secrets/grouper/shibboleth:/mnt/grouper-shibboleth
+
grouper_daemon:
- build: ./grouper_daemon/
- command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; /usr/local/bin/startup.sh"
+ image: i2incommon/grouper:4.12.0
+ command: [ "daemon" ]
depends_on:
- - grouper_data
- - directory
+ grouper_data:
+ condition: service_healthy
+ grouper_data_init:
+ condition: service_completed_successfully
+ directory:
+ condition: service_healthy
+ sources:
+ condition: service_started
environment:
- ENV
- USERTOKEN
- GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE=password
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- - RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt
+ - RABBITMQ_PASSWORD=password
- SUBJECT_SOURCE_LDAP_PASSWORD=password
+ ulimits:
+ nofile:
+ soft: 1024
+ hard: 2048
networks:
net:
aliases:
- grouper-daemon
healthcheck:
- test: curl -s grouper_data:3306
+ test: gsh
interval: 30s
timeout: 30s
retries: 3
secrets:
- g_database_password.txt
- - rabbitmq_password.txt
- - source: grouper.hibernate.properties
- target: grouper_grouper.hibernate.properties
- - source: grouper-loader.properties
- target: grouper_grouper-loader.properties
- - source: subject.properties
- target: grouper_subject.properties
volumes:
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.properties
- target: /opt/grouper/conf/grouper.properties
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.client.properties
- target: /opt/grouper/conf/grouper.client.properties
+ - ./configs-and-secrets/grouper/application/grouper.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper.properties
+ - ./configs-and-secrets/grouper/application/grouper.client.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper.client.properties
+ - ./configs-and-secrets/grouper/application/grouper.hibernate.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
+ - ./configs-and-secrets/grouper/application/grouper-loader.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
+ - ./configs-and-secrets/grouper/application/subject.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
+ - ./configs-and-secrets/grouper/application/grouper.text.en.us.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouperText/grouper.text.en.us.properties
grouper_ui:
- build: ./grouper_ui/
- command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
+ image: i2incommon/grouper:4.12.0
+ command: [ "ui" ]
depends_on:
- - grouper_data
- - directory
+ grouper_data:
+ condition: service_healthy
+ grouper_data_init:
+ condition: service_completed_successfully
+ directory:
+ condition: service_healthy
environment:
- ENV
- USERTOKEN
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
+ ulimits:
+ nofile:
+ soft: 1024
+ hard: 2048
networks:
net:
aliases:
- grouper-ui
ports:
- 4443:443
+ healthcheck:
+ test: curl -k -f https://127.0.0.1/grouper/grouperUi/ || exit 1
+ interval: 30s
+ timeout: 30s
+ retries: 3
secrets:
- g_database_password.txt
- - source: grouper.hibernate.properties
- target: grouper_grouper.hibernate.properties
- - source: grouper-loader.properties
- target: grouper_grouper-loader.properties
- - source: subject.properties
- target: grouper_subject.properties
- - source: g_sp-key.pem
- target: shib_sp-key.pem
- - source: g_host-key.pem
- target: host-key.pem
volumes:
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.properties
- target: /opt/grouper/conf/grouper.properties
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.client.properties
- target: /opt/grouper/conf/grouper.client.properties
- - type: bind
- source: ./configs-and-secrets/grouper/shibboleth/sp-cert.pem
- target: /etc/shibboleth/sp-cert.pem
- - type: bind
- source: ./configs-and-secrets/grouper/shibboleth/shibboleth2.xml
- target: /etc/shibboleth/shibboleth2.xml
- - type: bind
- source: ./configs-and-secrets/grouper/shibboleth/idp-metadata.xml
- target: /etc/shibboleth/idp-metadata.xml
- - type: bind
- source: ./configs-and-secrets/grouper/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/grouper/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
+ - ./configs-and-secrets/grouper/application/grouper.properties:/opt/grouper/conf/grouper.properties
+ - ./configs-and-secrets/grouper/application/grouper.client.properties:/opt/grouper/conf/grouper.client.properties
+ - ./configs-and-secrets/grouper/application/grouper.hibernate.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
+ - ./configs-and-secrets/grouper/application/grouper-loader.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
+ - ./configs-and-secrets/grouper/application/subject.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
+ - ./configs-and-secrets/grouper/application/grouper.text.en.us.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouperText/grouper.text.en.us.properties
+ - ./configs-and-secrets/grouper/shibboleth/idp-metadata.xml:/etc/shibboleth/idp-metadata.xml
+ - ./configs-and-secrets/grouper/shibboleth/sp-cert.pem:/etc/shibboleth/sp-cert.pem
+ - ./configs-and-secrets/grouper/shibboleth/sp-key.pem:/etc/shibboleth/sp-key.pem
+ - ./configs-and-secrets/grouper/shibboleth/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml
+# Note: due to a bug in https://github.internet2.edu/docker/grouper/blob/2.5.57/container_files/usr-local-bin/librarySetupFilesForProcess.sh#L72
+# This file had to be mounted as shib2.conf, instead of shib.conf (bind mounts don't want to be moved)
+ - ./configs-and-secrets/grouper/httpd/shib.conf:/etc/httpd/conf.d/shib2.conf
+ - ./configs-and-secrets/grouper/httpd/host-cert.pem:/etc/pki/tls/certs/host-cert.pem
+ - ./configs-and-secrets/grouper/httpd/host-cert.pem:/etc/pki/tls/certs/cachain.pem
+ - ./configs-and-secrets/grouper/httpd/host-key.pem:/etc/pki/tls/private/host-key.pem
grouper_ws:
- build: ./grouper_ws/
- command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws"
+ image: i2incommon/grouper:4.12.0
+ command: [ "ws" ]
depends_on:
- - grouper_data
- - directory
+ grouper_data:
+ condition: service_healthy
+ directory:
+ condition: service_healthy
+ prereq:
+ condition: service_completed_successfully
+ idp_vol_init:
+ condition: service_completed_successfully
+ grouper_data_init:
+ condition: service_completed_successfully
environment:
- ENV
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
- USERTOKEN
+ ulimits:
+ nofile:
+ soft: 1024
+ hard: 2048
networks:
net:
aliases:
- grouper-ws
ports:
- 9443:443
+ healthcheck:
+ test: curl -k -f https://127.0.0.1/grouper-ws/status?diagnosticType=trivial || exit 1
+ interval: 30s
+ timeout: 30s
+ retries: 3
secrets:
- g_database_password.txt
- - source: grouper.hibernate.properties
- target: grouper_grouper.hibernate.properties
- - source: grouper-loader.properties
- target: grouper_grouper-loader.properties
- - source: subject.properties
- target: grouper_subject.properties
- - source: g_sp-key.pem
- target: shib_sp-key.pem
- - source: g_host-key.pem
- target: host-key.pem
+# - source: g_sp-key.pem
+# target: shib_sp-key.pem
+# - source: g_host-key.pem
+# target: host-key.pem
+ volumes:
+ - ./configs-and-secrets/grouper/application/grouper.properties:/opt/grouper/conf/grouper.properties
+ - ./configs-and-secrets/grouper/application/grouper.client.properties:/opt/grouper/conf/grouper.client.properties
+ - ./configs-and-secrets/grouper/application/grouper.hibernate.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
+ - ./configs-and-secrets/grouper/application/grouper-loader.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
+ - ./configs-and-secrets/grouper/application/subject.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
+ - ./configs-and-secrets/grouper/application/grouper.text.en.us.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouperText/grouper.text.en.us.properties
+ - ./grouper_ws/web.xml:/opt/grouper/grouperWebapp/WEB-INF/web.xml
+ - ./grouper_ws/tomcat-users.xml:/opt/tomee/conf/tomcat-users.xml
+ - ./grouper_ws/server.xml:/opt/tomee/conf/server.xml
+ - ./configs-and-secrets/grouper/shibboleth/sp-cert.pem:/etc/shibboleth/sp-cert.pem
+ - ./configs-and-secrets/grouper/shibboleth/sp-key.pem:/etc/shibboleth/sp-key.pem
+ - ./configs-and-secrets/grouper/httpd/host-cert.pem:/etc/pki/tls/certs/host-cert.pem
+ - ./configs-and-secrets/grouper/httpd/host-cert.pem:/etc/pki/tls/certs/cachain.pem
+ - ./configs-and-secrets/grouper/httpd/host-key.pem:/etc/pki/tls/private/host-key.pem
+
+ grouper_data_init:
+ image: i2incommon/grouper:4.12.0
+ command: >
+ bash -c "
+ if [ ! -e /var/lib/postgresql/data/initialized ] ; then
+ echo 'processing init...' ;
+ echo ' - - - - - -';
+ /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt &&
+ /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp-bin/initialize.gsh &&
+ /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp-bin/set-prov.gsh &&
+ touch /var/lib/postgresql/data/initialized ;
+ else echo 'init skipped....' ;
+ fi
+ "
+ depends_on:
+ grouper_data:
+ condition: service_healthy
+ networks:
+ - net
volumes:
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.properties
- target: /opt/grouper/conf/grouper.properties
- - type: bind
- source: ./configs-and-secrets/grouper/application/grouper.client.properties
- target: /opt/grouper/conf/grouper.client.properties
- - type: bind
- source: ./configs-and-secrets/grouper/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/grouper/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
+ - ./grouper_data_init/bootstrap:/tmp-bin
+ - ./grouper_data_init/conf/grouper.hibernate.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
+ - ./grouper_data_init/conf/grouper.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper.properties
+ - grouper_data:/var/lib/postgresql/data
grouper_data:
- build: ./grouper_data/
+ image: postgres:16-alpine
networks:
net:
aliases:
- grouper-data
- ports:
- - 3306:3306
+ environment:
+ - POSTGRES_HOST_AUTH_METHOD=trust
+ - POSTGRES_USER=postgres
+ - POSTGRES_PASSWORD=password
+ - PGDATA=/var/lib/postgresql/data/pgdata
healthcheck:
- test: curl -s grouper_data:3306
- interval: 30s
- timeout: 30s
- retries: 3
+ test: [ "CMD-SHELL", "pg_isready -d grouper -U grouper" ]
+ interval: 1s
+ timeout: 5s
+ retries: 10
volumes:
- - grouper_data:/var/lib/mysql
-
- directory:
- build: ./directory/
- ports:
- - 389:389
- networks:
- - net
- volumes:
- - ldap:/var/lib/dirsrv
+ - grouper_data:/var/lib/postgresql/data
+ - ./grouper_data_init/sql:/docker-entrypoint-initdb.d
sources:
build: ./sources/
@@ -172,126 +334,267 @@ services:
environment:
- CREATE_NEW_DATABASE=if_needed
- data_init:
- image: i2incommon/midpoint:${tag:-4.8.2}
- command: >
- bash -c "
- chmod 777 /opt/mp-pw/ ;
- touch /opt/mp-pw/db_init_in_progress ;
- echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ;
- echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ;
- /opt/midpoint/bin/midpoint.sh init-native
- "
- environment:
- - MP_INIT_DB_CONCAT=/opt/db-init/init.sql
- - MP_DB_PW=/opt/mp-pw/dbpassword
- - MP_PW_DEF=/opt/mp-pw/keystorepw
- volumes:
- - db_init:/opt/db-init
- - mp_pw:/opt/mp-pw
-
midpoint_data:
- image: postgres:13-alpine
- command: >
- bash -c "
- rm -f /var/lib/postgresql/data/postmaster.pid ;
- while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do
- echo 'Waiting to the end of the init process...';
- sleep 1;
- done ;
- {
- sleep 2 ;
- if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ;
- then echo 'DB init did not start...' ;
- rm -f /opt/mp-pw/db_ini*;
- echo 'The lock files has been removed...';
- fi ;
- } &
- docker-entrypoint.sh postgres
- "
- user: "70:70"
+ image: postgres:16-alpine
depends_on:
- - data_init
+ prereq:
+ condition: service_completed_successfully
environment:
- - POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword
+ - POSTGRES_PASSWORD_FILE=/mnt/shared_pw/db_pass
- POSTGRES_USER=midpoint
- POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
- ports:
- - 5432:5432
+ healthcheck:
+ test: [ "CMD-SHELL", "pg_isready -d midpoint -U midpoint" ]
+ interval: 1s
+ timeout: 5s
+ retries: 10
networks:
- net
volumes:
- midpoint_data:/var/lib/postgresql/data
- - db_init:/docker-entrypoint-initdb.d/
- - mp_pw:/opt/mp-pw
+ - shared_pw:/mnt/shared_pw
+
+ data_init:
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+ depends_on:
+ prereq:
+ condition: service_completed_successfully
+ midpoint_data:
+ condition: service_healthy
+ command: >
+ bash -c "
+ cd /opt/midpoint ;
+ bin/midpoint.sh init-native ;
+ echo ' - - - - - - ' ;
+ bin/ninja.sh -B info >/dev/null 2>/tmp/ninja.log ;
+ grep -q \"ERROR\" /tmp/ninja.log && (
+ bin/ninja.sh run-sql --create --mode REPOSITORY ;
+ bin/ninja.sh run-sql --create --mode AUDIT ;
+ tar -cC /opt/midpoint-init . | tar -xvC /opt/midpoint/var ;
+ ) ||
+ echo -e '\\n Repository init is not needed...' ;
+ if [ $$(keytool -list -keystore /opt/midpoint/var/keystore.jceks -storetype jceks -storepass:file /opt/midpoint/var/keystorepw | grep -c 'local_gen_cert') -eq 0 ] ;
+ then
+ keytool -importcert -keystore /opt/midpoint/var/keystore.jceks -storetype jceks -storepass:file /opt/midpoint/var/keystorepw -trustcacerts -alias 'local_gen_cert' -file /opt/midpoint/var/cert.pem -noprompt ;
+ else
+ echo 'Certificate exists in the cert store' ;
+ fi ;
+ "
+ environment:
+ - MP_SET_midpoint_repository_jdbcUsername=midpoint
+ - MP_SET_midpoint_repository_jdbcPassword_FILE=/mnt/shared_pw/db_pass
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+ - MP_SET_midpoint_repository_database=postgresql
+ - MP_INIT_CFG=/opt/midpoint/var
+ - MP_PW_DEF=/opt/midpoint/var/keystorepw
+ - MP_KEYSTORE=/opt/midpoint/var/keystore.jceks
+ networks:
+ - net
+ volumes:
+ - midpoint_home:/opt/midpoint/var
+ - shared_pw:/mnt/shared_pw
+ - ./midpoint_server:/opt/midpoint-init:ro
midpoint_server:
- build:
- context: ./midpoint_server/
- args:
- tag: ${tag:-4.8.2}
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+ container_name: midpoint_server
+ hostname: midpoint-container
depends_on:
- - data_init
- - midpoint_data
+ data_init:
+ condition: service_completed_successfully
+ idp_vol_init:
+ condition: service_completed_successfully
+ midpoint_data:
+ condition: service_healthy
+ command: [ "/opt/midpoint/bin/midpoint.sh", "container" ]
ports:
- - 8443:443
+ - 8080:8080
environment:
- - ENV
- - USERTOKEN
- - MP_SET_midpoint_administrator_initialPassword=Password1
- MP_SET_midpoint_repository_jdbcUsername=midpoint
- - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
+ - MP_SET_midpoint_repository_jdbcPassword_FILE=/mnt/shared_pw/db_pass
- MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
- - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw
- - MP_SET_server_tomcat_ajp_enabled=true
- - MP_SET_server_tomcat_ajp_port=9090
- - MP_SET_server_tomcat_ajp_secret=s3cr3t
- - MP_SET_logging_path=/tmp/logtomcat
+ - MP_SET_midpoint_repository_database=postgresql
+ - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/midpoint/var/keystorepw
+ - MP_SET_midpoint_administrator_initialPassword=Test5ecr3t
- MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
- MP_NO_ENV_COMPAT=1
- - MP_MEM_MAX
- - MP_MEM_INIT
- - MP_JAVA_OPTS
- - TIER_BEACON_OPT_OUT
- - TIMEZONE
networks:
net:
aliases:
- midpoint-server
- secrets:
- - mp_host-key.pem
- - mp_shibboleth_sp_keys.jks
volumes:
- midpoint_home:/opt/midpoint/var
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
- target: /etc/shibboleth/idp-metadata.xml
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
- - mp_pw:/opt/mp-pw
+ - shared_pw:/mnt/shared_pw
+
+ directory:
+ build: ./directory/
+ ports:
+ - 389:389
+ networks:
+ - net
+ healthcheck:
+ test: [ "CMD-SHELL", "cat > /dev/tcp/localhost/389" ]
+ interval: 30s
+ timeout: 5s
+ retries: 10
+ volumes:
+ - ldap:/var/lib/ldap
+
+ idp_vol_init:
+ image: tier/shib-idp:3.4.6_20191002
+ depends_on:
+ prereq:
+ condition: service_completed_successfully
+ ulimits:
+ nofile:
+ soft: 1024
+ hard: 2048
+ command: >
+ bash -c "
+ echo 'Updating configuration...' ;
+ if [ -e /mnt/shibboleth-diff/conf ] ;
+ then
+ cp -vu /mnt/shibboleth-diff/conf/* /opt/shibboleth-idp/conf ;
+ fi ;
+ if [ -e /mnt/shibboleth-diff/credentials ] ;
+ then
+ cp -vu /mnt/shibboleth-diff/credentials/* /opt/shibboleth-idp/credentials ;
+ fi ;
+ if [ -e /mnt/shibboleth-diff/metadata ] ;
+ then
+ cp -vu /mnt/shibboleth-diff/metadata/* /opt/shibboleth-idp/metadata ;
+ fi ;
+ echo ' - - - - - - -' ;
+ echo 'Updating idp-metadata.xml file...' ;
+ grep -n 'X509Certificate' /mnt/shibboleth-diff/metadata/idp-metadata.xml | sed \"s/\\([0-9]*\\).*/\\1/\" > /tmp/checkpoints ;
+ wc -l /mnt/shibboleth-diff/metadata/idp-metadata.xml | sed \"s/\\([0-9]*\\).*/\\1/\" >> /tmp/checkpoints ;
+ current_line=1 ;
+ id=0 ;
+ file_path=( - idp-backchannel.crt - idp-signing.crt - idp-encryption.crt - idp-backchannel.crt - idp-signing.crt - idp-encryption.crt - ) ;
+ rm /opt/shibboleth-idp/metadata/idp-metadata.xml ;
+ cat /tmp/checkpoints | while read line ; do
+ if [ \"$${file_path[$${id}]}\" == \"-\" ] ; then
+ sed -n \"$${current_line},$${line}p\" /mnt/shibboleth-diff/metadata/idp-metadata.xml >> /opt/shibboleth-idp/metadata/idp-metadata.xml ;
+ else
+ sed '1d;$$d' /opt/shibboleth-idp/credentials/$${file_path[$${id}]} >> /opt/shibboleth-idp/metadata/idp-metadata.xml ;
+ fi ;
+ current_line=$${line};
+ id=$$(( $${id} + 1 )) ;
+ done ;
+ cp -v /opt/shibboleth-idp/metadata/idp-metadata.xml /opt/midpoint/var/shibboleth/idp-metadata.xml ;
+ cp -v /opt/shibboleth-idp/metadata/idp-metadata.xml /opt/grouper/idp-metadata.xml ;
+ chown --reference=/opt/grouper /opt/grouper/idp-metadata.xml ;
+ echo ' - - - - - - -' ;
+ echo 'Updating midpoint-sp.xml...';
+ grep -n 'X509Certificate' /mnt/shibboleth-diff/metadata/midpoint-sp.xml | sed \"s/\\([0-9]*\\).*/\\1/\" > /tmp/checkpoints ;
+ wc -l /mnt/shibboleth-diff/metadata/midpoint-sp.xml | sed \"s/\\([0-9]*\\).*/\\1/\" >> /tmp/checkpoints ;
+ current_line=1 ;
+ id=0 ;
+ file_path=( - sp-signing-cert.pem - ) ;
+ rm /opt/shibboleth-idp/metadata/midpoint-sp.xml ;
+ cat /tmp/checkpoints | while read line ; do
+ if [ \"$${file_path[$${id}]}\" == \"-\" ] ; then
+ sed -n \"$${current_line},$${line}p\" /mnt/shibboleth-diff/metadata/midpoint-sp.xml >> /opt/shibboleth-idp/metadata/midpoint-sp.xml ;
+ else
+ sed '1d;$$d' /opt/shibboleth-idp/credentials/$${file_path[$${id}]} >> /opt/shibboleth-idp/metadata/midpoint-sp.xml ;
+ fi ;
+ current_line=$${line};
+ id=$$(( $${id} + 1 )) ;
+ done ;
+ sed -i \"s/\\([[:space:]]\\).*$$/\\1/g;s/^[[:space:]]\\(\\).*$$/\\1/g\" /opt/shibboleth-idp/metadata/midpoint-sp.xml ;
+ echo ' - - - - - - -' ;
+ echo 'Updating grouper-sp.xml...';
+ grep -n 'X509Certificate' /mnt/shibboleth-diff/metadata/grouper-sp.xml | sed \"s/\\([0-9]*\\).*/\\1/\" > /tmp/checkpoints ;
+ wc -l /mnt/shibboleth-diff/metadata/grouper-sp.xml | sed \"s/\\([0-9]*\\).*/\\1/\" >> /tmp/checkpoints ;
+ current_line=1 ;
+ id=0 ;
+ file_path=( - sp-cert.pem - sp-cert.pem - ) ;
+ rm /opt/shibboleth-idp/metadata/grouper-sp.xml ;
+ cat /tmp/checkpoints | while read line ; do
+ if [ \"$${file_path[$${id}]}\" == \"-\" ] ; then
+ sed -n \"$${current_line},$${line}p\" /mnt/shibboleth-diff/metadata/grouper-sp.xml >> /opt/shibboleth-idp/metadata/grouper-sp.xml ;
+ else
+ sed '1d;$$d' /opt/shibboleth-idp/credentials/$${file_path[$${id}]} >> /opt/shibboleth-idp/metadata/grouper-sp.xml ;
+ fi ;
+ current_line=$${line};
+ id=$$(( $${id} + 1 )) ;
+ done ;
+ sed -i \"s/\\([[:space:]]\\).*$$/\\1/g;s/^[[:space:]]\\(\\).*$$/\\1/g\" /opt/shibboleth-idp/metadata/grouper-sp.xml ;
+ echo ' - - - - - - -' ;
+ echo 'Generating sealer key...' ;
+ rm /opt/shibboleth-idp/credentials/sealer.* ;
+ /opt/shibboleth-idp/bin/rotateSealerKey.sh ;
+ echo ' - - - - - - -' ;
+ echo 'DONE.' ;
+ "
+ volumes:
+ - idp_conf:/opt/shibboleth-idp/conf
+ - idp_credentials:/opt/shibboleth-idp/credentials
+ - idp_metadata:/opt/shibboleth-idp/metadata
+ - ./shibboleth-idp:/mnt/shibboleth-diff:ro
+ - midpoint_home:/opt/midpoint/var
+ - ./configs-and-secrets/grouper/shibboleth:/opt/grouper
- idp:
- build: ./idp/
+ idp:
+ image: tier/shib-idp:3.4.6_20191002
depends_on:
- - directory
+ directory:
+ condition: service_started
+ idp_vol_init:
+ condition: service_completed_successfully
+ ulimits:
+ nofile:
+ soft: 1024
+ hard: 2048
environment:
- JETTY_MAX_HEAP=64m
- JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
- JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
networks:
- net
+ volumes:
+ - idp_conf:/opt/shibboleth-idp/conf
+ - idp_credentials:/opt/shibboleth-idp/credentials
+ - idp_metadata:/opt/shibboleth-idp/metadata
+ - idp_certs:/opt/certs
+
+ beacon:
+ build: ./beacon/
+ networks:
+ - net
+ environment:
+ - TIER_RELEASE=not-released-yet
+ - TIER_MAINTAINER=tier
+ - MP_VERSION=4.8
+ - TIER_BEACON_OPT_OUT=true
+
+ proxy:
+ image: nginx:stable
+ depends_on:
+ prereq:
+ condition: service_completed_successfully
+ midpoint_server:
+ condition: service_started
+ idp:
+ condition: service_started
ports:
+ - 8180:80
- 443:443
+ networks:
+ - net
+ volumes:
+ - proxy_conf:/etc/nginx/conf.d
+ - proxy_cert:/etc/nginx/certs
mq:
build: ./mq/
environment:
- RABBITMQ_NODENAME=docker-rabbit
hostname: rabbitmq
+ ulimits:
+ nofile:
+ soft: 1024
+ hard: 2048
networks:
- net
ports:
@@ -300,39 +603,36 @@ services:
- mq:/var/lib/rabbitmq
networks:
- net:
+ net:
driver: bridge
secrets:
# grouper
- g_host-key.pem:
- file: ./configs-and-secrets/grouper/httpd/host-key.pem
- g_sp-key.pem:
- file: ./configs-and-secrets/grouper/shibboleth/sp-key.pem
+# g_host-key.pem:
+# file: ./configs-and-secrets/grouper/httpd/host-key.pem
+# g_sp-key.pem:
+# file: ./configs-and-secrets/grouper/shibboleth/sp-key.pem
g_database_password.txt:
file: ./configs-and-secrets/grouper/application/database_password.txt
- rabbitmq_password.txt:
- file: ./configs-and-secrets/grouper/application/rabbitmq_password.txt
- grouper.hibernate.properties:
- file: ./configs-and-secrets/grouper/application/grouper.hibernate.properties
- grouper-loader.properties:
- file: ./configs-and-secrets/grouper/application/grouper-loader.properties
- subject.properties:
- file: ./configs-and-secrets/grouper/application/subject.properties
-# midPoint
- mp_host-key.pem:
- file: ./configs-and-secrets/midpoint/httpd/host-key.pem
- mp_shibboleth_sp_keys.jks:
- file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
-
+# rabbitmq_password.txt:
+# file: ./configs-and-secrets/grouper/application/rabbitmq_password.txt
+
volumes:
+ security_object:
+ midpoint_data:
+ midpoint_home:
+ idp_conf:
+ idp_credentials:
+ idp_metadata:
+ idp_certs:
+ proxy_conf:
+ proxy_cert:
+ ldap:
+ shared_pw:
grouper_data:
source_data:
source_mysql:
target_data:
- ldap:
- db_init:
- mp_pw:
- midpoint_data:
- midpoint_home:
mq:
+ grouper-external_data:
+
diff --git a/demo/grouper/get-import-sis-persons-status.sh b/demo/grouper/get-import-sis-persons-status.sh
deleted file mode 100755
index 26d3fcd..0000000
--- a/demo/grouper/get-import-sis-persons-status.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-source ../../library.bash
-
-get_task_execution_status "Import from SIS persons"
diff --git a/demo/grouper/grouper_daemon/Dockerfile b/demo/grouper/grouper_daemon/Dockerfile
deleted file mode 100644
index b1ade52..0000000
--- a/demo/grouper/grouper_daemon/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
-FROM tier/grouper:2.4.0-a47-u25-w5-p6-20190611
-
-LABEL author="tier-packaging@internet2.edu "
-
-# Update this Shib yum repo
-COPY container_files/shibboleth/shibboleth.repo /etc/yum.repos.d/
-
-COPY container_files/tmp/* /tmp/
-COPY container_files/usr-local-bin/* /usr/local/bin/
diff --git a/demo/grouper/grouper_daemon/container_files/shibboleth/shibboleth.repo b/demo/grouper/grouper_daemon/container_files/shibboleth/shibboleth.repo
deleted file mode 100644
index dabe005..0000000
--- a/demo/grouper/grouper_daemon/container_files/shibboleth/shibboleth.repo
+++ /dev/null
@@ -1,9 +0,0 @@
-[shibboleth]
-name=Shibboleth (CentOS_7)
-# Please report any problems to https://shibboleth.atlassian.net/jira
-type=rpm-md
-mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
-gpgcheck=1
-gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
- https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
-enabled=1
diff --git a/demo/grouper/grouper_daemon/container_files/tmp/initialize.gsh b/demo/grouper/grouper_daemon/container_files/tmp/initialize.gsh
deleted file mode 100644
index 67ebc1a..0000000
--- a/demo/grouper/grouper_daemon/container_files/tmp/initialize.gsh
+++ /dev/null
@@ -1,33 +0,0 @@
-System.out.println("************** initialize.gsh starting...")
-
-gs = GrouperSession.startRootSession()
-
-addStem("", "app", "app")
-addStem("", "basis", "basis")
-addStem("", "bundle", "bundle")
-addStem("", "org", "org")
-addStem("", "test", "test")
-
-addRootStem("ref", "ref")
-addStem("ref", "course", "course")
-addStem("ref", "affiliation", "affiliation")
-
-group = GroupFinder.findByName(gs, "etc:sysadmingroup", true)
-group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign()
-attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true)
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?")
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_SIMPLE")
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=sysadmingroup)")
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=midpoint,ou=Groups")
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo")
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap")
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), '${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}')
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uniqueMember")
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId")
-
-chess = new GroupSave(gs).assignName("app:mailinglist:chess").assignCreateParentStemsIfNotExist(true).save()
-idmfans = new GroupSave(gs).assignName("app:mailinglist:idm-fans").assignCreateParentStemsIfNotExist(true).save()
-cs = new GroupSave(gs).assignName("app:cs").assignCreateParentStemsIfNotExist(true).save()
-volunteers = new GroupSave(gs).assignName("test:volunteers").assignCreateParentStemsIfNotExist(true).save()
-
-System.out.println("************** initialize.gsh done.")
diff --git a/demo/grouper/grouper_daemon/container_files/usr-local-bin/startup.sh b/demo/grouper/grouper_daemon/container_files/usr-local-bin/startup.sh
deleted file mode 100755
index 5f2a302..0000000
--- a/demo/grouper/grouper_daemon/container_files/usr-local-bin/startup.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-if [[ -e /tmp/initialize.gsh ]]
-then
- echo Executing /tmp/initialize.gsh on the first start
- /opt/grouper/grouper.apiBinary/bin/gsh /tmp/initialize.gsh
- rm /tmp/initialize.gsh
-else
- echo Skipping execution of /tmp/initialize.gsh as it is not present
-fi
-
-daemon
diff --git a/demo/grouper/grouper_data/Dockerfile b/demo/grouper/grouper_data/Dockerfile
deleted file mode 100644
index 9026486..0000000
--- a/demo/grouper/grouper_data/Dockerfile
+++ /dev/null
@@ -1,41 +0,0 @@
-FROM tier/grouper:2.4.0-a47-u25-w5-p6-20190611
-
-LABEL author="tier-packaging@internet2.edu "
-
-# Update this Shib yum repo
-COPY container_files/shibboleth/shibboleth.repo /etc/yum.repos.d/
-
-RUN yum-config-manager --save --setopt=security_shibboleth.skip_if_unavailable=true \
- && yum install -y epel-release \
- && yum update -y \
- && yum install -y mariadb-server mariadb \
- && yum clean all \
- && rm -rf /var/cache/yum
-
-COPY container_files/conf/ /opt/grouper/grouper.apiBinary/conf/
-COPY container_files/mysql/max_connections.cnf /etc/my.cnf.d/max_connections.cnf
-
-RUN ln -s /usr/bin/resolveip /usr/libexec/resolveip
-
-RUN mysql_install_db \
- && chown -R mysql:mysql /var/lib/mysql/ \
- && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \
- && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \
- && sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \
- && sed -i 's/\[mysqld\]/\[mysqld\]\ncollation_server = utf8_general_ci/' /etc/my.cnf \
- && sed -i 's/\[mysqld\]/\[mysqld\]\nport = 3306/' /etc/my.cnf \
- && cat /etc/my.cnf \
- && echo "/usr/bin/mysqld_safe &" > /tmp/config \
- && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \
- && echo "mysql -e 'GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION;'" >> /tmp/config \
- && echo "mysql -e 'CREATE DATABASE grouper CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \
- && bash /tmp/config \
- && rm -f /tmp/config
-
-RUN (mysqld_safe & ) \
- && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 1; done; \
- bin/gsh -registry -check -runscript -noprompt
-
-EXPOSE 3306
-
-CMD mysqld_safe
diff --git a/demo/grouper/grouper_data/container_files/mysql/max_connections.cnf b/demo/grouper/grouper_data/container_files/mysql/max_connections.cnf
deleted file mode 100644
index 41002ed..0000000
--- a/demo/grouper/grouper_data/container_files/mysql/max_connections.cnf
+++ /dev/null
@@ -1,2 +0,0 @@
-[mysqld]
-max_connections=5000
diff --git a/demo/grouper/grouper_data/container_files/shibboleth/shibboleth.repo b/demo/grouper/grouper_data/container_files/shibboleth/shibboleth.repo
deleted file mode 100644
index dabe005..0000000
--- a/demo/grouper/grouper_data/container_files/shibboleth/shibboleth.repo
+++ /dev/null
@@ -1,9 +0,0 @@
-[shibboleth]
-name=Shibboleth (CentOS_7)
-# Please report any problems to https://shibboleth.atlassian.net/jira
-type=rpm-md
-mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
-gpgcheck=1
-gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
- https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
-enabled=1
diff --git a/demo/grouper/grouper_data_init/bootstrap/initialize.gsh b/demo/grouper/grouper_data_init/bootstrap/initialize.gsh
new file mode 100644
index 0000000..eacf873
--- /dev/null
+++ b/demo/grouper/grouper_data_init/bootstrap/initialize.gsh
@@ -0,0 +1,98 @@
+System.out.println("************** initialize.gsh starting...")
+
+gs = GrouperSession.startRootSession()
+
+addStem("", "app", "app")
+addStem("", "basis", "basis")
+addStem("", "bundle", "bundle")
+addStem("", "org", "org")
+addStem("", "test", "test")
+
+addRootStem("ref", "ref")
+addStem("ref", "course", "Course")
+addStem("ref", "dept", "Department")
+addStem("ref", "affiliation", "Affiliation")
+
+new GroupSave().assignName("ref:affiliation:alum").assignDisplayName("Alumni").assignCreateParentStemsIfNotExist(true).save();
+new GroupSave().assignName("ref:affiliation:community").assignDisplayName("Community").assignCreateParentStemsIfNotExist(true).save();
+new GroupSave().assignName("ref:affiliation:faculty").assignDisplayName("Faculty").assignCreateParentStemsIfNotExist(true).save();
+new GroupSave().assignName("ref:affiliation:member").assignDisplayName("Member").assignCreateParentStemsIfNotExist(true).save();
+new GroupSave().assignName("ref:affiliation:staff").assignDisplayName("Staff").assignCreateParentStemsIfNotExist(true).save();
+new GroupSave().assignName("ref:affiliation:student").assignDisplayName("Student").assignCreateParentStemsIfNotExist(true).save();
+
+group = GroupFinder.findByName(gs, "etc:sysadmingroup", true)
+group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign()
+attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true)
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?")
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_SIMPLE")
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=sysadmingroup)")
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=midpoint,ou=Groups")
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo")
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSourceIdName(), "ldap")
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), '${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}')
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "uniqueMember")
+attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId")
+
+admins = new GroupSave(gs).assignName("app:wordpress:admins").assignCreateParentStemsIfNotExist(true).save()
+editors = new GroupSave(gs).assignName("app:wordpress:editors").assignCreateParentStemsIfNotExist(true).save()
+chess = new GroupSave(gs).assignName("app:mailinglist:chess").assignCreateParentStemsIfNotExist(true).save()
+idmfans = new GroupSave(gs).assignName("app:mailinglist:idm-fans").assignCreateParentStemsIfNotExist(true).save()
+cs = new GroupSave(gs).assignName("app:cs").assignCreateParentStemsIfNotExist(true).save()
+volunteers = new GroupSave(gs).assignName("test:volunteers").assignCreateParentStemsIfNotExist(true).save()
+
+
+group = new GroupSave(gs).assignName("etc:affiliationLoader").assignCreateParentStemsIfNotExist(true).save()
+group.addType(GroupTypeFinder.find("grouperLoader"))
+group.setAttribute("grouperLoaderDbName", "sis")
+group.setAttribute("grouperLoaderType", "SQL_GROUP_LIST")
+group.setAttribute("grouperLoaderScheduleType", "CRON")
+group.setAttribute("grouperLoaderQuartzCron", "0 * * * * ?")
+group.setAttribute("grouperLoaderDbName", "sis")
+group.setAttribute("grouperLoaderGroupTypes", "addIncludeExclude")
+group.setAttribute("grouperLoaderQuery", "SELECT concat('ref:affiliation:',affiliation,'_systemOfRecord') as GROUP_NAME, uid as SUBJECT_IDENTIFIER, 'ldap' as SUBJECT_SOURCE_ID from SIS_AFFILIATIONS")
+
+group = new GroupSave(gs).assignName("etc:deptLoader").assignCreateParentStemsIfNotExist(true).save()
+group.addType(GroupTypeFinder.find("grouperLoader"))
+group.setAttribute("grouperLoaderDbName", "sis")
+group.setAttribute("grouperLoaderType", "SQL_GROUP_LIST")
+group.setAttribute("grouperLoaderScheduleType", "CRON")
+group.setAttribute("grouperLoaderQuartzCron", "0 * * * * ?")
+group.setAttribute("grouperLoaderDbName", "sis")
+group.setAttribute("grouperLoaderQuery", "SELECT concat('ref:dept:',department) as GROUP_NAME, uid as SUBJECT_IDENTIFIER, 'ldap' as SUBJECT_SOURCE_ID from SIS_PERSONS where department is not null")
+
+group = new GroupSave(gs).assignName("etc:coursesLoader").assignCreateParentStemsIfNotExist(true).save()
+group.addType(GroupTypeFinder.find("grouperLoader"))
+group.setAttribute("grouperLoaderDbName", "sis")
+group.setAttribute("grouperLoaderType", "SQL_GROUP_LIST")
+group.setAttribute("grouperLoaderScheduleType", "CRON")
+group.setAttribute("grouperLoaderQuartzCron", "0 * * * * ?")
+group.setAttribute("grouperLoaderDbName", "sis")
+group.setAttribute("grouperLoaderQuery", "SELECT concat('ref:course:',courseId) as GROUP_NAME, uid as SUBJECT_IDENTIFIER, 'ldap' as SUBJECT_SOURCE_ID from SIS_COURSES")
+
+edu.internet2.middleware.grouper.app.loader.GrouperLoaderType.scheduleLoads()
+
+
+
+def addGroups(gs,stem,owner,regexp) {
+ for (group in stem.childGroups) {
+ if (!group.name.endsWith('_includes') &&
+ !group.name.endsWith('_excludes') &&
+ !group.name.endsWith('_systemOfRecord') &&
+ !group.name.endsWith('_systemOfRecordAndIncludes') &&
+ (regexp == null || group.extension ==~ regexp)) {
+ println 'Adding: ' + group
+ def s = SubjectFinder.findById(group.getId(), 'group', 'g:gsa')
+ owner.addMember(s, false)
+ } else {
+ println 'Ignoring: ' + group
+ }
+ }
+}
+
+def cs = GroupFinder.findByName(gs, "app:cs", true)
+
+gs = GrouperSession.startRootSession()
+addGroups(gs, StemFinder.findByName(gs, 'ref:course'), cs, /CS.*/)
+
+System.out.println("************** initialize.gsh done.")
+
diff --git a/demo/grouper/grouper_data_init/bootstrap/set-prov.gsh b/demo/grouper/grouper_data_init/bootstrap/set-prov.gsh
new file mode 100644
index 0000000..e142afe
--- /dev/null
+++ b/demo/grouper/grouper_data_init/bootstrap/set-prov.gsh
@@ -0,0 +1,52 @@
+
+provisioner_name="midPoint";
+GrouperSession grouperSession = GrouperSession.startRootSession();
+
+def setProvOnStem(grouperSession,provisioner_name,folder_name) {
+ AttributeAssign attributeAssignMarker = null;
+ attributeAssignMarker = new AttributeAssignSave(grouperSession).assignOwnerStemName(folder_name).assignNameOfAttributeDefName("etc:provisioning:provisioningMarker").save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningDirectAssign").addValue("true").save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningDoProvision").addValue(provisioner_name).save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningStemScope").addValue("sub").save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningTarget").addValue(provisioner_name).save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningMetadataJson").addValue("{\"destination\":\"midpoint\",\"actor\":\"initial load\"}").save();
+
+}
+
+def setProvOnGroup(grouperSession,provisioner_name,group_name) {
+ AttributeAssign attributeAssignMarker = null;
+ attributeAssignMarker = new AttributeAssignSave(grouperSession).assignOwnerGroupName(group_name).assignNameOfAttributeDefName("etc:provisioning:provisioningMarker").save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningDirectAssign").addValue("true").save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningDoProvision").addValue(provisioner_name).save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningStemScope").addValue("sub").save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningTarget").addValue(provisioner_name).save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningMetadataJson").addValue("{\"destination\":\"midpoint\",\"actor\":\"initial load\"}").save();
+
+}
+
+def setProvOnGroupWithMailListAttr(grouperSession,provisioner_name,group_name,email_list_name) {
+ AttributeAssign attributeAssignMarker = null;
+ attributeAssignMarker = new AttributeAssignSave(grouperSession).assignOwnerGroupName(group_name).assignNameOfAttributeDefName("etc:provisioning:provisioningMarker").save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningDirectAssign").addValue("true").save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningDoProvision").addValue(provisioner_name).save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningStemScope").addValue("sub").save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningTarget").addValue(provisioner_name).save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningMetadataJson").addValue("{\"destination\":\"midpoint\",\"actor\":\"initial load\"}").save();
+ new AttributeAssignSave(grouperSession).assignOwnerAttributeAssign(attributeAssignMarker).assignNameOfAttributeDefName("etc:provisioning:provisioningMetadataJson").addValue("{\"md_grouper_emailListName\":\"" + email_list_name + "\"}").save();
+
+}
+
+
+setProvOnStem(grouperSession,provisioner_name,"app")
+setProvOnGroupWithMailListAttr(grouperSession,provisioner_name,"app:mailinglist:chess","chessclub@example.edu")
+setProvOnGroupWithMailListAttr(grouperSession,provisioner_name,"app:mailinglist:idm-fans","idmfans@example.edu")
+setProvOnStem(grouperSession,provisioner_name,"test")
+setProvOnStem(grouperSession,provisioner_name,"ref:dept")
+setProvOnStem(grouperSession,provisioner_name,"ref:course")
+setProvOnGroup(grouperSession,provisioner_name,"ref:affiliation:alum")
+setProvOnGroup(grouperSession,provisioner_name,"ref:affiliation:community")
+setProvOnGroup(grouperSession,provisioner_name,"ref:affiliation:faculty")
+setProvOnGroup(grouperSession,provisioner_name,"ref:affiliation:member")
+setProvOnGroup(grouperSession,provisioner_name,"ref:affiliation:staff")
+setProvOnGroup(grouperSession,provisioner_name,"ref:affiliation:student")
+
diff --git a/demo/grouper/grouper_data/container_files/conf/grouper.hibernate.properties b/demo/grouper/grouper_data_init/conf/grouper.hibernate.properties
similarity index 85%
rename from demo/grouper/grouper_data/container_files/conf/grouper.hibernate.properties
rename to demo/grouper/grouper_data_init/conf/grouper.hibernate.properties
index 154b8eb..bfac95a 100644
--- a/demo/grouper/grouper_data/container_files/conf/grouper.hibernate.properties
+++ b/demo/grouper/grouper_data_init/conf/grouper.hibernate.properties
@@ -20,10 +20,13 @@
# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
# e.g. postgres: jdbc:postgresql://localhost:5432/database
# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper
-hibernate.connection.url = jdbc:mysql://localhost:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
+hibernate.connection.url = jdbc:postgresql://grouper_data:5432/grouper
-hibernate.connection.username = root
+hibernate.connection.username = grouper
# If you are using an empty password, depending upon your version of
# Java and Ant you may need to specify a password of "".
# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password =
+hibernate.connection.password = password
+registry.auto.ddl.upToVersion = 4.*.*
+hibernate.c3p0.max_size = 200
+
diff --git a/demo/grouper/grouper_data/container_files/conf/grouper.properties b/demo/grouper/grouper_data_init/conf/grouper.properties
similarity index 100%
rename from demo/grouper/grouper_data/container_files/conf/grouper.properties
rename to demo/grouper/grouper_data_init/conf/grouper.properties
diff --git a/demo/grouper/grouper_data_init/sql/010_createSQLuser.sql b/demo/grouper/grouper_data_init/sql/010_createSQLuser.sql
new file mode 100644
index 0000000..9e6bd40
--- /dev/null
+++ b/demo/grouper/grouper_data_init/sql/010_createSQLuser.sql
@@ -0,0 +1,6 @@
+ALTER system SET max_connections=250;
+ALTER system SET shared_buffers='180MB';
+CREATE USER grouper PASSWORD 'password';
+CREATE DATABASE grouper;
+GRANT ALL PRIVILEGES ON DATABASE grouper TO grouper;
+ALTER DATABASE grouper OWNER TO grouper;
diff --git a/demo/grouper/grouper_data_init/sql/015_createDBforMP.sql b/demo/grouper/grouper_data_init/sql/015_createDBforMP.sql
new file mode 100644
index 0000000..471d523
--- /dev/null
+++ b/demo/grouper/grouper_data_init/sql/015_createDBforMP.sql
@@ -0,0 +1,3 @@
+CREATE DATABASE grouper_to_midpoint;
+GRANT ALL PRIVILEGES ON DATABASE grouper_to_midpoint TO grouper;
+ALTER DATABASE grouper_to_midpoint OWNER TO grouper;
diff --git a/demo/grouper/grouper_data_init/sql/020_createDBforMP.sh b/demo/grouper/grouper_data_init/sql/020_createDBforMP.sh
new file mode 100644
index 0000000..db8403b
--- /dev/null
+++ b/demo/grouper/grouper_data_init/sql/020_createDBforMP.sh
@@ -0,0 +1,97 @@
+#!/bin/bash
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "grouper" --dbname "grouper_to_midpoint" <<-EOSQL
+CREATE TABLE gr_mp_groups (
+ group_name varchar(1024) NULL, -- Name of group mapped in some way
+ id_index int8 NOT NULL, -- This is the integer identifier for a group and foreign key to group attributes and memberships
+ display_name varchar(1024) NULL, -- Display name of group mapped in some way
+ description varchar(1024) NULL, -- Description of group mapped in some way
+ last_modified int8 NOT NULL, -- Millis since 1970, will be sequential and unique
+ deleted varchar(1) NOT NULL, -- T or F. Deleted rows will be removed after they have had time to be processed
+ CONSTRAINT gr_mp_groups_pkey PRIMARY KEY (id_index)
+);
+CREATE INDEX gr_mp_groups_ddx ON gr_mp_groups(display_name);
+CREATE INDEX gr_mp_groups_gdx ON gr_mp_groups(group_name);
+CREATE UNIQUE INDEX gr_mp_groups_idx ON gr_mp_groups(id_index);
+CREATE UNIQUE INDEX gr_mp_groups_ldx ON gr_mp_groups(last_modified);
+COMMENT ON TABLE gr_mp_groups IS 'This table holds groups';
+
+COMMENT ON COLUMN gr_mp_groups.group_name IS 'Name of group mapped in some way';
+COMMENT ON COLUMN gr_mp_groups.id_index IS 'This is the integer identifier for a group and foreign key to group attributes and memberships';
+COMMENT ON COLUMN gr_mp_groups.display_name IS 'Display name of group mapped in some way';
+COMMENT ON COLUMN gr_mp_groups.description IS 'Description of group mapped in some way';
+COMMENT ON COLUMN gr_mp_groups.last_modified IS 'Millis since 1970, will be sequential and unique';
+COMMENT ON COLUMN gr_mp_groups.deleted IS 'T or F. Deleted rows will be removed after they have had time to be processed';
+
+CREATE TABLE gr_mp_subjects (
+ subject_id_index int8 NOT NULL, -- This is the integer identifier for a subject and foreign key to subject attributes and memberships
+ subject_id varchar(1024) NULL, -- Subject ID mapped in some way
+ last_modified int8 NOT NULL, -- Millis since 1970, will be sequential and unique
+ deleted varchar(1) NOT NULL, -- T or F. Deleted rows will be removed after they have had time to be processed
+ CONSTRAINT gr_mp_subjects_pkey PRIMARY KEY (subject_id_index)
+);
+CREATE UNIQUE INDEX gr_mp_subjects_idx ON gr_mp_subjects(subject_id_index);
+CREATE UNIQUE INDEX gr_mp_subjects_ldx ON gr_mp_subjects(last_modified);
+CREATE INDEX gr_mp_subjects_sdx ON gr_mp_subjects(subject_id);
+COMMENT ON TABLE gr_mp_subjects IS 'This table holds subjects';
+
+COMMENT ON COLUMN gr_mp_subjects.subject_id_index IS 'This is the integer identifier for a subject and foreign key to subject attributes and memberships';
+COMMENT ON COLUMN gr_mp_subjects.subject_id IS 'Subject ID mapped in some way';
+COMMENT ON COLUMN gr_mp_subjects.last_modified IS 'Millis since 1970, will be sequential and unique';
+COMMENT ON COLUMN gr_mp_subjects.deleted IS 'T or F. Deleted rows will be removed after they have had time to be processed';
+
+CREATE TABLE gr_mp_group_attributes (
+ group_id_index int8 NOT NULL, -- This is the integer identifier for a group and foreign key to groups and memberships
+ attribute_name varchar(1000) NOT NULL, -- Attribute name for attributes not in the main group table
+ attribute_value varchar(4000) NULL, -- Attribute value could be null
+ last_modified int8 NOT NULL, -- Millis since 1970, will be sequential and unique
+ deleted varchar(1) NOT NULL, -- T or F. Deleted rows will be removed after they have had time to be processed
+ CONSTRAINT gr_mp_group_attributes_fk FOREIGN KEY (group_id_index) REFERENCES gr_mp_groups(id_index) ON DELETE CASCADE
+ );
+CREATE UNIQUE INDEX gr_mp_group_attributes_idx ON gr_mp_group_attributes(group_id_index, attribute_name, attribute_value);
+CREATE UNIQUE INDEX gr_mp_group_attributes_ldx ON gr_mp_group_attributes(last_modified);
+COMMENT ON TABLE gr_mp_group_attributes IS 'This table holds group attributes which are one to one or one to many to the groups table';
+
+COMMENT ON COLUMN gr_mp_group_attributes.group_id_index IS 'This is the integer identifier for a group and foreign key to groups and memberships';
+COMMENT ON COLUMN gr_mp_group_attributes.attribute_name IS 'Attribute name for attributes not in the main group table';
+COMMENT ON COLUMN gr_mp_group_attributes.attribute_value IS 'Attribute value could be null';
+COMMENT ON COLUMN gr_mp_group_attributes.last_modified IS 'Millis since 1970, will be sequential and unique';
+COMMENT ON COLUMN gr_mp_group_attributes.deleted IS 'T or F. Deleted rows will be removed after they have had time to be processed';
+
+CREATE TABLE gr_mp_memberships (
+ group_id_index int8 NOT NULL, -- This is the foreign key to groups
+ subject_id_index int8 NOT NULL, -- This is the foreign key to subjects
+ last_modified int8 NOT NULL, -- Millis since 1970, will be sequential and unique
+ deleted varchar(1) NOT NULL, -- T or F. Deleted rows will be removed after they have had time to be processed
+ CONSTRAINT gr_mp_memberships_gfk FOREIGN KEY (group_id_index) REFERENCES gr_mp_groups(id_index) ON DELETE CASCADE,
+ CONSTRAINT gr_mp_memberships_sfk FOREIGN KEY (subject_id_index) REFERENCES gr_mp_subjects(subject_id_index) ON DELETE CASCADE
+ );
+CREATE UNIQUE INDEX gr_mp_memberships_idx ON gr_mp_memberships(group_id_index, subject_id_index);
+CREATE UNIQUE INDEX gr_mp_memberships_ldx ON gr_mp_memberships(last_modified);
+COMMENT ON TABLE gr_mp_memberships IS 'This table holds memberships. The primary key is group_id_index and subject_id_index';
+
+COMMENT ON COLUMN gr_mp_memberships.group_id_index IS 'This is the foreign key to groups';
+COMMENT ON COLUMN gr_mp_memberships.subject_id_index IS 'This is the foreign key to subjects';
+COMMENT ON COLUMN gr_mp_memberships.last_modified IS 'Millis since 1970, will be sequential and unique';
+COMMENT ON COLUMN gr_mp_memberships.deleted IS 'T or F. Deleted rows will be removed after they have had time to be processed';
+
+CREATE TABLE gr_mp_subject_attributes (
+ subject_id_index int8 NOT NULL, -- This is the integer identifier and foreign key to subjects
+ attribute_name varchar(1000) NOT NULL, -- Attribute name for attributes not in the main subject table
+ attribute_value varchar(4000) NULL, -- Attribute value could be null
+ last_modified int8 NOT NULL, -- Millis since 1970, will be sequential and unique
+ deleted varchar(1) NOT NULL, -- T or F. Deleted rows will be removed after they have had time to be processed
+ CONSTRAINT gr_mp_subject_attributes_fk FOREIGN KEY (subject_id_index) REFERENCES gr_mp_subjects(subject_id_index) ON DELETE CASCADE
+ );
+CREATE UNIQUE INDEX gr_mp_subject_attributes_idx ON gr_mp_subject_attributes(subject_id_index, attribute_name, attribute_value);
+CREATE UNIQUE INDEX gr_mp_subject_attributes_ldx ON gr_mp_subject_attributes(last_modified);
+COMMENT ON TABLE gr_mp_subject_attributes IS 'This table holds subject attributes which are one to one or one to many to the subjects table';
+
+COMMENT ON COLUMN gr_mp_subject_attributes.subject_id_index IS 'This is the integer identifier and foreign key to subjects';
+COMMENT ON COLUMN gr_mp_subject_attributes.attribute_name IS 'Attribute name for attributes not in the main subject table';
+COMMENT ON COLUMN gr_mp_subject_attributes.attribute_value IS 'Attribute value could be null';
+COMMENT ON COLUMN gr_mp_subject_attributes.last_modified IS 'Millis since 1970, will be sequential and unique';
+COMMENT ON COLUMN gr_mp_subject_attributes.deleted IS 'T or F. Deleted rows will be removed after they have had time to be processed';
+
+EOSQL
diff --git a/demo/grouper/grouper_ui/Dockerfile b/demo/grouper/grouper_ui/Dockerfile
deleted file mode 100644
index fd4675c..0000000
--- a/demo/grouper/grouper_ui/Dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-FROM tier/grouper:2.4.0-a47-u25-w5-p6-20190611
-
-LABEL author="tier-packaging@internet2.edu "
-
-# Update this Shib yum repo
-COPY container_files/shibboleth/shibboleth.repo /etc/yum.repos.d/
-
-#COPY in custom css, images, etc
-
-CMD ["ui"]
diff --git a/demo/grouper/grouper_ui/container_files/shibboleth/shibboleth.repo b/demo/grouper/grouper_ui/container_files/shibboleth/shibboleth.repo
deleted file mode 100644
index dabe005..0000000
--- a/demo/grouper/grouper_ui/container_files/shibboleth/shibboleth.repo
+++ /dev/null
@@ -1,9 +0,0 @@
-[shibboleth]
-name=Shibboleth (CentOS_7)
-# Please report any problems to https://shibboleth.atlassian.net/jira
-type=rpm-md
-mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
-gpgcheck=1
-gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
- https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
-enabled=1
diff --git a/demo/grouper/grouper_ui/container_files/shibboleth/shibd.logger b/demo/grouper/grouper_ui/container_files/shibboleth/shibd.logger
deleted file mode 100644
index 2589b43..0000000
--- a/demo/grouper/grouper_ui/container_files/shibboleth/shibd.logger
+++ /dev/null
@@ -1,69 +0,0 @@
-# set overall behavior
-log4j.rootCategory=DEBUG, shibd_log, warn_log
-
-# fairly verbose for DEBUG, so generally leave at DEBUG
-log4j.category.XMLTooling.XMLObject=DEBUG
-log4j.category.XMLTooling.KeyInfoResolver=DEBUG
-log4j.category.Shibboleth.IPRange=DEBUG
-log4j.category.Shibboleth.PropertySet=DEBUG
-
-# raise for low-level tracing of SOAP client HTTP/SSL behavior
-log4j.category.XMLTooling.libcurl=DEBUG
-
-# useful categories to tune independently:
-#
-# tracing of SAML messages and security policies
-#log4j.category.OpenSAML.MessageDecoder=DEBUG
-#log4j.category.OpenSAML.MessageEncoder=DEBUG
-#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
-#log4j.category.XMLTooling.SOAPClient=DEBUG
-# interprocess message remoting
-#log4j.category.Shibboleth.Listener=DEBUG
-# mapping of requests to applicationId
-#log4j.category.Shibboleth.RequestMapper=DEBUG
-# high level session cache operations
-#log4j.category.Shibboleth.SessionCache=DEBUG
-# persistent storage and caching
-#log4j.category.XMLTooling.StorageService=DEBUG
-
-# logs XML being signed or verified if set to DEBUG
-log4j.category.XMLTooling.Signature.Debugger=DEBUG, sig_log
-log4j.additivity.XMLTooling.Signature.Debugger=false
-
-# the tran log blocks the "default" appender(s) at runtime
-# Level should be left at DEBUG for this category
-log4j.category.Shibboleth-TRANSACTION=DEBUG, tran_log
-log4j.additivity.Shibboleth-TRANSACTION=false
-# uncomment to suppress particular event types
-#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
-#log4j.category.Shibboleth-TRANSACTION.Login=WARN
-#log4j.category.Shibboleth-TRANSACTION.Logout=WARN
-
-# define the appenders
-
-log4j.appender.shibd_log=org.apache.log4j.RollingFileAppender
-log4j.appender.shibd_log.fileName=/var/log/shibboleth/shibd.log
-log4j.appender.shibd_log.maxFileSize=1000000
-log4j.appender.shibd_log.maxBackupIndex=10
-log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.shibd_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.warn_log=org.apache.log4j.RollingFileAppender
-log4j.appender.warn_log.fileName=/var/log/shibboleth/shibd_warn.log
-log4j.appender.warn_log.maxFileSize=1000000
-log4j.appender.warn_log.maxBackupIndex=10
-log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-log4j.appender.warn_log.threshold=WARN
-
-log4j.appender.tran_log=org.apache.log4j.RollingFileAppender
-log4j.appender.tran_log.fileName=/var/log/shibboleth/transaction.log
-log4j.appender.tran_log.maxFileSize=1000000
-log4j.appender.tran_log.maxBackupIndex=20
-log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.tran_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.sig_log=org.apache.log4j.FileAppender
-log4j.appender.sig_log.fileName=/var/log/shibboleth/signature.log
-log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.sig_log.layout.ConversionPattern=%m
diff --git a/demo/grouper/grouper_ws/Dockerfile b/demo/grouper/grouper_ws/Dockerfile
deleted file mode 100644
index d52b7ac..0000000
--- a/demo/grouper/grouper_ws/Dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
-FROM tier/grouper:2.4.0-a47-u25-w5-p6-20190611
-
-LABEL author="tier-packaging@internet2.edu "
-
-# Update this Shib yum repo
-COPY container_files/shibboleth/shibboleth.repo /etc/yum.repos.d/
-
-COPY container_files/web.xml /opt/grouper/grouper.ws/WEB-INF/
-COPY container_files/tomcat-users.xml /opt/tomcat/conf/
-COPY container_files/server.xml /opt/tomcat/conf/
-
-CMD ["ws"]
diff --git a/demo/grouper/grouper_ws/container_files/shibboleth/shibboleth.repo b/demo/grouper/grouper_ws/container_files/shibboleth/shibboleth.repo
deleted file mode 100644
index dabe005..0000000
--- a/demo/grouper/grouper_ws/container_files/shibboleth/shibboleth.repo
+++ /dev/null
@@ -1,9 +0,0 @@
-[shibboleth]
-name=Shibboleth (CentOS_7)
-# Please report any problems to https://shibboleth.atlassian.net/jira
-type=rpm-md
-mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
-gpgcheck=1
-gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
- https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
-enabled=1
diff --git a/demo/grouper/grouper_ws/container_files/web.xml b/demo/grouper/grouper_ws/container_files/web.xml
deleted file mode 100644
index 03d3deb..0000000
--- a/demo/grouper/grouper_ws/container_files/web.xml
+++ /dev/null
@@ -1,128 +0,0 @@
-
-
-
-
-
-
-
-
- Grouper service filter
- edu.internet2.middleware.grouper.ws.GrouperServiceJ2ee
-
-
-
-
- Grouper logging filter
- edu.internet2.middleware.grouper.ws.j2ee.ServletFilterLogger
-
-
-
-
-
- Grouper service filter
- /services/*
-
-
- Grouper service filter
- /servicesRest/*
-
-
- AxisServlet
- Apache-Axis Servlet
- edu.internet2.middleware.grouper.ws.GrouperServiceAxisServlet
- 1
-
-
-
-
- RestServlet
- WS REST Servlet
- edu.internet2.middleware.grouper.ws.rest.GrouperRestServlet
- 1
-
-
- StatusServlet
- Status Servlet
- edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet
- 1
-
-
- StatusServlet
- /status
-
-
- AxisServlet
- /services/*
-
-
- RestServlet
- /servicesRest/*
-
-
-
-
- Web services
- /services/*
-
-
- *
-
-
-
-
-
- Web services
- /servicesRest/*
-
-
-
- *
-
-
-
-
-
- BASIC
- Grouper Application
-
-
-
-
-
- The role that is required to log in to web service
-
- *
-
-
-
- 1
-
-
-
diff --git a/demo/grouper/grouper_ws/container_files/server.xml b/demo/grouper/grouper_ws/server.xml
similarity index 97%
rename from demo/grouper/grouper_ws/container_files/server.xml
rename to demo/grouper/grouper_ws/server.xml
index 112e7d0..17769bf 100644
--- a/demo/grouper/grouper_ws/container_files/server.xml
+++ b/demo/grouper/grouper_ws/server.xml
@@ -113,7 +113,7 @@
-->
-
+
+ grouper_user
+
+
+
+
+
+ BASIC
+ Grouper Application
+
+
+
+
+
+ The role that is required to log in to web service
+
+ grouper_user
+
+
+
\ No newline at end of file
diff --git a/demo/grouper/idp/Dockerfile b/demo/grouper/idp/Dockerfile
deleted file mode 100644
index 4968448..0000000
--- a/demo/grouper/idp/Dockerfile
+++ /dev/null
@@ -1,5 +0,0 @@
-FROM tier/shib-idp:3.4.6_20191002
-
-LABEL author="tier-packaging@internet2.edu "
-
-COPY shibboleth-idp/ /opt/shibboleth-idp/
diff --git a/demo/grouper/idp/shibboleth-idp/credentials/idp-backchannel.crt b/demo/grouper/idp/shibboleth-idp/credentials/idp-backchannel.crt
deleted file mode 100644
index c1f8fab..0000000
--- a/demo/grouper/idp/shibboleth-idp/credentials/idp-backchannel.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
------END CERTIFICATE-----
diff --git a/demo/grouper/idp/shibboleth-idp/credentials/idp-backchannel.p12 b/demo/grouper/idp/shibboleth-idp/credentials/idp-backchannel.p12
deleted file mode 100644
index 112540a..0000000
Binary files a/demo/grouper/idp/shibboleth-idp/credentials/idp-backchannel.p12 and /dev/null differ
diff --git a/demo/grouper/idp/shibboleth-idp/credentials/idp-browser.p12 b/demo/grouper/idp/shibboleth-idp/credentials/idp-browser.p12
deleted file mode 100644
index 032be0b..0000000
Binary files a/demo/grouper/idp/shibboleth-idp/credentials/idp-browser.p12 and /dev/null differ
diff --git a/demo/grouper/idp/shibboleth-idp/credentials/idp-encryption.crt b/demo/grouper/idp/shibboleth-idp/credentials/idp-encryption.crt
deleted file mode 100644
index 15d764f..0000000
--- a/demo/grouper/idp/shibboleth-idp/credentials/idp-encryption.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
------END CERTIFICATE-----
diff --git a/demo/grouper/idp/shibboleth-idp/credentials/idp-encryption.key b/demo/grouper/idp/shibboleth-idp/credentials/idp-encryption.key
deleted file mode 100644
index 8bb5cc6..0000000
--- a/demo/grouper/idp/shibboleth-idp/credentials/idp-encryption.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAgV79KN35k/Ipbsi4yeJQQFQlvmUVchFz2ELkYu73w3DuGund
-ZMYiS7GitFvPFTcYxUEa/D4A5Fq9vL8KB9a4JOKS7LMyw+PAwcw/eNqXiZf0uhZ7
-CCY5mh3AYeKWzYVOMqMLut4ipL7ba3GQBG6RK6OmfAs4lhMfLMsKGmBEBonz5K/T
-kVegp97cavvYDAXjxuNRq7Wa1BiLvsa53S9EoYeD6tHqv/TALFZSCFxGvPVnx/Cd
-pBXEzn6FrSHO9G+0y2ULMeGJzXJ6xi0lBHLLRcjy1/l7b+UjWRfPTjiMV1TYzb4B
-OQ2yW/YTDOFABaiPtW6PUKrccE4Y3P7DryMczQIDAQABAoIBAF/IflMllcUtw/Nb
-9USzpIscQh2nJaugtE5nqER/fT1cfU273Mjh0T6NtFMorjec5WAWBe6/0VVAwb3f
-C4QmO4xDnFhXjLxwAaT6nfvSi+O5d93XCxxLgNZUNL3ET7a2feELyoF+OdQT4sy3
-9dLyMdVHgtnQTQMAAVLeuQoyP+s+Zax4Gca6ln8QxIIvDoD7NITnpl8887Hghhzl
-CvKtRiPRtoI2JTXWgWuLI6xXfVsDvFT+Up+ki9TMLWLACcmMU1d+lUBOKIqhhQHG
-+np9iKxVausJwYaLwwT3h8SItNon7ltbV6kcqyZxMAA+uN8CVgIb5UaUrlW7Nvze
-1iUNudkCgYEAxpnBg8YxdEHFSMTqjEOYapn18cs3n32EBPtvPaUcvw3mGC1+ZVx1
-9WqnVsgykBOWI0qSBVF7Kke8yOqgqWtYQUFqLiMgCC9e/QcXnrm/bzAmKDgLVcCR
-KzgqU2ECQDkNSS0qeODjLGX4SEabDbLhN59WykHKM0i/RcrbhuvT1BcCgYEApsMD
-TFQBaiaEmLVm252piZf8b5g3DrUHeqGktHkHXTW4Iyyn8zEknoiCosk/Tej73zga
-cTT3zQgEh63DMC9Ag8IbIJiDpYLMkt1QvZYtq95E/94GVEfRRok6/pyagGYB351R
-PXcykrDyy26FSofmtaXU37Wxaj3ow+WROaPgULsCgYEArFoFScG3a2gkuRlDX8TN
-wj2o5lTxCbWY2+YEzR+8icWbGQJqPbb3G6uaW8LTtpt44Vm2zWzAEZo+KLMOCNmC
-tub5Kd8Lzm6l5brA8dvLWcgUZTT2CU5b7YEJomB+3pNkh0vuHwczv3Ui+j5kE4hY
-0bezT0W3H7iTXhNFXprMs7MCgYEAlIZn75l6URLRUjluzPdVQoktei72CpFNgflp
-+ps45dmskRd61mzUkqY+w8G+MiPqANu1IVLtyZz0e+tVRxsuuKsvAg8UYVtn3P5k
-pRaWwtaKWeFjfbkhOVOMSa0tJmK0FHfHHZmGX4ReGrXq3YDBCNQUDtOCmn9dSuyy
-NcYxSXUCgYB+yo6dg8nyHDSqKDdrQQiAKv7jNsbecQ/rYrt8l0n9FBiwn5R7v6kp
-afsimCVou5i06L2Cr5Xs+XSf11KVkDh+qM70ZFubWEsHCDrS1KrxUzfFbrQczKof
-qX7ZsBuOT72RwVEa8fpT6IZ6IpOOEPmUid/f2VM2aAcXgaF//vMjxA==
------END RSA PRIVATE KEY-----
diff --git a/demo/grouper/idp/shibboleth-idp/credentials/idp-signing.crt b/demo/grouper/idp/shibboleth-idp/credentials/idp-signing.crt
deleted file mode 100644
index 6a032c1..0000000
--- a/demo/grouper/idp/shibboleth-idp/credentials/idp-signing.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
------END CERTIFICATE-----
diff --git a/demo/grouper/idp/shibboleth-idp/credentials/idp-signing.key b/demo/grouper/idp/shibboleth-idp/credentials/idp-signing.key
deleted file mode 100644
index 011c27c..0000000
--- a/demo/grouper/idp/shibboleth-idp/credentials/idp-signing.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7gu6eo4dua
-eLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2Z6dzJsul
-JZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJCb/Q6dYz
-RWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+MNkv6aId
-cHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBsuYlY7lEr
-89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABAoIBAGpInLarQ0+X+ZXK
-+aoC+tNO9DUiHq/z2OD4ALGhXSTvr4mgBWNWTkc0F+qJD8MlM8zNkJxaoNGTyLjY
-Z95NQJPXAx2k15HwCENdulvV1oiX0dkTjgmscRmj6FwNAZ0EnWtien45mxZHxEyW
-FkbB9+OHc6JzNvzG9ps1Vk1FtFtO8w4exXuJVATJeArQmMvAUHMJYPb7Qs+/NX9R
-RlDvFfXDzQv5eAzudT1SyFSa5W+Bsw6BtEoeiqdp+xQh4yc733nwN7KG2Z/TpGse
-jVe6akbULuCXOe9uPa7kv8hnQEUH38QVlIw8pK1SsgNq7S0U44WU5uF8gbDBYle/
-OoPBvSECgYEAvCwVEa8ryLzee5FaX4PBxk10lEl/Yp9jC88wPUQ+ZpfniIIQIfwl
-csRE9D3/dJOVAxw/Ac32F72SLVDzLabAhlBRINYLB0ZkVuJi1CIoDHIf9nfh/pOx
-b96VMUe/mpAL4hZnZkmBKjesX5URPEKtBD0aSeCw9aFqhORjRrxCJg0CgYEAuNaD
-LOuTPKsC6nxRtiL9r0CA5gCCdpALxwJA7wHAeh03i5xmy61i4iOMaunxKZhG+nzz
-PhcI8Uhwwk+l3tbYAf1rrtmMKNcyjy+UqWXGt4ZkWFlIyIungyLiH9L32IMhXNF0
-fBgOZNtFTmQBU18a78uIir9xASUbtaakzOtJ2+cCgYAgfawVpZ11x8bSp0Jng6SN
-zQn4IMiyCrtbaqb1rTbpGAmOdIa8l4EP0/vkAGB/jIwKQXJPqXR4nO8EjBmxJD3R
-80RO2yaEVw80QVq3Lj6kB4ClWgXXo0DcBB7Wp4DZ+01R+HRaIQ8AbySATIjxUsH1
-HWfQoc9sWja+Q4Ew0YjKcQKBgGLoPsdBw8b6B5RsM9lPvgoSbScmbKl/CR5TwWVj
-vZhanAd0CLnCrSAvP4tSZf8JAio1xH+cGefrCJOhxTOKKYpfDklBFjQge2iNYHKJ
-CJ3aJ0XzePP/bwLIHtJCtOdBvA+L8VYaFVG418xLzT3MrYBVnFoKeTDQp5Q7eQJC
-gYJPAoGBAKHcuXWzvXoHKnOg8Ljg2xZ6/SfjwNDIIrpXVTAQifmK3q4+Ua2Q+Cjq
-97tPMxF2bVRcbnCSNKpTMOTrsWs8Z3GpMyCh6XgYMSlclXusDVUkRkPpWj8hVTR4
-opm/rxS83hCrTsIX3Il3T8Fpb97kdF+unCiWEaxrPEurjW8lB506
------END RSA PRIVATE KEY-----
diff --git a/demo/grouper/idp/shibboleth-idp/credentials/sealer.jks b/demo/grouper/idp/shibboleth-idp/credentials/sealer.jks
deleted file mode 100644
index 89957e0..0000000
Binary files a/demo/grouper/idp/shibboleth-idp/credentials/sealer.jks and /dev/null differ
diff --git a/demo/grouper/idp/shibboleth-idp/credentials/sealer.kver b/demo/grouper/idp/shibboleth-idp/credentials/sealer.kver
deleted file mode 100644
index d64b0e4..0000000
--- a/demo/grouper/idp/shibboleth-idp/credentials/sealer.kver
+++ /dev/null
@@ -1,2 +0,0 @@
-#Fri Dec 11 02:20:32 UTC 2015
-CurrentVersion=1
diff --git a/demo/grouper/idp/shibboleth-idp/metadata/idp-metadata.xml b/demo/grouper/idp/shibboleth-idp/metadata/idp-metadata.xml
deleted file mode 100644
index 65db47e..0000000
--- a/demo/grouper/idp/shibboleth-idp/metadata/idp-metadata.xml
+++ /dev/null
@@ -1,207 +0,0 @@
-
-
-
-
-
-
-
- example.org
-
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
-
-
-
-
-
-
-
-
-
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
-
-
-
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
- localhost
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
-
-
-
-
-
-
-
-
-
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
-
-
-
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp-new.xml b/demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp-new.xml
deleted file mode 100644
index a819f4b..0000000
--- a/demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp-new.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-
- midpointdemo
-
-
-
-
-
-MIIDHDCCAgSgAwIBAgIJAPEnL5jgbeVoMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
-BAMMD2lkcC5leGFtcGxlLmVkdTAeFw0xODEwMTAyMDM1NDBaFw0yMzEwMDkyMDM1
-NDBaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLmVkdTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAKwTrvQhmFX3SUNgJAhQ/YV0UX56Rt53mwbiKuH+Ez83
-7z6XRynBVsfzHfbWe0IpNKx5mIr84dfbGhQKQBEKzQuek7ihW3J6PIVZN1A3icZZ
-B9i7gow902bT0ZfRG8QW49gl7pk3ASutPcO9Dq5Xc/AqWr3OSO/Pei0yBtTdzG3b
-rm0u0gbj3P2tjt7BN77wIB+yjJsND3ITtP0MFXIJxLTlty8thwqQOAOAYcF+rhC5
-znnBLsRNo0E57PtzZs8i/BpEX2uPTxpEyvlU1vtyxcKUiHtK5ZjOsDEkS2rEualr
-+FILYg/Oxw1gi0+mNO1a94Ft+UoLiREztq6MQt8OK98CAwEAAaNlMGMwQgYDVR0R
-BDswOYIPaWRwLmV4YW1wbGUuZWR1hiZodHRwczovL2lkcC5leGFtcGxlLmVkdS9p
-ZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQU3ZJ8oHkmlgPtZuZAxnzONccPsb8wDQYJ
-KoZIhvcNAQELBQADggEBAIJ4oZKSMGpF8J3qdfjLZGkc3iVbu/eiE1MD77no0oCz
-nelY0CNUBuFJk1Xv+Bv0fW0cVugtMPz4xi7zv0zkpS2IVxpPZWBosuVabUD9k+V4
-iN5woJdO7e2KRGvhlWmbkmoZUvhygDe0u0vblNfLzDwFQvxHXiWG//P7SanoQrjP
-dE8U21tYz+EFm6s5TvHxVhr9id8c+UacAFCpAtzUB+J8K1abx05XlKsySflkOQV9
-JbM4zOy5gXSI5dY9dGUF77g0muyC+jAhIhLSt/7v3vJgvBurrxPoeBFXOU3D+siT
-VZlKtYzYjJhVqXx1vKrWEE1hkpqm+iYgZe4MvgcdswY=
-
-
-
-
-
-
-
-
-
-
-
diff --git a/demo/grouper/midpoint-objects-manual/tasks/task-recomputation-users.xml b/demo/grouper/midpoint-objects-manual/tasks/task-recomputation-users.xml
deleted file mode 100644
index 03fe35f..0000000
--- a/demo/grouper/midpoint-objects-manual/tasks/task-recomputation-users.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-
- User recomputation
-
-
-
-
-
-
-
- 1571729899646-0-1
-
-
-
- http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#recompute
- runnable
-
- single
-
- tight
-
-
-
-
- c:UserType
-
-
-
-
-
diff --git a/demo/grouper/midpoint_server/Dockerfile b/demo/grouper/midpoint_server/Dockerfile
deleted file mode 100644
index 11ab497..0000000
--- a/demo/grouper/midpoint_server/Dockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
-ARG tag=4.8.2
-
-FROM i2incommon/midpoint:${tag}
-
-MAINTAINER info@evolveum.com
-
-ENV MP_DIR /opt/midpoint
-
-VOLUME ${MP_DIR}/var
-
-COPY container_files/mp-home/ ${MP_DIR}/var/
diff --git a/demo/grouper/midpoint_server/container_files/httpd/host-cert.pem b/demo/grouper/midpoint_server/container_files/httpd/host-cert.pem
deleted file mode 100644
index 9b1021b..0000000
--- a/demo/grouper/midpoint_server/container_files/httpd/host-cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
-DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
-cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
-a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
-lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
-8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
-f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
-vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
-AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
-FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
-h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
-BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
-JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
-GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
-Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
------END CERTIFICATE-----
diff --git a/demo/grouper/midpoint_server/container_files/httpd/host-key.pem b/demo/grouper/midpoint_server/container_files/httpd/host-key.pem
deleted file mode 100644
index 5746e59..0000000
--- a/demo/grouper/midpoint_server/container_files/httpd/host-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
-cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
-KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
-xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
-3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
-RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
-IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
-Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
-2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
-NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
-HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
-V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
-yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
-LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
-VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
-76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
-LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
-LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
-QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
-5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
-JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
-0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
-VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
-bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
-4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
-CWYCgOnmiTHcj83UaTqEXtmv
------END PRIVATE KEY-----
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/config.xml b/demo/grouper/midpoint_server/container_files/mp-home/config.xml
deleted file mode 100644
index c45e612..0000000
--- a/demo/grouper/midpoint_server/container_files/mp-home/config.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-
-
-
-
-
- ${midpoint.home}/import
-
-
- native
- jdbc:postgresql://localhost:5432/midpoint
-
-
-
- com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory
-
-
- com.evolveum.midpoint.repo.sqale.audit.SqaleAuditServiceFactory
-
-
-
- true
- ${midpoint.home}/icf-connectors
-
-
- ${midpoint.home}/keystore.jceks
- changeit
- default
-
-
-
-
-
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/functionLibraries/100-function-library-grouper.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/functionLibraries/100-function-library-grouper.xml
deleted file mode 100644
index 2fc89e0..0000000
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/functionLibraries/100-function-library-grouper.xml
+++ /dev/null
@@ -1,197 +0,0 @@
-
-
-
- grouper
- Functions for Grouper AMQP connector
-
-
-
-
-
- createUcfChange
-
- message
- c:AsyncUpdateMessageType
-
-
- groupIncludePattern
- xsd:anyType
-
-
- groupExcludePattern
- xsd:anyType
-
-
- relevantSourceId
- xsd:string
-
-
- c:UcfChangeType
-
-
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml
deleted file mode 100644
index 4873611..0000000
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml
+++ /dev/null
@@ -1,92 +0,0 @@
-
-
-
-
- template-user
-
- strong
-
- name
-
-
-
-
-
- assignment
-
-
-
-
-
-
-
-
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper.xml
deleted file mode 100644
index af60e56..0000000
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper.xml
+++ /dev/null
@@ -1,201 +0,0 @@
-
-
-
-
-
- Grouper Resource
-
-
-
- connectorType
- com.evolveum.polygon.connector.grouper.rest.GrouperConnector
-
-
-
-
-
- https://grouper-ws:443
- banderson
- password
- :
-
- :
- app:.*
- test:.*
- ref:.*
- .*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)
- ldap
- true
-
-
- false
- true
- false
-
-
-
- AMQP async update connector
-
-
-
- connectorType
- AsyncUpdateConnector
-
-
-
-
-
-
- amqp://mq:5672
- guest
- guest
- sampleQueue
-
-
-
-
-
-
-
-
-
- entitlement
- group
- ri:Group
- true
-
- [ri:name]
-
- strong
-
- extension/grouperName
-
-
-
- strong
-
-
-
-
- assignment
-
- all
-
-
-
-
-
- [ri:member]
- explicit
- indexOnly
-
-
-
-
-
- true
- entitlement
- group
- ri:Group
- OrgType
-
-
- extension/grouperName
-
- $projection/attributes/name
-
-
-
-
- linked
- http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#asyncUpdate
-
-
-
- false
-
-
- linked
- true
-
-
- deleted
-
-
- true
-
-
- unlinked
-
- http://midpoint.evolveum.com/xml/ns/public/model/action-3#link
-
-
-
- unmatched
-
- http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus
-
-
-
-
-
- passive
-
-
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
deleted file mode 100644
index 52c86d3..0000000
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
+++ /dev/null
@@ -1,1839 +0,0 @@
-
-
-
- SystemConfiguration
- true
-
-
-
-
-
-
- ERROR
- ro.isdc.wro.extensions.processor.css.Less4jProcessor
-
-
-
- OFF
- org.springframework.security.web.DefaultSecurityFilterChain
-
-
-
- OFF
- org.hibernate.engine.jdbc.spi.SqlExceptionHelper
-
-
-
- OFF
- org.hibernate.engine.jdbc.batch.internal.BatchingBatch
-
-
-
- WARN
- org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl
-
-
-
- OFF
- org.hibernate.internal.ExceptionMapperStandardImpl
-
-
-
- WARN
- org.apache.wicket.resource.PropertiesFactory
-
-
-
- ERROR
- org.springframework.context.support.ResourceBundleMessageSource
-
-
-
- INFO
- com.evolveum.midpoint.model.impl.lens.projector.Projector
-
-
-
- INFO
- com.evolveum.midpoint.model.impl.lens.Clockwork
-
-
- DEBUG
- com.evolveum.polygon.connector.grouper
-
-
-
- %date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n
- MIDPOINT_LOG
- ${midpoint.home}/log/midpoint.log
- ${midpoint.home}/log/midpoint-%d{yyyy-MM-dd}.%i.log
- 10
- 100MB
- true
-
-
-
- %date %level: %msg%n
- MIDPOINT_PROFILE_LOG
- ${midpoint.home}/log/midpoint-profile.log
- ${midpoint.home}/log/midpoint-profile-%d{yyyy-MM-dd}.%i.log
- 10
- 100MB
- true
-
- MIDPOINT_LOG
- INFO
-
- false
- false
-
-
-
- UserType
-
-
-
- OrgType
-
-
- retired
-
-
-
-
-
-
- P3M
-
-
- P1M
-
-
-
- true
-
- true
-
-
- true
- true
-
-
- true
- true
-
-
- true
-
-
-
- true
-
-
- perCacheAndObjectType
-
-
-
- 60
-
- SystemConfigurationType
- ArchetypeType
- ObjectTemplateType
- SecurityPolicyType
- ValuePolicyType
- ResourceType
- RoleType
- OrgType
- ServiceType
- ShadowType
-
-
- perCacheAndObjectType
-
-
-
-
-
-
- perOperationAndObjectType
-
-
-
-
- performance
- Performance tracing
- true
- true
- performance-trace %{timestamp} %{focusName} %{milliseconds}
- true
- true
-
-
- functional
- Functional tracing
- true
- functional-trace %{timestamp} %{focusName}
- true
- true
- true
-
- normal
-
-
-
- functional-model-logging
- Functional tracing (with model logging)
- true
- functional-trace %{timestamp} %{focusName}
- true
- true
- true
-
-
- com.evolveum.midpoint.model
- TRACE
-
-
-
- normal
-
-
-
- functional-sql-logging
- Functional tracing (with SQL logging)
- true
- functional-trace %{timestamp} %{focusName}
- true
- true
- true
-
-
- org.hibernate.SQL
- TRACE
-
-
-
- normal
-
-
-
-
-
- demo/grouper
-
-
-
- UserType
-
- search
-
-
- myAccesses
-
-
- col-12 col-xxl-6
-
- fe fe-assignment
-
-
- 10
-
- viewAll
-
-
-
- fa fa-search
-
-
-
- /self/profile/user
- allAssignments
-
-
-
- requestAccess
-
-
-
- fas fa-plus-circle
-
-
-
- /self/requestAccess
-
-
- allAssignments
- 5
-
-
- myRequests
-
-
- col-12 col-xxl-6
-
- fe fe-case
-
-
- 20
-
- viewAll
-
-
-
- fa fa-search
-
-
-
- /admin/casesAll
- my-cases
-
-
- myRequests
- 5
-
-
- myWorkItems
-
-
- col-12 col-xxl-6
-
- fa fa-inbox
-
-
- 40
-
- viewAll
-
-
-
- fa fa-search
-
-
-
- /admin/myWorkItems
-
-
- myWorkItems
- 5
-
-
- myAccounts
-
-
- col-12 col-xxl-6
-
- fa fa-male
-
-
- 30
-
- viewAll
-
-
-
- fa fa-search
-
-
-
- /self/profile/user
- projections
-
-
- projections
- 5
-
-
- profileWidget
-
-
- PageSelfDashboard.profile.description
- col-md-3
-
- bg-green fa fa-user
-
-
- linkWidget
-
- profile-widget-action
-
- /self/profile/user
-
-
-
-
- credentialsWidget
-
-
- PageSelfDashboard.credentials.description
- col-md-3
-
- bg-blue fa fa-shield-alt
-
-
- linkWidget
-
- credentials-widget-action
-
- /self/credentials
-
-
-
-
- listResourcesWidget
-
-
- col-md-3
-
- bg-purple fa fa-database
-
-
- linkWidget
-
- list-resources-widget-action
-
- /admin/resources
-
-
-
-
- listUsersWidget
-
-
- col-md-3
-
- bg-red fa fa-user
-
-
- linkWidget
-
- list-resources-widget-action
-
- /admin/users
-
-
-
-
-
-
- my-cases
-
-
-
-
- My cases
-
- MyCases.title
-
-
- My case
-
- fe fe-case-object
-
-
- 1000
- CaseType
-
-
-
-
-
-
- manual-case-view
-
-
-
-
- All manual cases
-
- AllManualCases.title
-
-
- Manual case
- Manual provisioning cases
-
- 1010
- CaseType
-
-
-
-
-
-
- operation-request-case-view
-
-
-
-
- All requests
-
- AllRequests.title
-
-
- Request
- Operation requests
-
- 1020
- CaseType
-
-
-
-
-
-
- approval-case-view
-
-
-
-
- All approvals
-
- AllApprovals.title
-
-
- Approval
- Approval cases
-
- 1030
- CaseType
-
-
-
-
-
-
- correlation-case-view
-
-
-
-
- All correlations
-
- AllCorrelations.title
-
-
- Correlation
- Correlation cases
-
- 1040
- CaseType
-
-
-
-
-
- reconciliation-tasks-view
- 30
- TaskType
-
-
-
-
-
- recomputation-tasks-view
- 30
- TaskType
-
-
-
-
-
- import-tasks-view
- 30
- TaskType
-
-
-
-
-
- live-sync-tasks-view
- 30
- TaskType
-
-
-
-
-
- async-update-tasks-view
- 30
- TaskType
-
-
-
-
-
- cleanup-tasks-view
- 30
- TaskType
-
-
-
-
-
- report-tasks-view
-
-
-
- Report tasks
- report tasks
-
- ReportTasks.title
-
-
-
- fa fa-chart-pie
- green
-
-
- 30
- TaskType
-
-
-
-
-
- non-iterative-bulk-tasks-view
- 30
- TaskType
-
-
-
-
-
- iterative-bulk-tasks-view
- 30
- TaskType
-
-
-
-
-
- report-import-task-view
- 30
- add
- TaskType
-
-
-
-
-
- export-report-tasks-view
- add
- 30
- TaskType
-
-
-
-
-
-
-
- export-report-distributed-tasks-view
- add
- 30
- TaskType
-
-
-
-
-
-
-
- shadow-integrity-check-task-view
- 30
- add
- TaskType
-
-
-
-
-
- shadows-refresh-task-view
- 30
- add
- TaskType
-
-
-
-
-
- objects-delete-task-view
- 30
- add
- TaskType
-
-
-
-
-
- shadows-delete-long-time-not-updated-task-view
- 30
- add
- TaskType
-
-
-
-
-
- execute-change-task-view
- 30
- add
- TaskType
-
-
-
-
-
- execute-deltas-task-view
- 30
- add
- TaskType
-
-
-
-
-
- reindex-repository-task-view
- 30
- add
- TaskType
-
-
-
-
-
- object-integrity-check-task-view
- 30
- add
- TaskType
-
-
-
-
-
- validity-task-view
- 30
- add
- TaskType
-
-
-
-
-
- trigger-task-view
- 30
- add
- TaskType
-
-
-
-
-
- propagation-task-view
- 30
- add
- TaskType
-
-
-
-
-
- multi-propagation-task-view
- 30
- add
- TaskType
-
-
-
-
-
- certification-tasks-view
- 30
- TaskType
-
-
-
-
-
- approval-tasks-view
- 30
- TaskType
-
-
-
-
-
- utility-tasks-view
- 30
- TaskType
-
-
-
-
-
- system-tasks-view
- 30
- TaskType
-
-
-
-
-
- dashboard-reports-view
- ReportType
-
-
-
-
-
- collection-reports-view
- ReportType
-
-
-
-
-
- application-role
- add
- RoleType
-
-
-
-
-
- business-role
- add
- RoleType
-
-
-
-
-
- application
-
-
-
- ServiceType
-
-
-
-
-
- event-mark
- c:MarkType
-
-
-
-
-
-
-
- object-mark
- c:MarkType
-
-
-
-
-
-
-
- Persons
- This view displays all users with archetype "Person"
- person-view
- 10
- UserType
-
-
-
-
-
-
-
-
- Allow searching for users having account on specific resource. Intent is not considered. The search item is not displayed by default
- (visibleByDefault=false).
-
- true
-
-
- linkRef/@ matches (
- . type ShadowType
- and resourceRef/@/name = `resourceParameter?.getName()?.getOrig()`
- and kind = "account" )
-
-
-
-
-
-
- resourceParameter
- c:ObjectReferenceType
- ResourceType
-
-
-
- Allow searching for users not having account on specific resource. Intent is not considered. The search item is not displayed by default
- (visibleByDefault=false).
-
- true
-
-
- linkRef/@ not matches (
- . type ShadowType
- and resourceRef/@/name = `resourceParameter?.getName()?.getOrig()`
- and kind = "account" )
-
-
-
-
-
-
- resourceParameter
- c:ObjectReferenceType
- ResourceType
-
-
-
-
-
-
- resource-templates
-
-
-
- All resource templates
-
- ResourceType.template.all.title
-
-
- Resource template
-
- fa fa-file-alt
-
-
- ResourceType
-
-
-
-
-
-
-
-
- c:TaskType
-
- advanced-options-panel
-
-
-
- formPanel
-
- advanced-options
- 150
-
-
-
- -
- cleanupAfterCompletion
-
- -
- threadStopAction
-
- -
- binding
-
- -
- dependent
-
-
-
-
- operational-attributes-panel
-
-
-
- formPanel
-
- operational-attributes
- 900
-
-
-
- -
- executionState
-
- -
- schedulingState
-
- -
- node
-
- -
- nodeAsObserved
-
- -
- resultStatus
-
- -
- result
-
- -
- nextRunStartTimestamp
-
- -
- nextRetryTimestamp
-
- -
- unpauseAction
-
- -
- taskIdentifier
-
- -
- parent
-
- -
- waitingReason
-
- -
- stateBeforeSuspend
-
- -
- schedulingStateBeforeSuspend
-
- -
- otherHandlersUriStack
-
- -
- channel
-
- -
- subtaskRef
-
- -
- dependentTaskRef
-
- -
- lastRunStartTimestamp
-
- -
- lastRunFinishTimestamp
-
- -
- completionTimestamp
-
-
-
- 910
- hidden
- operation-attributes-progress
-
-
-
- -
- progress
-
- -
- expectedTotal
-
- -
- stalledSince
-
-
-
-
-
- c:UserType
-
- applications
-
-
-
- modify
- roleMemberships
-
- applications
- c:ServiceType
-
-
-
-
-
- hidden
- ServiceType
- ServiceType
-
-
-
-
-
-
-
- rw-type-basic
-
- basic
-
-
-
- -
- schemaHandling/objectType/displayName
- visible
-
- -
- schemaHandling/objectType/description
- visible
-
- -
- schemaHandling/objectType/kind
- visible
-
- -
- schemaHandling/objectType/intent
- visible
-
- -
- schemaHandling/objectType/securityPolicyRef
- visible
-
- -
- schemaHandling/objectType/default
- visible
-
-
-
- hidden
- schemaHandling/objectType
-
- rw-type-basic
-
-
- rw-type-delineation
-
- delineation
-
-
-
- -
- schemaHandling/objectType/delineation/objectClass
- visible
-
- -
- schemaHandling/objectType/delineation/auxiliaryObjectClass
- visible
-
- -
- schemaHandling/objectType/delineation/searchHierarchyScope
- visible
-
- -
- schemaHandling/objectType/delineation/filter
- visible
-
- -
- schemaHandling/objectType/delineation/classificationCondition
- visible
-
-
-
- hidden
- schemaHandling/objectType/delineation
-
- rw-type-delineation
-
-
- rw-attribute-limitations
-
- limitationsMapping
-
-
-
- -
- schemaHandling/objectType/attribute/limitations/access/read
- visible
-
- -
- schemaHandling/objectType/attribute/limitations/access/add
- visible
-
- -
- schemaHandling/objectType/attribute/limitations/access/modify
- visible
-
- -
- schemaHandling/objectType/attribute/limitations/minOccurs
- visible
-
- -
- schemaHandling/objectType/attribute/limitations/maxOccurs
- visible
-
- -
- schemaHandling/objectType/attribute/limitations/processing
- visible
-
-
-
- hidden
- schemaHandling/objectType/attribute/limitations
-
- rw-attribute-limitations
-
-
- rw-synchronization-reaction-main
-
- reactionMainSetting
-
-
-
- -
- schemaHandling/objectType/synchronization/reaction/name
- visible
-
- -
- schemaHandling/objectType/synchronization/reaction/description
- visible
-
- -
- schemaHandling/objectType/synchronization/reaction/situation
- visible
-
-
-
- hidden
- schemaHandling/objectType/synchronization/reaction
-
- rw-synchronization-reaction-main
-
-
- rw-synchronization-reaction-optional
-
- reactionOptionalSetting
-
-
-
- -
- schemaHandling/objectType/synchronization/reaction/condition
- visible
-
- -
- schemaHandling/objectType/synchronization/reaction/channel
- visible
-
- -
- schemaHandling/objectType/synchronization/reaction/order
- visible
-
-
-
- hidden
- schemaHandling/objectType/synchronization/reaction
-
- rw-synchronization-reaction-optional
-
-
- rw-attribute
-
- mainConfigurationAttribute
-
-
-
- -
- schemaHandling/objectType/attribute/ref
- visible
-
- -
- schemaHandling/objectType/attribute/displayName
- visible
-
- -
- schemaHandling/objectType/attribute/help
- visible
-
- -
- schemaHandling/objectType/attribute/description
- visible
-
- -
- schemaHandling/objectType/attribute/tolerant
- visible
-
- -
- schemaHandling/objectType/attribute/exclusiveStrong
- visible
-
- -
- schemaHandling/objectType/attribute/readReplaceMode
- visible
-
- -
- schemaHandling/objectType/attribute/fetchStrategy
- visible
-
- -
- schemaHandling/objectType/attribute/matchingRule
- visible
-
-
-
- hidden
- schemaHandling/objectType/attribute
-
- rw-attribute
-
-
- rw-association
-
- association
-
-
-
- -
- schemaHandling/objectType/association/ref
- visible
-
- -
- schemaHandling/objectType/association/displayName
- visible
-
- -
- schemaHandling/objectType/association/description
- visible
-
- -
- schemaHandling/objectType/association/auxiliaryObjectClass
- visible
-
- -
- schemaHandling/objectType/association/kind
- visible
-
- -
- schemaHandling/objectType/association/intent
- visible
-
- -
- schemaHandling/objectType/association/direction
- visible
-
- -
- schemaHandling/objectType/association/associationAttribute
- visible
-
- -
- schemaHandling/objectType/association/shortcutAssociationAttribute
- visible
-
- -
- schemaHandling/objectType/association/valueAttribute
- visible
-
- -
- schemaHandling/objectType/association/shortcutValueAttribute
- visible
-
- -
- schemaHandling/objectType/association/explicitReferentialIntegrity
- visible
-
-
-
- hidden
- schemaHandling/objectType/association
-
- rw-association
-
-
-
-
- rw-connectorConfiguration-partial
-
- required
-
-
-
- -
- connectorConfiguration/configurationProperties/jdbcUrlTemplate
-
- -
- connectorConfiguration/configurationProperties/jdbcDriver
-
- -
- connectorConfiguration/configurationProperties/password
-
- -
- connectorConfiguration/configurationProperties/user
-
- -
- connectorConfiguration/configurationProperties/port
-
- -
- connectorConfiguration/configurationProperties/host
-
- -
- connectorConfiguration/configurationProperties/database
-
-
-
- hidden
- connectorConfiguration/configurationProperties
-
- rw-connectorConfiguration-partial
-
-
- run
-
-
-
- connectorType
- org.identityconnectors.databasetable.DatabaseTableConnector
-
-
- available
- true
-
-
-
-
-
-
-
- rw-connectorConfiguration-partial
-
- required
-
-
-
- -
- connectorConfiguration/configurationProperties/host
-
- -
- connectorConfiguration/configurationProperties/port
-
- -
- connectorConfiguration/configurationProperties/connectionSecurity
-
- -
- connectorConfiguration/configurationProperties/bindDn
- visible
-
- -
- connectorConfiguration/configurationProperties/bindPassword
- visible
-
-
-
- hidden
- connectorConfiguration/configurationProperties
-
- rw-connectorConfiguration-partial
-
-
- run
-
-
-
- connectorType
- com.evolveum.polygon.connector.ldap.LdapConnector
-
-
- available
- true
-
-
-
-
-
-
-
- rw-connectorConfiguration-partial
-
- required
-
-
-
- -
- connectorConfiguration/configurationProperties/host
-
- -
- connectorConfiguration/configurationProperties/port
-
- -
- connectorConfiguration/configurationProperties/connectionSecurity
-
- -
- connectorConfiguration/configurationProperties/bindDn
- visible
-
- -
- connectorConfiguration/configurationProperties/bindPassword
- visible
-
-
-
- hidden
- connectorConfiguration/configurationProperties
-
- rw-connectorConfiguration-partial
-
-
- run
-
-
-
- connectorType
- com.evolveum.polygon.connector.ldap.ad.AdLdapConnector
-
-
- available
- true
-
-
-
-
-
-
- true
-
- admin-dashboard
-
-
-
-
-
- allRoles
- true
- allRoles
-
-
- allOrgs
- allOrgs
-
-
- allServices
- allServices
-
-
-
-
-
- never
- never
-
-
-
-
- safe
-
- "Safe" expression profile. It is supposed to contain only operations that are "safe",
- i.e. operations that have very little risk to harm the system, circumvent midPoint security
- and so on. Use of those operations should be reasonably safe in all expressions.
- However, there are limitations. This profile may incomplete or it may even be not completely secure.
- Proper security testing of this profile was not yet conducted. It is provided here "AS IS",
- without any guarantees. Use at your own risk.
-
- deny
-
- asIs
- allow
-
-
- path
- allow
-
-
- value
- allow
-
-
- const
- allow
-
-
- script
- deny
-
-
-
-
- script-safe
- deny
-
- com.evolveum.midpoint.xml.ns._public.common.common_3
- MidPoint common schema - generated bean classes
- allow
-
-
- com.evolveum.prism.xml.ns._public.types_3
- Prism schema - bean classes
- allow
-
-
- java.lang.Integer
- allow
-
-
- java.lang.Object
- Basic Java operations.
- deny
-
- equals
- allow
-
-
- hashCode
- allow
-
-
-
- java.lang.String
- String operations are generally safe. But Groovy is adding execute() method which is very dangerous.
- allow
-
- execute
- deny
-
-
-
- java.lang.CharSequence
- allow
-
-
- java.lang.Enum
- allow
-
-
- java.util.List
- List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
- allow
-
- execute
- deny
-
-
-
- java.util.ArrayList
- List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
- allow
-
- execute
- deny
-
-
-
- java.util.Map
- allow
-
-
- java.util.HashMap
- allow
-
-
- java.util.Date
- allow
-
-
- javax.xml.namespace.QName
- allow
-
-
- javax.xml.datatype.XMLGregorianCalendar
- allow
-
-
- java.lang.System
- Just a few methods of System are safe enough.
- deny
-
- currentTimeMillis
- allow
-
-
-
- java.lang.IllegalStateException
- Basic Java exception. Also used in test.
- allow
-
-
- java.lang.IllegalArgumentException
- Basic Java exception.
- allow
-
-
- com.evolveum.midpoint.model.common.expression.functions.BasicExpressionFunctions
- MidPoint basic functions library
- allow
-
-
- com.evolveum.midpoint.model.common.expression.functions.LogExpressionFunctions
- MidPoint logging functions library
- allow
-
-
- com.evolveum.midpoint.report.impl.ReportFunctions
- MidPoint report functions library
- allow
-
-
- org.apache.commons.lang3.StringUtils
- Apache Commons: Strings
- allow
-
-
-
-
-
-
-
-
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml
deleted file mode 100644
index 11a3005..0000000
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml
+++ /dev/null
@@ -1,92 +0,0 @@
-
-
-
-
-
-
- Group Scavenger
-
-
-
-
-
- runnable
-
- recurring
- 60
-
-
-
-
-
- OrgType
-
-
-
- lifecycleState
- retired
-
-
-
-
-
-
- execute-script
-
- script
-
- import com.evolveum.midpoint.xml.ns._public.common.common_3.*
-
- result = midpoint.currentResult
- log.info('Processing dead group: {}', input)
- query = prismContext.queryFor(UserType.class)
- .item(UserType.F_ROLE_MEMBERSHIP_REF).ref(input.oid)
- .build()
- members = midpoint.repositoryService.searchObjects(UserType.class, query, null, result)
- log.info('Found {} members: {}', members.size(), members)
-
- for (member in members) {
- log.info('Going to recompute {}', member)
- try {
- midpoint.recompute(UserType.class, member.oid)
- } catch (Throwable t) {
- log.error('Couldn\'t recompute {}: {}', member, t.message, t)
- }
- }
- log.info('Members recomputed; checking if the org is still in "retired" state')
- orgAfter = midpoint.repositoryService.getObject(OrgType.class, input.oid, null, result)
- currentState = orgAfter.asObjectable().lifecycleState
- log.info('Current state = {}', currentState)
- if (currentState == 'retired') {
- log.info('Deleting the org: {}', orgAfter)
- midpoint.deleteObject(OrgType.class, orgAfter.oid, null)
- } else {
- log.info('State has changed, not deleting the org: {}', orgAfter)
- }
- log.info('Dead group processing done: {}', input)
-
-
-
-
-
-
-
-
-
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/cs-portal.csv b/demo/grouper/midpoint_server/cs-portal.csv
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/cs-portal.csv
rename to demo/grouper/midpoint_server/cs-portal.csv
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/faculty-portal.csv b/demo/grouper/midpoint_server/faculty-portal.csv
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/faculty-portal.csv
rename to demo/grouper/midpoint_server/faculty-portal.csv
diff --git a/demo/grouper/midpoint_server/icf-connectors/connector-grouper-1.1.1.0.jar b/demo/grouper/midpoint_server/icf-connectors/connector-grouper-1.1.1.0.jar
new file mode 100644
index 0000000..55d7a58
Binary files /dev/null and b/demo/grouper/midpoint_server/icf-connectors/connector-grouper-1.1.1.0.jar differ
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.7.jar b/demo/grouper/midpoint_server/icf-connectors/connector-grouper-rest-0.7.jar
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.7.jar
rename to demo/grouper/midpoint_server/icf-connectors/connector-grouper-rest-0.7.jar
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar b/demo/grouper/midpoint_server/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar
rename to demo/grouper/midpoint_server/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/lib/mariadb-java-client-3.0.6.jar b/demo/grouper/midpoint_server/lib/mariadb-java-client-3.0.6.jar
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/lib/mariadb-java-client-3.0.6.jar
rename to demo/grouper/midpoint_server/lib/mariadb-java-client-3.0.6.jar
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/lib/mysql-connector-java-8.0.30.jar b/demo/grouper/midpoint_server/lib/mysql-connector-java-8.0.30.jar
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/lib/mysql-connector-java-8.0.30.jar
rename to demo/grouper/midpoint_server/lib/mysql-connector-java-8.0.30.jar
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/mailing-lists.csv b/demo/grouper/midpoint_server/mailing-lists.csv
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/mailing-lists.csv
rename to demo/grouper/midpoint_server/mailing-lists.csv
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-affiliation.xml b/demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-affiliation.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-affiliation.xml
rename to demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-affiliation.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-course.xml b/demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-course.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-course.xml
rename to demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-course.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-department.xml b/demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-department.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-department.xml
rename to demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-department.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-external-person.xml b/demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-external-person.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-external-person.xml
rename to demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-external-person.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-generic-grouper-group.xml b/demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-generic-grouper-group.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-generic-grouper-group.xml
rename to demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-generic-grouper-group.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-mailing-list.xml b/demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-mailing-list.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-mailing-list.xml
rename to demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-mailing-list.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-midpoint-group.xml b/demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-midpoint-group.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-midpoint-group.xml
rename to demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-midpoint-group.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-sis-person.xml b/demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-sis-person.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-sis-person.xml
rename to demo/grouper/midpoint_server/post-initial-objects/archetypes/300-archetype-sis-person.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/bulkActions/900-test-all-resources.xml b/demo/grouper/midpoint_server/post-initial-objects/bulkActions/900-test-all-resources.xml
similarity index 93%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/bulkActions/900-test-all-resources.xml
rename to demo/grouper/midpoint_server/post-initial-objects/bulkActions/900-test-all-resources.xml
index 5b22670..380bcf5 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/bulkActions/900-test-all-resources.xml
+++ b/demo/grouper/midpoint_server/post-initial-objects/bulkActions/900-test-all-resources.xml
@@ -6,6 +6,7 @@
c:ResourceType
+ fb0bbf07-e33f-4ddd-85a1-16a7edc237f2
0a37121f-d515-4a23-9b6d-554c5ef61272
4d70a0da-02dd-41cf-b0a1-00e75d3eaa15
a343fc2e-3954-4034-ba1a-2b72c21e577a
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/bulkActions/910-recompute-grouper-objects.xml b/demo/grouper/midpoint_server/post-initial-objects/bulkActions/910-recompute-grouper-objects.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/bulkActions/910-recompute-grouper-objects.xml
rename to demo/grouper/midpoint_server/post-initial-objects/bulkActions/910-recompute-grouper-objects.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/ordering.txt b/demo/grouper/midpoint_server/post-initial-objects/ordering.txt
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/ordering.txt
rename to demo/grouper/midpoint_server/post-initial-objects/ordering.txt
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-affiliations.xml b/demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-affiliations.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-affiliations.xml
rename to demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-affiliations.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-courses.xml b/demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-courses.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-courses.xml
rename to demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-courses.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-departments.xml b/demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-departments.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-departments.xml
rename to demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-departments.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-generic-groups.xml b/demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-generic-groups.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-generic-groups.xml
rename to demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-generic-groups.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-mailing-lists.xml b/demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-mailing-lists.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-mailing-lists.xml
rename to demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-mailing-lists.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-midpoint-groups.xml b/demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-midpoint-groups.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/100-org-midpoint-groups.xml
rename to demo/grouper/midpoint_server/post-initial-objects/orgs/100-org-midpoint-groups.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/400-org-grouper-sysadmin.xml b/demo/grouper/midpoint_server/post-initial-objects/orgs/400-org-grouper-sysadmin.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/400-org-grouper-sysadmin.xml
rename to demo/grouper/midpoint_server/post-initial-objects/orgs/400-org-grouper-sysadmin.xml
diff --git a/demo/grouper/midpoint_server/post-initial-objects/resources/100-grouper-new.xml b/demo/grouper/midpoint_server/post-initial-objects/resources/100-grouper-new.xml
new file mode 100644
index 0000000..c01db8a
--- /dev/null
+++ b/demo/grouper/midpoint_server/post-initial-objects/resources/100-grouper-new.xml
@@ -0,0 +1,379 @@
+
+
+
+
+ Source: Groups
+
+
+
+
+
+
+
+ c:connectorType
+ com.evolveum.polygon.connector.grouper.GrouperConnector
+
+
+ connectorVersion
+ 1.1.1.0
+
+
+
+
+
+
+ grouper_data
+ 5432
+ grouper
+ password
+ gr
+ grouper_to_midpoint
+ members
+ member_of
+ emailListName
+
+
+ false
+ false
+ false
+
+
+
+
+
+ account
+ default
+ Default Account
+ true
+ ri:subject
+
+
+ c:UserType
+
+
+
+ [ri:subject_id]
+
+
+ $user/name
+
+
+
+
+
+
+
+ [ri:member_of]
+ explicit
+
+
+ [ri:group]
+
+ strong
+
+
+ c:OrgType
+
+
+ name
+
+
+
+
+
+
+
+
+ grouper-group
+
+
+ subtype
+
+
+
+
+
+
+ assignment
+
+
+
+
+
+
+
+ entitlement
+ group
+ objectToSubject
+ ri:members
+ icfs:uid
+ ri:member_of
+ icfs:uid
+ false
+
+
+
+
+
+ unique_index
+ -
+
[name]
+
+
+
+
+
+
+
+ unmatched
+
+
+ true
+
+
+
+
+ unlinked
+
+
+ true
+
+
+
+
+ linked
+
+
+
+
+
+ deleted
+
+
+
+
+
+
+
+
+
+ entitlement
+ group
+ Group
+ true
+ ri:group
+
+
+ c:OrgType
+
+
+
+ [ri:emailListName]
+ explicit
+
+ strong
+
+ emailAddress
+
+
+
+
+
+ [icfs:uid]
+
+
+ $focus/name
+
+
+
+
+
+ [ri:group_name]
+
+ strong
+
+ extension/grouperName
+
+
+
+ strong
+
+
+
+
+ assignment
+
+ all
+
+
+
+
+
+ [ri:display_name]
+
+
+ extension/grouperDisplayName
+
+
+
+
+ $focus/displayName
+
+
+
+
+ [ri:description]
+
+
+ $focus/description
+
+
+
+
+
+ [ri:members]
+ explicit
+
+
+
+
+
+ unique_index
+ -
+
[name]
+
+
+
+
+
+
+
+ unmatched
+
+
+
+ true
+
+
+
+
+ unlinked
+
+
+ true
+
+
+
+
+ linked
+
+
+
+
+
+ deleted
+
+
+ true
+
+
+
+
+
+
+
+
+
+
+ 2023-05-24T13:23:53.145+02:00
+ d991389de17be20e-55b20a5934dbcc31
+
+
+
+
+ false
+
+
+
+
+ connector
+
+
+
+
+
+
+
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml b/demo/grouper/midpoint_server/post-initial-objects/resources/100-ldap-main.xml
similarity index 99%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml
rename to demo/grouper/midpoint_server/post-initial-objects/resources/100-ldap-main.xml
index 57bedbe..ffb88a2 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml
+++ b/demo/grouper/midpoint_server/post-initial-objects/resources/100-ldap-main.xml
@@ -36,11 +36,11 @@
directory
dc=internet2,dc=edu
- cn=Directory Manager
+ cn=admin,dc=internet2,dc=edu
password
- nsUniqueId
+ entryUUID
spr
memberOf
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-source-sis-persons.xml b/demo/grouper/midpoint_server/post-initial-objects/resources/100-source-sis-persons.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-source-sis-persons.xml
rename to demo/grouper/midpoint_server/post-initial-objects/resources/100-source-sis-persons.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-target-cs-portal.xml b/demo/grouper/midpoint_server/post-initial-objects/resources/100-target-cs-portal.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-target-cs-portal.xml
rename to demo/grouper/midpoint_server/post-initial-objects/resources/100-target-cs-portal.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-target-faculty-portal.xml b/demo/grouper/midpoint_server/post-initial-objects/resources/100-target-faculty-portal.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-target-faculty-portal.xml
rename to demo/grouper/midpoint_server/post-initial-objects/resources/100-target-faculty-portal.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-target-mailing-lists.xml b/demo/grouper/midpoint_server/post-initial-objects/resources/100-target-mailing-lists.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-target-mailing-lists.xml
rename to demo/grouper/midpoint_server/post-initial-objects/resources/100-target-mailing-lists.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml b/demo/grouper/midpoint_server/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
similarity index 79%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
rename to demo/grouper/midpoint_server/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
index a57bb9f..291410f 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
+++ b/demo/grouper/midpoint_server/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
@@ -90,6 +90,7 @@
+
displayName
@@ -149,46 +151,8 @@
-
- lifecycle state
- This mapping sets org lifecycle state to be either "active" or "retired", depending on
- whether Grouper group for this org still exists. Orgs in the latter state are on the way to deletion:
- their members are unassigned and after no members are there, the org is automatically deleted.
- strong
-
-
-
-
- lifecycleState
-
-
-
2
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-ldap-group.xml b/demo/grouper/midpoint_server/post-initial-objects/roles/200-metarole-ldap-group.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-ldap-group.xml
rename to demo/grouper/midpoint_server/post-initial-objects/roles/200-metarole-ldap-group.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-role-ldap-basic.xml b/demo/grouper/midpoint_server/post-initial-objects/roles/200-role-ldap-basic.xml
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-role-ldap-basic.xml
rename to demo/grouper/midpoint_server/post-initial-objects/roles/200-role-ldap-basic.xml
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/demo/grouper/midpoint_server/post-initial-objects/securityPolicy/000-security-policy.xml
similarity index 70%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
rename to demo/grouper/midpoint_server/post-initial-objects/securityPolicy/000-security-policy.xml
index b58d2fe..65c6fa7 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
+++ b/demo/grouper/midpoint_server/post-initial-objects/securityPolicy/000-security-policy.xml
@@ -1,5 +1,4 @@
-
-
+
Default Security Policy
@@ -16,21 +15,21 @@
midpointdemo-shibboleth
true
-
- /etc/pki/mp/sp-shibboleth-keys.jks
-
- changeit
-
- signing-key
-
- password
-
-
+
+ /opt/midpoint/var/shibboleth/shibboleth_sp_keys.jks
+
+ changeit
+
+ signing-key
+
+ password
+
+
- https://idptestbed/idp/shibboleth
+ https://idptestbed/idp/shibboleth
- /etc/shibboleth/idp-metadata.xml
+ /opt/midpoint/var/shibboleth/idp-metadata.xml
Shibboleth
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
@@ -40,16 +39,18 @@
- admin-gui-default
- Default gui sequence
+ admin-gui-saml-internal
+
+ Internal SAML2 GUI authentication sequence.
+
- true
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
- gui-default
+ true
+ saml-internal
- loginForm
- 1
+ mySamlSso
+ 30
sufficient
@@ -74,8 +75,8 @@
rest-default
- true
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest
+ true
rest-default
@@ -87,8 +88,8 @@
actuator-default
- true
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator
+ true
actuator-default
diff --git a/demo/grouper/midpoint_server/post-initial-objects/systemConfigurations/000-public-url.xml b/demo/grouper/midpoint_server/post-initial-objects/systemConfigurations/000-public-url.xml
new file mode 100644
index 0000000..d353b5e
--- /dev/null
+++ b/demo/grouper/midpoint_server/post-initial-objects/systemConfigurations/000-public-url.xml
@@ -0,0 +1,44 @@
+
+
+
+
+
+
+ c:SystemConfigurationType
+
+ modify
+
+ delta
+
+
+ add
+ infrastructure
+
+ https://localhost/midpoint
+
+
+
+
+
+
diff --git a/demo/grouper/midpoint-objects-manual/tasks/task-import-sis-persons.xml b/demo/grouper/midpoint_server/post-initial-objects/tasks/980_import-sis-persons.xml
similarity index 100%
rename from demo/grouper/midpoint-objects-manual/tasks/task-import-sis-persons.xml
rename to demo/grouper/midpoint_server/post-initial-objects/tasks/980_import-sis-persons.xml
diff --git a/demo/grouper/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml b/demo/grouper/midpoint_server/post-initial-objects/tasks/990_task-liveSync-grouper.xml
similarity index 66%
rename from demo/grouper/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
rename to demo/grouper/midpoint_server/post-initial-objects/tasks/990_task-liveSync-grouper.xml
index 421c1a0..88a504a 100644
--- a/demo/grouper/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
+++ b/demo/grouper/midpoint_server/post-initial-objects/tasks/990_task-liveSync-grouper.xml
@@ -1,5 +1,5 @@
+
+
- 605a0127-a313-442a-9d5e-151eac8b0745
+ bf9f49a0-04c3-464f-98cf-55b3553d9574
runnable
-
-
-
-
- single
-
loose
restart
+
+ recurring
+ 5
+
-
+
-
- ri:Group
+
-
+
diff --git a/demo/grouper/midpoint-objects-manual/tasks/task-async-update-grouper.xml b/demo/grouper/midpoint_server/post-initial-objects/tasks/990_task-reconciliation-grouper.xml
similarity index 50%
rename from demo/grouper/midpoint-objects-manual/tasks/task-async-update-grouper.xml
rename to demo/grouper/midpoint_server/post-initial-objects/tasks/990_task-reconciliation-grouper.xml
index 08f3c1a..5b9c491 100644
--- a/demo/grouper/midpoint-objects-manual/tasks/task-async-update-grouper.xml
+++ b/demo/grouper/midpoint_server/post-initial-objects/tasks/990_task-reconciliation-grouper.xml
@@ -17,18 +17,19 @@
- Grouper async updates
+ xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+ oid="605a0127-a313-442a-9d5e-151eac8b0745">
+ Grouper reconciliation
-
-
+
+
- 1552664339630-0-2
+ 605a0127-a313-442a-9d5e-151eac8b0745
runnable
-
+
@@ -37,15 +38,30 @@
loose
restart
-
-
-
-
-
-
-
-
- 1
-
+
+
+ 1
+
+
+
+
+ ri:group
+
+
+
+
+
+ 2
+
+
+
+
+ ri:subject
+
+
+
+
+
+
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/users/600-user-banderson.xml b/demo/grouper/midpoint_server/post-initial-objects/users/600-user-banderson.xml
similarity index 98%
rename from demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/users/600-user-banderson.xml
rename to demo/grouper/midpoint_server/post-initial-objects/users/600-user-banderson.xml
index eb6dd26..3c0352a 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/users/600-user-banderson.xml
+++ b/demo/grouper/midpoint_server/post-initial-objects/users/600-user-banderson.xml
@@ -23,10 +23,12 @@
Bob Anderson
Bob
Anderson
+
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/res/sis-persons/SchemaScript.groovy b/demo/grouper/midpoint_server/res/sis-persons/SchemaScript.groovy
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/res/sis-persons/SchemaScript.groovy
rename to demo/grouper/midpoint_server/res/sis-persons/SchemaScript.groovy
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/res/sis-persons/SearchScript.groovy b/demo/grouper/midpoint_server/res/sis-persons/SearchScript.groovy
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/res/sis-persons/SearchScript.groovy
rename to demo/grouper/midpoint_server/res/sis-persons/SearchScript.groovy
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/res/sis-persons/TestScript.groovy b/demo/grouper/midpoint_server/res/sis-persons/TestScript.groovy
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/res/sis-persons/TestScript.groovy
rename to demo/grouper/midpoint_server/res/sis-persons/TestScript.groovy
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/schema/internet2.xsd b/demo/grouper/midpoint_server/schema/internet2.xsd
similarity index 95%
rename from demo/grouper/midpoint_server/container_files/mp-home/schema/internet2.xsd
rename to demo/grouper/midpoint_server/schema/internet2.xsd
index c482436..2433d8b 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/schema/internet2.xsd
+++ b/demo/grouper/midpoint_server/schema/internet2.xsd
@@ -26,6 +26,7 @@
+
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/source-external.csv b/demo/grouper/midpoint_server/source-external.csv
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/source-external.csv
rename to demo/grouper/midpoint_server/source-external.csv
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/staff-portal.csv b/demo/grouper/midpoint_server/staff-portal.csv
similarity index 100%
rename from demo/grouper/midpoint_server/container_files/mp-home/staff-portal.csv
rename to demo/grouper/midpoint_server/staff-portal.csv
diff --git a/demo/grouper/purge-queue.sh b/demo/grouper/purge-queue.sh
deleted file mode 100755
index 2633e4d..0000000
--- a/demo/grouper/purge-queue.sh
+++ /dev/null
@@ -1 +0,0 @@
-docker exec grouper_mq_1 rabbitmqctl purge_queue sampleQueue
diff --git a/demo/grouper/recompute.sh b/demo/grouper/recompute.sh
deleted file mode 100755
index 0d9633e..0000000
--- a/demo/grouper/recompute.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-
-source $(dirname "$0")/../../library.bash
-
-recompute orgs d48ec05b-fffd-4262-acd3-d9ff63365b62
-recompute users e897468f-20bd-419c-8fc5-1fe60e2600de
diff --git a/demo/grouper/idp/shibboleth-idp/conf/attribute-filter.xml b/demo/grouper/shibboleth-idp/conf/attribute-filter.xml
similarity index 100%
rename from demo/grouper/idp/shibboleth-idp/conf/attribute-filter.xml
rename to demo/grouper/shibboleth-idp/conf/attribute-filter.xml
diff --git a/demo/shibboleth/idp/shibboleth-idp/conf/attribute-resolver.xml b/demo/grouper/shibboleth-idp/conf/attribute-resolver.xml
similarity index 100%
rename from demo/shibboleth/idp/shibboleth-idp/conf/attribute-resolver.xml
rename to demo/grouper/shibboleth-idp/conf/attribute-resolver.xml
diff --git a/demo/grouper/idp/shibboleth-idp/conf/idp.properties b/demo/grouper/shibboleth-idp/conf/idp.properties
similarity index 100%
rename from demo/grouper/idp/shibboleth-idp/conf/idp.properties
rename to demo/grouper/shibboleth-idp/conf/idp.properties
diff --git a/demo/shibboleth/idp/shibboleth-idp/conf/ldap.properties b/demo/grouper/shibboleth-idp/conf/ldap.properties
similarity index 100%
rename from demo/shibboleth/idp/shibboleth-idp/conf/ldap.properties
rename to demo/grouper/shibboleth-idp/conf/ldap.properties
diff --git a/demo/grouper/idp/shibboleth-idp/conf/metadata-providers.xml b/demo/grouper/shibboleth-idp/conf/metadata-providers.xml
similarity index 100%
rename from demo/grouper/idp/shibboleth-idp/conf/metadata-providers.xml
rename to demo/grouper/shibboleth-idp/conf/metadata-providers.xml
diff --git a/demo/grouper/shibboleth-idp/metadata/grouper-sp.xml b/demo/grouper/shibboleth-idp/metadata/grouper-sp.xml
new file mode 100644
index 0000000..59ce891
--- /dev/null
+++ b/demo/grouper/shibboleth-idp/metadata/grouper-sp.xml
@@ -0,0 +1,108 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ sp.example.org
+
+ CN=sp.example.org,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US
+ MIIDoTCCAomgAwIBAgIUXUq8nQrtKzyfKVa4vWPMNypvj3YwDQYJKoZIhvcNAQEL
+BQAwYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1JMRIwEAYDVQQHDAlBbm4gQXJi
+b3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcwFQYDVQQDDA5zcC5leGFtcGxl
+Lm9yZzAeFw0yNDA1MTcxMDI3NTRaFw0zNDA1MTUxMDI3NTRaMGAxCzAJBgNVBAYT
+AlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQKDA5J
+bnRlcm5ldDIvVElFUjEXMBUGA1UEAwwOc3AuZXhhbXBsZS5vcmcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdEGX6TqmgRmMsCDNvMyPbjtmpchAsqGDa
+Cfuai7lhc2daXOpIzbQKEdMVZBcANAGKUZyAsX0kOnr2m2QL6Qyo2vCUX6J1kNGA
+eUxymaXAGC5dwqmWxWwcWX0zGRgr/Vf3fckMALTsoJfJRVAYFMmVULA2s+vCzfSK
+lz9S2DGBXL0w32HK5MZtVoE2VTDw4upoMA/qnSId6kD594bfMPJc0UtlrjW854GW
+Nza5zUymXIpFzDNNJWj9Ua02ZmXsz8XVZ8OV3MnFu6+IOyyrJo28OO+HbRznBrJB
+YNVm7Xp9CcjQqHobfLtIdxA6Fx+hj1A8GUJDVywIP+HwgWK3k7TTAgMBAAGjUzBR
+MB0GA1UdDgQWBBRHic4T+LwfBK06uaGCJFcOwmqwETAfBgNVHSMEGDAWgBRHic4T
++LwfBK06uaGCJFcOwmqwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQAAEYXtBlrKj5ma7DeikxBewrVGR71MUUKNWJJAf+bcZqtVh7+O3NB5uJjh
+4zGphzYJOOzFQAqzSwVfVtVD+vD7Kiz6AlA1vMRZYLszaDQfjY/r9NKce2rey/Av
+Atj2CY2jYr/39N0LFvRYMJ48sEIkBGcuupRMej2K8BGFhvTpu5n5wWuUhVQWeJKT
+OVCaU2N8LbRtGtxpZK/O1Da1Wt6eSKbRXvzVWHAElOygc0/GI8d7JY9lBvw45E/+
+nEoKp74+Ny08HQgDVEG+j2mguWprCtnR3zaI/m/6pQSBo8Sw4t4Df3kL+7wU1Tgx
+4ZcnodN4uwnkgzNwTVmH4Eg41CJA
+
+
+
+
+
+
+ sp.example.org
+
+ CN=sp.example.org,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US
+ MIIDoTCCAomgAwIBAgIUXUq8nQrtKzyfKVa4vWPMNypvj3YwDQYJKoZIhvcNAQEL
+BQAwYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1JMRIwEAYDVQQHDAlBbm4gQXJi
+b3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcwFQYDVQQDDA5zcC5leGFtcGxl
+Lm9yZzAeFw0yNDA1MTcxMDI3NTRaFw0zNDA1MTUxMDI3NTRaMGAxCzAJBgNVBAYT
+AlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQKDA5J
+bnRlcm5ldDIvVElFUjEXMBUGA1UEAwwOc3AuZXhhbXBsZS5vcmcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdEGX6TqmgRmMsCDNvMyPbjtmpchAsqGDa
+Cfuai7lhc2daXOpIzbQKEdMVZBcANAGKUZyAsX0kOnr2m2QL6Qyo2vCUX6J1kNGA
+eUxymaXAGC5dwqmWxWwcWX0zGRgr/Vf3fckMALTsoJfJRVAYFMmVULA2s+vCzfSK
+lz9S2DGBXL0w32HK5MZtVoE2VTDw4upoMA/qnSId6kD594bfMPJc0UtlrjW854GW
+Nza5zUymXIpFzDNNJWj9Ua02ZmXsz8XVZ8OV3MnFu6+IOyyrJo28OO+HbRznBrJB
+YNVm7Xp9CcjQqHobfLtIdxA6Fx+hj1A8GUJDVywIP+HwgWK3k7TTAgMBAAGjUzBR
+MB0GA1UdDgQWBBRHic4T+LwfBK06uaGCJFcOwmqwETAfBgNVHSMEGDAWgBRHic4T
++LwfBK06uaGCJFcOwmqwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQAAEYXtBlrKj5ma7DeikxBewrVGR71MUUKNWJJAf+bcZqtVh7+O3NB5uJjh
+4zGphzYJOOzFQAqzSwVfVtVD+vD7Kiz6AlA1vMRZYLszaDQfjY/r9NKce2rey/Av
+Atj2CY2jYr/39N0LFvRYMJ48sEIkBGcuupRMej2K8BGFhvTpu5n5wWuUhVQWeJKT
+OVCaU2N8LbRtGtxpZK/O1Da1Wt6eSKbRXvzVWHAElOygc0/GI8d7JY9lBvw45E/+
+nEoKp74+Ny08HQgDVEG+j2mguWprCtnR3zaI/m/6pQSBo8Sw4t4Df3kL+7wU1Tgx
+4ZcnodN4uwnkgzNwTVmH4Eg41CJA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/demo/grouper/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml b/demo/grouper/shibboleth-idp/metadata/idp-metadata.xml
similarity index 98%
rename from demo/grouper/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
rename to demo/grouper/shibboleth-idp/metadata/idp-metadata.xml
index 28ae7d1..b273997 100644
--- a/demo/grouper/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
+++ b/demo/grouper/shibboleth-idp/metadata/idp-metadata.xml
@@ -202,8 +202,8 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
-
-
+
+
diff --git a/demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp.xml b/demo/grouper/shibboleth-idp/metadata/midpoint-sp.xml
similarity index 92%
rename from demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp.xml
rename to demo/grouper/shibboleth-idp/metadata/midpoint-sp.xml
index 5789ed8..fa0b437 100644
--- a/demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp.xml
+++ b/demo/grouper/shibboleth-idp/metadata/midpoint-sp.xml
@@ -25,8 +25,8 @@ and do *NOT* provide it in real time to your partners.
-
-
+
+
@@ -64,8 +64,8 @@ AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq+mjnyQSNe3s2
-
-
+
+
diff --git a/demo/grouper/show-queue-size.sh b/demo/grouper/show-queue-size.sh
deleted file mode 100755
index 0af6d80..0000000
--- a/demo/grouper/show-queue-size.sh
+++ /dev/null
@@ -1 +0,0 @@
-docker exec grouper_mq_1 rabbitmqctl list_queues
diff --git a/demo/grouper/ssh-tunnel-redir-fix.sh b/demo/grouper/ssh-tunnel-redir-fix.sh
deleted file mode 100755
index 42409a9..0000000
--- a/demo/grouper/ssh-tunnel-redir-fix.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-# This file is used for trainings with SSH tunnels.
-# It will change the hard-coded ports for Shibboleth, but will keep localhost.
-
-declare -a fileList=(
-"configs-and-secrets/midpoint/shibboleth/idp-metadata.xml"
-"configs-and-secrets/grouper/shibboleth/idp-metadata.xml"
-"idp/shibboleth-idp/metadata/idp-metadata.xml"
-"idp/shibboleth-idp/metadata/grouper-sp.xml"
-"idp/shibboleth-idp/metadata/midpoint-sp.xml"
-"idp/shibboleth-idp/metadata/midpoint-sp-new.xml"
-)
-
-if [ $# -eq 0 ]
-then
- echo 'Please specify a directory as the first argument (e.g. ".")'
- exit
-fi
-
-echo "Working in directory: $1";
-for f in "${fileList[@]}"
-do
- echo "Replacing in: $1/$f..."
- # We cannot SSH tunnel port 443 without root, so using 10443
- sed -i 's#https://localhost/#https://localhost:10443/#g' $f
-# sed -i 's#https://localhost:4443/#https://localhost:14443/#g' $f
-done
-
-exit
diff --git a/demo/grouper/test-resources.sh b/demo/grouper/test-resources.sh
deleted file mode 100755
index 5551e55..0000000
--- a/demo/grouper/test-resources.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-source $(dirname "$0")/../../library.bash
-
-test_resource 0a37121f-d515-4a23-9b6d-554c5ef61272
-test_resource 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15
-test_resource a343fc2e-3954-4034-ba1a-2b72c21e577a
-test_resource e417225d-8a08-46f3-9b5d-624990b52386
-test_resource fe805d13-481b-43ec-97d8-9d2df72cd38e
-test_resource 1eff65de-5bb6-483d-9edf-8cc2c2ee0233
-
diff --git a/demo/grouper/tests/main.bats b/demo/grouper/tests/main.bats
deleted file mode 100644
index 2d9e6b7..0000000
--- a/demo/grouper/tests/main.bats
+++ /dev/null
@@ -1,304 +0,0 @@
-#!/usr/bin/env bats
-
-load ../../../common
-load ../../../library
-
-@test "000 Cleanup before running the tests" {
- (cd ../simple ; docker-compose down -v)
- (cd ../shibboleth ; docker-compose down -v)
- docker-compose down -v
-}
-
-@test "010 Initialize and start the composition" {
- # We want to fail cleanly if there's any interference
- docker ps
- ! (docker ps | grep -E "shibboleth_(idp|directory)_1|(grouper|simple|shibboleth|postgresql)_(midpoint_server|midpoint_data)_1")
- docker-compose build --pull grouper_daemon grouper_ui grouper_data directory sources midpoint_data idp mq
- # Sometimes the tier/midpoint:xyz is not yet in the repository, causing issues with --pull
- docker-compose build midpoint_server
- docker-compose up -d
-}
-
-@test "020 Wait until components are started" {
- touch $BATS_TMPDIR/not-started
- wait_for_midpoint_start grouper_midpoint_server_1 grouper_midpoint_data_1
- wait_for_shibboleth_idp_start grouper_idp_1
- wait_for_grouper_ui_start grouper_grouper_ui_1
- rm $BATS_TMPDIR/not-started
-}
-
-@test "040 Check midPoint health" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- check_health
-}
-
-@test "050 Check Shibboleth IDP health" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- check_health_shibboleth_idp
-}
-
-#@test "060 Check Grouper health" {
-# if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-# skip TODO
-#}
-
-@test "100 Get 'administrator'" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- check_health
- get_and_check_object users 00000000-0000-0000-0000-000000000002 administrator
-}
-
-@test "110 And and get 'test110'" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- check_health
- echo "test110" >/tmp/test110.xml
- add_object users /tmp/test110.xml
- rm /tmp/test110.xml
- search_and_check_object users test110
- delete_object_by_name users test110
-}
-
-@test "200 Upload objects" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- # reduce data in SIS database so imports will take reasonable time
- docker exec grouper_sources_1 mysql sis -u root -p123321 -e "delete from SIS_COURSES where uid not in ('amorrison', 'banderson', 'cmorrison', 'danderson', 'ddavis', 'jsmith', 'kwhite', 'mroberts', 'whenderson', 'wprice')"
- docker exec grouper_sources_1 mysql sis -u root -p123321 -e "delete from SIS_AFFILIATIONS where uid not in ('amorrison', 'banderson', 'cmorrison', 'danderson', 'ddavis', 'jsmith', 'kwhite', 'mroberts', 'whenderson', 'wprice')"
- docker exec grouper_sources_1 mysql sis -u root -p123321 -e "delete from SIS_PERSONS where uid not in ('amorrison', 'banderson', 'cmorrison', 'danderson', 'ddavis', 'jsmith', 'kwhite', 'mroberts', 'whenderson', 'wprice')"
-
- check_health
- ./upload-objects.sh
-
- search_and_check_object objectTemplates template-user
-
- search_and_check_object archetypes affiliation
- search_and_check_object archetypes course
- search_and_check_object archetypes department
-
- search_and_check_object orgs affiliations
- search_and_check_object orgs courses
- search_and_check_object orgs departments
-
- search_and_check_object resources "LDAP (directory)"
- search_and_check_object resources "Grouper Resource"
- search_and_check_object resources "SQL SIS persons (sources)"
-
- search_and_check_object roles metarole-grouper-provided-group
- search_and_check_object roles metarole-ldap-group
- search_and_check_object roles role-ldap-basic
-}
-
-@test "210 Test resources" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
- test_resource 0a37121f-d515-4a23-9b6d-554c5ef61272
- test_resource 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15
- test_resource a343fc2e-3954-4034-ba1a-2b72c21e577a
- test_resource e417225d-8a08-46f3-9b5d-624990b52386
- test_resource fe805d13-481b-43ec-97d8-9d2df72cd38e
- test_resource 1eff65de-5bb6-483d-9edf-8cc2c2ee0233
-}
-
-@test "215 Recompute banderson and sysadmingroup" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- ./recompute.sh
-}
-
-@test "220 Import SIS_PERSONS" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- add_object tasks midpoint-objects-manual/tasks/task-import-sis-persons.xml
- search_and_check_object tasks "Import from SIS persons"
- wait_for_task_completion 22c2a3d0-0961-4255-9eec-c550a79aeaaa 6 10
- assert_task_success 22c2a3d0-0961-4255-9eec-c550a79aeaaa
-
- search_and_check_object users jsmith
- search_and_check_object users banderson
- search_and_check_object users kwhite
- search_and_check_object users whenderson
- search_and_check_object users ddavis
- search_and_check_object users cmorrison
- search_and_check_object users danderson
- search_and_check_object users amorrison
- search_and_check_object users wprice
- search_and_check_object users mroberts
-
- check_ldap_account_by_user_name jsmith grouper_directory_1
- check_ldap_account_by_user_name banderson grouper_directory_1
- check_ldap_account_by_user_name kwhite grouper_directory_1
- check_ldap_account_by_user_name whenderson grouper_directory_1
- check_ldap_account_by_user_name ddavis grouper_directory_1
- check_ldap_account_by_user_name cmorrison grouper_directory_1
- check_ldap_account_by_user_name danderson grouper_directory_1
- check_ldap_account_by_user_name amorrison grouper_directory_1
- check_ldap_account_by_user_name wprice grouper_directory_1
- check_ldap_account_by_user_name mroberts grouper_directory_1
-}
-
-@test "230 Create ref loaders" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- ./create-ref-loaders.sh
-}
-
-@test "235 Wait for loaders to run" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- sleep 120
-}
-
-@test "240 Create additional ref groups" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- ./add-ref-groups.sh
-}
-
-#@test "250 Check 'TestUser250' in midPoint and LDAP" {
-# if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-#
-# check_health
-# echo "TestUser250Test User250TestUser250password" >/tmp/testuser250.xml
-# add_object users /tmp/testuser250.xml
-# rm /tmp/testuser250.xml
-# search_and_check_object users TestUser250
-#
-# # probably will not work
-# execute_bulk_action tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml grouper_midpoint_server_1
-#
-# check_ldap_account_by_user_name TestUser250 grouper_directory_1
-# check_of_ldap_membership TestUser250 "ou=groups,dc=internet2,dc=edu" "sysadmingroup" grouper_directory_1
-#
-# delete_object_by_name users TestUser250
-#}
-
-@test "310 Import Grouper-to-midPoint async update task" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- check_health
- add_object tasks midpoint-objects-manual/tasks/task-async-update-grouper.xml
- search_and_check_object tasks "Grouper async updates"
-}
-
-@test "320 Wait for the queue to become empty" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- ATTEMPT=0
- MAX_ATTEMPTS=20
- DELAY=10
-
- get_messages sampleQueue
- echo "Messages: $MESSAGES"
-
- until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
- ATTEMPT=$((ATTEMPT+1))
- get_messages sampleQueue
- echo "Messages: $MESSAGES"
- if [ "$MESSAGES" = "0" ]; then return 0; fi
- echo "Waiting $DELAY seconds for the queue to become empty (attempt $ATTEMPT) ..."
- sleep $DELAY
- done
- return 1
-}
-
-@test "330 Check groups in midPoint and LDAP" {
- #skip 'Temporarily disabled because it caused problem in I2 buid system'
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- search_and_check_object orgs course_ACCT101
- search_and_check_object orgs course_ACCT201
- search_and_check_object orgs course_CS251
- search_and_check_object orgs course_CS252
- search_and_check_object orgs course_MATH100
- search_and_check_object orgs course_MATH101
- search_and_check_object orgs course_SCI123
- search_and_check_object orgs course_SCI404
-
- check_ldap_courses_by_name course_ACCT101 grouper_directory_1
- check_ldap_courses_by_name course_ACCT201 grouper_directory_1
- check_ldap_courses_by_name course_CS251 grouper_directory_1
- check_ldap_courses_by_name course_CS252 grouper_directory_1
- check_ldap_courses_by_name course_MATH100 grouper_directory_1
- check_ldap_courses_by_name course_MATH101 grouper_directory_1
- check_ldap_courses_by_name course_SCI123 grouper_directory_1
- check_ldap_courses_by_name course_SCI404 grouper_directory_1
-}
-
-@test "340 Execute triggers and check group membership in LDAP" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- sleep 60
- run_task_now "00000000-0000-0000-0000-000000000007" grouper_midpoint_server_1
- sleep 30
-
-# memberships will be there only after triggers are executed
-
- check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" grouper_directory_1
- check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" grouper_directory_1
- check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" grouper_directory_1
- check_of_ldap_membership whenderson "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" grouper_directory_1
-
- check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" grouper_directory_1
- check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" grouper_directory_1
- check_of_ldap_membership ddavis "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" grouper_directory_1
- check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" grouper_directory_1
-
- check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "CS252" grouper_directory_1
-
- check_of_ldap_membership danderson "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" grouper_directory_1
- check_of_ldap_membership ddavis "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" grouper_directory_1
- check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" grouper_directory_1
- check_of_ldap_membership wprice "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" grouper_directory_1
-
- check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" grouper_directory_1
- check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" grouper_directory_1
- check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" grouper_directory_1
-
- check_of_ldap_membership danderson "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI123" grouper_directory_1
- check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI123" grouper_directory_1
-
- check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI404" grouper_directory_1
- check_of_ldap_membership wprice "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI404" grouper_directory_1
-}
-
-@test "400 Suspend async update task" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- suspend_task 47fc57bd-8c34-4555-9b9f-7087ff179860 grouper_midpoint_server_1
- wait_for_task_completion 47fc57bd-8c34-4555-9b9f-7087ff179860 5 10
-}
-
-@test "410 Add wprice to 'ref:affiliation:alum_includes' groups" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- docker cp tests/resources/grouper/t410.gsh grouper_grouper_daemon_1:/tmp/
- docker exec grouper_grouper_daemon_1 bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/t410.gsh"
-}
-
-@test "420 Reconcile Grouper" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- add_object tasks midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
- search_and_check_object tasks "Grouper reconciliation (groups)"
- wait_for_task_completion 605a0127-a313-442a-9d5e-151eac8b0745 6 10
- assert_task_success 605a0127-a313-442a-9d5e-151eac8b0745
-}
-
-@test "430 Recompute users" {
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- add_object tasks midpoint-objects-manual/tasks/task-recomputation-users.xml
- search_and_check_object tasks "User recomputation"
- wait_for_task_completion 83a737ea-5eb7-4e78-b431-331cccf02354 6 10
- assert_task_success 83a737ea-5eb7-4e78-b431-331cccf02354
-}
-
-@test "440 Check wprice group membership in LDAP" {
- #skip 'Temporarily disabled because it caused problem in I2 buid system'
- if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
-
- check_of_ldap_membership wprice "ou=Affiliations,ou=Groups,dc=internet2,dc=edu" "alum" grouper_directory_1
-}
-
-@test "999 Clean up" {
- docker-compose down -v
-}
diff --git a/demo/grouper/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml b/demo/grouper/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml
deleted file mode 100644
index 9ec69a2..0000000
--- a/demo/grouper/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
- c:UserType
-
-
- c:name
- banderson
-
-
-
- assign
-
- role
- d48ec05b-fffd-4262-acd3-d9ff63365b62
-
-
-
-
diff --git a/demo/grouper/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml b/demo/grouper/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml
deleted file mode 100644
index f8c84b3..0000000
--- a/demo/grouper/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
- c:UserType
-
-
- c:name
- TestUser250
-
-
-
- assign
-
- role
- d48ec05b-fffd-4262-acd3-d9ff63365b62
-
-
-
-
diff --git a/demo/grouper/tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml b/demo/grouper/tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml
deleted file mode 100644
index 1356484..0000000
--- a/demo/grouper/tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
- c:RoleType
-
-
- name
- role-grouper-sysadmin
-
-
-
- recompute
-
-
-
diff --git a/demo/grouper/tests/resources/grouper/old-t410.gsh b/demo/grouper/tests/resources/grouper/old-t410.gsh
deleted file mode 100644
index 69e4b18..0000000
--- a/demo/grouper/tests/resources/grouper/old-t410.gsh
+++ /dev/null
@@ -1,11 +0,0 @@
-System.out.println("************** t410.gsh starting **************");
-
-gs = GrouperSession.startRootSession()
-
-testGroup = GroupFinder.findByName(gs, 'midpoint:test')
-kwhite = SubjectFinder.findById('kwhite', 'person', 'ldap')
-wprice = SubjectFinder.findById('wprice', 'person', 'ldap')
-testGroup.deleteMember(kwhite, false)
-testGroup.deleteMember(wprice, false)
-
-System.out.println("************** t410.gsh done **************");
diff --git a/demo/grouper/tests/resources/grouper/t300.gsh b/demo/grouper/tests/resources/grouper/t300.gsh
deleted file mode 100644
index d2b63e3..0000000
--- a/demo/grouper/tests/resources/grouper/t300.gsh
+++ /dev/null
@@ -1,15 +0,0 @@
-System.out.println("************** t300.gsh starting **************");
-
-gs = GrouperSession.startRootSession()
-
-exportedGroups = GroupFinder.findByName(gs, 'etc:exportedGroups')
-alumSubject = SubjectFinder.findByIdentifier('ref:affiliation:alum', 'group', 'g:gsa')
-exportedGroups.addMember(alumSubject, false)
-
-alumIncludes = GroupFinder.findByName(gs, 'ref:affiliation:alum_includes')
-testGroup = GroupFinder.findByName(gs, 'etc:testGroup')
-wprice = SubjectFinder.findById('wprice', 'person', 'ldap')
-alumIncludes.addMember(wprice, false)
-testGroup.addMember(wprice, false)
-
-System.out.println("************** t300.gsh done **************");
diff --git a/demo/grouper/tests/resources/grouper/t350.gsh b/demo/grouper/tests/resources/grouper/t350.gsh
deleted file mode 100644
index d0d2d3e..0000000
--- a/demo/grouper/tests/resources/grouper/t350.gsh
+++ /dev/null
@@ -1,12 +0,0 @@
-System.out.println("************** t350.gsh starting **************");
-
-gs = GrouperSession.startRootSession()
-
-alumIncludes = GroupFinder.findByName(gs, 'ref:affiliation:alum_includes')
-testGroup = GroupFinder.findByName(gs, 'midpoint:test')
-kwhite = SubjectFinder.findById('kwhite', 'person', 'ldap')
-wprice = SubjectFinder.findById('wprice', 'person', 'ldap')
-testGroup.addMember(kwhite, false)
-alumIncludes.deleteMember(wprice, false)
-
-System.out.println("************** t350.gsh done **************");
diff --git a/demo/grouper/tests/resources/grouper/t410.gsh b/demo/grouper/tests/resources/grouper/t410.gsh
deleted file mode 100644
index 5c803bd..0000000
--- a/demo/grouper/tests/resources/grouper/t410.gsh
+++ /dev/null
@@ -1,9 +0,0 @@
-System.out.println("************** t410.gsh starting **************");
-
-gs = GrouperSession.startRootSession()
-
-alumIncludesGroup = GroupFinder.findByName(gs, 'ref:affiliation:alum_includes')
-wprice = SubjectFinder.findById('wprice', 'person', 'ldap')
-alumIncludesGroup.addMember(wprice, false)
-
-System.out.println("************** t410.gsh done **************");
diff --git a/demo/grouper/tests/resources/rabbitmq/check-samplequeue.sh b/demo/grouper/tests/resources/rabbitmq/check-samplequeue.sh
deleted file mode 100755
index e336a63..0000000
--- a/demo/grouper/tests/resources/rabbitmq/check-samplequeue.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-count=$(rabbitmqctl list_queues | grep sampleQueue | awk '{print $2}')
-if [[ -z $count || $count -eq 0 ]]; then
- echo "ERROR: sampleQueue does not exist or is empty"
- exit 1
-else
- echo "OK: sampleQueue has $count message(s)"
- exit 0
-fi
diff --git a/demo/grouper/tests/resources/tasks/task-livesync-grouper-single.xml b/demo/grouper/tests/resources/tasks/task-livesync-grouper-single.xml
deleted file mode 100644
index 365d007..0000000
--- a/demo/grouper/tests/resources/tasks/task-livesync-grouper-single.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-
- LiveSync from Grouper
-
- account
- ri:AccountObjectClass
-
- 1535465478027-0-1
-
- runnable
- LiveSynchronization
- http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/live-sync/handler-3
-
- single
- loose
-
diff --git a/demo/grouper/tests/resources/users/user-grouper-admin.xml b/demo/grouper/tests/resources/users/user-grouper-admin.xml
deleted file mode 100644
index d785e47..0000000
--- a/demo/grouper/tests/resources/users/user-grouper-admin.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
- grouper-admin
-
-
-
-
-
- Grouper admin
- Grouper
- Admin
-
-
- password
-
-
-
-
diff --git a/demo/grouper/update-bgasper-in-grouper.gsh b/demo/grouper/update-bgasper-in-grouper.gsh
deleted file mode 100644
index b0ed0b2..0000000
--- a/demo/grouper/update-bgasper-in-grouper.gsh
+++ /dev/null
@@ -1,13 +0,0 @@
-
-def add(gs,groupName,subject) {
- GroupFinder.findByName(gs, groupName, true).addMember(subject, false)
-}
-
-gs = GrouperSession.startRootSession()
-
-def bgasper = SubjectFinder.findById('bgasper', 'user', 'ldap')
-add(gs, 'ref:affiliation:alum_excludes', bgasper)
-add(gs, 'ref:affiliation:faculty_includes', bgasper)
-add(gs, 'app:mailinglist:chess', bgasper)
-add(gs, 'app:mailinglist:idm-fans', bgasper)
-add(gs, 'test:volunteers', bgasper)
diff --git a/demo/grouper/update-bgasper-in-grouper.sh b/demo/grouper/update-bgasper-in-grouper.sh
deleted file mode 100755
index 31abf04..0000000
--- a/demo/grouper/update-bgasper-in-grouper.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-source ../../library.bash
-
-execute_gsh grouper_grouper_daemon_1 update-bgasper-in-grouper.gsh
diff --git a/demo/grouper/upload-async-update-task.sh b/demo/grouper/upload-async-update-task.sh
deleted file mode 100755
index bdf8ba2..0000000
--- a/demo/grouper/upload-async-update-task.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-source ../../library.bash
-
-upload_from_file midpoint-objects-manual/tasks/task-async-update-grouper.xml
diff --git a/demo/grouper/upload-import-sis-persons.sh b/demo/grouper/upload-import-sis-persons.sh
deleted file mode 100755
index 058c9af..0000000
--- a/demo/grouper/upload-import-sis-persons.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-source ../../library.bash
-
-upload_from_file midpoint-objects-manual/tasks/task-import-sis-persons.xml
diff --git a/demo/grouper/upload-objects.sh b/demo/grouper/upload-objects.sh
deleted file mode 100755
index 93f8a15..0000000
--- a/demo/grouper/upload-objects.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-function upload () {
- local filename=$1
- local regex="midpoint-objects/(.*)/(.*)"
- if [[ $filename =~ $regex ]]
- then
- type="${BASH_REMATCH[1]}"
- oid=`cat $filename | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
- echo "Uploading $filename ($type, $oid)"
- curl -k --user administrator:Password1 -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$type/$oid?options=overwrite&options=raw" --data-binary @$filename
- else
- echo "Skipping $filename"
- fi
-}
-
-find midpoint-objects -name "*.xml" | while read filename; do upload $filename; done
diff --git a/demo/grouper/upload-recompute-users.sh b/demo/grouper/upload-recompute-users.sh
deleted file mode 100755
index 42b5551..0000000
--- a/demo/grouper/upload-recompute-users.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-source ../../library.bash
-
-upload_from_file midpoint-objects-manual/tasks/task-recomputation-users.xml
diff --git a/demo/grouper/upload-reconcile-grouper-groups.sh b/demo/grouper/upload-reconcile-grouper-groups.sh
deleted file mode 100755
index 94deb18..0000000
--- a/demo/grouper/upload-reconcile-grouper-groups.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-source ../../library.bash
-
-upload_from_file midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
diff --git a/container_files/httpd/conf/midpoint.conf.auth.shibboleth b/demo/shibboleth-apache-sp/apache/httpd/conf.d/midpoint.conf
similarity index 52%
rename from container_files/httpd/conf/midpoint.conf.auth.shibboleth
rename to demo/shibboleth-apache-sp/apache/httpd/conf.d/midpoint.conf
index e8fcc24..20aa6d2 100644
--- a/container_files/httpd/conf/midpoint.conf.auth.shibboleth
+++ b/demo/shibboleth-apache-sp/apache/httpd/conf.d/midpoint.conf
@@ -3,7 +3,7 @@ Timeout 2400
ProxyTimeout 2400
ProxyBadHeader Ignore
-ProxyPass /midpoint ajp://localhost:9090/midpoint secret=s3cr3t timeout=2400 retry=0
+ProxyPass /midpoint ajp://midpoint_server:9090/midpoint secret=s3cr3t timeout=2400 retry=0
AuthType shibboleth
@@ -19,3 +19,19 @@ ProxyPass /midpoint ajp://localhost:9090/midpoint secret=s3cr3t timeout=2400 ret
AuthType None
Require all granted
+
+
+ AuthType shibboleth
+ ShibRequestSetting requireSession 1
+ ShibRequireSession on
+ ShibUseHeaders On
+ require shibboleth
+
+
+
+ AuthType shibboleth
+ ShibRequestSetting requireSession false
+ ShibUseHeaders On
+ require shibboleth
+
+
diff --git a/demo/shibboleth-apache-sp/apache/httpd/conf.d/ssl-enable.conf b/demo/shibboleth-apache-sp/apache/httpd/conf.d/ssl-enable.conf
new file mode 100644
index 0000000..b529fa2
--- /dev/null
+++ b/demo/shibboleth-apache-sp/apache/httpd/conf.d/ssl-enable.conf
@@ -0,0 +1,18 @@
+
+ RewriteEngine on
+ RewriteRule "^/$" "/midpoint/" [R]
+
+
+ SSLEngine on
+
+ SSLCertificateFile /etc/httpd/certs/host-cert.pem
+
+ SSLCertificateKeyFile /etc/httpd/certs/host-key.pem
+
+ # HSTS (mod_headers is required) (15768000 seconds = 6 months)
+ Header always set Strict-Transport-Security "max-age=15768000"
+
+ RewriteRule "^/midpoint/$" "/midpoint/auth/shib" [R]
+
+
+
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/attribute-map.xml b/demo/shibboleth-apache-sp/apache/shibboleth/attribute-map.xml
similarity index 100%
rename from demo/shibboleth/configs-and-secrets/midpoint/shibboleth/attribute-map.xml
rename to demo/shibboleth-apache-sp/apache/shibboleth/attribute-map.xml
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml b/demo/shibboleth-apache-sp/apache/shibboleth/shibboleth2.xml
similarity index 100%
rename from demo/shibboleth/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
rename to demo/shibboleth-apache-sp/apache/shibboleth/shibboleth2.xml
diff --git a/demo/shibboleth-apache-sp/beacon/Dockerfile b/demo/shibboleth-apache-sp/beacon/Dockerfile
new file mode 100644
index 0000000..68339b6
--- /dev/null
+++ b/demo/shibboleth-apache-sp/beacon/Dockerfile
@@ -0,0 +1,14 @@
+FROM rockylinux:9.3
+
+COPY container_files/* /opt/tier/
+
+RUN dnf update -y --disablerepo=\* --enablerepo=baseos && \
+ dnf install -y cronie-anacron crontabs cronie --disablerepo=\* --enablerepo=baseos && \
+ dnf clean all -y ; \
+ /opt/tier/setup-cron.sh ;
+
+ENV TIER_RELEASE=not-released-yet \
+ TIER_MAINTAINER=tier \
+ MP_VERSION=4.8
+
+CMD [ "/usr/sbin/crond", "-n", "-i", "-m", "off" ]
diff --git a/demo/shibboleth-apache-sp/beacon/container_files/sendtierbeacon.sh b/demo/shibboleth-apache-sp/beacon/container_files/sendtierbeacon.sh
new file mode 100755
index 0000000..8f066f7
--- /dev/null
+++ b/demo/shibboleth-apache-sp/beacon/container_files/sendtierbeacon.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+LOGHOST="collector.testbed.tier.internet2.edu"
+LOGPORT="5001"
+
+if [ -s /opt/tier/env.bash ]; then
+ . /opt/tier/env.bash
+fi
+
+messagefile="/tmp/beaconmsg"
+
+if [ -z "$TIER_BEACON_OPT_OUT" ]; then
+ cat > $messagefile </dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ echo "TIER beacon sent"
+ else
+ echo "Failed to send TIER beacon"
+ fi
+
+ rm -f $messagefile 1>/dev/null 2>&1
+
+else
+ echo "TIER beacon skipped - scheduled but Opted out"
+fi
diff --git a/demo/shibboleth-apache-sp/beacon/container_files/setup-cron.sh b/demo/shibboleth-apache-sp/beacon/container_files/setup-cron.sh
new file mode 100755
index 0000000..2d33d3a
--- /dev/null
+++ b/demo/shibboleth-apache-sp/beacon/container_files/setup-cron.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+CRONFILE=/opt/tier/tier-cron
+
+echo "#send daily \"beacon\" to central" > ${CRONFILE}
+echo "" >> ${CRONFILE}
+echo "# ┌───────────── minute (0–59)" >> ${CRONFILE}
+echo "# │ ┌───────────── hour (0–23)" >> ${CRONFILE}
+echo "# │ │ ┌───────────── day of the month (1–31)" >> ${CRONFILE}
+echo "# │ │ │ ┌───────────── month (1–12)" >> ${CRONFILE}
+echo "# │ │ │ │ ┌───────────── day of the week (0–6) (Sunday to Saturday;" >> ${CRONFILE}
+echo "# │ │ │ │ │ 7 is also Sunday on some systems)" >> ${CRONFILE}
+echo "# │ │ │ │ │" >> ${CRONFILE}
+echo "# │ │ │ │ │" >> ${CRONFILE}
+echo "# * * * * * " >> ${CRONFILE}
+echo "" >> ${CRONFILE}
+echo "$(expr $RANDOM % 60) $(expr $RANDOM % 4) * * * /opt/tier/sendtierbeacon.sh 2>&1 | tee /proc/1/fd/1 >> /tmp/logcrond" >> ${CRONFILE}
+echo "" >> ${CRONFILE}
+echo "# List the current setting of the crontab to the log (when is the beacon scheduled)" >> ${CRONFILE}
+echo "@reboot crontab -l >/proc/1/fd/1" >> ${CRONFILE}
+echo "" >> ${CRONFILE}
+
+chmod 644 ${CRONFILE}
+crontab ${CRONFILE}
diff --git a/demo/shibboleth-apache-sp/directory/Dockerfile b/demo/shibboleth-apache-sp/directory/Dockerfile
new file mode 100644
index 0000000..4880156
--- /dev/null
+++ b/demo/shibboleth-apache-sp/directory/Dockerfile
@@ -0,0 +1,35 @@
+FROM rockylinux:9.3 as baseinst
+
+RUN dnf update -y && \
+ dnf install -y --enablerepo=devel openldap openldap-clients openldap-servers && \
+ dnf clean all && \
+ rm -rf /var/cache/dnf
+
+EXPOSE 389/tcp
+
+VOLUME /var/lib/ldap
+
+FROM baseinst
+
+#LABEL author="tier-packaging@internet2.edu "
+
+ARG ldapDomain="dc=internet2,dc=edu"
+ARG ldapPw="password"
+
+COPY container_files/* /opt
+
+RUN cd /opt ; \
+ /opt/slapd.sh -init ; \
+ /opt/gen_config_update "${ldapDomain}" "${ldapPw}" "0" "0" ;\
+ cat 999_schema-list | while read line ; do \
+ ldapadd -H ldapi:/// -f /etc/openldap/schema/${line}.ldif ; \
+ done ; \
+ for s in 0 1 2 3 4 5 6 7 8 9 ; do \
+ find -type f -name "${s}[0-4]?_*.ldif" -exec ldapmodify -H ldapi:/// -f /opt/\{\} \; ; \
+ find -type f -name "${s}[5-9]?_*.ldif" -exec ldapadd -H ldapi:/// -f /opt/\{\} \; ; \
+ done ; \
+ rm /opt/[0-9]* && \
+ /opt/slapd.sh -stop ;
+
+CMD [ "/opt/slapd.sh", "-limit", "1024", "-debug", "256" ]
+
diff --git a/demo/shibboleth-apache-sp/directory/container_files/gen_config_update b/demo/shibboleth-apache-sp/directory/container_files/gen_config_update
new file mode 100755
index 0000000..a23fccc
--- /dev/null
+++ b/demo/shibboleth-apache-sp/directory/container_files/gen_config_update
@@ -0,0 +1,203 @@
+#!/bin/bash
+domain="${1:-dc=example,dc=com}"
+if [ $(echo -n ${domain} | wc -c ) -eq $(echo -n ${domain} | tr -d "," | wc -c) ]
+then
+ subDomain="${domain:4}"
+else
+ subDomain="$(echo -n ${domain:4} | cut -d , -f 1)"
+fi
+userpw="${2:-change_me}"
+cleartext="${3:-0}"
+locDebug="${4:-0}"
+
+function genPass() {
+ retVal="userPassword:"
+ if [ "${cleartext}" != "1" ]
+ then
+ secPw="$(slappasswd -s ${userpw})"
+ secPw2="$(echo -n ${secPw} | base64 )"
+ [ "${locDebug}" != "0" ] && echo "${userpw} => ${secPw} => ${secPw2}" >&2
+ retVal="${retVal}: ${secPw2}"
+ else
+ [ "${locDebug}" != "0" ] && echo "${userpw}" >&2
+ retVal="${retVal} ${userpw}"
+ fi
+ while [ ${#retVal} -gt 78 ]
+ do
+ echo "${retVal:0:78}"
+ retVal=" ${retVal:78}"
+ done
+ if [ ${#retVal} -gt 2 ]
+ then
+ echo "${retVal}"
+ fi
+}
+
+cat >999_schema-list <001_monitor-diff.ldif <101_mdb-diff.ldif <251_mod_config.ldif <151_default_structure.ldif <252_default_policy.ldif <851_default_structure.ldif <959_default_structure.ldif <&2
+ ulimit -n ${localLimit}
+ exec /usr/sbin/slapd -4 -h "ldapi:///" -u ldap -g ldap
+ exit 0
+ ;;
+ stop)
+ while read line
+ do
+ kill ${line}
+ count=0
+ while [ -e /proc/${line} ]
+ do
+ [ ${count} -gt 10 ] && kill -9 ${line}
+ echo "Waiting to terminate the process"
+ count=$(( ${count} + 1 ))
+ sleep 1
+ done
+ echo "Terminated..."
+ ${0} -stop
+ done < <( grep "^slapd$" /proc/*/comm | head -1 | cut -d / -f 3 )
+ exit 0
+ ;;
+ esac
+done
+
+ulimit -n ${localLimit}
+
+
+if [ -z ${LDAP_INIT+x} ]
+then
+ [ ! -z ${LDAP_INFO+x} ] && echo "uLimit : ${localLimit} / debug level : ${debugLevel}" >&2
+ exec /usr/sbin/slapd -h "ldap://0.0.0.0:389 ldapi:///" -u ldap -g ldap -d ${debugLevel}
+else
+ [ ! -z ${LDAP_INFO+x} ] && echo "uLimit : ${localLimit}" >&2
+ exec /usr/sbin/slapd -4 -h "ldapi:///" -u ldap -g ldap
+fi
+
diff --git a/demo/shibboleth-apache-sp/docker-compose.yml b/demo/shibboleth-apache-sp/docker-compose.yml
new file mode 100644
index 0000000..499eb50
--- /dev/null
+++ b/demo/shibboleth-apache-sp/docker-compose.yml
@@ -0,0 +1,328 @@
+version: "3.3"
+
+services:
+ prereq:
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+ command: >
+ bash -c "
+ echo ' - - - - - - -' ;
+ cd /mnt/security ;
+ if [ ! -e key.pem ] ;
+ then
+ echo 'Certificate has not been found. Generating of the new one...' ;
+ openssl req -newkey rsa:2048 -keyout key.pem -nodes -subj '/C=US/ST=MI/L=Ann Arbor/O=Internet2\\/TIER/CN=midpoint.sp.example.org' -addext 'subjectAltName = DNS:midpoint.sp.example.org, DNS:midpoint_server, DNS:directory, DNS:idp, DNS: localhost, DNS: localhost.localdomain, IP:127.0.0.1, IP:::1' -out cert.pem -days 1825 -x509 ;
+ openssl req -newkey rsa:3072 -keyout sp-encrypt-key.pem -nodes -subj '/CN=sptest.example.edu' -addext 'subjectAltName = DNS:sptest.example.edu' -out sp-encrypt-cert.pem -days 3650 -x509 ;
+ openssl req -newkey rsa:3072 -keyout sp-signing-key.pem -nodes -subj '/CN=sptest.example.edu' -addext 'subjectAltName = DNS:sptest.example.edu' -out sp-signing-cert.pem -days 3650 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-backchannel.key -nodes -subj '/CN=idptestbed' -addext 'subjectAltName = DNS:idptestbed, URI:https://idptestbed/idp/shibboleth' -out idp-backchannel.crt -days 7300 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-encryption.key -nodes -subj '/CN=idptestbed' -addext 'subjectAltName = DNS:idptestbed, URI:https://idptestbed/idp/shibboleth' -out idp-encryption.crt -days 7300 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-signing.key -nodes -subj '/CN=idptestbed' -addext 'subjectAltName = DNS:idptestbed, URI:https://idptestbed/idp/shibboleth' -out idp-signing.crt -days 7300 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-browser.key -nodes -subj '/CN=idp.ccc.local' -addext 'authorityKeyIdentifier = keyid:always,issuer:always' -out idp-browser.crt -days 10585 -x509 ;
+ openssl x509 -noout -fingerprint -sha256 -in cert.pem ;
+ openssl pkcs12 -export -in sp-signing-cert.pem -inkey sp-signing-key.pem -out signing-key.p12 -passout pass:password -name signing-key ;
+ openssl pkcs12 -export -in sp-encrypt-cert.pem -inkey sp-encrypt-key.pem -out encrypt-key.p12 -passout pass:password -name encrypt-key ;
+ openssl pkcs12 -export -in cert.pem -inkey key.pem -out keystore.p12 -passout pass:password -name selfsigned ;
+ keytool -importkeystore -srckeystore encrypt-key.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias encrypt-key -destkeystore shibboleth_sp_keys.jks -deststoretype jks -deststorepass changeit -noprompt -destalias encrypt-key ;
+ keytool -importkeystore -srckeystore signing-key.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias signing-key -destkeystore shibboleth_sp_keys.jks -deststoretype jks -deststorepass changeit -noprompt -destalias signing-key ;
+ keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias selfsigned -destkeystore keystore.jks -deststoretype jks -deststorepass password -noprompt -destalias selfsigned ;
+ keytool -list -keystore shibboleth_sp_keys.jks -storetype jceks -storepass changeit ;
+ keytool -list -keystore keystore.jks -storetype jceks -storepass password ;
+ openssl pkcs12 -export -in idp-backchannel.crt -inkey idp-backchannel.key -out idp-backchannel.p12 -passout pass:password -name idptestbed ;
+ openssl pkcs12 -export -in idp-browser.crt -inkey idp-browser.key -out idp-browser.p12 -passout pass:password -name myAlias ;
+ for s in *ert.pem *.crt ; do echo ' - - - - - ' ; echo $${s} ; openssl x509 -noout -fingerprint -sha256 -in $${s} ; echo ; openssl x509 -noout -subject -subject_hash -dates -in $${s} ; done ;
+ echo ' - - - - - ' ;
+ mkdir /mnt/httpd/certs ;
+ cp cert.pem /mnt/httpd/certs/host-cert.pem ;
+ cp key.pem /mnt/httpd/certs/host-key.pem ;
+ cp cert.pem /mnt/midpoint/var ;
+ cp -v /mnt/apache/httpd/conf.d/* /mnt/httpd/conf.d ;
+ cp -v /mnt/apache/httpd/conf.modules.d/* /mnt/httpd/conf.modules.d ;
+ cp -v /mnt/apache/shibboleth/* /mnt/shibboleth-sp ;
+ cp -v sp-encrypt-cert.pem /mnt/shibboleth-sp ;
+ cp -v sp-encrypt-key.pem /mnt/shibboleth-sp ;
+ cp -v sp-signing-cert.pem /mnt/shibboleth-sp ;
+ cp -v sp-signing-key.pem /mnt/shibboleth-sp ;
+ cp idp-backchannel.crt /mnt/shibboleth-idp/credentials ;
+ cp idp-backchannel.p12 /mnt/shibboleth-idp/credentials ;
+ cp idp-browser.p12 /mnt/shibboleth-idp/credentials ;
+ cp idp-encryption.crt /mnt/shibboleth-idp/credentials ;
+ cp idp-encryption.key /mnt/shibboleth-idp/credentials ;
+ cp idp-signing.crt /mnt/shibboleth-idp/credentials ;
+ cp idp-signing.key /mnt/shibboleth-idp/credentials ;
+ cp sp-signing-cert.pem /mnt/shibboleth-idp/credentials ;
+ cp sp-encrypt-cert.pem /mnt/shibboleth-idp/credentials ;
+ cp keystore.jks /mnt/shibboleth/certs ;
+ echo ' - - - - - ' ;
+ find -type f ;
+ echo ' - - - - - - -' ;
+ find /mnt/shibboleth-idp/ -type f ;
+ echo ' - - - - - - -' ;
+ find /mnt/shibboleth -type f ;
+ echo ' - - - - - - -' ;
+ find /mnt/midpoint/ -type f ;
+ echo ' - - - - - - -' ;
+ else echo 'certificate already exists... (skip new cert generation)' ;
+ fi ;
+ if [ ! -e /mnt/shared_pw/db_pass ] ; then
+ echo 'Generating password for DB connection...';
+ dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d -c [0-9a-z] | cut -c 1-32 | tr -d [[:space:]] > /mnt/shared_pw/db_pass ;
+ fi ;
+ "
+ networks:
+ - net
+ volumes:
+ - security_object:/mnt/security
+ - shared_pw:/mnt/shared_pw
+ - idp_credentials:/mnt/shibboleth-idp/credentials
+ - idp_certs:/mnt/shibboleth/certs
+ - midpoint_home:/mnt/midpoint/var
+ - apache_conf:/mnt/httpd
+ - shibboleth_conf:/mnt/shibboleth-sp
+ - ./apache:/mnt/apache:ro
+
+ midpoint_data:
+ image: postgres:16-alpine
+ depends_on:
+ prereq:
+ condition: service_completed_successfully
+ environment:
+ - POSTGRES_PASSWORD_FILE=/mnt/shared_pw/db_pass
+ - POSTGRES_USER=midpoint
+ - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
+ healthcheck:
+ test: [ "CMD-SHELL", "pg_isready -d midpoint -U midpoint" ]
+ interval: 1s
+ timeout: 5s
+ retries: 10
+ networks:
+ - net
+ volumes:
+ - midpoint_data:/var/lib/postgresql/data
+ - shared_pw:/mnt/shared_pw
+
+ data_init:
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+ depends_on:
+ prereq:
+ condition: service_completed_successfully
+ midpoint_data:
+ condition: service_healthy
+ command: >
+ bash -c "
+ cd /opt/midpoint ;
+ bin/midpoint.sh init-native ;
+ echo ' - - - - - - ' ;
+ bin/ninja.sh -B info >/dev/null 2>/tmp/ninja.log ;
+ grep -q \"ERROR\" /tmp/ninja.log && (
+ bin/ninja.sh run-sql --create --mode REPOSITORY ;
+ bin/ninja.sh run-sql --create --mode AUDIT
+ ) ||
+ echo -e '\\n Repository init is not needed...' ;
+ if [ $$(keytool -list -keystore /opt/midpoint/var/keystore.jceks -storetype jceks -storepass:file /opt/midpoint/var/keystorepw | grep -c 'local_gen_cert') -eq 0 ] ;
+ then
+ keytool -importcert -keystore /opt/midpoint/var/keystore.jceks -storetype jceks -storepass:file /opt/midpoint/var/keystorepw -trustcacerts -alias 'local_gen_cert' -file /opt/midpoint/var/cert.pem -noprompt ;
+ else
+ echo 'Certificate exists in the cert store' ;
+ fi ;
+ "
+ environment:
+ - MP_SET_midpoint_repository_jdbcUsername=midpoint
+ - MP_SET_midpoint_repository_jdbcPassword_FILE=/mnt/shared_pw/db_pass
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+ - MP_SET_midpoint_repository_database=postgresql
+ - MP_INIT_CFG=/opt/midpoint/var
+ - MP_PW_DEF=/opt/midpoint/var/keystorepw
+ - MP_KEYSTORE=/opt/midpoint/var/keystore.jceks
+ networks:
+ - net
+ volumes:
+ - midpoint_home:/opt/midpoint/var
+ - shared_pw:/mnt/shared_pw
+
+ midpoint_server:
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+ container_name: midpoint_server
+ hostname: midpoint-container
+ depends_on:
+ data_init:
+ condition: service_completed_successfully
+ idp_vol_init:
+ condition: service_completed_successfully
+ midpoint_data:
+ condition: service_healthy
+ command: [ "/opt/midpoint/bin/midpoint.sh", "container" ]
+ expose:
+ - 8080
+ environment:
+ - MP_SET_midpoint_repository_jdbcUsername=midpoint
+ - MP_SET_midpoint_repository_jdbcPassword_FILE=/mnt/shared_pw/db_pass
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+ - MP_SET_midpoint_repository_database=postgresql
+ - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/midpoint/var/keystorepw
+ - MP_SET_server_port=8080
+ - MP_SET_server_tomcat_ajp_enabled=true
+ - MP_SET_server_tomcat_ajp_address="0.0.0.0"
+ - MP_SET_server_tomcat_ajp_port=9090
+ - MP_SET_server_tomcat_ajp_secret=s3cr3t
+ - MP_SET_midpoint_administrator_initialPassword=Test5ecr3t
+ - MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
+ - MP_NO_ENV_COMPAT=1
+ - MP_ENTRY_POINT=/opt/midpoint-dirs-docker-entrypoint
+ networks:
+ - net
+ volumes:
+ - midpoint_home:/opt/midpoint/var
+ - shared_pw:/mnt/shared_pw
+ - ./midpoint_server/post-initial-objects:/opt/midpoint-dirs-docker-entrypoint/post-initial-objects:ro
+ - ./midpoint_server/shibboleth:/opt/midpoint-dirs-docker-entrypoint/shibboleth:ro
+
+ directory:
+ build: ./directory/
+ ports:
+ - 389:389
+ networks:
+ - net
+ volumes:
+ - ldap:/var/lib/ldap
+
+ idp_vol_init:
+ image: tier/shib-idp:3.4.6_20191002
+ depends_on:
+ prereq:
+ condition: service_completed_successfully
+ ulimits:
+ nofile:
+ soft: 1024
+ hard: 2048
+ command: >
+ bash -c "
+ echo 'Updating configuration...' ;
+ if [ -e /mnt/shibboleth-diff/conf ] ;
+ then
+ cp -vu /mnt/shibboleth-diff/conf/* /opt/shibboleth-idp/conf ;
+ fi ;
+ if [ -e /mnt/shibboleth-diff/credentials ] ;
+ then
+ cp -vu /mnt/shibboleth-diff/credentials/* /opt/shibboleth-idp/credentials ;
+ fi ;
+ if [ -e /mnt/shibboleth-diff/metadata ] ;
+ then
+ cp -vu /mnt/shibboleth-diff/metadata/* /opt/shibboleth-idp/metadata ;
+ fi ;
+ echo ' - - - - - - -' ;
+ echo 'Updating idp-metadata.xml file...' ;
+ grep -n 'X509Certificate' /mnt/shibboleth-diff/metadata/idp-metadata.xml | sed \"s/\\([0-9]*\\).*/\\1/\" > /tmp/checkpoints ;
+ wc -l /mnt/shibboleth-diff/metadata/idp-metadata.xml | sed \"s/\\([0-9]*\\).*/\\1/\" >> /tmp/checkpoints ;
+ current_line=1 ;
+ id=0 ;
+ file_path=( - idp-backchannel.crt - idp-signing.crt - idp-encryption.crt - idp-backchannel.crt - idp-signing.crt - idp-encryption.crt - ) ;
+ rm /opt/shibboleth-idp/metadata/idp-metadata.xml ;
+ cat /tmp/checkpoints | while read line ; do
+ if [ \"$${file_path[$${id}]}\" == \"-\" ] ; then
+ sed -n \"$${current_line},$${line}p\" /mnt/shibboleth-diff/metadata/idp-metadata.xml >> /opt/shibboleth-idp/metadata/idp-metadata.xml ;
+ else
+ sed '1d;$$d' /opt/shibboleth-idp/credentials/$${file_path[$${id}]} >> /opt/shibboleth-idp/metadata/idp-metadata.xml ;
+ fi ;
+ current_line=$${line};
+ id=$$(( $${id} + 1 )) ;
+ done ;
+ cp -v /opt/shibboleth-idp/metadata/idp-metadata.xml /mnt/shibboleth/idp-metadata.xml ;
+ echo ' - - - - - - -' ;
+ echo 'Updating midpoint-shib-sp.xml...';
+ grep -n 'X509Certificate' /mnt/shibboleth-diff/metadata/midpoint-shib-sp.xml | sed \"s/\\([0-9]*\\).*/\\1/\" > /tmp/checkpoints ;
+ wc -l /mnt/shibboleth-diff/metadata/midpoint-shib-sp.xml | sed \"s/\\([0-9]*\\).*/\\1/\" >> /tmp/checkpoints ;
+ current_line=1 ;
+ id=0 ;
+ file_path=( - sp-signing-cert.pem - sp-encrypt-cert.pem - ) ;
+ rm /opt/shibboleth-idp/metadata/midpoint-shib-sp.xml ;
+ cat /tmp/checkpoints | while read line ; do
+ if [ \"$${file_path[$${id}]}\" == \"-\" ] ; then
+ sed -n \"$${current_line},$${line}p\" /mnt/shibboleth-diff/metadata/midpoint-shib-sp.xml >> /opt/shibboleth-idp/metadata/midpoint-shib-sp.xml ;
+ else
+ sed '1d;$$d' /opt/shibboleth-idp/credentials/$${file_path[$${id}]} >> /opt/shibboleth-idp/metadata/midpoint-shib-sp.xml ;
+ fi ;
+ current_line=$${line};
+ id=$$(( $${id} + 1 )) ;
+ done ;
+ sed -i \"s/\\([[:space:]]\\).*$$/\\1/g;s/^[[:space:]]\\(\\).*$$/\\1/g\" /opt/shibboleth-idp/metadata/midpoint-shib-sp.xml ;
+ echo ' - - - - - - -' ;
+ echo 'Generating sealer key...' ;
+ rm /opt/shibboleth-idp/credentials/sealer.* ;
+ /opt/shibboleth-idp/bin/rotateSealerKey.sh ;
+ echo ' - - - - - - -' ;
+ echo 'DONE.' ;
+ "
+ volumes:
+ - idp_conf:/opt/shibboleth-idp/conf
+ - idp_credentials:/opt/shibboleth-idp/credentials
+ - idp_metadata:/opt/shibboleth-idp/metadata
+ - ./shibboleth-idp:/mnt/shibboleth-diff:ro
+ - shibboleth_conf:/mnt/shibboleth
+
+ idp:
+ image: tier/shib-idp:3.4.6_20191002
+ depends_on:
+ directory:
+ condition: service_started
+ idp_vol_init:
+ condition: service_completed_successfully
+ ports:
+ - 443:443
+ ulimits:
+ nofile:
+ soft: 1024
+ hard: 2048
+ environment:
+ - JETTY_MAX_HEAP=64m
+ - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
+ - JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
+ networks:
+ - net
+ volumes:
+ - idp_conf:/opt/shibboleth-idp/conf
+ - idp_credentials:/opt/shibboleth-idp/credentials
+ - idp_metadata:/opt/shibboleth-idp/metadata
+ - idp_certs:/opt/certs
+
+ beacon:
+ build: ./beacon/
+ networks:
+ - net
+ environment:
+ - TIER_RELEASE=not-released-yet
+ - TIER_MAINTAINER=tier
+ - MP_VERSION=4.8
+ - TIER_BEACON_OPT_OUT=true
+
+ proxy:
+ image: i2incommon/shibboleth_sp:3.4.1_06122023_rocky8_multiarch
+ depends_on:
+ idp:
+ condition: service_started
+ idp_vol_init:
+ condition: service_completed_successfully
+ midpoint_server:
+ condition: service_started
+ networks:
+ - net
+ ports:
+ - 8443:443
+ volumes:
+ - apache_conf:/etc/httpd
+ - shibboleth_conf:/etc/shibboleth
+
+networks:
+ net:
+ driver: bridge
+
+volumes:
+ security_object:
+ midpoint_data:
+ midpoint_home:
+ idp_conf:
+ idp_credentials:
+ idp_metadata:
+ idp_certs:
+ apache_conf:
+ shibboleth_conf:
+ ldap:
+ shared_pw:
diff --git a/demo/shibboleth-apache-sp/midpoint_server/post-initial-objects/SecurityPolicy.xml b/demo/shibboleth-apache-sp/midpoint_server/post-initial-objects/SecurityPolicy.xml
new file mode 100644
index 0000000..8396297
--- /dev/null
+++ b/demo/shibboleth-apache-sp/midpoint_server/post-initial-objects/SecurityPolicy.xml
@@ -0,0 +1,88 @@
+
+ Default Security Policy
+
+
+
+ loginForm
+
+
+ httpBasic
+
+
+ httpHeader
+ REMOTE_USER
+ https://localhost:8443/Shibboleth.sso/Logout
+
+
+
+ admin-gui-saml-internal
+
+ Internal SAML2 GUI authentication sequence.
+
+
+ http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
+ true
+ saml-internal
+
+
+ httpHeader
+ 30
+ sufficient
+
+
+
+ admin-gui-emergency
+
+ Special GUI authentication sequence that is using just the internal user password.
+
+
+ http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
+ false
+ emergency
+
+
+
+
+ loginForm
+ 30
+ sufficient
+
+
+
+ rest-default
+
+ http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest
+ true
+ rest-default
+
+
+ httpBasic
+ 1
+ sufficient
+
+
+
+ actuator-default
+
+ http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator
+ true
+ actuator-default
+
+
+ httpBasic
+ 1
+ sufficient
+
+
+ /actuator/health
+
+
+
+ 0
+ 3
+ PT3M
+ PT15M
+
+
+
+
diff --git a/demo/shibboleth/idp/shibboleth-idp/conf/attribute-filter.xml b/demo/shibboleth-apache-sp/shibboleth-idp/conf/attribute-filter.xml
similarity index 100%
rename from demo/shibboleth/idp/shibboleth-idp/conf/attribute-filter.xml
rename to demo/shibboleth-apache-sp/shibboleth-idp/conf/attribute-filter.xml
diff --git a/demo/grouper/idp/shibboleth-idp/conf/attribute-resolver.xml b/demo/shibboleth-apache-sp/shibboleth-idp/conf/attribute-resolver.xml
similarity index 100%
rename from demo/grouper/idp/shibboleth-idp/conf/attribute-resolver.xml
rename to demo/shibboleth-apache-sp/shibboleth-idp/conf/attribute-resolver.xml
diff --git a/demo/shibboleth/idp/shibboleth-idp/conf/idp.properties b/demo/shibboleth-apache-sp/shibboleth-idp/conf/idp.properties
similarity index 99%
rename from demo/shibboleth/idp/shibboleth-idp/conf/idp.properties
rename to demo/shibboleth-apache-sp/shibboleth-idp/conf/idp.properties
index 2470feb..cf0b2f8 100644
--- a/demo/shibboleth/idp/shibboleth-idp/conf/idp.properties
+++ b/demo/shibboleth-apache-sp/shibboleth-idp/conf/idp.properties
@@ -26,8 +26,8 @@ idp.scope= example.org
#idp.sealer.aliasBase = secret
idp.sealer.storeResource= %{idp.home}/credentials/sealer.jks
idp.sealer.versionResource= %{idp.home}/credentials/sealer.kver
-idp.sealer.storePassword= password
-idp.sealer.keyPassword= password
+idp.sealer.storePassword= changeit
+idp.sealer.keyPassword= changeit
# Settings for public/private signing and encryption key(s)
# During decryption key rollover, point the ".2" properties at a second
diff --git a/demo/grouper/idp/shibboleth-idp/conf/ldap.properties b/demo/shibboleth-apache-sp/shibboleth-idp/conf/ldap.properties
similarity index 100%
rename from demo/grouper/idp/shibboleth-idp/conf/ldap.properties
rename to demo/shibboleth-apache-sp/shibboleth-idp/conf/ldap.properties
diff --git a/demo/shibboleth-apache-sp/shibboleth-idp/conf/metadata-providers.xml b/demo/shibboleth-apache-sp/shibboleth-idp/conf/metadata-providers.xml
new file mode 100644
index 0000000..4c760b3
--- /dev/null
+++ b/demo/shibboleth-apache-sp/shibboleth-idp/conf/metadata-providers.xml
@@ -0,0 +1,81 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml b/demo/shibboleth-apache-sp/shibboleth-idp/metadata/idp-metadata.xml
similarity index 97%
rename from demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
rename to demo/shibboleth-apache-sp/shibboleth-idp/metadata/idp-metadata.xml
index 28ae7d1..86de901 100644
--- a/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
+++ b/demo/shibboleth-apache-sp/shibboleth-idp/metadata/idp-metadata.xml
@@ -101,12 +101,12 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
-
+
-
+
+ urn:mace:shibboleth:1.0:nameIdentifier
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- urn:mace:shibboleth:1.0:nameIdentifier
diff --git a/demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-shib-sp.xml b/demo/shibboleth-apache-sp/shibboleth-idp/metadata/midpoint-shib-sp.xml
similarity index 61%
rename from demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-shib-sp.xml
rename to demo/shibboleth-apache-sp/shibboleth-idp/metadata/midpoint-shib-sp.xml
index fbd3655..58f384e 100644
--- a/demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-shib-sp.xml
+++ b/demo/shibboleth-apache-sp/shibboleth-idp/metadata/midpoint-shib-sp.xml
@@ -29,62 +29,60 @@ and do *NOT* provide it in real time to your partners.
- buildkitsandbox
+ 902a9863aa37
- CN=buildkitsandbox
- MIID/zCCAmegAwIBAgIUVGDhD9M4yz9FoDaLK0CKO31Gwm4wDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAxMPYnVpbGRraXRzYW5kYm94MB4XDTIzMDYxMjEzMTUwMVoX
-DTMzMDYwOTEzMTUwMVowGjEYMBYGA1UEAxMPYnVpbGRraXRzYW5kYm94MIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvTY3I7mkXCmRzb5otELFPWMwmlLv
-+yUhgg6Vg9Id27ygNEhcOTqfy3b5lahmJLvQeA7yUwIIzt4MMnLMKxf9F41sL22s
-TonwXDK75AhduR1F0EyyAeVsTOLmL/h7jTAt2Bv95SZ/Gd0bfcWsDdlMQbUofwZ9
-Wm9LpWj0//Iw7o5vUGBwrXygZPqdQ/6gFwpRdv437PT3Lki0G11AQuhYTJyGWXDS
-UTqYUp2W+DOmm2jyCUsY+Ht43qsFbHqsR4w4iV93UA3bRCPFww+gKHU/mmxXoPpd
-VDtAp/PB8qRm2sWQV8xY+AlSerBZZ8oHZfbUcsI0cYE/vQpGEgbYrq7V/widy/4Y
-8WeuG/6kDgFFQXzl5IajjvvYzxX/Kii65/4ouYkT91v4DuWRSUE/g9Z66HeRJiiT
-JyOHTkYawz/A8PwqrHc7dRRVP5uxwdt8nTyIOer+O0aWDqUKrfybByLxO+lOHJiz
-BXmLet1Nh/A04Sa18WWwqcC950RvgaIZiVElAgMBAAGjPTA7MBoGA1UdEQQTMBGC
-D2J1aWxka2l0c2FuZGJveDAdBgNVHQ4EFgQUglQr3VfgTCy4RHmUrl2KCK6WGgUw
-DQYJKoZIhvcNAQELBQADggGBABm6pQD/zn4sGvYhDXKcKXVBK7rSKdG6bcVG+kTK
-wUmEOEqJN6wcugjn//nKyhELG1/9huKumMFC+rRFpvwRYZ9LsfvRNxprAL8Vc7sh
-O2AaXssUxh4g9YyW9enHkkU3FuZHuKMIsV/W2jkHxR0Xbs41ZBi7lpgFTOLGi/Jj
-gLQndqIPFLZxUKor+/nc14CYqSVUDjWBiZ5N3BU1QV9AJVxX3tnJmUrvv6rWMwfp
-uSsEKTE3z2udoK2h1xf5skeN0oJbWdHnBNhIo60lsQ65a9WSHCwphy8S4twiHsDF
-wkDE1Kl+VOenbiY7CLK9QSkd8khAfywmIrXvFYGOk1nddPZtC3ACSUesvQbe08zv
-oLBiJe12fzG4s76hSsM6m6qnnKhovhByzhDYlMqp7x5O9Mbqn5GeJvpgRKUY51TB
-B2s7s9LudXKDBDKaw9lTvK56mmxWHTyxlx0YxzgMcVMvShQLeBdStDmHdDWK/HWu
-bAcjyR/CDWHawvytoy7a1tzP2w==
+ CN=902a9863aa37
+ MIID6zCCAlOgAwIBAgIJAJ+Xet5c0YjjMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
+BAMTDDkwMmE5ODYzYWEzNzAeFw0yMTEyMDIyMzAwMjBaFw0zMTExMzAyMzAwMjBa
+MBcxFTATBgNVBAMTDDkwMmE5ODYzYWEzNzCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+ADCCAYoCggGBALMu8PXgzlNqUuNTamJ6U/jmqGacVetSLhb+/IbTl92NlFMt1ZGZ
+n72Wb01gBHKXUMT9QHFUP0eTwDOTXyKRf8UrAdW3dwQDHthQ7MPWKEcHPApEKu5H
+eo2JSEcyYGXqlr2Il62skfFudEY4xzgNrCc7KYAi8aUPsoqHICqzCGcU8Tw44/N0
+HU9leHBKIlTm5h0mxNX8+/GQCbQvhyIebUNdN12qWhn7wAY7wbgtc23lLKgD++df
+jOywttrrBCojHXdytMunUjbSavET8k0y45+3/r/VeKJBd3CA7glG2fBUW5xizS01
+sfTJanuSL3FcE9lm3U1CCFblHEwAgip0z2cnu0MBy8WNYzDEyaZqE6VD2i0uRvf3
+zCmJ3V77+0/fScgRS7JttyFW20UTVWh3olSXU8ORM1GSab6qWNTZpdVySlHeIdWC
+QicAlADNY9EchvfQCcWl1wgBxWEOl4nTNUzdtE+X/kIR/VXuO+OwXA7qbx/ytwZO
+LqoFarhD5S3X0wIDAQABozowODAXBgNVHREEEDAOggw5MDJhOTg2M2FhMzcwHQYD
+VR0OBBYEFOQ85hdOd14qPZFoKasCsUwh2ktxMA0GCSqGSIb3DQEBCwUAA4IBgQAp
+8GtAv4ZplaSKSGRFSJHM5ozbG5vn9mf7fx4vMMchKbituHB0CsgUL8JWRE4iG6o/
+UKVfg93JaBqTTh8sGcBt9DEvufBsTY/oAQm3lUMk8xVWb6W00xCKOYcukXd8/i+B
+rBbdCTdyYLb6JpdIUYEiUKKYypUiYAvgkiaSfz81Vf5R+X1TkPDvAIBlOzYS4XRG
+zsDsadiiNJKjQbz3AEG/KEtail0L+EwYp+dAB0gMOPi/hfEaAHh7NfNbcHBp8SJZ
+HkdQreNZXScPBmVx6XYv+SkRPHrE2arln3VCYbt2LwY7TVxL8U3Ii2Ui9+lUp18q
+NcxxOBFkIDEJp8tUwxjh8sZRrl14NoYl688+d4oDmWd09VBr3Z3Gi7rPWzBvqDl9
+Cvzm7tk0J5CDJ/pgoJC0DoZw6gyM9d0Eetk5uguLtSyZdRsBdD9gHeDbxZ/zykpT
+VOtn1CstTpGrIu//upz4d9NV+3RWcX8zRsK3mqk/eMBqjdZw0AKVKE4jzzSouZk=
- buildkitsandbox
+ 902a9863aa37
- CN=buildkitsandbox
- MIID/zCCAmegAwIBAgIUT3mnnjaGhi0ma3nulXpEQTNi7vowDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAxMPYnVpbGRraXRzYW5kYm94MB4XDTIzMDYxMjEzMTUwMVoX
-DTMzMDYwOTEzMTUwMVowGjEYMBYGA1UEAxMPYnVpbGRraXRzYW5kYm94MIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuZ+JbwVk2U/ZYBLgPkS9ToZmDAOs
-bC/weInnbgdkdmIp3cjBJaitxx2aCl3Pwcs/vM9WT1ou+n6/2dmwQrRCbyr1XjQg
-4UAKYc28anKzwx5+ihcb+ReMiwSIU94mXfXL6iFuwQPKCD7AnibAmRUeZf/gkngT
-cnaI9cRqQlyarM8nnkXsE3+cd2yA69y/zHTRsa2rJT/bM2rsOXe/Bi+NgpRoUBsp
-V9sUvpXbiahtCVYXiHbrsKpIgqJ9y4OlD4RAqZxX9JX2mSRjHjLocIeOsjDK1DYe
-6sAxsy29NSqIvhsNg7kdyx3wWZIokpLL2Z43GIaLYGzXMOP3a17ajtp8HlPtzvaK
-KbN2P7hkfISmQ7IcOdhxkNPDvs7mEqy7XnGaWdY/7A5DlkACDG321wGzyDS+6qJO
-R3B0AAMiwXYDqLyfM1lOWrzLTNZkgX+/d2roTrxwy5Sn3jJ4kD9hztErWWUxGJGk
-DObkoF9QAj/7xQ4GfpZ0gGh1PfxL8PzHseSnAgMBAAGjPTA7MBoGA1UdEQQTMBGC
-D2J1aWxka2l0c2FuZGJveDAdBgNVHQ4EFgQUJCkrVG620H8d9enYV7ajWsb+4o0w
-DQYJKoZIhvcNAQELBQADggGBAJ9ArmkmB/aMiDN5K0Ze3MLz9CIvK9x+T8ri+hW5
-tnUQXI82DEDw3CFoQ4eqfI2P89NFJVWX/+68nPkHRoBI4vrD1VZRMF53PU95Mqvm
-XhsGj6F2CRQkPLfITKAbQXeYMzkQaTf85KUGyihSIEfdyANxKBy+109NK0012mwT
-ZIuIjTtao7b2KC+VWaknu2JSK7ScseOX8NUzxl09trRo5itl8ucljmAfh9jfVZfU
-SwTqof/Nho42ZOg7t5MrFOMOi5UtOjG/c7v2TSYvc5Bz0dbxWlNglyNBQ4jfwYBR
-A/sMGQ8kdng+AV7F+CZLvwCsmkOmPoj0yWuUCEOMWrI94dQRzk2knhURJEZNmtAQ
-GQUN41h+e8+nTqd18a1yS/0ryzrEpf/jYNC+te1lya0oNoe0hm4HBAsNu58VYIVd
-BcMc6UqGcj6lLYohLRXxzNc2BgjcRmheFRAGbx1WUIPGFGmAc6pjnVBiN9YGLfIb
-iAUZBIyVQohCQmcS+NChw8ae7A==
+ CN=902a9863aa37
+ MIID6zCCAlOgAwIBAgIJAPyhTN3IjNxAMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
+BAMTDDkwMmE5ODYzYWEzNzAeFw0yMTEyMDIyMzAwMjFaFw0zMTExMzAyMzAwMjFa
+MBcxFTATBgNVBAMTDDkwMmE5ODYzYWEzNzCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+ADCCAYoCggGBALrIjRMDZivNAAEHazkPsOfZKQQ8ikxUlwex4W9jubXXIIKmQZBF
+bU1or3GXSWQHjOmqM38elQ+pjZcyuGifGcT48inq4E57Mg0U6BWJChRwqbuUmF9t
+t0I/oDqWkHfqx/UCP2poVT9b76ZLr9D+NCMFCZEw+eJukPV53c83baRdZUXM550X
+YCNGbUXnifl9ZhlVkQ+teqsXayR+HBBljaJ7vE9pbv8yrVIR+sOsa68dJIMUFiBs
+5OgZvfnto5BcwNwE1opaeORI0mkpZP1u/YOnlrHHIf5nSo5/MiF3gC9oGgWnRbnf
+rWPwAvfcxlBURJsgjO/FSPWW/OmrtL8YafinPoFmWERpHXWmXfDecnHvOjhrwzSr
+BjZciPxfDUfZZnpNX+ZRhZAhxR3IGwxN8tEHyNB6kJZHBY0PqaogcLUzhVbV7jUD
+fWV4oQM14OkBx4bI5EYkTVaI966S1v/5fyltzhjkztC16M2xig3lBG5t+wFDsjUO
+j86XM/lxm6R5CQIDAQABozowODAXBgNVHREEEDAOggw5MDJhOTg2M2FhMzcwHQYD
+VR0OBBYEFP3RZINsIoxMe6LbKdaYexFlpR6XMA0GCSqGSIb3DQEBCwUAA4IBgQAx
+ysr70luutkA31L0J4QF+JuS0UenIRwvlvnPusHqVU/0zS0PmE0gzZxRfdg1L3gNi
+IqvpBk4nTpnL0nio/da+Grm+94DZRP0qalH+oPJaFK+cxGaSu2qaIWc1pZdgO5+8
+r08MBb4d9hHviZ1Ay3r8m9Gs9FeD/BumZKatvTxts+ydP5TiJenz261djyBqBiTC
+XFIW866d90l4QQQwWClkfbEN7fj65ANaHXeaYKdYUeUXAPh6oSDmshVE8VFhkIr0
+JOpzj0wzn3Uy+Sqj9EqLxXxELZ0Ho3t9kwIVatNjbQEUd3yNsyDf8hmjCWJgHa5N
+4PUHrjVIaqBQEE4f4NwKtAnNQ/bQ7EZiaXtPnJ9tMGGXZY1QztFa/Kv5j7zBgeyu
+V5DuUo2gc+mm2oSYuicmZGA9tW6bGkwMM3Me90zNWMk68vFtB/mbGDPiKM7yODqT
+3lF1Jj4UDI0oGK59Z06d9G03sAsDf9JDLQ9PfmEHSh7c2O+F9eEj3hrUMiYzDFA=
diff --git a/demo/shibboleth-midpoint-sp/beacon/Dockerfile b/demo/shibboleth-midpoint-sp/beacon/Dockerfile
new file mode 100644
index 0000000..256352c
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/beacon/Dockerfile
@@ -0,0 +1,15 @@
+FROM rockylinux:9.3
+
+COPY container_files/* /opt/tier/
+
+RUN dnf update -y --disablerepo=\* --enablerepo=baseos && \
+ dnf install -y cronie-anacron crontabs cronie --disablerepo=\* --enablerepo=baseos && \
+ dnf clean all -y ; \
+ rm -rf /var/cache/dnf ; \
+ /opt/tier/setup-cron.sh ;
+
+ENV TIER_RELEASE=not-released-yet \
+ TIER_MAINTAINER=tier \
+ MP_VERSION=4.8
+
+CMD [ "/usr/sbin/crond", "-n", "-i", "-m", "off" ]
diff --git a/demo/shibboleth-midpoint-sp/beacon/container_files/sendtierbeacon.sh b/demo/shibboleth-midpoint-sp/beacon/container_files/sendtierbeacon.sh
new file mode 100755
index 0000000..8f066f7
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/beacon/container_files/sendtierbeacon.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+LOGHOST="collector.testbed.tier.internet2.edu"
+LOGPORT="5001"
+
+if [ -s /opt/tier/env.bash ]; then
+ . /opt/tier/env.bash
+fi
+
+messagefile="/tmp/beaconmsg"
+
+if [ -z "$TIER_BEACON_OPT_OUT" ]; then
+ cat > $messagefile </dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ echo "TIER beacon sent"
+ else
+ echo "Failed to send TIER beacon"
+ fi
+
+ rm -f $messagefile 1>/dev/null 2>&1
+
+else
+ echo "TIER beacon skipped - scheduled but Opted out"
+fi
diff --git a/demo/shibboleth-midpoint-sp/beacon/container_files/setup-cron.sh b/demo/shibboleth-midpoint-sp/beacon/container_files/setup-cron.sh
new file mode 100755
index 0000000..2d33d3a
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/beacon/container_files/setup-cron.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+CRONFILE=/opt/tier/tier-cron
+
+echo "#send daily \"beacon\" to central" > ${CRONFILE}
+echo "" >> ${CRONFILE}
+echo "# ┌───────────── minute (0–59)" >> ${CRONFILE}
+echo "# │ ┌───────────── hour (0–23)" >> ${CRONFILE}
+echo "# │ │ ┌───────────── day of the month (1–31)" >> ${CRONFILE}
+echo "# │ │ │ ┌───────────── month (1–12)" >> ${CRONFILE}
+echo "# │ │ │ │ ┌───────────── day of the week (0–6) (Sunday to Saturday;" >> ${CRONFILE}
+echo "# │ │ │ │ │ 7 is also Sunday on some systems)" >> ${CRONFILE}
+echo "# │ │ │ │ │" >> ${CRONFILE}
+echo "# │ │ │ │ │" >> ${CRONFILE}
+echo "# * * * * * " >> ${CRONFILE}
+echo "" >> ${CRONFILE}
+echo "$(expr $RANDOM % 60) $(expr $RANDOM % 4) * * * /opt/tier/sendtierbeacon.sh 2>&1 | tee /proc/1/fd/1 >> /tmp/logcrond" >> ${CRONFILE}
+echo "" >> ${CRONFILE}
+echo "# List the current setting of the crontab to the log (when is the beacon scheduled)" >> ${CRONFILE}
+echo "@reboot crontab -l >/proc/1/fd/1" >> ${CRONFILE}
+echo "" >> ${CRONFILE}
+
+chmod 644 ${CRONFILE}
+crontab ${CRONFILE}
diff --git a/demo/shibboleth-midpoint-sp/directory/Dockerfile b/demo/shibboleth-midpoint-sp/directory/Dockerfile
new file mode 100644
index 0000000..4880156
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/directory/Dockerfile
@@ -0,0 +1,35 @@
+FROM rockylinux:9.3 as baseinst
+
+RUN dnf update -y && \
+ dnf install -y --enablerepo=devel openldap openldap-clients openldap-servers && \
+ dnf clean all && \
+ rm -rf /var/cache/dnf
+
+EXPOSE 389/tcp
+
+VOLUME /var/lib/ldap
+
+FROM baseinst
+
+#LABEL author="tier-packaging@internet2.edu "
+
+ARG ldapDomain="dc=internet2,dc=edu"
+ARG ldapPw="password"
+
+COPY container_files/* /opt
+
+RUN cd /opt ; \
+ /opt/slapd.sh -init ; \
+ /opt/gen_config_update "${ldapDomain}" "${ldapPw}" "0" "0" ;\
+ cat 999_schema-list | while read line ; do \
+ ldapadd -H ldapi:/// -f /etc/openldap/schema/${line}.ldif ; \
+ done ; \
+ for s in 0 1 2 3 4 5 6 7 8 9 ; do \
+ find -type f -name "${s}[0-4]?_*.ldif" -exec ldapmodify -H ldapi:/// -f /opt/\{\} \; ; \
+ find -type f -name "${s}[5-9]?_*.ldif" -exec ldapadd -H ldapi:/// -f /opt/\{\} \; ; \
+ done ; \
+ rm /opt/[0-9]* && \
+ /opt/slapd.sh -stop ;
+
+CMD [ "/opt/slapd.sh", "-limit", "1024", "-debug", "256" ]
+
diff --git a/demo/shibboleth-midpoint-sp/directory/container_files/gen_config_update b/demo/shibboleth-midpoint-sp/directory/container_files/gen_config_update
new file mode 100755
index 0000000..a23fccc
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/directory/container_files/gen_config_update
@@ -0,0 +1,203 @@
+#!/bin/bash
+domain="${1:-dc=example,dc=com}"
+if [ $(echo -n ${domain} | wc -c ) -eq $(echo -n ${domain} | tr -d "," | wc -c) ]
+then
+ subDomain="${domain:4}"
+else
+ subDomain="$(echo -n ${domain:4} | cut -d , -f 1)"
+fi
+userpw="${2:-change_me}"
+cleartext="${3:-0}"
+locDebug="${4:-0}"
+
+function genPass() {
+ retVal="userPassword:"
+ if [ "${cleartext}" != "1" ]
+ then
+ secPw="$(slappasswd -s ${userpw})"
+ secPw2="$(echo -n ${secPw} | base64 )"
+ [ "${locDebug}" != "0" ] && echo "${userpw} => ${secPw} => ${secPw2}" >&2
+ retVal="${retVal}: ${secPw2}"
+ else
+ [ "${locDebug}" != "0" ] && echo "${userpw}" >&2
+ retVal="${retVal} ${userpw}"
+ fi
+ while [ ${#retVal} -gt 78 ]
+ do
+ echo "${retVal:0:78}"
+ retVal=" ${retVal:78}"
+ done
+ if [ ${#retVal} -gt 2 ]
+ then
+ echo "${retVal}"
+ fi
+}
+
+cat >999_schema-list <001_monitor-diff.ldif <101_mdb-diff.ldif <251_mod_config.ldif <151_default_structure.ldif <252_default_policy.ldif <851_default_structure.ldif <959_default_structure.ldif <&2
+ ulimit -n ${localLimit}
+ exec /usr/sbin/slapd -4 -h "ldapi:///" -u ldap -g ldap
+ exit 0
+ ;;
+ stop)
+ while read line
+ do
+ kill ${line}
+ count=0
+ while [ -e /proc/${line} ]
+ do
+ [ ${count} -gt 10 ] && kill -9 ${line}
+ echo "Waiting to terminate the process"
+ count=$(( ${count} + 1 ))
+ sleep 1
+ done
+ echo "Terminated..."
+ ${0} -stop
+ done < <( grep "^slapd$" /proc/*/comm | head -1 | cut -d / -f 3 )
+ exit 0
+ ;;
+ esac
+done
+
+ulimit -n ${localLimit}
+
+
+if [ -z ${LDAP_INIT+x} ]
+then
+ [ ! -z ${LDAP_INFO+x} ] && echo "uLimit : ${localLimit} / debug level : ${debugLevel}" >&2
+ exec /usr/sbin/slapd -h "ldap://0.0.0.0:389 ldapi:///" -u ldap -g ldap -d ${debugLevel}
+else
+ [ ! -z ${LDAP_INFO+x} ] && echo "uLimit : ${localLimit}" >&2
+ exec /usr/sbin/slapd -4 -h "ldapi:///" -u ldap -g ldap
+fi
+
diff --git a/demo/shibboleth-midpoint-sp/docker-compose.yml b/demo/shibboleth-midpoint-sp/docker-compose.yml
new file mode 100644
index 0000000..a3bd98b
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/docker-compose.yml
@@ -0,0 +1,356 @@
+version: "3.3"
+
+services:
+ prereq:
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+ command: >
+ bash -c "
+ echo ' - - - - - - -' ;
+ cd /mnt/security ;
+ if [ ! -e key.pem ] ;
+ then
+ echo 'Certificate has not been found. Generating of the new one...' ;
+ openssl req -newkey rsa:2048 -keyout key.pem -nodes -subj '/C=US/ST=MI/L=Ann Arbor/O=Internet2\\/TIER/CN=midpoint.sp.example.org' -addext 'subjectAltName = DNS:midpoint.sp.example.org, DNS:midpoint_server, DNS:directory, DNS:idp, DNS: localhost, DNS: localhost.localdomain, IP:127.0.0.1, IP:::1' -out cert.pem -days 1825 -x509 ;
+ openssl req -newkey rsa:3072 -keyout sp-encrypt-key.pem -nodes -subj '/CN=sptest.example.edu' -addext 'subjectAltName = DNS:sptest.example.edu' -out sp-encrypt-cert.pem -days 3650 -x509 ;
+ openssl req -newkey rsa:3072 -keyout sp-signing-key.pem -nodes -subj '/CN=sptest.example.edu' -addext 'subjectAltName = DNS:sptest.example.edu' -out sp-signing-cert.pem -days 3650 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-backchannel.key -nodes -subj '/CN=idptestbed' -addext 'subjectAltName = DNS:idptestbed, URI:https://idptestbed/idp/shibboleth' -out idp-backchannel.crt -days 7300 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-encryption.key -nodes -subj '/CN=idptestbed' -addext 'subjectAltName = DNS:idptestbed, URI:https://idptestbed/idp/shibboleth' -out idp-encryption.crt -days 7300 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-signing.key -nodes -subj '/CN=idptestbed' -addext 'subjectAltName = DNS:idptestbed, URI:https://idptestbed/idp/shibboleth' -out idp-signing.crt -days 7300 -x509 ;
+ openssl req -newkey rsa:2048 -keyout idp-browser.key -nodes -subj '/CN=idp.ccc.local' -addext 'authorityKeyIdentifier = keyid:always,issuer:always' -out idp-browser.crt -days 10585 -x509 ;
+ openssl x509 -noout -fingerprint -sha256 -in cert.pem ;
+ openssl pkcs12 -export -in sp-signing-cert.pem -inkey sp-signing-key.pem -out signing-key.p12 -passout pass:password -name signing-key ;
+ openssl pkcs12 -export -in sp-encrypt-cert.pem -inkey sp-encrypt-key.pem -out encrypt-key.p12 -passout pass:password -name encrypt-key ;
+ openssl pkcs12 -export -in cert.pem -inkey key.pem -out keystore.p12 -passout pass:password -name selfsigned ;
+ keytool -importkeystore -srckeystore encrypt-key.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias encrypt-key -destkeystore shibboleth_sp_keys.jks -deststoretype jks -deststorepass changeit -noprompt -destalias encrypt-key ;
+ keytool -importkeystore -srckeystore signing-key.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias signing-key -destkeystore shibboleth_sp_keys.jks -deststoretype jks -deststorepass changeit -noprompt -destalias signing-key ;
+ keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias selfsigned -destkeystore keystore.jks -deststoretype jks -deststorepass password -noprompt -destalias selfsigned ;
+ keytool -list -keystore shibboleth_sp_keys.jks -storetype jceks -storepass changeit ;
+ keytool -list -keystore keystore.jks -storetype jceks -storepass password ;
+ openssl pkcs12 -export -in idp-backchannel.crt -inkey idp-backchannel.key -out idp-backchannel.p12 -passout pass:password -name idptestbed ;
+ openssl pkcs12 -export -in idp-browser.crt -inkey idp-browser.key -out idp-browser.p12 -passout pass:password -name myAlias ;
+ for s in *ert.pem *.crt ; do echo ' - - - - - ' ; echo $${s} ; openssl x509 -noout -fingerprint -sha256 -in $${s} ; echo ; openssl x509 -noout -subject -subject_hash -dates -in $${s} ; done ;
+ echo ' - - - - - ' ;
+ mkdir /mnt/midpoint/var/shibboleth ;
+ cp shibboleth_sp_keys.jks /mnt/midpoint/var/shibboleth ;
+ cp cert.pem /mnt/midpoint/var ;
+ cp key.pem /mnt/midpoint/var ;
+ mkdir /mnt/nginx/certs;
+ cp cert.pem /mnt/nginx/certs ;
+ cp key.pem /mnt/nginx/certs ;
+ echo ' server {' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' listen 443 ssl default_server;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' server_name localhost;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo '' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' ssl_certificate /etc/nginx/certs/cert.pem;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' ssl_certificate_key /etc/nginx/certs/key.pem;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo '' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' location / {' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' rewrite ^/$ /midpoint/ last;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' rewrite ^/midpoint$ /midpoint/ last;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo '' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' proxy_set_header X-Real-IP $$remote_addr;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' proxy_set_header X-Forwarded-Host: $$host;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' proxy_set_header X-Forwarded-Proto: $$scheme;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' proxy_pass http://midpoint-container:8080/;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo '' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' }' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo '' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' location /idp {' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' proxy_set_header Host localhost;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' proxy_pass https://idp:443/idp ;' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' }' >> /mnt/nginx/conf.d/midpoint.conf ;
+ echo ' }' >> /mnt/nginx/conf.d/midpoint.conf ;
+ cp idp-backchannel.crt /mnt/shibboleth-idp/credentials ;
+ cp idp-backchannel.p12 /mnt/shibboleth-idp/credentials ;
+ cp idp-browser.p12 /mnt/shibboleth-idp/credentials ;
+ cp idp-encryption.crt /mnt/shibboleth-idp/credentials ;
+ cp idp-encryption.key /mnt/shibboleth-idp/credentials ;
+ cp idp-signing.crt /mnt/shibboleth-idp/credentials ;
+ cp idp-signing.key /mnt/shibboleth-idp/credentials ;
+ cp sp-signing-cert.pem /mnt/shibboleth-idp/credentials ;
+ cp keystore.jks /mnt/shibboleth/certs ;
+ echo ' - - - - - ' ;
+ find -type f ;
+ echo ' - - - - - - -' ;
+ find /mnt/shibboleth-idp/ -type f ;
+ echo ' - - - - - - -' ;
+ find /mnt/shibboleth -type f ;
+ echo ' - - - - - - -' ;
+ find /mnt/midpoint/ -type f ;
+ echo ' - - - - - - -' ;
+ else echo 'certificate already exists... (skip new cert generation)' ;
+ fi ;
+ if [ ! -e /mnt/shared_pw/db_pass ] ; then
+ echo 'Generating password for DB connection...';
+ dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d -c [0-9a-z] | cut -c 1-32 | tr -d [[:space:]] > /mnt/shared_pw/db_pass ;
+ fi ;
+ "
+ networks:
+ - net
+ volumes:
+ - security_object:/mnt/security
+ - shared_pw:/mnt/shared_pw
+ - idp_credentials:/mnt/shibboleth-idp/credentials
+ - idp_certs:/mnt/shibboleth/certs
+ - proxy_conf:/mnt/nginx
+ - midpoint_home:/mnt/midpoint/var
+
+ midpoint_data:
+ image: postgres:16-alpine
+ depends_on:
+ prereq:
+ condition: service_completed_successfully
+ environment:
+ - POSTGRES_PASSWORD_FILE=/mnt/shared_pw/db_pass
+ - POSTGRES_USER=midpoint
+ - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
+ healthcheck:
+ test: [ "CMD-SHELL", "pg_isready -d midpoint -U midpoint" ]
+ interval: 1s
+ timeout: 5s
+ retries: 10
+ networks:
+ - net
+ volumes:
+ - midpoint_data:/var/lib/postgresql/data
+ - shared_pw:/mnt/shared_pw
+
+ data_init:
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+ depends_on:
+ prereq:
+ condition: service_completed_successfully
+ midpoint_data:
+ condition: service_healthy
+ command: >
+ bash -c "
+ cd /opt/midpoint ;
+ bin/midpoint.sh init-native ;
+ echo ' - - - - - - ' ;
+ bin/ninja.sh -B info >/dev/null 2>/tmp/ninja.log ;
+ grep -q \"ERROR\" /tmp/ninja.log && (
+ bin/ninja.sh run-sql --create --mode REPOSITORY ;
+ bin/ninja.sh run-sql --create --mode AUDIT
+ ) ||
+ echo -e '\\n Repository init is not needed...' ;
+ if [ $$(keytool -list -keystore /opt/midpoint/var/keystore.jceks -storetype jceks -storepass:file /opt/midpoint/var/keystorepw | grep -c 'local_gen_cert') -eq 0 ] ;
+ then
+ keytool -importcert -keystore /opt/midpoint/var/keystore.jceks -storetype jceks -storepass:file /opt/midpoint/var/keystorepw -trustcacerts -alias 'local_gen_cert' -file /opt/midpoint/var/cert.pem -noprompt ;
+ else
+ echo 'Certificate exists in the cert store' ;
+ fi ;
+ "
+ environment:
+ - MP_SET_midpoint_repository_jdbcUsername=midpoint
+ - MP_SET_midpoint_repository_jdbcPassword_FILE=/mnt/shared_pw/db_pass
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+ - MP_SET_midpoint_repository_database=postgresql
+ - MP_INIT_CFG=/opt/midpoint/var
+ - MP_PW_DEF=/opt/midpoint/var/keystorepw
+ - MP_KEYSTORE=/opt/midpoint/var/keystore.jceks
+ networks:
+ - net
+ volumes:
+ - midpoint_home:/opt/midpoint/var
+ - shared_pw:/mnt/shared_pw
+
+ midpoint_server:
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+ container_name: midpoint_server
+ hostname: midpoint-container
+ depends_on:
+ data_init:
+ condition: service_completed_successfully
+ idp_vol_init:
+ condition: service_completed_successfully
+ midpoint_data:
+ condition: service_healthy
+ command: [ "/opt/midpoint/bin/midpoint.sh", "container" ]
+ ports:
+ - 8080:8080
+ environment:
+ - MP_SET_midpoint_repository_jdbcUsername=midpoint
+ - MP_SET_midpoint_repository_jdbcPassword_FILE=/mnt/shared_pw/db_pass
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+ - MP_SET_midpoint_repository_database=postgresql
+ - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/midpoint/var/keystorepw
+ - MP_SET_midpoint_administrator_initialPassword=Test5ecr3t
+ - MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
+ - MP_NO_ENV_COMPAT=1
+ - MP_ENTRY_POINT=/opt/midpoint-dirs-docker-entrypoint
+ networks:
+ - net
+ volumes:
+ - midpoint_home:/opt/midpoint/var
+ - shared_pw:/mnt/shared_pw
+ - ./midpoint_server/post-initial-objects:/opt/midpoint-dirs-docker-entrypoint/post-initial-objects:ro
+ - ./midpoint_server/shibboleth:/opt/midpoint-dirs-docker-entrypoint/shibboleth:ro
+
+ directory:
+ build: ./directory/
+ ports:
+ - 389:389
+ networks:
+ - net
+ volumes:
+ - ldap:/var/lib/ldap
+
+ idp_vol_init:
+ image: tier/shib-idp:3.4.6_20191002
+ depends_on:
+ prereq:
+ condition: service_completed_successfully
+ ulimits:
+ nofile:
+ soft: 1024
+ hard: 2048
+ command: >
+ bash -c "
+ echo 'Updating configuration...' ;
+ if [ -e /mnt/shibboleth-diff/conf ] ;
+ then
+ cp -vu /mnt/shibboleth-diff/conf/* /opt/shibboleth-idp/conf ;
+ fi ;
+ if [ -e /mnt/shibboleth-diff/credentials ] ;
+ then
+ cp -vu /mnt/shibboleth-diff/credentials/* /opt/shibboleth-idp/credentials ;
+ fi ;
+ if [ -e /mnt/shibboleth-diff/metadata ] ;
+ then
+ cp -vu /mnt/shibboleth-diff/metadata/* /opt/shibboleth-idp/metadata ;
+ fi ;
+ echo ' - - - - - - -' ;
+ echo 'Updating idp-metadata.xml file...' ;
+ grep -n 'X509Certificate' /mnt/shibboleth-diff/metadata/idp-metadata.xml | sed \"s/\\([0-9]*\\).*/\\1/\" > /tmp/checkpoints ;
+ wc -l /mnt/shibboleth-diff/metadata/idp-metadata.xml | sed \"s/\\([0-9]*\\).*/\\1/\" >> /tmp/checkpoints ;
+ current_line=1 ;
+ id=0 ;
+ file_path=( - idp-backchannel.crt - idp-signing.crt - idp-encryption.crt - idp-backchannel.crt - idp-signing.crt - idp-encryption.crt - ) ;
+ rm /opt/shibboleth-idp/metadata/idp-metadata.xml ;
+ cat /tmp/checkpoints | while read line ; do
+ if [ \"$${file_path[$${id}]}\" == \"-\" ] ; then
+ sed -n \"$${current_line},$${line}p\" /mnt/shibboleth-diff/metadata/idp-metadata.xml >> /opt/shibboleth-idp/metadata/idp-metadata.xml ;
+ else
+ sed '1d;$$d' /opt/shibboleth-idp/credentials/$${file_path[$${id}]} >> /opt/shibboleth-idp/metadata/idp-metadata.xml ;
+ fi ;
+ current_line=$${line};
+ id=$$(( $${id} + 1 )) ;
+ done ;
+ cp -v /opt/shibboleth-idp/metadata/idp-metadata.xml /opt/midpoint/var/shibboleth/idp-metadata.xml ;
+ echo ' - - - - - - -' ;
+ echo 'Updating midpoint-sp.xml...';
+ grep -n 'X509Certificate' /mnt/shibboleth-diff/metadata/midpoint-sp.xml | sed \"s/\\([0-9]*\\).*/\\1/\" > /tmp/checkpoints ;
+ wc -l /mnt/shibboleth-diff/metadata/midpoint-sp.xml | sed \"s/\\([0-9]*\\).*/\\1/\" >> /tmp/checkpoints ;
+ current_line=1 ;
+ id=0 ;
+ file_path=( - sp-signing-cert.pem - ) ;
+ rm /opt/shibboleth-idp/metadata/midpoint-sp.xml ;
+ cat /tmp/checkpoints | while read line ; do
+ if [ \"$${file_path[$${id}]}\" == \"-\" ] ; then
+ sed -n \"$${current_line},$${line}p\" /mnt/shibboleth-diff/metadata/midpoint-sp.xml >> /opt/shibboleth-idp/metadata/midpoint-sp.xml ;
+ else
+ sed '1d;$$d' /opt/shibboleth-idp/credentials/$${file_path[$${id}]} >> /opt/shibboleth-idp/metadata/midpoint-sp.xml ;
+ fi ;
+ current_line=$${line};
+ id=$$(( $${id} + 1 )) ;
+ done ;
+ sed -i \"s/\\([[:space:]]\\).*$$/\\1/g;s/^[[:space:]]\\(\\).*$$/\\1/g\" /opt/shibboleth-idp/metadata/midpoint-sp.xml ;
+ echo ' - - - - - - -' ;
+ echo 'Updating midpoint-sp-ssl.xml...';
+ grep -n 'X509Certificate' /mnt/shibboleth-diff/metadata/midpoint-sp-ssl.xml | sed \"s/\\([0-9]*\\).*/\\1/\" > /tmp/checkpoints ;
+ wc -l /mnt/shibboleth-diff/metadata/midpoint-sp-ssl.xml | sed \"s/\\([0-9]*\\).*/\\1/\" >> /tmp/checkpoints ;
+ current_line=1 ;
+ id=0 ;
+ file_path=( - sp-signing-cert.pem - ) ;
+ rm /opt/shibboleth-idp/metadata/midpoint-sp-ssl.xml ;
+ cat /tmp/checkpoints | while read line ; do
+ if [ \"$${file_path[$${id}]}\" == \"-\" ] ; then
+ sed -n \"$${current_line},$${line}p\" /mnt/shibboleth-diff/metadata/midpoint-sp-ssl.xml >> /opt/shibboleth-idp/metadata/midpoint-sp-ssl.xml ;
+ else
+ sed '1d;$$d' /opt/shibboleth-idp/credentials/$${file_path[$${id}]} >> /opt/shibboleth-idp/metadata/midpoint-sp-ssl.xml ;
+ fi ;
+ current_line=$${line};
+ id=$$(( $${id} + 1 )) ;
+ done ;
+ sed -i \"s/\\([[:space:]]\\).*$$/\\1/g;s/^[[:space:]]\\(\\).*$$/\\1/g\" /opt/shibboleth-idp/metadata/midpoint-sp-ssl.xml ;
+ echo ' - - - - - - -' ;
+ echo 'Generating sealer key...' ;
+ rm /opt/shibboleth-idp/credentials/sealer.* ;
+ /opt/shibboleth-idp/bin/rotateSealerKey.sh ;
+ echo ' - - - - - - -' ;
+ echo 'DONE.' ;
+ "
+ volumes:
+ - idp_conf:/opt/shibboleth-idp/conf
+ - idp_credentials:/opt/shibboleth-idp/credentials
+ - idp_metadata:/opt/shibboleth-idp/metadata
+ - ./shibboleth-idp:/mnt/shibboleth-diff:ro
+ - midpoint_home:/opt/midpoint/var
+
+ idp:
+ image: tier/shib-idp:3.4.6_20191002
+ depends_on:
+ directory:
+ condition: service_started
+ idp_vol_init:
+ condition: service_completed_successfully
+ ulimits:
+ nofile:
+ soft: 1024
+ hard: 2048
+ environment:
+ - JETTY_MAX_HEAP=64m
+ - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
+ - JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
+ networks:
+ - net
+ volumes:
+ - idp_conf:/opt/shibboleth-idp/conf
+ - idp_credentials:/opt/shibboleth-idp/credentials
+ - idp_metadata:/opt/shibboleth-idp/metadata
+ - idp_certs:/opt/certs
+
+ beacon:
+ build: ./beacon/
+ networks:
+ - net
+ environment:
+ - TIER_RELEASE=not-released-yet
+ - TIER_MAINTAINER=tier
+ - MP_VERSION=4.8
+ - TIER_BEACON_OPT_OUT=true
+
+ proxy:
+ image: nginx:stable
+ depends_on:
+ prereq:
+ condition: service_completed_successfully
+ midpoint_server:
+ condition: service_started
+ idp:
+ condition: service_started
+ ports:
+ - 8180:80
+ - 443:443
+ networks:
+ - net
+ volumes:
+ - proxy_conf:/etc/nginx
+
+networks:
+ net:
+ driver: bridge
+
+volumes:
+ security_object:
+ midpoint_data:
+ midpoint_home:
+ idp_conf:
+ idp_credentials:
+ idp_metadata:
+ idp_certs:
+ proxy_conf:
+ ldap:
+ shared_pw:
diff --git a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml b/demo/shibboleth-midpoint-sp/midpoint_server/post-initial-objects/SecurityPolicy.xml
similarity index 82%
rename from demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
rename to demo/shibboleth-midpoint-sp/midpoint_server/post-initial-objects/SecurityPolicy.xml
index cb2cfed..65c6fa7 100644
--- a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
+++ b/demo/shibboleth-midpoint-sp/midpoint_server/post-initial-objects/SecurityPolicy.xml
@@ -8,11 +8,6 @@
httpBasic
-
- httpHeader
- REMOTE_USER
- https://localhost:8443/Shibboleth.sso/Logout
-
mySamlSso
My internal enterprise SAML-based SSO system.
@@ -21,7 +16,7 @@
true
- /etc/pki/mp/sp-shibboleth-keys.jks
+ /opt/midpoint/var/shibboleth/shibboleth_sp_keys.jks
changeit
@@ -34,7 +29,7 @@
https://idptestbed/idp/shibboleth
- /etc/shibboleth/idp-metadata.xml
+ /opt/midpoint/var/shibboleth/idp-metadata.xml
Shibboleth
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
@@ -50,7 +45,7 @@
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
- false
+ true
saml-internal
@@ -77,23 +72,6 @@
sufficient
-
- admin-gui-default
- Default gui sequence
-
- Special GUI authentication sequence that is using Shibboleth SP
-
-
- http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
- true
- shib
-
-
- httpHeader
- 1
- sufficient
-
-
rest-default
diff --git a/demo/shibboleth-midpoint-sp/midpoint_server/post-initial-objects/public-url.xml b/demo/shibboleth-midpoint-sp/midpoint_server/post-initial-objects/public-url.xml
new file mode 100644
index 0000000..d353b5e
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/midpoint_server/post-initial-objects/public-url.xml
@@ -0,0 +1,44 @@
+
+
+
+
+
+
+ c:SystemConfigurationType
+
+ modify
+
+ delta
+
+
+ add
+ infrastructure
+
+ https://localhost/midpoint
+
+
+
+
+
+
diff --git a/demo/shibboleth-midpoint-sp/midpoint_server/shibboleth/attribute-map.xml b/demo/shibboleth-midpoint-sp/midpoint_server/shibboleth/attribute-map.xml
new file mode 100644
index 0000000..f0a5f19
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/midpoint_server/shibboleth/attribute-map.xml
@@ -0,0 +1,168 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/demo/shibboleth-midpoint-sp/midpoint_server/shibboleth/shibboleth2.xml b/demo/shibboleth-midpoint-sp/midpoint_server/shibboleth/shibboleth2.xml
new file mode 100644
index 0000000..9ed72c2
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/midpoint_server/shibboleth/shibboleth2.xml
@@ -0,0 +1,112 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ SAML2
+
+
+
+ SAML2 Local
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/attribute-filter.xml b/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/attribute-filter.xml
new file mode 100644
index 0000000..c7a14c7
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/attribute-filter.xml
@@ -0,0 +1,38 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/attribute-resolver.xml b/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/attribute-resolver.xml
new file mode 100644
index 0000000..ee9519f
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/attribute-resolver.xml
@@ -0,0 +1,293 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/idp.properties b/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/idp.properties
new file mode 100644
index 0000000..cf0b2f8
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/idp.properties
@@ -0,0 +1,195 @@
+# Load any additional property resources from a comma-delimited list
+idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties
+
+# Set the entityID of the IdP
+idp.entityID= https://idptestbed/idp/shibboleth
+
+# Set the scope used in the attribute resolver for scoped attributes
+idp.scope= example.org
+
+# General cookie properties (maxAge only applies to persistent cookies)
+#idp.cookie.secure = false
+#idp.cookie.httpOnly = true
+#idp.cookie.domain =
+#idp.cookie.path =
+#idp.cookie.maxAge = 31536000
+
+# Set the location of user-supplied web flow definitions
+#idp.webflows = %{idp.home}/flows
+
+# Set the location of Velocity view templates
+#idp.views = %{idp.home}/views
+
+# Settings for internal AES encryption key
+#idp.sealer.storeType = JCEKS
+#idp.sealer.updateInterval = PT15M
+#idp.sealer.aliasBase = secret
+idp.sealer.storeResource= %{idp.home}/credentials/sealer.jks
+idp.sealer.versionResource= %{idp.home}/credentials/sealer.kver
+idp.sealer.storePassword= changeit
+idp.sealer.keyPassword= changeit
+
+# Settings for public/private signing and encryption key(s)
+# During decryption key rollover, point the ".2" properties at a second
+# keypair, uncomment in credentials.xml, then publish it in your metadata.
+idp.signing.key= %{idp.home}/credentials/idp-signing.key
+idp.signing.cert= %{idp.home}/credentials/idp-signing.crt
+idp.encryption.key= %{idp.home}/credentials/idp-encryption.key
+idp.encryption.cert= %{idp.home}/credentials/idp-encryption.crt
+#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key
+#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt
+
+# Sets the bean ID to use as a default security configuration set
+#idp.security.config = shibboleth.DefaultSecurityConfiguration
+
+# To default to SHA-1, set to shibboleth.SigningConfiguration.SHA1
+#idp.signing.config = shibboleth.SigningConfiguration.SHA256
+
+# Configures trust evaluation of keys used by services at runtime
+# Defaults to supporting both explicit key and PKIX using SAML metadata.
+#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine
+# To pick only one set to one of:
+# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
+#idp.trust.certificates = shibboleth.ChainingX509TrustEngine
+# To pick only one set to one of:
+# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine
+
+# If true, encryption will happen whenever a key to use can be located, but
+# failure to encrypt won't result in request failure.
+idp.encryption.optional = true
+
+# Configuration of client- and server-side storage plugins
+#idp.storage.cleanupInterval = PT10M
+#idp.storage.htmlLocalStorage = false
+
+# Set to true to expose more detailed errors in responses to SPs
+#idp.errors.detailed = false
+# Set to false to skip signing of SAML response messages that signal errors
+#idp.errors.signed = true
+# Name of bean containing a list of Java exception classes to ignore
+#idp.errors.excludedExceptions = ExceptionClassListBean
+# Name of bean containing a property set mapping exception names to views
+#idp.errors.exceptionMappings = ExceptionToViewPropertyBean
+# Set if a different default view name for events and exceptions is needed
+#idp.errors.defaultView = error
+
+# Set to false to disable the IdP session layer
+#idp.session.enabled = true
+
+# Set to "shibboleth.StorageService" for server-side storage of user sessions
+#idp.session.StorageService = shibboleth.ClientSessionStorageService
+idp.session.StorageService = shibboleth.StorageService
+
+# Size of session IDs
+#idp.session.idSize = 32
+# Bind sessions to IP addresses
+#idp.session.consistentAddress = true
+# Inactivity timeout
+#idp.session.timeout = PT60M
+# Extra time to store sessions for logout
+#idp.session.slop = PT0S
+# Tolerate storage-related errors
+#idp.session.maskStorageFailure = false
+# Track information about SPs logged into
+idp.session.trackSPSessions = true
+# Support lookup by SP for SAML logout
+idp.session.secondaryServiceIndex = true
+# Length of time to track SP sessions
+#idp.session.defaultSPlifetime = PT2H
+
+# Regular expression matching login flows to enable, e.g. IPAddress|Password
+idp.authn.flows= Password
+
+# Regular expression of forced "initial" methods when no session exists,
+# usually in conjunction with the idp.authn.resolveAttribute property below.
+#idp.authn.flows.initial = Password
+
+# Set to an attribute ID to resolve prior to selecting authentication flows;
+# its values are used to filter the flows to allow.
+#idp.authn.resolveAttribute = eduPersonAssurance
+
+# Default lifetime and timeout of various authentication methods
+#idp.authn.defaultLifetime = PT60M
+#idp.authn.defaultTimeout = PT30M
+
+# Whether to prioritize "active" results when an SP requests more than
+# one possible matching login method (V2 behavior was to favor them)
+#idp.authn.favorSSO = true
+
+# Whether to fail requests when a user identity after authentication
+# doesn't match the identity in a pre-existing session.
+#idp.authn.identitySwitchIsError = false
+
+# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
+#idp.consent.StorageService = shibboleth.ClientPersistentStorageService
+
+# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
+# to key user consent storage records (and set the attribute name)
+#idp.consent.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
+#idp.consent.userStorageKeyAttribute = uid
+
+# Flags controlling how built-in attribute consent feature operates
+#idp.consent.allowDoNotRemember = true
+#idp.consent.allowGlobal = true
+#idp.consent.allowPerAttribute = false
+
+# Whether attribute values and terms of use text are compared
+#idp.consent.compareValues = false
+# Maximum number of consent records for space-limited storage (e.g. cookies)
+#idp.consent.maxStoredRecords = 10
+# Maximum number of consent records for larger/server-side storage (0 = no limit)
+#idp.consent.expandedMaxStoredRecords = 0
+
+# Time in milliseconds to expire consent storage records.
+#idp.consent.storageRecordLifetime = P1Y
+
+# Whether to lookup metadata, etc. for every SP involved in a logout
+# for use by user interface logic; adds overhead so off by default.
+#idp.logout.elaboration = false
+
+# Whether to require logout requests be signed/authenticated.
+#idp.logout.authenticated = true
+
+# Message freshness and replay cache tuning
+#idp.policy.messageLifetime = PT3M
+#idp.policy.clockSkew = PT3M
+
+# Set to custom bean for alternate storage of replay cache
+#idp.replayCache.StorageService = shibboleth.StorageService
+
+# Toggles whether to allow outbound messages via SAML artifact
+#idp.artifact.enabled = true
+# Suppresses typical signing/encryption when artifact binding used
+#idp.artifact.secureChannel = true
+# May differ to direct SAML 2 artifact lookups to specific server nodes
+#idp.artifact.endpointIndex = 2
+# Set to custom bean for alternate storage of artifact map state
+#idp.artifact.StorageService = shibboleth.StorageService
+
+# Name of access control policy for various admin flows
+idp.status.accessPolicy= AccessByIPAddress
+idp.resolvertest.accessPolicy= AccessByIPAddress
+idp.reload.accessPolicy= AccessByIPAddress
+
+# Comma-delimited languages to use if not match can be found with the
+# browser-supported languages, defaults to an empty list.
+idp.ui.fallbackLanguages= en,fr,de
+
+# Storage service used by CAS protocol
+# Defaults to shibboleth.StorageService (in-memory)
+# MUST be server-side storage (e.g. in-memory, memcached, database)
+# NOTE that idp.session.StorageService requires server-side storage
+# when CAS protocol is enabled
+idp.cas.StorageService=shibboleth.StorageService
+
+# CAS service registry implementation class
+#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry
+
+# Profile flows in which the ProfileRequestContext should be exposed
+# in servlet request under the key "opensamlProfileRequestContext"
+#idp.profile.exposeProfileRequestContextInServletRequest = SAML2/POST/SSO,SAML2/Redirect/SSO
+
+# F-TICKS auditing - set salt to include hashed username
+#idp.fticks.federation=MyFederation
+#idp.fticks.algorithm=SHA-256
+#idp.fticks.salt=somethingsecret
diff --git a/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/ldap.properties b/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/ldap.properties
new file mode 100644
index 0000000..726f145
--- /dev/null
+++ b/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/ldap.properties
@@ -0,0 +1,58 @@
+# LDAP authentication configuration, see authn/ldap-authn-config.xml
+
+## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
+#idp.authn.LDAP.authenticator = anonSearchAuthenticator
+
+## Connection properties ##
+idp.authn.LDAP.ldapURL = ldap://directory:389
+idp.authn.LDAP.useStartTLS = false
+idp.authn.LDAP.useSSL = false
+#idp.authn.LDAP.connectTimeout = 3000
+
+## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
+#idp.authn.LDAP.sslConfig = certificateTrust
+## If using certificateTrust above, set to the trusted certificate's path
+idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
+## If using keyStoreTrust above, set to the truststore path
+idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore
+
+## Return attributes during authentication
+## NOTE: this is not used during attribute resolution; configure that directly in the
+## attribute-resolver.xml configuration via a DataConnector's element
+idp.authn.LDAP.returnAttributes = cn,businessCategory,mail
+
+## DN resolution properties ##
+
+# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
+# for AD: CN=Users,DC=example,DC=org
+idp.authn.LDAP.baseDN = ou=people,dc=internet2,dc=edu
+#idp.authn.LDAP.subtreeSearch = false
+idp.authn.LDAP.userFilter = (uid={user})
+# bind search configuration
+# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
+idp.authn.LDAP.bindDN = cn=admin,dc=internet2,dc=edu
+idp.authn.LDAP.bindDNCredential = password
+
+# Format DN resolution, used by directAuthenticator, adAuthenticator
+# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
+idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=internet2,dc=edu
+
+# LDAP attribute configuration, see attribute-resolver.xml
+idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL}
+idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN}
+idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN}
+idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential}
+idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true}
+idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates}
+idp.attribute.resolver.LDAP.searchFilter = (uid=$requestContext.principalName)
+
+# LDAP pool configuration, used for both authn and DN resolution
+#idp.pool.LDAP.minSize = 3
+#idp.pool.LDAP.maxSize = 10
+#idp.pool.LDAP.validateOnCheckout = false
+#idp.pool.LDAP.validatePeriodically = true
+#idp.pool.LDAP.validatePeriod = 300
+#idp.pool.LDAP.prunePeriod = 300
+#idp.pool.LDAP.idleTime = 600
+#idp.pool.LDAP.blockWaitTime = 3000
+#idp.pool.LDAP.failFastInitialize = false
diff --git a/demo/shibboleth/idp/shibboleth-idp/conf/metadata-providers.xml b/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/metadata-providers.xml
similarity index 97%
rename from demo/shibboleth/idp/shibboleth-idp/conf/metadata-providers.xml
rename to demo/shibboleth-midpoint-sp/shibboleth-idp/conf/metadata-providers.xml
index 2a44b8d..684b387 100644
--- a/demo/shibboleth/idp/shibboleth-idp/conf/metadata-providers.xml
+++ b/demo/shibboleth-midpoint-sp/shibboleth-idp/conf/metadata-providers.xml
@@ -27,8 +27,6 @@
-
-
-
+
@@ -23,34 +23,34 @@ and do *NOT* provide it in real time to your partners.
-
+
-
-
+
+
- sp.example.org
+ midpoint.sp.example.org
- CN=sp.example.org,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US
- MIIDPDCCAiQCCQDNZe8r0hVtuTANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxFzAVBgNVBAMMDnNwLmV4YW1wbGUub3JnMB4XDTE3MDkyMjE5
-NTAzNVoXDTI3MDkyMDE5NTAzNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1J
-MRIwEAYDVQQHDAlBbm4gQXJib3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcw
-FQYDVQQDDA5zcC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMTNJmsNpTpR4NrDJwOgK/o3UYlNdi1c6xBflt+liLAsQc160QReV4dS
-SGK8LZvN58a/BTIsH8dLhQlUQ8qQUY2AfolVrNxb7Waumeh/POzYUTRylnoGpU3W
-bGMEPxE/AdgP5U/adYvyu4XI5epv7wjZJOTqcVag15SalY+aso+ZC/5l+UzRxmWB
-ZxKTsSL1y7PFehY4/Zl3Y3oGVsVl/zspt5lteoZQeeVxUX29S3Af11yHY4xpEp+7
-rvAzY/nlsTiHAsUoCFK/NFQ2evvSRx52B9Fk1cWP1MDVDm2QjQqD9xBGYSnX6bhQ
-ejVx7JUJHlblu2Q5p5XdW0BihgFluoECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-n/qhYnIviPs4tglCdrw+M7gbqKNWadDC3F9HDYzlJMFeS/ae2turhEUgQPbYPDQQ
-eO3oOILtvCXNFUPM58jf8V5YFRrOqrTgx44kexQDaHO5YYNft5tF5TdvBYE2gOVr
-GdYrH2iSP8WX+Yy7JH5uqkfwWzEntWHJdey39rCWKAUCCB35+/2b4N53Qmlv2+ug
-CpNJYFtXInd4YMmM5HjXLyoWXtjnKiwDqYUCeYPSwAajnCqRqRXUX0gYTFDRiwRP
-HbmO9We0nqoc/71nikmGGoSRMO/zWVMFjwmAx1fGiWdU61sjGX8sHifzmVyJVEBI
-Z75p+JrWYZJYrx/vpWxL8g==
+ CN=sptest.example.edu,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US
+ MIID/TCCAmWgAwIBAgIJAJZqOL69C6nRMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNVBAMTEnNwdGVz
+dC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4NDhaFw0yODEyMTcyMjM4NDhaMB0xGzAZBgNVBAMT
+EnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANJ1OC6Q
+l4te2/7PArBkuM/EF1NcQILv7bJaecJDGYBVoWgL0a2KQ0XMESusgkVmVjj/jcbtvwIiXI/6BEu8
+15OF6eSZIwxWdQBpeKbrWTbt07GiGgdXoXot6oMs5a9YXuWLt8pTXrFVMmwXU+ZfWJtuU8OIgm9e
+sAEIQBHvDVOJtdKdBMWJFa5nUzkaVvA0Fr8r+/FHUvSCnlKOMaUIfTgtoS9AQnaRQ1dVl39Z2KAh
+87JYvRIxvbaPaKgar2eGQ+PQD8rqsB5K5wgnADAxYM9Vo0YXSpPH+FvwN3EJgURUSEY2E0Jx8JOx
+368ERNLXx3kfnRxCiZRDkTZF9WP6lBnDwc1WXRwpVCDTRnF+SIh6IC1Bj/qpkpCD3nri7tycejoe
+AtVj1YZHWarf9iqdcLYOAWmeyGbFl3hjv6qcXnIfy1KyHLCAdIrg1TymLovXXKW09pEbVLdsHmLz
+0h+DxPs4FsinK2AQBMn16u8BJJ/+spCzIQ2QNPcGORh6XemBpQIDAQABo0AwPjAdBgNVHREEFjAU
+ghJzcHRlc3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFPC8rkASWHQxrtCQ4wwtnsJRy6K5MA0GCSqG
+SIb3DQEBCwUAA4IBgQCks2nY7YzdIKV02NHD9STWD3yPtEwPYZZ3NBno0WW20rS6cU+fxFx37nY8
+ULve4cFQkLR8fOO44e1qIuTgLGCauSGTx/Ts/tbmZXbpGTwV7cjZDCfC7yEFAVrfQFOMNKeQEssu
+LFj+d4STGLorxsM+2YygdOgohJz0e3xOcmCNHqEuC9RbzrnLc/A4/mOHKwnwCCg71zA1/Ew9NUoR
+m2n8IfaONIUaMg9opNiHxX4eu3UFaaPmn/mInuWYYMXzbIbdlU/XhKvXrujWYWj7anTDWvGQmNEe
+csQH92SrO0pf+9WwcWUQTQiWUdq8/OxjXfzs1PrQnSlp0eizgcdKHDKbCUaSuK1i2wdxfEsu5sbZ
+AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq+mjnyQSNe3s2
+4VNeGc76jbHIrkEWuA460QGqz1Fa2CsQo5SH1IkxNIKpBZWt+w2LdAza/NzYyDruY5IJCrZa9Qw=
@@ -64,15 +64,8 @@ Z75p+JrWYZJYrx/vpWxL8g==
-
-
-
-
-
-
-
-
-
+
+
diff --git a/demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-sp.xml b/demo/shibboleth-midpoint-sp/shibboleth-idp/metadata/midpoint-sp.xml.bck
similarity index 100%
rename from demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-sp.xml
rename to demo/shibboleth-midpoint-sp/shibboleth-idp/metadata/midpoint-sp.xml.bck
diff --git a/demo/shibboleth/.env b/demo/shibboleth/.env
deleted file mode 100644
index f99ab0c..0000000
--- a/demo/shibboleth/.env
+++ /dev/null
@@ -1,6 +0,0 @@
-# These parameters can be overridden by setting environment variables before calling docker-compose up
-ENV=demo
-USERTOKEN=
-MP_MEM_MAX=2048m
-MP_MEM_INIT=1024m
-TIMEZONE=UTC
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/httpd/00-shib.conf b/demo/shibboleth/configs-and-secrets/midpoint/httpd/00-shib.conf
deleted file mode 100644
index 0e5c7b2..0000000
--- a/demo/shibboleth/configs-and-secrets/midpoint/httpd/00-shib.conf
+++ /dev/null
@@ -1 +0,0 @@
-LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-cert.pem b/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-cert.pem
deleted file mode 100644
index 9b1021b..0000000
--- a/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
-DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
-cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
-a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
-lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
-8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
-f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
-vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
-AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
-FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
-h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
-BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
-JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
-GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
-Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
------END CERTIFICATE-----
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-key.pem b/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-key.pem
deleted file mode 100644
index 5746e59..0000000
--- a/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
-cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
-KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
-xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
-3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
-RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
-IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
-Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
-2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
-NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
-HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
-V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
-yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
-LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
-VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
-76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
-LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
-LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
-QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
-5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
-JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
-0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
-VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
-bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
-4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
-CWYCgOnmiTHcj83UaTqEXtmv
------END PRIVATE KEY-----
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/httpd/midpoint-shib.conf b/demo/shibboleth/configs-and-secrets/midpoint/httpd/midpoint-shib.conf
deleted file mode 100644
index a383349..0000000
--- a/demo/shibboleth/configs-and-secrets/midpoint/httpd/midpoint-shib.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-
- AuthType shibboleth
- ShibRequestSetting requireSession 1
- ShibRequireSession on
- ShibUseHeaders On
- require shibboleth
-
-
-
- AuthType shibboleth
- ShibRequestSetting requireSession false
- ShibUseHeaders On
- require shibboleth
-
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/httpd/vhosts.conf b/demo/shibboleth/configs-and-secrets/midpoint/httpd/vhosts.conf
deleted file mode 100644
index a434bd8..0000000
--- a/demo/shibboleth/configs-and-secrets/midpoint/httpd/vhosts.conf
+++ /dev/null
@@ -1 +0,0 @@
-RewriteRule "^/midpoint/$" "/midpoint/auth/shib" [R]
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks b/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
deleted file mode 100644
index af2e8f4..0000000
Binary files a/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks and /dev/null differ
diff --git a/demo/shibboleth/configs-and-secrets/shibboleth/shibboleth2.xml b/demo/shibboleth/configs-and-secrets/shibboleth/shibboleth2.xml
deleted file mode 100644
index ee05a97..0000000
--- a/demo/shibboleth/configs-and-secrets/shibboleth/shibboleth2.xml
+++ /dev/null
@@ -1,139 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- SAML2
-
-
-
- SAML2 Local
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/demo/shibboleth/configs-and-secrets/shibboleth/sp-encrypt-cert.pem b/demo/shibboleth/configs-and-secrets/shibboleth/sp-encrypt-cert.pem
deleted file mode 100644
index 7a66196..0000000
--- a/demo/shibboleth/configs-and-secrets/shibboleth/sp-encrypt-cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID/TCCAmWgAwIBAgIJAINng1bI63LGMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV
-BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4MDJaFw0yODEyMTcy
-MjM4MDJaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI
-hvcNAQEBBQADggGPADCCAYoCggGBAOjmPSBzRsjbPBBA6jYVW+QtsYM5fvIuNErG
-VDRvKHyCTNbmdFZ37qEl/fwsrdF4hn4V7fAZ6jW6R1aMGFl1vQyJ289B8l5HOPjf
-GuB2gL9IxulOmrkYVN8nfgjlbFNNktMQJ8NprYEyl3o786xCCxx3AiA5Mgdv400L
-6vlmEfNHIwsOHAUTNRyCwMS9P6jBJ5IIxD0Mef+3oUjAvVsPZu24EJnzTUasZnI0
-F8aC/YzVbxObBNcymtA2Ipec/gLe1B09eDZUduXPL/as57QWvgJrWj8bCK+Ldj0P
-MPSvWzr4BnN58dxaYgCgRH7tnhZudPvCjBakQzkxo/njsRIKtm3lN9UmUYiXbl+e
-bu0DSQFUaFfO2hOOUTNAr/QuC+GQL+U7VAdybTbP+KcH5LbNUSqYkxSwhbFz5aym
-o5KppnYB9K5iySRWvGIhnwXHNv5yFrmUbet2BPJlMzv7NaePaZ76ypobzNjjNBbg
-aNECsQ1ZD9fe2Q8UBe0m2gQP5Yux5QIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl
-c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFGcLIl5kg+GFIh9HXeZyLzsv5e7qMA0G
-CSqGSIb3DQEBCwUAA4IBgQAf8/iZXUWtWGMBw2OfonDDWbuhgLnNWddpllcVx7v/
-Yu75+wgfIdNXg6XM4WkGkpbhlkpDLRt2c6rMQpxrQtq/5G3OKEXKyjUOl5pZsYkG
-asVENYPSCfuu3rlK85XaW3H1SSJqSax/UKcYXyB1TIW6mNy3OxuvHak6y4LzFnug
-CO7p/W2jvffwmxfqjbO7wQfXUQz3SZS04sHMqQoStOwy2N5xxQ3uTF34EoXBto+n
-XIEOptKPhV2NkEzj+UUIi1588dck8T0SstbSElbTnJ4sNZFriX6JOPFNW08fezot
-izerOHuAFpFQvtugWoZT87YYaFwG+Zr5QNa4fNOcAL+FHvbOfEqIGs+H6GSf0dZV
-lkcJyzWZvuK/4RGqWbLvfAYRm0PAGTQSLdO8QJSYWdJtJvZFEMgddQ2HoIzeO5wo
-B42FKDSHottI9avilApQBdRCtust8XRPtEAzDB/t/1jbO7u2tkzgY3614mX5xgut
-Ileaae5eVCjw4uYbkh+Mt5M=
------END CERTIFICATE-----
diff --git a/demo/shibboleth/configs-and-secrets/shibboleth/sp-encrypt-key.pem b/demo/shibboleth/configs-and-secrets/shibboleth/sp-encrypt-key.pem
deleted file mode 100644
index 1622ef3..0000000
--- a/demo/shibboleth/configs-and-secrets/shibboleth/sp-encrypt-key.pem
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDo5j0gc0bI2zwQ
-QOo2FVvkLbGDOX7yLjRKxlQ0byh8gkzW5nRWd+6hJf38LK3ReIZ+Fe3wGeo1ukdW
-jBhZdb0MidvPQfJeRzj43xrgdoC/SMbpTpq5GFTfJ34I5WxTTZLTECfDaa2BMpd6
-O/OsQgscdwIgOTIHb+NNC+r5ZhHzRyMLDhwFEzUcgsDEvT+owSeSCMQ9DHn/t6FI
-wL1bD2btuBCZ801GrGZyNBfGgv2M1W8TmwTXMprQNiKXnP4C3tQdPXg2VHblzy/2
-rOe0Fr4Ca1o/Gwivi3Y9DzD0r1s6+AZzefHcWmIAoER+7Z4WbnT7wowWpEM5MaP5
-47ESCrZt5TfVJlGIl25fnm7tA0kBVGhXztoTjlEzQK/0LgvhkC/lO1QHcm02z/in
-B+S2zVEqmJMUsIWxc+WspqOSqaZ2AfSuYskkVrxiIZ8Fxzb+cha5lG3rdgTyZTM7
-+zWnj2me+sqaG8zY4zQW4GjRArENWQ/X3tkPFAXtJtoED+WLseUCAwEAAQKCAYBM
-3eCC20kbdbAnNSWX4AjKEIKr6sgJKlK78yVLgPx9y4uMydbPyxmJOj7PgfeEUSEi
-cB5txj/Up7xvxiErNX7FqqJPj1Zs41jcWtZGCxaHC4AK9JSATpWEaUZhrUbJX6r7
-2jMlfbV0FLyF7U+JJOsB5A1hkT7/0V/Vx/8vfQ6jmnDobym0SxiWZlk1Fbjy+30R
-567M71c8nOCwYFyet0CjaMKh7PkuQCw3uRW3wPfqCW91qw438E3ENnnITFpRnDUI
-iZIXJSj3Sqcx/W7Q6xei+y95U4tksT3/SQ7hVXp+BhfyjXdK/k0vNzxZfWk9nCD8
-h7HeiQuLPENzrlOwuWtI+gLDIdFplXUJ+/piK3okdstdHJcWcNUelW8yr7JSpv1I
-a2KMgHI2F4UVcTYLZrevzxd5a0cpvFW7vmvdw2vFrCb5JsVsmqBu5OLeaVGDIbIA
-2SLfJqq12fi2rxk28VtwXXgaCTttSM+8VY7dlT/mPCqX3Sx2eM7EPt6RVHuri4EC
-gcEA+3q6Vht60YXNaw7m4BFISntVm4Z2gGFNswLlrgPRHOacaQVMKhpqt3HmNKAT
-1MD/a5C60HkUjMB95m2nE4k1Iade8EzUPXD1FvFbE9/+ifNx2OrC8pKrEmRiTmCY
-oel45uoXsksNGJynfuRp2TpAVSZrXaIbGKZiMJZv0QZAilVBurZnZyV0jKQYkSFM
-FOt60PDJJEqZzG01dvDJxsIYQURtjNscO0R2ncloLXm7qu1/fcP7CAawWgFYyer2
-WEdVAoHBAO0WAhxCvFoev348Wf33lQi9c6w7WN/WEkhNOJ5p4PKsJphSZbt2bjCt
-RdRmvahSXeiGrDPuaxoWaQqcXprcu3ndFYBcK2xZpIl/mf0wr1QTEHCkRXzfxRjC
-Mmy+yTeKT4L18xKgg6pJn+wC3hwsv2BQPkp+NPJhD2bmVUWorqXq5fiBV2b7lTg0
-q1HHXYtxk22bw7xtstFENGTqa22KwD5Wd6nj9DamLzKhUhOdcJ7yGVu9se7YcGGh
-pg57muigUQKBwQD5feH96Zdo5UFN9GPTavH4ivH8sWNBrMeEUNyDTuAYtyX3/zx4
-DOtRAhwsm5/xFGSTV+wvReDAX3zIroLym85ti/phlyd9qWJOl7cPOcvzGuYZGZe9
-RwuX3KW3MphbEiFTnm1SAqmEgG6gMoZc8DDBCbO9GkWdp/yETcuzaWuAkmL6lVpy
-97LwkSCaY5lyq8iWIDy915FMQhCn5u2YVhnwLq4s73jLx/mSQy4q57nrM2Kn6FZV
-uSUetnVbJdOu810CgcBNCzbaWjF9E7rk2dXguwD6Wx5o3MxPyPAeAMIicIPCOIE+
-RKB8n8rFFLm5gT2mokWUF5eENLknPBsccJ4pswtVWavwD4Oo7SST7hxrc9O1/Y/9
-GtTd9JXHKuxZ/FHFM7QM+cHozrKattw6ROBKxZvXP5xOdt7b2QC5TqZtQZinoELl
-U5rEg4MFRdBafe//LYRcPR8Jb5iJeqGQHcGVUl6Qo2a1lbc5vx1dVaEncKU1cbUd
-4/IbjMhQYchlsnMvn1ECgcEAxwT/UvLwhYeFK6UHRwJ/z1eKGAC8R2B9tlmgddZx
-T93qbVq4lZXKw3osqdi+pgWvvmg9aK9r/dO1E93S11msnoTI+W9xTr+y5y9dN/hx
-5deQMUK+3woLog6LsGiKE2IamCNQBFkgd4VvhXgG+2pTPYJ9nyuEA+na+tfE6bSa
-foJ8KQT1rmRFQYRboBY/xxqtsl6Nh84JK7kCw27NNdhssyuiipfa8NLM4m+yeA6n
-/oz8xKl5PKwOrvk2DH+FwaAg
------END PRIVATE KEY-----
diff --git a/demo/shibboleth/configs-and-secrets/shibboleth/sp-signing-cert.pem b/demo/shibboleth/configs-and-secrets/shibboleth/sp-signing-cert.pem
deleted file mode 100644
index 73aaaab..0000000
--- a/demo/shibboleth/configs-and-secrets/shibboleth/sp-signing-cert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID/TCCAmWgAwIBAgIJAJZqOL69C6nRMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV
-BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4NDhaFw0yODEyMTcy
-MjM4NDhaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI
-hvcNAQEBBQADggGPADCCAYoCggGBANJ1OC6Ql4te2/7PArBkuM/EF1NcQILv7bJa
-ecJDGYBVoWgL0a2KQ0XMESusgkVmVjj/jcbtvwIiXI/6BEu815OF6eSZIwxWdQBp
-eKbrWTbt07GiGgdXoXot6oMs5a9YXuWLt8pTXrFVMmwXU+ZfWJtuU8OIgm9esAEI
-QBHvDVOJtdKdBMWJFa5nUzkaVvA0Fr8r+/FHUvSCnlKOMaUIfTgtoS9AQnaRQ1dV
-l39Z2KAh87JYvRIxvbaPaKgar2eGQ+PQD8rqsB5K5wgnADAxYM9Vo0YXSpPH+Fvw
-N3EJgURUSEY2E0Jx8JOx368ERNLXx3kfnRxCiZRDkTZF9WP6lBnDwc1WXRwpVCDT
-RnF+SIh6IC1Bj/qpkpCD3nri7tycejoeAtVj1YZHWarf9iqdcLYOAWmeyGbFl3hj
-v6qcXnIfy1KyHLCAdIrg1TymLovXXKW09pEbVLdsHmLz0h+DxPs4FsinK2AQBMn1
-6u8BJJ/+spCzIQ2QNPcGORh6XemBpQIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl
-c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFPC8rkASWHQxrtCQ4wwtnsJRy6K5MA0G
-CSqGSIb3DQEBCwUAA4IBgQCks2nY7YzdIKV02NHD9STWD3yPtEwPYZZ3NBno0WW2
-0rS6cU+fxFx37nY8ULve4cFQkLR8fOO44e1qIuTgLGCauSGTx/Ts/tbmZXbpGTwV
-7cjZDCfC7yEFAVrfQFOMNKeQEssuLFj+d4STGLorxsM+2YygdOgohJz0e3xOcmCN
-HqEuC9RbzrnLc/A4/mOHKwnwCCg71zA1/Ew9NUoRm2n8IfaONIUaMg9opNiHxX4e
-u3UFaaPmn/mInuWYYMXzbIbdlU/XhKvXrujWYWj7anTDWvGQmNEecsQH92SrO0pf
-+9WwcWUQTQiWUdq8/OxjXfzs1PrQnSlp0eizgcdKHDKbCUaSuK1i2wdxfEsu5sbZ
-AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq
-+mjnyQSNe3s24VNeGc76jbHIrkEWuA460QGqz1Fa2CsQo5SH1IkxNIKpBZWt+w2L
-dAza/NzYyDruY5IJCrZa9Qw=
------END CERTIFICATE-----
diff --git a/demo/shibboleth/configs-and-secrets/shibboleth/sp-signing-key.pem b/demo/shibboleth/configs-and-secrets/shibboleth/sp-signing-key.pem
deleted file mode 100644
index 9e979fe..0000000
--- a/demo/shibboleth/configs-and-secrets/shibboleth/sp-signing-key.pem
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDSdTgukJeLXtv+
-zwKwZLjPxBdTXECC7+2yWnnCQxmAVaFoC9GtikNFzBErrIJFZlY4/43G7b8CIlyP
-+gRLvNeThenkmSMMVnUAaXim61k27dOxohoHV6F6LeqDLOWvWF7li7fKU16xVTJs
-F1PmX1ibblPDiIJvXrABCEAR7w1TibXSnQTFiRWuZ1M5GlbwNBa/K/vxR1L0gp5S
-jjGlCH04LaEvQEJ2kUNXVZd/WdigIfOyWL0SMb22j2ioGq9nhkPj0A/K6rAeSucI
-JwAwMWDPVaNGF0qTx/hb8DdxCYFEVEhGNhNCcfCTsd+vBETS18d5H50cQomUQ5E2
-RfVj+pQZw8HNVl0cKVQg00ZxfkiIeiAtQY/6qZKQg9564u7cnHo6HgLVY9WGR1mq
-3/YqnXC2DgFpnshmxZd4Y7+qnF5yH8tSshywgHSK4NU8pi6L11yltPaRG1S3bB5i
-89Ifg8T7OBbIpytgEATJ9ervASSf/rKQsyENkDT3BjkYel3pgaUCAwEAAQKCAYEA
-kmBxGQH8RTVO8eTtS95iJC+QwavyOp/BxUDkWtbsj7P/NSyzQ25c59jNQIEVgktx
-QOeNpoSJS2S22HTeNAc+MR781MAl/ljLu+OfxQj/3hKAIJZMYDr01tPEvkOl5NUj
-+6e3xwNBYzmMfl2jPyGlsUWFAQSbI/bJl44zccXAkQ/A5KHNRc7Yw5qd6aOGQD8a
-axCehOxEqEeI8oZvxQcogMBL0V9yWqEiI0Ymvq6w2n+CzdKmflcWSjloYzNcODbL
-Ef2+8/fBZhHTS0GLCIqQpK+tZxt4K77DK2p2L9dYuHK7vtWn1j0YIwPqD+QVVtuT
-d7BOOmakPj2E7EXq/GvFw8gB/gRLoLuJSq5vvhPrSVuJqWdxDuxSutGgIoN3mQxd
-2AjuBXvqwYaZ3UGHZlBYAQx5ICiAGjxv/1zmKp+9OJHge/a1e6Z8jgQcpS7OWNhU
-dj6qfs+IiWKEaMM7D8dj4ncoArBpE7/BzlVuJ377cqRx35alMcKlawQWF1YqSDrB
-AoHBAPSipCLz4sr3U2jluXehntYsKevWcBtFkEd49Ay5uZTu/aweKWIozjDt7T3L
-mjYi+QGpt28MdNmpoofYOmpt+lrc0HWrv+UB9k/qFxfwgZKaXa1nm/VLfK77L4IB
-8I9dpjvDi724Xg/JJ1jsGM13+jGEfTQTl4Hi0lZwMydUO+O4oWB4kG9qhF8C+yQc
-12CCFH+Da8uwcwM+zCJwRm3qMKceifhEGAuFJ430Rp7cuqlJYfQZ4pVhRxwP6vns
-cLCz+QKBwQDcPB5bCjci/HMe0V19HxPrKh0hGPLIRCPAakT8Mz8N2lVAtWDXFL5q
-eHskl6cf8RQLfrcUiL+jQvD5VV8I7BkolCv0GZT/q36I/Z1QKlQC1O0IGG/hNqwt
-PS85YM6yC84YIKx0rN6O03/nYcslRv19q+MNiR9sZEeN6cScUc6aUINhWjzQ4mb8
-Z9ErguJrq0sCoAVU+t/yRo/YB/d2xdN9XLe+2cgsM6s0TiHo4v2SeFHKewBw+RLp
-yrShY6COzg0CgcEA0EFwt2ylgiGgeSkvhV8qJ6s7GNDZaO4EUEPwhrDJAredbhvT
-IQQZ29+AWl3sbu/AySCgzsFs7CsT+M8jk50CRr26HKJUXvEXrZpbhH6y34nX+5m7
-U8uqXg/ptqROFM4liLUETkMYmBmnDHUY/DmJ3QOrzlxrWyAr7XfgpDd6MHbpsoWQ
-d7jW7UdNYsXGuBqktpS7fJA+qOGZyCuKWWHHf01pKNdXHN+C976fK/g+U4TsBXDP
-ylkgvwvx/kbA/DyJAoHAQxXA/WRYNT0G6B1ISAO+coTKiLlrwtsWtNbqGpSVoWef
-Tm2xiPKVqiL3B8d2LgGmZHX92LBrB5UtiBWcNECOzVCNLvbX7yVTDvGKCNBL9Ozd
-Ivkmo0ifG8ymZOj7LTrxVWImhgfeZ00/icC9O6arMqu4Jvhc7QyCy1SpAiDdOR5L
-Vs1A9zPvwPTyvzlINRnhaHRMC32717XsvRZ4J+LMsEQc6HK4SdaXUQB3zdPO/93M
-tEvRb5g/TZ3kdcC+OKHFAoHAO9R3y6ZjUM8T8/4XcyRD968V4sZIvVQfpSaH86GO
-TrECZp5SqSWUTqAWTJWS0yIctAML60nWF+OPRUlrq0yk2veN9Re6eWfyoyQOFd92
-U+bxh3QEue5LGOwpqrPV/1cJSFdv88eS+F8q7i/dD765Tio6kJjKzXPN3FJqAvNB
-lAnaO4Apbuzob25Qkmm0NVQHap+TJGJMvX2vVX9CjE6haVWq1lJMakkoQOeIlyi5
-iDjt9rDlIwDYeGWk4KFgsKM7
------END PRIVATE KEY-----
diff --git a/demo/shibboleth/directory/Dockerfile b/demo/shibboleth/directory/Dockerfile
deleted file mode 100644
index ada659b..0000000
--- a/demo/shibboleth/directory/Dockerfile
+++ /dev/null
@@ -1,30 +0,0 @@
-FROM centos:centos7
-
-LABEL author="tier-packaging@internet2.edu "
-
-RUN yum install -y epel-release \
- && yum update -y \
- && yum install -y 389-ds-base 389-admin 389-adminutil \
- && yum clean all \
- && rm -rf /var/cache/yum
-
-COPY container_files/seed-data/ /seed-data/
-
-RUN useradd ldapadmin \
- && rm -fr /var/lock /usr/lib/systemd/system \
- # The 389-ds setup will fail because the hostname can't reliable be determined, so we'll bypass it and then install. \
- && sed -i 's/checkHostname {/checkHostname {\nreturn();/g' /usr/lib64/dirsrv/perl/DSUtil.pm \
- # Not doing SELinux \
- && sed -i 's/updateSelinuxPolicy($inf);//g' /usr/lib64/dirsrv/perl/* \
- # Do not restart at the end \
- && sed -i '/if (@errs = startServer($inf))/,/}/d' /usr/lib64/dirsrv/perl/* \
- && setup-ds.pl --silent --file /seed-data/ds-setup.inf \
- && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \
- && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
- ldapadd -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password
-
-EXPOSE 389
-
-# temporary!
-
-CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep infinity
diff --git a/demo/shibboleth/directory/container_files/seed-data/ds-setup.inf b/demo/shibboleth/directory/container_files/seed-data/ds-setup.inf
deleted file mode 100644
index 96c29a1..0000000
--- a/demo/shibboleth/directory/container_files/seed-data/ds-setup.inf
+++ /dev/null
@@ -1,28 +0,0 @@
-[General]
-AdminDomain = internet2.edu
-ConfigDirectoryAdminID = admin
-ConfigDirectoryAdminPwd = admin
-ConfigDirectoryLdapURL = ldap://localhost:389/o=NetscapeRoot
-FullMachineName = localhost
-ServerRoot = /usr/lib64/dirsrv
-SuiteSpotGroup = nobody
-SuiteSpotUserID = nobody
-
-[admin]
-Port = 9830
-ServerAdminID = admin
-ServerAdminPwd = admin
-ServerIpAddress = 0.0.0.0
-SysUser = nobody
-
-[slapd]
-AddOrgEntries = No
-AddSampleEntries = No
-InstallLdifFile = suggest
-RootDN = cn=Directory Manager
-RootDNPwd = password
-ServerIdentifier = dir
-ServerPort = 389
-SlapdConfigForMC = yes
-Suffix = dc=internet2,dc=edu
-UseExistingMC = No
diff --git a/demo/shibboleth/directory/container_files/seed-data/users.ldif b/demo/shibboleth/directory/container_files/seed-data/users.ldif
deleted file mode 100644
index 1d57238..0000000
--- a/demo/shibboleth/directory/container_files/seed-data/users.ldif
+++ /dev/null
@@ -1,24 +0,0 @@
-dn: cn=admin,dc=internet2,dc=edu
-objectClass: simpleSecurityObject
-objectClass: organizationalRole
-cn: admin
-userPassword: password
-description: LDAP administrator
-
-dn: cn=users,ou=Groups,dc=internet2,dc=edu
-objectClass: groupOfUniqueNames
-objectClass: top
-uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
-uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu
-cn: users
-
-dn: uid=administrator,ou=People,dc=internet2,dc=edu
-objectClass: organizationalPerson
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-givenName: Administrator
-uid: administrator
-sn: Administrator
-cn: Administrator
-userPassword: password
diff --git a/demo/shibboleth/docker-compose-tests.yml b/demo/shibboleth/docker-compose-tests.yml
deleted file mode 100644
index 5f58d39..0000000
--- a/demo/shibboleth/docker-compose-tests.yml
+++ /dev/null
@@ -1,162 +0,0 @@
-# Version for running Bats tests.
-# Minimizes the number of ports mapped to localhost, to avoid collisions during testing.
-
-version: "3.3"
-
-services:
- data_init:
- image: i2incommon/midpoint:${tag:-4.8.2}
- command: >
- bash -c "
- chmod 777 /opt/mp-pw/ ;
- touch /opt/mp-pw/db_init_in_progress ;
- echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ;
- echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ;
- /opt/midpoint/bin/midpoint.sh init-native
- "
- environment:
- - MP_INIT_DB_CONCAT=/opt/db-init/init.sql
- - MP_DB_PW=/opt/mp-pw/dbpassword
- - MP_PW_DEF=/opt/mp-pw/keystorepw
- volumes:
- - db_init:/opt/db-init
- - mp_pw:/opt/mp-pw
-
- midpoint_data:
- image: postgres:13-alpine
- command: >
- bash -c "
- rm -f /var/lib/postgresql/data/postmaster.pid ;
- while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do
- echo 'Waiting to the end of the init process...';
- sleep 1;
- done ;
- {
- sleep 2 ;
- if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ;
- then echo 'DB init did not start...' ;
- rm -f /opt/mp-pw/db_ini*;
- echo 'The lock files has been removed...';
- fi ;
- } &
- docker-entrypoint.sh postgres
- "
- user: "70:70"
- depends_on:
- - data_init
- environment:
- - POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword
- - POSTGRES_USER=midpoint
- - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
- ports:
- - 5432:5432
- networks:
- - net
- volumes:
- - midpoint_data:/var/lib/postgresql/data
- - db_init:/docker-entrypoint-initdb.d/
- - mp_pw:/opt/mp-pw
-
- midpoint_server:
- build:
- context: ./midpoint_server/
- args:
- tag: ${tag:-4.8.2}
- command: /usr/local/bin/startup.sh
- depends_on:
- - data_init
- - midpoint_data
- ports:
- - 8443:443
- environment:
- - ENV
- - USERTOKEN
- - MP_SET_midpoint_administrator_initialPassword=Password1
- - MP_SET_midpoint_repository_jdbcUsername=midpoint
- - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
- - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
- - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw
- - MP_SET_server_tomcat_ajp_enabled=true
- - MP_SET_server_tomcat_ajp_port=9090
- - MP_SET_server_tomcat_ajp_secret=s3cr3t
- - MP_SET_logging_path=/tmp/logtomcat
- - MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
- - MP_NO_ENV_COMPAT=1
- - MP_MEM_MAX
- - MP_MEM_INIT
- - MP_JAVA_OPTS
- - TIER_BEACON_OPT_OUT
- - TIMEZONE
- networks:
- net:
- aliases:
- - midpoint-server
- secrets:
- - mp_host-key.pem
- - mp_shibboleth_sp_keys.jks
- volumes:
- - midpoint_home:/opt/midpoint/var
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
- target: /etc/shibboleth/idp-metadata.xml
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
- target: /etc/shibboleth/shibboleth2.xml
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/attribute-map.xml
- target: /etc/shibboleth/attribute-map.xml
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/00-shib.conf
- target: /etc/httpd/conf.modules.d/00-shib.conf
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/midpoint-shib.conf
- target: /etc/httpd/conf.d/midpoint-shib.conf
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/vhosts.conf
- target: /etc/httpd/conf.d/vhosts/vhosts.conf
- - mp_pw:/opt/mp-pw
-
- directory:
- build: ./directory/
- ports:
- - 389:389
- networks:
- - net
- volumes:
- - ldap:/var/lib/dirsrv
-
- idp:
- build: ./idp/
- depends_on:
- - directory
- ports:
- - 443:443
- environment:
- - JETTY_MAX_HEAP=64m
- - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
- - JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
- networks:
- - net
-
-networks:
- net:
- driver: bridge
-
-secrets:
- mp_host-key.pem:
- file: ./configs-and-secrets/midpoint/httpd/host-key.pem
- mp_shibboleth_sp_keys.jks:
- file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
-
-volumes:
- db_init:
- mp_pw:
- midpoint_data:
- midpoint_home:
- ldap:
diff --git a/demo/shibboleth/docker-compose.yml b/demo/shibboleth/docker-compose.yml
deleted file mode 100644
index e083b78..0000000
--- a/demo/shibboleth/docker-compose.yml
+++ /dev/null
@@ -1,159 +0,0 @@
-version: "3.3"
-
-services:
- data_init:
- image: i2incommon/midpoint:${tag:-4.8.2}
- command: >
- bash -c "
- chmod 777 /opt/mp-pw/ ;
- touch /opt/mp-pw/db_init_in_progress ;
- echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ;
- echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ;
- /opt/midpoint/bin/midpoint.sh init-native
- "
- environment:
- - MP_INIT_DB_CONCAT=/opt/db-init/init.sql
- - MP_DB_PW=/opt/mp-pw/dbpassword
- - MP_PW_DEF=/opt/mp-pw/keystorepw
- volumes:
- - db_init:/opt/db-init
- - mp_pw:/opt/mp-pw
-
- midpoint_data:
- image: postgres:13-alpine
- command: >
- bash -c "
- rm -f /var/lib/postgresql/data/postmaster.pid ;
- while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do
- echo 'Waiting to the end of the init process...';
- sleep 1;
- done ;
- {
- sleep 2 ;
- if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ;
- then echo 'DB init did not start...' ;
- rm -f /opt/mp-pw/db_ini*;
- echo 'The lock files has been removed...';
- fi ;
- } &
- docker-entrypoint.sh postgres
- "
- user: "70:70"
- depends_on:
- - data_init
- environment:
- - POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword
- - POSTGRES_USER=midpoint
- - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
- ports:
- - 5432:5432
- networks:
- - net
- volumes:
- - midpoint_data:/var/lib/postgresql/data
- - db_init:/docker-entrypoint-initdb.d/
- - mp_pw:/opt/mp-pw
-
- midpoint_server:
- build:
- context: ./midpoint_server/
- args:
- tag: ${tag:-4.8.2}
- command: /usr/local/bin/startup.sh
- depends_on:
- - data_init
- - midpoint_data
- ports:
- - 8443:443
- environment:
- - ENV
- - USERTOKEN
- - MP_SET_midpoint_administrator_initialPassword=Password1
- - MP_SET_midpoint_repository_jdbcUsername=midpoint
- - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
- - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
- - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw
- - MP_SET_server_tomcat_ajp_enabled=true
- - MP_SET_server_tomcat_ajp_port=9090
- - MP_SET_server_tomcat_ajp_secret=s3cr3t
- - MP_SET_logging_path=/tmp/logtomcat
- - MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
- - MP_NO_ENV_COMPAT=1
- - MP_MEM_MAX
- - MP_MEM_INIT
- - MP_JAVA_OPTS
- - TIER_BEACON_OPT_OUT
- - TIMEZONE
- networks:
- net:
- aliases:
- - midpoint-server
- secrets:
- - mp_host-key.pem
- - mp_shibboleth_sp_keys.jks
- volumes:
- - midpoint_home:/opt/midpoint/var
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
- target: /etc/shibboleth/idp-metadata.xml
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
- target: /etc/shibboleth/shibboleth2.xml
- - type: bind
- source: ./configs-and-secrets/midpoint/shibboleth/attribute-map.xml
- target: /etc/shibboleth/attribute-map.xml
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/00-shib.conf
- target: /etc/httpd/conf.modules.d/00-shib.conf
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/midpoint-shib.conf
- target: /etc/httpd/conf.d/midpoint-shib.conf
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/vhosts.conf
- target: /etc/httpd/conf.d/vhosts/vhosts.conf
- - mp_pw:/opt/mp-pw
-
- directory:
- build: ./directory/
- ports:
- - 389:389
- networks:
- - net
- volumes:
- - ldap:/var/lib/dirsrv
-
- idp:
- build: ./idp/
- depends_on:
- - directory
- ports:
- - 443:443
- environment:
- - JETTY_MAX_HEAP=64m
- - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
- - JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
- networks:
- - net
-
-networks:
- net:
- driver: bridge
-
-secrets:
- mp_host-key.pem:
- file: ./configs-and-secrets/midpoint/httpd/host-key.pem
- mp_shibboleth_sp_keys.jks:
- file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
-
-volumes:
- db_init:
- mp_pw:
- midpoint_data:
- midpoint_home:
- ldap:
diff --git a/demo/shibboleth/idp/Dockerfile b/demo/shibboleth/idp/Dockerfile
deleted file mode 100644
index 4968448..0000000
--- a/demo/shibboleth/idp/Dockerfile
+++ /dev/null
@@ -1,5 +0,0 @@
-FROM tier/shib-idp:3.4.6_20191002
-
-LABEL author="tier-packaging@internet2.edu "
-
-COPY shibboleth-idp/ /opt/shibboleth-idp/
diff --git a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-backchannel.crt b/demo/shibboleth/idp/shibboleth-idp/credentials/idp-backchannel.crt
deleted file mode 100644
index c1f8fab..0000000
--- a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-backchannel.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
------END CERTIFICATE-----
diff --git a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-backchannel.p12 b/demo/shibboleth/idp/shibboleth-idp/credentials/idp-backchannel.p12
deleted file mode 100644
index 112540a..0000000
Binary files a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-backchannel.p12 and /dev/null differ
diff --git a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-browser.p12 b/demo/shibboleth/idp/shibboleth-idp/credentials/idp-browser.p12
deleted file mode 100644
index 032be0b..0000000
Binary files a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-browser.p12 and /dev/null differ
diff --git a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-encryption.crt b/demo/shibboleth/idp/shibboleth-idp/credentials/idp-encryption.crt
deleted file mode 100644
index 15d764f..0000000
--- a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-encryption.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
------END CERTIFICATE-----
diff --git a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-encryption.key b/demo/shibboleth/idp/shibboleth-idp/credentials/idp-encryption.key
deleted file mode 100644
index 8bb5cc6..0000000
--- a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-encryption.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAgV79KN35k/Ipbsi4yeJQQFQlvmUVchFz2ELkYu73w3DuGund
-ZMYiS7GitFvPFTcYxUEa/D4A5Fq9vL8KB9a4JOKS7LMyw+PAwcw/eNqXiZf0uhZ7
-CCY5mh3AYeKWzYVOMqMLut4ipL7ba3GQBG6RK6OmfAs4lhMfLMsKGmBEBonz5K/T
-kVegp97cavvYDAXjxuNRq7Wa1BiLvsa53S9EoYeD6tHqv/TALFZSCFxGvPVnx/Cd
-pBXEzn6FrSHO9G+0y2ULMeGJzXJ6xi0lBHLLRcjy1/l7b+UjWRfPTjiMV1TYzb4B
-OQ2yW/YTDOFABaiPtW6PUKrccE4Y3P7DryMczQIDAQABAoIBAF/IflMllcUtw/Nb
-9USzpIscQh2nJaugtE5nqER/fT1cfU273Mjh0T6NtFMorjec5WAWBe6/0VVAwb3f
-C4QmO4xDnFhXjLxwAaT6nfvSi+O5d93XCxxLgNZUNL3ET7a2feELyoF+OdQT4sy3
-9dLyMdVHgtnQTQMAAVLeuQoyP+s+Zax4Gca6ln8QxIIvDoD7NITnpl8887Hghhzl
-CvKtRiPRtoI2JTXWgWuLI6xXfVsDvFT+Up+ki9TMLWLACcmMU1d+lUBOKIqhhQHG
-+np9iKxVausJwYaLwwT3h8SItNon7ltbV6kcqyZxMAA+uN8CVgIb5UaUrlW7Nvze
-1iUNudkCgYEAxpnBg8YxdEHFSMTqjEOYapn18cs3n32EBPtvPaUcvw3mGC1+ZVx1
-9WqnVsgykBOWI0qSBVF7Kke8yOqgqWtYQUFqLiMgCC9e/QcXnrm/bzAmKDgLVcCR
-KzgqU2ECQDkNSS0qeODjLGX4SEabDbLhN59WykHKM0i/RcrbhuvT1BcCgYEApsMD
-TFQBaiaEmLVm252piZf8b5g3DrUHeqGktHkHXTW4Iyyn8zEknoiCosk/Tej73zga
-cTT3zQgEh63DMC9Ag8IbIJiDpYLMkt1QvZYtq95E/94GVEfRRok6/pyagGYB351R
-PXcykrDyy26FSofmtaXU37Wxaj3ow+WROaPgULsCgYEArFoFScG3a2gkuRlDX8TN
-wj2o5lTxCbWY2+YEzR+8icWbGQJqPbb3G6uaW8LTtpt44Vm2zWzAEZo+KLMOCNmC
-tub5Kd8Lzm6l5brA8dvLWcgUZTT2CU5b7YEJomB+3pNkh0vuHwczv3Ui+j5kE4hY
-0bezT0W3H7iTXhNFXprMs7MCgYEAlIZn75l6URLRUjluzPdVQoktei72CpFNgflp
-+ps45dmskRd61mzUkqY+w8G+MiPqANu1IVLtyZz0e+tVRxsuuKsvAg8UYVtn3P5k
-pRaWwtaKWeFjfbkhOVOMSa0tJmK0FHfHHZmGX4ReGrXq3YDBCNQUDtOCmn9dSuyy
-NcYxSXUCgYB+yo6dg8nyHDSqKDdrQQiAKv7jNsbecQ/rYrt8l0n9FBiwn5R7v6kp
-afsimCVou5i06L2Cr5Xs+XSf11KVkDh+qM70ZFubWEsHCDrS1KrxUzfFbrQczKof
-qX7ZsBuOT72RwVEa8fpT6IZ6IpOOEPmUid/f2VM2aAcXgaF//vMjxA==
------END RSA PRIVATE KEY-----
diff --git a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-signing.crt b/demo/shibboleth/idp/shibboleth-idp/credentials/idp-signing.crt
deleted file mode 100644
index 6a032c1..0000000
--- a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-signing.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
------END CERTIFICATE-----
diff --git a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-signing.key b/demo/shibboleth/idp/shibboleth-idp/credentials/idp-signing.key
deleted file mode 100644
index 011c27c..0000000
--- a/demo/shibboleth/idp/shibboleth-idp/credentials/idp-signing.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7gu6eo4dua
-eLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2Z6dzJsul
-JZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJCb/Q6dYz
-RWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+MNkv6aId
-cHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBsuYlY7lEr
-89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABAoIBAGpInLarQ0+X+ZXK
-+aoC+tNO9DUiHq/z2OD4ALGhXSTvr4mgBWNWTkc0F+qJD8MlM8zNkJxaoNGTyLjY
-Z95NQJPXAx2k15HwCENdulvV1oiX0dkTjgmscRmj6FwNAZ0EnWtien45mxZHxEyW
-FkbB9+OHc6JzNvzG9ps1Vk1FtFtO8w4exXuJVATJeArQmMvAUHMJYPb7Qs+/NX9R
-RlDvFfXDzQv5eAzudT1SyFSa5W+Bsw6BtEoeiqdp+xQh4yc733nwN7KG2Z/TpGse
-jVe6akbULuCXOe9uPa7kv8hnQEUH38QVlIw8pK1SsgNq7S0U44WU5uF8gbDBYle/
-OoPBvSECgYEAvCwVEa8ryLzee5FaX4PBxk10lEl/Yp9jC88wPUQ+ZpfniIIQIfwl
-csRE9D3/dJOVAxw/Ac32F72SLVDzLabAhlBRINYLB0ZkVuJi1CIoDHIf9nfh/pOx
-b96VMUe/mpAL4hZnZkmBKjesX5URPEKtBD0aSeCw9aFqhORjRrxCJg0CgYEAuNaD
-LOuTPKsC6nxRtiL9r0CA5gCCdpALxwJA7wHAeh03i5xmy61i4iOMaunxKZhG+nzz
-PhcI8Uhwwk+l3tbYAf1rrtmMKNcyjy+UqWXGt4ZkWFlIyIungyLiH9L32IMhXNF0
-fBgOZNtFTmQBU18a78uIir9xASUbtaakzOtJ2+cCgYAgfawVpZ11x8bSp0Jng6SN
-zQn4IMiyCrtbaqb1rTbpGAmOdIa8l4EP0/vkAGB/jIwKQXJPqXR4nO8EjBmxJD3R
-80RO2yaEVw80QVq3Lj6kB4ClWgXXo0DcBB7Wp4DZ+01R+HRaIQ8AbySATIjxUsH1
-HWfQoc9sWja+Q4Ew0YjKcQKBgGLoPsdBw8b6B5RsM9lPvgoSbScmbKl/CR5TwWVj
-vZhanAd0CLnCrSAvP4tSZf8JAio1xH+cGefrCJOhxTOKKYpfDklBFjQge2iNYHKJ
-CJ3aJ0XzePP/bwLIHtJCtOdBvA+L8VYaFVG418xLzT3MrYBVnFoKeTDQp5Q7eQJC
-gYJPAoGBAKHcuXWzvXoHKnOg8Ljg2xZ6/SfjwNDIIrpXVTAQifmK3q4+Ua2Q+Cjq
-97tPMxF2bVRcbnCSNKpTMOTrsWs8Z3GpMyCh6XgYMSlclXusDVUkRkPpWj8hVTR4
-opm/rxS83hCrTsIX3Il3T8Fpb97kdF+unCiWEaxrPEurjW8lB506
------END RSA PRIVATE KEY-----
diff --git a/demo/shibboleth/idp/shibboleth-idp/credentials/sealer.jks b/demo/shibboleth/idp/shibboleth-idp/credentials/sealer.jks
deleted file mode 100644
index 89957e0..0000000
Binary files a/demo/shibboleth/idp/shibboleth-idp/credentials/sealer.jks and /dev/null differ
diff --git a/demo/shibboleth/idp/shibboleth-idp/credentials/sealer.kver b/demo/shibboleth/idp/shibboleth-idp/credentials/sealer.kver
deleted file mode 100644
index d64b0e4..0000000
--- a/demo/shibboleth/idp/shibboleth-idp/credentials/sealer.kver
+++ /dev/null
@@ -1,2 +0,0 @@
-#Fri Dec 11 02:20:32 UTC 2015
-CurrentVersion=1
diff --git a/demo/shibboleth/idp/shibboleth-idp/metadata/idp-metadata.xml b/demo/shibboleth/idp/shibboleth-idp/metadata/idp-metadata.xml
deleted file mode 100644
index 65db47e..0000000
--- a/demo/shibboleth/idp/shibboleth-idp/metadata/idp-metadata.xml
+++ /dev/null
@@ -1,207 +0,0 @@
-
-
-
-
-
-
-
- example.org
-
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
-
-
-
-
-
-
-
-
-
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
-
-
-
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
- localhost
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
-MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
-YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
-SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
-03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
-5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
-XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
-DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
-ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
-NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
-j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
-IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
-t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
-
-
-
-
-
-
-
-
-
-MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
-CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
-MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
-u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
-Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
-Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
-MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
-uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
-HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
-ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
-CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
-sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
-RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
-Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
-DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
-s00xrv14zLifcc8oj5DYzOhYRifRXgHX
-
-
-
-
-
-
-
-
-
-MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
-MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
-cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
-l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
-ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
-9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
-VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
-DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
-hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
-BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
-QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
-jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
-xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
-+PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
-p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/demo/shibboleth/midpoint_server/Dockerfile b/demo/shibboleth/midpoint_server/Dockerfile
deleted file mode 100644
index 11ab497..0000000
--- a/demo/shibboleth/midpoint_server/Dockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
-ARG tag=4.8.2
-
-FROM i2incommon/midpoint:${tag}
-
-MAINTAINER info@evolveum.com
-
-ENV MP_DIR /opt/midpoint
-
-VOLUME ${MP_DIR}/var
-
-COPY container_files/mp-home/ ${MP_DIR}/var/
diff --git a/demo/shibboleth/midpoint_server/container_files/httpd/host-cert.pem b/demo/shibboleth/midpoint_server/container_files/httpd/host-cert.pem
deleted file mode 100644
index 9b1021b..0000000
--- a/demo/shibboleth/midpoint_server/container_files/httpd/host-cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
-DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
-cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
-a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
-lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
-8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
-f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
-vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
-AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
-FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
-h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
-BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
-JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
-GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
-Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
------END CERTIFICATE-----
diff --git a/demo/shibboleth/midpoint_server/container_files/httpd/host-key.pem b/demo/shibboleth/midpoint_server/container_files/httpd/host-key.pem
deleted file mode 100644
index 5746e59..0000000
--- a/demo/shibboleth/midpoint_server/container_files/httpd/host-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
-cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
-KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
-xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
-3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
-RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
-IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
-Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
-2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
-NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
-HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
-V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
-yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
-LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
-VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
-76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
-LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
-LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
-QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
-5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
-JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
-0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
-VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
-bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
-4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
-CWYCgOnmiTHcj83UaTqEXtmv
------END PRIVATE KEY-----
diff --git a/demo/shibboleth/midpoint_server/container_files/mp-home/config.xml b/demo/shibboleth/midpoint_server/container_files/mp-home/config.xml
deleted file mode 100644
index 0fc3410..0000000
--- a/demo/shibboleth/midpoint_server/container_files/mp-home/config.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-
-
-
-
-
-
-
- ${midpoint.home}/import
-
-
- native
- jdbc:postgresql://localhost:5432/midpoint
- midpoint
- password
-
-
-
- com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory
-
-
- com.evolveum.midpoint.repo.sqale.audit.SqaleAuditServiceFactory
-
-
-
- true
- ${midpoint.home}/icf-connectors
-
-
- ${midpoint.home}/keystore.jceks
- changeit
- default
-
-
-
diff --git a/demo/shibboleth/tests/main.bats b/demo/shibboleth/tests/main.bats
deleted file mode 100755
index e48527e..0000000
--- a/demo/shibboleth/tests/main.bats
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/usr/bin/env bats
-
-load ../../../common
-load ../../../library
-
-@test "000 Cleanup before running the tests" {
- (cd ../simple ; docker-compose down -v)
- (cd ../grouper ; docker-compose down -v)
- run docker-compose down -v
-}
-
-@test "010 Initialize and start containers" {
- docker-compose -f docker-compose-tests.yml build --pull midpoint_data directory idp
- # Sometimes the tier/midpoint:xyz is not yet in the repository, causing issues with --pull
- docker-compose -f docker-compose-tests.yml build midpoint_server
- docker-compose -f docker-compose-tests.yml up -d
-}
-
-@test "012 Wait for Shibboleth to start up" {
- wait_for_shibboleth_idp_start shibboleth_idp_1
-}
-
-@test "014 Wait for midPoint to start up" {
- wait_for_midpoint_start shibboleth_midpoint_server_1
-}
-
-@test "030 Check health (midPoint)" {
-# docker logs shibboleth_midpoint_server_1
- check_health
-}
-
-@test "035 Check health (Shibboleth IdP)" {
- check_health_shibboleth_idp
-}
-
-@test "040 Check internal SAML redirection (/midpoint/auth/saml-internal)" {
- curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/auth/saml-internal/ | grep 'https:\/\/localhost:8443\/midpoint\/auth\/saml-internal\/mySamlSso\/authenticate\/midpointdemo-shibboleth'
-}
-
-@test "041 Check internal SAML redirection action (midpoint/..../discovery?...)" {
- TMPFILE=$(mktemp /tmp/samlForm.XXXXXX)
- curl -k https:\/\/localhost:8443\/midpoint\/auth\/saml-internal\/mySamlSso\/authenticate\/midpointdemo-shibboleth >$TMPFILE || (rm $TMPFILE ; return 1)
- if (grep -q "
- bash -c "
- chmod 777 /opt/mp-pw/ ;
- touch /opt/mp-pw/db_init_in_progress ;
- echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ;
- echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ;
- /opt/midpoint/bin/midpoint.sh init-native
- "
+ midpoint_data:
+ image: postgres:16-alpine
environment:
- - MP_INIT_CFG=/opt/mp-home
- - MP_INIT_DB_CONCAT=/opt/db-init/init.sql
- - MP_DB_PW=/opt/mp-pw/dbpassword
- - MP_PW_DEF=/opt/mp-pw/keystorepw
+ - POSTGRES_PASSWORD=db.secret.pw.007
+ - POSTGRES_USER=midpoint
+ - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
+ networks:
+ - net
volumes:
- - db_init:/opt/db-init
- - mp_pw:/opt/mp-pw
- - midpoint_home:/opt/mp-home
+ - midpoint_data:/var/lib/postgresql/data
- midpoint_data:
- image: postgres:13-alpine
+ data_init:
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
command: >
- bash -c "
- rm -f /var/lib/postgresql/data/postmaster.pid ;
- while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do
- echo 'Waiting to the end of the init process...';
- sleep 1;
- done ;
- {
- sleep 2 ;
- if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ;
- then echo 'DB init did not start...' ;
- rm -f /opt/mp-pw/db_ini*;
- echo 'The lock files has been removed...';
- fi ;
- } &
- docker-entrypoint.sh postgres
- "
- user: "70:70"
+ bash -c "
+ cd /opt/midpoint ;
+ bin/midpoint.sh init-native ;
+ echo ' - - - - - - ' ;
+ bin/ninja.sh -B info >/dev/null 2>/tmp/ninja.log ;
+ grep -q \"ERROR\" /tmp/ninja.log && (
+ bin/ninja.sh run-sql --create --mode REPOSITORY ;
+ bin/ninja.sh run-sql --create --mode AUDIT
+ ) ||
+ echo -e '\\n Repository init is not needed...' ;
+ "
depends_on:
- - data_init
+ - midpoint_data
environment:
- - POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword
- - POSTGRES_USER=midpoint
- - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
- ports:
- - 5432:5432
+ - MP_SET_midpoint_repository_jdbcUsername=midpoint
+ - MP_SET_midpoint_repository_jdbcPassword=db.secret.pw.007
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+ - MP_SET_midpoint_repository_database=postgresql
+ - MP_INIT_CFG=/opt/midpoint/var
networks:
- net
volumes:
- - midpoint_data:/var/lib/postgresql/data
- - db_init:/docker-entrypoint-initdb.d/
- - mp_pw:/opt/mp-pw
+ - midpoint_home:/opt/midpoint/var
midpoint_server:
- image: i2incommon/midpoint:${tag:-4.8.2}
+ image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+ container_name: midpoint_server
+ hostname: midpoint-container
depends_on:
- - data_init
- - midpoint_data
+ data_init:
+ condition: service_completed_successfully
+ midpoint_data:
+ condition: service_started
+ command: [ "/opt/midpoint/bin/midpoint.sh", "container" ]
ports:
- - 8443:443
+ - 8080:8080
environment:
- - ENV
- - USERTOKEN
- - MP_SET_midpoint_administrator_initialPassword=Password1
- MP_SET_midpoint_repository_jdbcUsername=midpoint
- - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
+ - MP_SET_midpoint_repository_jdbcPassword=db.secret.pw.007
- MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
- - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw
- - MP_SET_server_tomcat_ajp_enabled=true
- - MP_SET_server_tomcat_ajp_port=9090
- - MP_SET_server_tomcat_ajp_secret=s3cr3t
- - MP_SET_logging_path=/tmp/logtomcat
+ - MP_SET_midpoint_repository_database=postgresql
+ - MP_SET_midpoint_administrator_initialPassword=Test5ecr3t
- MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
- MP_NO_ENV_COMPAT=1
- - MP_MEM_MAX
- - MP_MEM_INIT
- - MP_JAVA_OPTS
- - TIER_BEACON_OPT_OUT
- - TIMEZONE
+ - MP_ENTRY_POINT=/opt/midpoint-dirs-docker-entrypoint
networks:
- net:
- aliases:
- - midpoint-server
- secrets:
- - mp_host-key.pem
+ - net
volumes:
- midpoint_home:/opt/midpoint/var
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
- - mp_pw:/opt/mp-pw
networks:
net:
driver: bridge
-secrets:
- mp_host-key.pem:
- file: ./configs-and-secrets/midpoint/httpd/host-key.pem
-
volumes:
- db_init:
- mp_pw:
midpoint_data:
midpoint_home:
diff --git a/demo/simple/tests/main.bats b/demo/simple/tests/main.bats
deleted file mode 100755
index 2445dd5..0000000
--- a/demo/simple/tests/main.bats
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/usr/bin/env bats
-
-load ../../../common
-load ../../../library
-
-@test "000 Cleanup before running the tests" {
- (cd ../grouper ; docker-compose down -v)
- (cd ../shibboleth ; docker-compose down -v)
- docker-compose down -v
-}
-
-@test "010 Initialize and start midPoint" {
- docker-compose up -d
- wait_for_midpoint_start simple_midpoint_server_1
-}
-
-@test "010 Check health" {
- check_health
-}
-
-@test "100 Get 'administrator'" {
- check_health
- get_and_check_object users 00000000-0000-0000-0000-000000000002 administrator
-}
-
-@test "110 And and get 'test110'" {
- check_health
- echo "test110" >/tmp/test110.xml
- add_object users /tmp/test110.xml
- rm /tmp/test110.xml
- search_and_check_object users test110
-}
-
-@test "300 Check repository preserved between restarts" {
- check_health
-
- echo "Creating user test300 and checking its existence"
- echo "test300" >/tmp/test300.xml
- add_object users /tmp/test300.xml
- rm /tmp/test300.xml
- search_and_check_object users test300
-
- echo "Bringing the containers down"
- docker-compose down
-
- echo "Re-creating the containers"
- docker-compose up --no-start
- docker-compose start
- wait_for_midpoint_start simple_midpoint_server_1
-
- echo "Searching for the user again"
- search_and_check_object users test300
-}
-
-@test "999 Clean up" {
- docker-compose down -v
-}
diff --git a/download-midpoint.sh b/download-midpoint.sh
deleted file mode 100755
index 7ebc712..0000000
--- a/download-midpoint.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-
-DIR=`dirname "$0"`
-source $DIR/common.bash
-if [[ -n "$1" ]]; then
- MP_VERSION=$1
-else
- if [[ $tag == "latest" ]]; then
- # Normally we use last released midPoint version number here, e.g. "4.1".
- # But if we need to incorporate interim changes to I2 distribution during
- # midPoint development cycle, we can specify concrete file from "midpoint-tier"
- # download directory by using its name (like "latest-stable").
- MP_VERSION="4.8.2"
- else
- MP_VERSION=$tag
- fi
-fi
-
-if [[ $MP_VERSION =~ ^[0-9]+(\.[0-9]+)+$ ]]; then
- URL_BASE="https://download.evolveum.com/midpoint/$MP_VERSION/"
-else
- URL_BASE="https://download.evolveum.com/midpoint-tier/"
-fi
-
-echo "Downloading midPoint $MP_VERSION from $URL_BASE"
-echo "-----------------------------------------"
-curl --output $DIR/midpoint-dist.tar.gz "$URL_BASE/midpoint-$MP_VERSION-dist.tar.gz"
-echo "-----------------------------------------"
-echo "Checking the download..."
-if tar -tf $DIR/midpoint-dist.tar.gz >/dev/null; then
- echo "OK"
- exit 0
-else
- echo "The file was not downloaded correctly"
- exit 1
-fi
diff --git a/library.bash b/library.bash
deleted file mode 100644
index 7254b64..0000000
--- a/library.bash
+++ /dev/null
@@ -1,596 +0,0 @@
-#!/bin/bash
-
-#
-# Contains common functions usable for midPoint system tests
-#
-
-MP_USERPWD='administrator:Password1'
-
-# do not use from outside (ugly signature)
-function generic_wait_for_log () {
- CONTAINER_NAME=$1
- MESSAGE="$2"
- WAITING_FOR="$3"
- FAILURE="$4"
- ADDITIONAL_CONTAINER_NAME=$5
- ATTEMPT=0
- MAX_ATTEMPTS=30
- DELAY=10
-
- until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
- ATTEMPT=$((ATTEMPT+1))
- docker ps
- ( docker logs $CONTAINER_NAME 2>&1 | grep -F "$MESSAGE" ) && return 0
- echo "Waiting $DELAY seconds for $WAITING_FOR (attempt $ATTEMPT) ..."
- sleep $DELAY
- done
-
- echo "$FAILURE" in $(( $MAX_ATTEMPTS * $DELAY )) seconds in $CONTAINER_NAME
- echo "========== Container log =========="
- docker logs $CONTAINER_NAME 2>&1
- echo "========== End of the container log =========="
- if [ -n "$ADDITIONAL_CONTAINER_NAME" ]; then
- echo "========== Container log ($ADDITIONAL_CONTAINER_NAME) =========="
- docker logs $ADDITIONAL_CONTAINER_NAME 2>&1
- echo "========== End of the container log ($DATABASE_CONTAINER_NAME) =========="
- fi
- return 1
-}
-
-
-function wait_for_log_message () {
- generic_wait_for_log $1 "$2" "log message" "log message has not appeared"
-}
-
-# Waits until midPoint starts
-function wait_for_midpoint_start () {
- generic_wait_for_log $1 "INFO (com.evolveum.midpoint.web.boot.MidPointSpringApplication): Started MidPointSpringApplication in" "midPoint to start" "midPoint did not start" $2
-}
-
-# Waits until Shibboleth IDP starts
-function wait_for_shibboleth_idp_start_old () {
- generic_wait_for_log $1 "INFO:oejs.Server:main: Started" "shibboleth idp to start" "shibboleth idp did not start" $2
-}
-
-# Waits until Shibboleth IDP starts
-function wait_for_shibboleth_idp_start () {
- generic_wait_for_log $1 "[main] INFO org.apache.catalina.startup.Catalina- Server startup in" "shibboleth idp to start" "shibboleth idp did not start" $2
-}
-
-# Waits until Grouper UI starts
-function wait_for_grouper_ui_start () {
- generic_wait_for_log $1 "INFO org.apache.catalina.startup.Catalina- Server startup in" "grouper ui to start" "grouper ui did not start" $2
-}
-
-# Checks the health of midPoint server
-function check_health () {
- echo Checking health...
- (set -o pipefail ; curl -k -f https://localhost:8443/midpoint/actuator/health | tr -d '[:space:]' | grep -q "\"status\":\"UP\"")
- status=$?
- if [ $status -ne 0 ]; then
- echo Error: $status
- docker ps
- return 1
- else
- echo OK
- return 0
- fi
-}
-
-# Checks the health of Shibboleth IDP server
-function check_health_shibboleth_idp_old () {
- echo Checking health of shibboleth idp...
- status="$(curl -k --write-out %{http_code} --silent --output /dev/null https://localhost:4443/idp/)"
- if [ $status -ne 200 ]; then
- echo Error: Http code of response is $status
- docker ps
- return 1
- else
- echo OK
- return 0
- fi
-}
-
-function check_health_shibboleth_idp () {
- echo Checking health of shibboleth idp...
- status="$(curl -k --write-out %{http_code} --silent --output /dev/null https://localhost/idp/)"
- if [ $status -ne 200 ]; then
- echo Error: Http code of response is $status
- docker ps
- return 1
- else
- echo OK
- return 0
- fi
-}
-
-# Result is in OUTFILE
-function get_object () {
- local TYPE=$1
- local OID=$2
- OUTFILE=$(mktemp /tmp/get.XXXXXX)
- echo out file is $OUTFILE
- #FIXME workaround for MID-6721 bug
- if [ "$TYPE" == "tasks" ]; then
- PARAM='?include=result'
- fi
-
- curl -k --user $MP_USERPWD -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID$PARAM" >$OUTFILE || (rm $OUTFILE ; return 1)
- return 0
-}
-
-# Retrieves XML object and checks if the name matches
-# Object is deleted before return
-function get_and_check_object () {
- local TYPE=$1
- local OID=$2
- local NAME=$3
- local TMPFILE=$(mktemp /tmp/get.XXXXXX)
- echo tmp file is $TMPFILE
- curl -k --user $MP_USERPWD -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE || (rm $TMPFILE ; return 1)
- if (grep -q "$NAME" <$TMPFILE); then
- echo "Object $TYPE/$OID '$NAME' is OK"
- rm $TMPFILE
- return 0
- else
- echo "Object $TYPE/$OID '$NAME' was not found or not retrieved correctly:"
- cat $TMPFILE
- rm $TMPFILE
- return 1
- fi
-}
-
-# Adds object from a given file
-function add_object () {
- local TYPE=$1
- local FILE=$2
- TMPFILE=$(mktemp /tmp/addobject.XXXXXX)
- echo "Adding to $TYPE from $FILE..."
-
- curl -k -sD - --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE" -d @$FILE >$TMPFILE
- local HTTP_CODE=$(sed '$!d' $TMPFILE)
- sed -i '$ d' $TMPFILE
-
- if [ "$HTTP_CODE" -eq 201 ] || [ "$HTTP_CODE" -eq 202 ]; then
-
- OID=$(grep -oP "Location: \K.*" $TMPFILE | awk -F "$TYPE/" '{print $2}') || (echo "Couldn't extract oid from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
-
- echo "OID of created object: $OID"
- rm $TMPFILE
- return 0
- else
- echo "Error code: $HTTP_CODE"
- if [ "$HTTP_CODE" -ge 500 ]; then
- echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
- else
- echo $(sed '1,/^\s*$/d' $TMPFILE) >$TMPFILE
- local ERROR_MESSAGE=$(xmllint --xpath "/*/*[local-name()='message']/text()" $TMPFILE) || (echo "Couldn't extract error message from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
- echo "Error message: $ERROR_MESSAGE"
- fi
- rm $TMPFILE
- return 1
- fi
-}
-
-# parameter $2 (CONTAINER) is just for diagnostics: it is the container whose logs we want to dump on error (might be omitted)
-function execute_bulk_action () {
- local FILE=$1
- local CONTAINER=$2
- echo "Executing bulk action from $FILE..."
- TMPFILE=$(mktemp /tmp/execbulkaction.XXXXXX)
-
- (curl -k --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/rpc/executeScript" -d @$FILE >$TMPFILE) || (echo "Midpoint logs: " ; ([[ -n "$CONTAINER" ]] && docker logs $CONTAINER ) ; return 1)
- local HTTP_CODE=$(sed '$!d' $TMPFILE)
- sed -i '$ d' $TMPFILE
-
- if [ "$HTTP_CODE" -eq 200 ]; then
-
- local STATUS=$(xmllint --xpath "/*/*/*[local-name()='status']/text()" $TMPFILE) || (echo "Couldn't extract status from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
- if [ $STATUS = "success" ]; then
- local CONSOLE_OUTPUT=$(xmllint --xpath "/*/*/*[local-name()='consoleOutput']/text()" $TMPFILE) || (echo "Couldn't extract console output from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
- echo "Console output: $CONSOLE_OUTPUT"
- rm $TMPFILE
- return 0
- else
- echo "Bulk action status is not OK: $STATUS"
- local CONSOLE_OUTPUT=$(xmllint --xpath "/*/*/*[local-name()='consoleOutput']/text()" $TMPFILE) || (echo "Couldn't extract console output from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
- echo "Console output: $CONSOLE_OUTPUT"
- rm $TMPFILE
- return 1
- fi
-
- else
- echo "Error code: $HTTP_CODE"
- if [[ $HTTP_CODE -ge 500 ]]; then
- echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
- else
- local ERROR_MESSAGE=$(xmllint --xpath "/*/*[local-name()='message']/text()" $TMPFILE) || (echo "Couldn't extract error message from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
- echo "Error message: $ERROR_MESSAGE"
- fi
- rm $TMPFILE
- return 1
- fi
-}
-
-# parameter $2 (CONTAINER) is just for diagnostics: it is the container whose logs we want to dump on error (might be omitted)
-function run_task_now () {
- local OID=$1
- local CONTAINER=$2
- echo "Running task $1 now..."
- TMPFILE=$(mktemp /tmp/runtasknow.XXXXXX)
-
- (curl -k --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/tasks/$OID/run" >$TMPFILE) || (echo "Midpoint logs: " ; ([[ -n "$CONTAINER" ]] && docker logs $CONTAINER ) ; return 1)
- local HTTP_CODE=$(sed '$!d' $TMPFILE)
- sed -i '$ d' $TMPFILE
-
- if [[ $HTTP_CODE -ge 200 && $HTTP_CODE -lt 300 ]]; then
- rm $TMPFILE
- return 0
- else
- echo "Error code: $HTTP_CODE"
- cat $TMPFILE
- rm $TMPFILE
- return 1
- fi
-}
-
-# parameter $2 (CONTAINER) is just for diagnostics: it is the container whose logs we want to dump on error (might be omitted)
-function suspend_task () {
- local OID=$1
- local CONTAINER=$2
- echo "Suspending task $OID..."
- TMPFILE=$(mktemp /tmp/suspendtask.XXXXXX)
-
- (curl -k --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/tasks/$OID/suspend" >$TMPFILE) || (echo "Midpoint logs: " ; ([[ -n "$CONTAINER" ]] && docker logs $CONTAINER ) ; return 1)
- local HTTP_CODE=$(sed '$!d' $TMPFILE)
- sed -i '$ d' $TMPFILE
-
- if [[ $HTTP_CODE -ge 200 && $HTTP_CODE -lt 300 ]]; then
- rm $TMPFILE
- return 0
- else
- echo "Error code: $HTTP_CODE"
- cat $TMPFILE
- rm $TMPFILE
- return 1
- fi
-}
-
-function delete_object_by_name () {
- local TYPE=$1
- local NAME=$2
- search_objects_by_name users $NAME
- local OID=$(xmllint --xpath "/*/*[local-name()='object']/@oid" $SEARCH_RESULT_FILE | awk -F"\"" '{print $2}' ) || (echo "Couldn't extract oid from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE; return 1)
- delete_object $TYPE $OID
-}
-
-function delete_object () {
- local TYPE=$1
- local OID=$2
- echo "Deleting object with type $TYPE and oid $OID..."
- TMPFILE=$(mktemp /tmp/delete.XXXXXX)
-
- curl -k --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X DELETE "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE
- local HTTP_CODE=$(sed '$!d' $TMPFILE)
- sed -i '$ d' $TMPFILE
-
- if [ "$HTTP_CODE" -eq 204 ]; then
- echo "Object with type $TYPE and oid $OID was deleted"
- rm $TMPFILE
- return 0
- else
- echo "Error code: $HTTP_CODE"
- if [[ $HTTP_CODE -ge 500 ]]; then
- echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
- else
- local ERROR_MESSAGE=$(xmllint --xpath "/*/*[local-name()='message']/text()" $TMPFILE) || (echo "Couldn't extract error message from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
- echo "Error message: $ERROR_MESSAGE"
- fi
- #rm $TMPFILE
- return 1
- fi
-}
-
-# Tries to find an object with a given name
-# Results of the search are in the $SEARCH_RESULT_FILE
-# TODO check if the result is valid (i.e. not an error) - return 1 if invalid, otherwise return 0 ("no objects" is considered OK here)
-function search_objects_by_name () {
- local TYPE=$1
- local NAME="$2"
- TMPFILE=$(mktemp /tmp/search.XXXXXX)
-
- curl -k --write-out %{http_code} --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE/search" -d @- << EOF >$TMPFILE || (rm $TMPFILE ; return 1)
-
-
-
- name
- $NAME
-
-
-
-EOF
- local HTTP_CODE=$(sed '$!d' <<<"$(cat $TMPFILE)")
- sed -i '$ d' $TMPFILE
- # cat $TMPFILE
-
- if [ "$HTTP_CODE" -eq 200 ]; then
- SEARCH_RESULT_FILE=$TMPFILE
- return 0
- else
- echo "Error code: $HTTP_CODE"
- if [[ $HTTP_CODE -ge 500 ]]; then
- echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
- else
- local ERROR_MESSAGE
- ERROR_MESSAGE=$(xmllint --xpath "/*/*/*/*[local-name()='message']/text()" $TMPFILE) || (echo "Couldn't extract error message from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
- echo "Error message: $ERROR_MESSAGE"
- fi
- rm $SEARCH_RESULT_FILE
- return 1
- fi
-}
-
-# Searches for object with a given name and verifies it was found
-function search_and_check_object () {
- local TYPE=$1
- local NAME="$2"
- search_objects_by_name $TYPE "$NAME" || return 1
- if (grep -q "$NAME" <$SEARCH_RESULT_FILE); then
- echo "Object $TYPE/'$NAME' is OK"
- rm $SEARCH_RESULT_FILE
- return 0
- else
- echo "Object $TYPE/'$NAME' was not found or not retrieved correctly:"
- cat $SEARCH_RESULT_FILE
- rm $SEARCH_RESULT_FILE
- return 1
- fi
-}
-
-# Tests a resource
-function test_resource () {
- local OID=$1
- local TMPFILE=$(mktemp /tmp/test.resource.XXXXXX)
-
- curl -k --silent --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/resources/$OID/test" >$TMPFILE || (rm $TMPFILE ; return 1)
- if [[ $(xmllint --xpath "/*/*[local-name()='status']/text()" $TMPFILE) == "success" ]]; then
- echo "Resource $OID test succeeded"
- rm $TMPFILE
- return 0
- else
- echo "Resource $OID test failed"
- cat $TMPFILE
- rm $TMPFILE
- return 1
- fi
-}
-
-function recompute () {
- local TYPE=$1
- local OID=$2
- local TMPFILE=$(mktemp /tmp/recompute.XXXXXX)
-
- curl -k --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" -d @- << EOF >$TMPFILE || (rm $TMPFILE ; return 1)
-
-EOF
- local HTTP_CODE=$(sed '$!d' $TMPFILE)
- sed -i '$ d' $TMPFILE
- if [[ $HTTP_CODE -ge 200 && $HTTP_CODE -lt 300 ]]; then
- echo "Object $TYPE/$OID recomputation succeeded"
- rm $TMPFILE
- return 0
- else
- echo "Object $TYPE/$OID recomputation failed: $HTTP_CODE"
- cat $TMPFILE
- rm $TMPFILE
- return 1
- fi
-}
-
-function assert_task_success () {
- local OID=$1
- get_object tasks $OID
- TASK_STATUS=$(xmllint --xpath "/*/*[local-name()='resultStatus']/text()" $OUTFILE) || (echo "Couldn't extract task status from task $OID" ; cat $OUTFILE ; rm $OUTFILE ; return 1)
- if [[ $TASK_STATUS = "success" ]]; then
- echo "Task $OID status is OK"
- rm $OUTFILE
- return 0
- else
- echo "Task $OID status is not OK: $TASK_STATUS"
- cat $OUTFILE
- rm $OUTFILE
- return 1
- fi
-}
-
-function wait_for_task_completion () {
- local OID=$1
- local ATTEMPT=0
- local MAX_ATTEMPTS=$2
- local DELAY=$3
-
- until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
- ATTEMPT=$((ATTEMPT+1))
- echo "Waiting $DELAY seconds for task with oid $OID to finish (attempt $ATTEMPT) ..."
- sleep $DELAY
- get_object tasks $OID
- TASK_EXECUTION_STATUS=$(xmllint --xpath "/*/*[local-name()='executionState']/text()" $OUTFILE) || (echo "Couldn't extract task status from task $OID" ; cat $OUTFILE ; rm $OUTFILE ; return 1)
- if [[ $TASK_EXECUTION_STATUS = "suspended" ]] || [[ $TASK_EXECUTION_STATUS = "closed" ]]; then
- echo "Task $OID is finished"
- rm $OUTFILE
- return 0
- fi
- done
- rm $OUTFILE
- echo Task with $OID did not finish in $(( $MAX_ATTEMPTS * $DELAY )) seconds
- return 1
-}
-
-function get_task_execution_status () {
- local NAME=$1
-
- search_objects_by_name tasks "$NAME"
- TASK_EXECUTION_STATUS=$(xmllint --xpath "/*/*/*[local-name()='executionStatus']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract task status from task $NAME" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; return 1)
- echo "Task execution status: $TASK_EXECUTION_STATUS"
- return 0
-}
-
-function search_ldap_object_by_filter () {
- local BASE_CONTEXT_FOR_SEARCH=$1
- local FILTER="$2"
- local LDAP_CONTAINER=$3
- TMPFILE=$(mktemp /tmp/ldapsearch.XXXXXX)
-
- docker exec $LDAP_CONTAINER ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (echo "Couldn't search $FILTER" ;rm $TMPFILE ; return 1)
- LDAPSEARCH_RESULT_FILE=$TMPFILE
- return 0
-}
-
-function get_ldap_user () {
- local USER_UID="$1"
- local LDAP_CONTAINER=$2
- search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$USER_UID" $LDAP_CONTAINER || return 1
- if ! grep -F "uid: $USER_UID" $LDAPSEARCH_RESULT_FILE; then
- echo "Couldn't find user '$USER_UID'"
- rm $LDAPSEARCH_RESULT_FILE
- return 1
- else
- return 0
- fi
-}
-
-function assert_ldap_user_has_value () {
- local USER_UID="$1"
- local TYPE=$2 # Entitlement or Affiliation
- local VALUE="$3"
- local LDAP_CONTAINER=$4
- get_ldap_user "$USER_UID" $LDAP_CONTAINER || return 1
- if ! grep -F "eduPerson$TYPE: $VALUE" $LDAPSEARCH_RESULT_FILE; then
- echo "'$USER_UID' has no $TYPE of '$VALUE'"
- cat $LDAPSEARCH_RESULT_FILE
- rm $LDAPSEARCH_RESULT_FILE
- return 1
- else
- rm $LDAPSEARCH_RESULT_FILE
- return 0
- fi
-}
-
-function assert_ldap_user_has_no_value () {
- local USER_UID="$1"
- local TYPE=$2 # Entitlement or Affiliation
- local VALUE="$3"
- local LDAP_CONTAINER=$4
- get_ldap_user "$USER_UID" $LDAP_CONTAINER || return 1
- if grep -F "eduPerson$TYPE: $VALUE" $LDAPSEARCH_RESULT_FILE; then
- echo "'$USER_UID' has an $TYPE of '$VALUE' although it should not have one"
- cat $LDAPSEARCH_RESULT_FILE
- rm $LDAPSEARCH_RESULT_FILE
- return 1
- else
- rm $LDAPSEARCH_RESULT_FILE
- return 0
- fi
-}
-
-function check_ldap_account_by_user_name () {
- local NAME="$1"
- local LDAP_CONTAINER=$2
- search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME" $LDAP_CONTAINER
- search_objects_by_name users $NAME
-
- local MP_FULL_NAME=$(xmllint --xpath "/*/*/*[local-name()='fullName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user fullName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
- local MP_GIVEN_NAME=$(xmllint --xpath "/*/*/*[local-name()='givenName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user givenName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
- local MP_FAMILY_NAME=$(xmllint --xpath "/*/*/*[local-name()='familyName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user familyName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
-
- local LDAP_CN=$(grep -oP "cn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user cn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
- local LDAP_GIVEN_NAME=$(grep -oP "givenName: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user givenName from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
- local LDAP_SN=$(grep -oP "sn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user sn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
-
- rm $SEARCH_RESULT_FILE
- rm $LDAPSEARCH_RESULT_FILE
-
- if [[ $MP_FULL_NAME = $LDAP_CN ]] && [[ $MP_GIVEN_NAME = $LDAP_GIVEN_NAME ]] && [[ $MP_FAMILY_NAME = $LDAP_SN ]]; then
- return 0
- fi
-
- echo "User in Midpoint and LDAP Account with uid $NAME are not same"
- return 1
-}
-
-function check_ldap_courses_by_name () {
- local NAME="$1"
- local LDAP_CONTAINER=$2
- search_objects_by_name orgs $NAME
-
- local MP_ORG_IDENTIFIER=$(xmllint --xpath "/*/*/*[local-name()='identifier']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user identifier from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; return 1)
-
- search_ldap_object_by_filter "ou=courses,ou=groups,dc=internet2,dc=edu" "cn=$MP_ORG_IDENTIFIER" $LDAP_CONTAINER
-
- local LDAP_CN=$(grep -oP "cn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user cn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
-
- rm $SEARCH_RESULT_FILE
- rm $LDAPSEARCH_RESULT_FILE
- if [[ $MP_ORG_IDENTIFIER = $LDAP_CN ]]; then
- return 0
- fi
-
- echo "Orgs $NAME in Midpoint and LDAP Group(Course) with cn $MP_ORG_IDENTIFIER are not same"
- return 1
-}
-
-
-function check_of_ldap_membership () {
- local NAME_OF_USER="$1"
- local BASE_CONTEXT_FOR_GROUP="$2"
- local NAME_OF_GROUP="$3"
- local LDAP_CONTAINER=$4
- search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME_OF_USER" $LDAP_CONTAINER
-
- local LDAP_ACCOUNT_DN=$(grep -oP "dn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user dn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
-
- search_ldap_object_by_filter "$BASE_CONTEXT_FOR_GROUP" "cn=$NAME_OF_GROUP" $LDAP_CONTAINER
-
- local LDAP_MEMBERS_DNS=$(grep -oP "uniqueMember: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user uniqueMember from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
-
- rm $LDAPSEARCH_RESULT_FILE
-
- if [[ $LDAP_MEMBERS_DNS =~ $LDAP_ACCOUNT_DN ]]; then
- return 0
- fi
-
- echo "LDAP Account with uid $NAME_OF_USER is not member of LDAP Group $NAME_OF_GROUP in base context $BASE_CONTEXT_FOR_GROUP"
- return 1
-}
-
-function get_messages () {
- local QUEUE="$1"
- MESSAGES=$(curl -s -i -u guest:guest "http://localhost:15672/api/queues/%2f/$QUEUE" | sed 's/,/\n/g' | grep '"messages"' | sed 's/"messages"://g')
- if [ -z "$MESSAGES" ]; then
- echo "Unable to get number of messages in $QUEUE"
- return 1
- fi
- return 0
-}
-
-function upload_from_file () {
- local FILENAME=$1
- local OPTIONS_TO_ADD=$2
- local REGEX="midpoint-objects.*/(.*)/(.*)"
- if [[ $FILENAME =~ $REGEX ]]
- then
- TYPE="${BASH_REMATCH[1]}"
- OID=`cat $FILENAME | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
- echo "Uploading $FILENAME ($TYPE, $OID)"
- curl -k --user $MP_USERPWD -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID?options=overwrite$OPTIONS_TO_ADD" --data-binary @$FILENAME
- else
- echo "Skipping $FILENAME"
- fi
-}
-
-function execute_gsh () {
- local CONTAINER=$1
- local FILE=$2
- docker cp $FILE $CONTAINER:/tmp/
- docker exec $CONTAINER bash -c "/opt/grouper/grouper.apiBinary/bin/gsh /tmp/$FILE"
-}
diff --git a/tests/main.bats b/tests/main.bats
deleted file mode 100755
index d04ed36..0000000
--- a/tests/main.bats
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/usr/bin/env bats
-
-load ../common
-
-@test "010 Image is present" {
- docker image inspect $maintainer/$imagename:$tag
-}
-
-@test "020 Check basic components" {
- docker run -i $maintainer/$imagename:$tag \
- find \
- /usr/local/bin/startup.sh \
- /opt/midpoint/var/ \
- /etc/shibboleth/ \
- /etc/httpd/
-}
-
-@test "100 Cleanup before further tests - demo/simple" {
- docker ps -a
- cd demo/simple ; docker-compose down -v ; true
-}
-
-@test "110 Cleanup before further tests - demo/shibboleth" {
- docker ps -a
- cd demo/shibboleth ; docker-compose down -v ; true
-}
-
-@test "130 Cleanup before further tests - demo/grouper" {
- docker ps -a
- cd demo/grouper ; docker-compose down -v ; true
-}
-
-# not much more to check here, as we cannot start midpoint container without having a repository
-# so continuing with tests in demo/plain directory