From eec5d1f74a8a95801e9b5f561b208cfefd07a8af Mon Sep 17 00:00:00 2001 From: Slavek Licehammer Date: Mon, 13 Nov 2023 19:25:16 +0100 Subject: [PATCH] Upgrade to midPoint 4.8 --- common.bash | 2 +- demo/grouper/docker-compose.yml | 4 +- demo/grouper/midpoint_server/Dockerfile | 2 +- .../archetypes/300-archetype-affiliation.xml | 20 - .../300-archetype-external-person.xml | 10 +- .../archetypes/300-archetype-sis-person.xml | 10 +- .../objectTemplates/100-template-user.xml | 2 +- .../orgs/400-org-grouper-sysadmin.xml | 4 +- .../resources/100-ldap-main.xml | 2 +- .../securityPolicy/000-security-policy.xml | 11 +- .../010-system-configuration.xml | 629 ++++++++++-------- demo/shibboleth/docker-compose-tests.yml | 4 +- demo/shibboleth/docker-compose.yml | 4 +- demo/shibboleth/midpoint_server/Dockerfile | 2 +- .../securityPolicy/SecurityPolicy.xml | 27 +- demo/simple/docker-compose.yml | 4 +- download-midpoint.sh | 2 +- 17 files changed, 405 insertions(+), 334 deletions(-) diff --git a/common.bash b/common.bash index dd48020..29c9848 100644 --- a/common.bash +++ b/common.bash @@ -1,3 +1,3 @@ maintainer="i2incommon" imagename="midpoint" -tag="4.7.2" +tag="4.8" diff --git a/demo/grouper/docker-compose.yml b/demo/grouper/docker-compose.yml index 8a5ff2b..52f2478 100644 --- a/demo/grouper/docker-compose.yml +++ b/demo/grouper/docker-compose.yml @@ -173,7 +173,7 @@ services: - CREATE_NEW_DATABASE=if_needed data_init: - image: i2incommon/midpoint:${tag:-4.7.2} + image: i2incommon/midpoint:${tag:-4.8} command: > bash -c " chmod 777 /opt/mp-pw/ ; @@ -229,7 +229,7 @@ services: build: context: ./midpoint_server/ args: - tag: ${tag:-4.7.2} + tag: ${tag:-4.8} depends_on: - data_init - midpoint_data diff --git a/demo/grouper/midpoint_server/Dockerfile b/demo/grouper/midpoint_server/Dockerfile index 0e8d4f0..d1ef481 100644 --- a/demo/grouper/midpoint_server/Dockerfile +++ b/demo/grouper/midpoint_server/Dockerfile @@ -1,4 +1,4 @@ -ARG tag=4.7.2 +ARG tag=4.8 FROM i2incommon/midpoint:${tag} diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-affiliation.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-affiliation.xml index 2461c94..b0b9400 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-affiliation.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-affiliation.xml @@ -49,24 +49,4 @@ - - - diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-external-person.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-external-person.xml index c249f6b..5132def 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-external-person.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-external-person.xml @@ -6,6 +6,11 @@ xmlns:org='http://midpoint.evolveum.com/xml/ns/public/common/org-3'> External Non-academic person with no relation to the academy environment + + + UserType + + @@ -17,9 +22,4 @@ - - - UserType - - diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-sis-person.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-sis-person.xml index b4c8a42..de940bc 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-sis-person.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-sis-person.xml @@ -6,6 +6,11 @@ xmlns:org='http://midpoint.evolveum.com/xml/ns/public/common/org-3'> SIS Person Person with a relation to the academy environment, coming from the SIS database + + + UserType + + @@ -17,9 +22,4 @@ - - - UserType - - diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml index 8d8c362..4873611 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/100-template-user.xml @@ -82,7 +82,7 @@ diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/400-org-grouper-sysadmin.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/400-org-grouper-sysadmin.xml index 201777a..d2c4d98 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/400-org-grouper-sysadmin.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/400-org-grouper-sysadmin.xml @@ -8,9 +8,11 @@ org-grouper-sysadmin - Grouper Administrators + + + Grouper Administrators sysadmingroup diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml index c768c90..57bedbe 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml @@ -168,7 +168,7 @@ strong - employeeNumber + personalNumber diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml index 58aeb9b..74587bf 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml @@ -1,8 +1,5 @@ - - + Default Security Policy @@ -69,7 +66,7 @@ - internalLoginForm + internalLoginForm 30 sufficient @@ -111,6 +108,4 @@ - - - + \ No newline at end of file diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml index 2ecd04e..52c86d3 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml @@ -6,16 +6,16 @@ ~ and European Union Public License. See LICENSE file for details. --> + xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" + xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" + xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3" + xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" + xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" + xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" + xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" + xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" + xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> SystemConfiguration true @@ -27,12 +27,12 @@ ERROR ro.isdc.wro.extensions.processor.css.Less4jProcessor - + OFF org.springframework.security.web.DefaultSecurityFilterChain - + OFF @@ -42,40 +42,40 @@ Otherwise the log is filled-in with (innocent but ugly-looking) messages like "ERROR (o.h.engine.jdbc.batch.internal.BatchingBatch): HHH000315: Exception executing batch [Deadlock detected. The current transaction was rolled back." --> - + OFF org.hibernate.engine.jdbc.batch.internal.BatchingBatch - + WARN org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl - + OFF org.hibernate.internal.ExceptionMapperStandardImpl - + WARN org.apache.wicket.resource.PropertiesFactory - + ERROR org.springframework.context.support.ResourceBundleMessageSource - + INFO com.evolveum.midpoint.model.impl.lens.projector.Projector - + INFO com.evolveum.midpoint.model.impl.lens.Clockwork @@ -85,9 +85,10 @@ com.evolveum.polygon.connector.grouper - %date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n + MIDPOINT_LOG ${midpoint.home}/log/midpoint.log ${midpoint.home}/log/midpoint-%d{yyyy-MM-dd}.%i.log 10 @@ -95,9 +96,10 @@ true - %date %level: %msg%n + MIDPOINT_PROFILE_LOG ${midpoint.home}/log/midpoint-profile.log ${midpoint.home}/log/midpoint-profile-%d{yyyy-MM-dd}.%i.log 10 @@ -182,7 +184,7 @@ - + performance Performance tracing true @@ -191,7 +193,7 @@ true true - + functional Functional tracing true @@ -199,11 +201,11 @@ true true true - + normal - + functional-model-logging Functional tracing (with model logging) true @@ -212,16 +214,16 @@ true true - + com.evolveum.midpoint.model TRACE - + normal - + functional-sql-logging Functional tracing (with SQL logging) true @@ -230,12 +232,12 @@ true true - + org.hibernate.SQL TRACE - + normal @@ -245,9 +247,12 @@ demo/grouper - + UserType - + + search + + myAccesses 10 - + viewAll - + requestAccess - + myRequests 20 - + viewAll - + myWorkItems 40 - + viewAll - + myAccounts 30 - + viewAll - + profileWidget linkWidget - + profile-widget-action /self/profile/user - + credentialsWidget linkWidget - + credentials-widget-action /self/credentials - - listResourcesWidget + + listResourcesWidget linkWidget - + list-resources-widget-action - + /admin/resources - + listUsersWidget linkWidget - + list-resources-widget-action /admin/users @@ -499,7 +504,7 @@ - + my-cases @@ -522,7 +527,7 @@ - + manual-case-view @@ -543,7 +548,7 @@ - + operation-request-case-view @@ -564,7 +569,7 @@ - + approval-case-view @@ -585,7 +590,7 @@ - + correlation-case-view @@ -605,7 +610,7 @@ - + reconciliation-tasks-view 30 TaskType @@ -613,7 +618,7 @@ - + recomputation-tasks-view 30 TaskType @@ -621,7 +626,7 @@ - + import-tasks-view 30 TaskType @@ -629,7 +634,7 @@ - + live-sync-tasks-view 30 TaskType @@ -637,7 +642,7 @@ - + async-update-tasks-view 30 TaskType @@ -645,7 +650,7 @@ - + cleanup-tasks-view 30 TaskType @@ -653,7 +658,7 @@ - + report-tasks-view @@ -675,7 +680,7 @@ - + non-iterative-bulk-tasks-view 30 TaskType @@ -683,7 +688,7 @@ - + iterative-bulk-tasks-view 30 TaskType @@ -691,7 +696,7 @@ - + report-import-task-view 30 add @@ -700,7 +705,7 @@ - + export-report-tasks-view add 30 @@ -711,7 +716,7 @@ - + export-report-distributed-tasks-view add 30 @@ -722,7 +727,7 @@ - + shadow-integrity-check-task-view 30 add @@ -731,7 +736,7 @@ - + shadows-refresh-task-view 30 add @@ -740,7 +745,7 @@ - + objects-delete-task-view 30 add @@ -749,7 +754,7 @@ - + shadows-delete-long-time-not-updated-task-view 30 add @@ -758,7 +763,7 @@ - + execute-change-task-view 30 add @@ -767,7 +772,7 @@ - + execute-deltas-task-view 30 add @@ -776,7 +781,7 @@ - + reindex-repository-task-view 30 add @@ -785,7 +790,7 @@ - + object-integrity-check-task-view 30 add @@ -794,7 +799,7 @@ - + validity-task-view 30 add @@ -803,7 +808,7 @@ - + trigger-task-view 30 add @@ -812,7 +817,7 @@ - + propagation-task-view 30 add @@ -821,7 +826,7 @@ - + multi-propagation-task-view 30 add @@ -830,7 +835,7 @@ - + certification-tasks-view 30 TaskType @@ -838,7 +843,7 @@ - + approval-tasks-view 30 TaskType @@ -846,7 +851,7 @@ - + utility-tasks-view 30 TaskType @@ -854,7 +859,7 @@ - + system-tasks-view 30 TaskType @@ -862,21 +867,21 @@ - + dashboard-reports-view ReportType - + collection-reports-view ReportType - + application-role add RoleType @@ -884,7 +889,7 @@ - + business-role add RoleType @@ -892,7 +897,7 @@ - + application @@ -902,7 +907,7 @@ - + event-mark c:MarkType @@ -911,7 +916,7 @@ - + object-mark c:MarkType @@ -920,141 +925,235 @@ + + Persons + This view displays all users with archetype "Person" + person-view + 10 + UserType + + + + + + + + + Allow searching for users having account on specific resource. Intent is not considered. The search item is not displayed by default + (visibleByDefault=false). + + true + + + linkRef/@ matches ( + . type ShadowType + and resourceRef/@/name = `resourceParameter?.getName()?.getOrig()` + and kind = "account" ) + + + + + + + resourceParameter + c:ObjectReferenceType + ResourceType + + + + Allow searching for users not having account on specific resource. Intent is not considered. The search item is not displayed by default + (visibleByDefault=false). + + true + + + linkRef/@ not matches ( + . type ShadowType + and resourceRef/@/name = `resourceParameter?.getName()?.getOrig()` + and kind = "account" ) + + + + + + + resourceParameter + c:ObjectReferenceType + ResourceType + + + + + + + resource-templates + + + + All resource templates + + ResourceType.template.all.title + + + Resource template + + fa fa-file-alt + + + ResourceType + + + + + - + c:TaskType - + advanced-options-panel - + formPanel - + advanced-options 150 - + cleanupAfterCompletion - + threadStopAction - + binding - + dependent - + operational-attributes-panel - + formPanel - + operational-attributes 900 - + executionState - + schedulingState - + node - + nodeAsObserved - + resultStatus - + result - + nextRunStartTimestamp - + nextRetryTimestamp - + unpauseAction - + taskIdentifier - + parent - + waitingReason - + stateBeforeSuspend - + schedulingStateBeforeSuspend - - category - - + otherHandlersUriStack - + channel - + subtaskRef - + dependentTaskRef - + lastRunStartTimestamp - + lastRunFinishTimestamp - + completionTimestamp - + 910 hidden operation-attributes-progress - + progress - + expectedTotal - + stalledSince - + c:UserType - + applications + modify roleMemberships applications @@ -1072,313 +1171,313 @@ - - + + rw-type-basic - + basic - + schemaHandling/objectType/displayName visible - + schemaHandling/objectType/description visible - + schemaHandling/objectType/kind visible - + schemaHandling/objectType/intent visible - + schemaHandling/objectType/securityPolicyRef visible - + schemaHandling/objectType/default visible - + hidden schemaHandling/objectType rw-type-basic - + rw-type-delineation - + delineation - + schemaHandling/objectType/delineation/objectClass visible - + schemaHandling/objectType/delineation/auxiliaryObjectClass visible - + schemaHandling/objectType/delineation/searchHierarchyScope visible - + schemaHandling/objectType/delineation/filter visible - + schemaHandling/objectType/delineation/classificationCondition visible - + hidden schemaHandling/objectType/delineation rw-type-delineation - + rw-attribute-limitations - + limitationsMapping - + schemaHandling/objectType/attribute/limitations/access/read visible - + schemaHandling/objectType/attribute/limitations/access/add visible - + schemaHandling/objectType/attribute/limitations/access/modify visible - + schemaHandling/objectType/attribute/limitations/minOccurs visible - + schemaHandling/objectType/attribute/limitations/maxOccurs visible - + schemaHandling/objectType/attribute/limitations/processing visible - + hidden schemaHandling/objectType/attribute/limitations rw-attribute-limitations - + rw-synchronization-reaction-main - + reactionMainSetting - + schemaHandling/objectType/synchronization/reaction/name visible - + schemaHandling/objectType/synchronization/reaction/description visible - + schemaHandling/objectType/synchronization/reaction/situation visible - + hidden schemaHandling/objectType/synchronization/reaction rw-synchronization-reaction-main - + rw-synchronization-reaction-optional - + reactionOptionalSetting - + schemaHandling/objectType/synchronization/reaction/condition visible - + schemaHandling/objectType/synchronization/reaction/channel visible - + schemaHandling/objectType/synchronization/reaction/order visible - + hidden schemaHandling/objectType/synchronization/reaction rw-synchronization-reaction-optional - + rw-attribute - + mainConfigurationAttribute - + schemaHandling/objectType/attribute/ref visible - + schemaHandling/objectType/attribute/displayName visible - + schemaHandling/objectType/attribute/help visible - + schemaHandling/objectType/attribute/description visible - + schemaHandling/objectType/attribute/tolerant visible - + schemaHandling/objectType/attribute/exclusiveStrong visible - + schemaHandling/objectType/attribute/readReplaceMode visible - + schemaHandling/objectType/attribute/fetchStrategy visible - + schemaHandling/objectType/attribute/matchingRule visible - + hidden schemaHandling/objectType/attribute rw-attribute - + rw-association - + association - + schemaHandling/objectType/association/ref visible - + schemaHandling/objectType/association/displayName visible - + schemaHandling/objectType/association/description visible - + schemaHandling/objectType/association/auxiliaryObjectClass visible - + schemaHandling/objectType/association/kind visible - + schemaHandling/objectType/association/intent visible - + schemaHandling/objectType/association/direction visible - + schemaHandling/objectType/association/associationAttribute visible - + schemaHandling/objectType/association/shortcutAssociationAttribute visible - + schemaHandling/objectType/association/valueAttribute visible - + schemaHandling/objectType/association/shortcutValueAttribute visible - + schemaHandling/objectType/association/explicitReferentialIntegrity visible - + hidden schemaHandling/objectType/association rw-association - - + + rw-connectorConfiguration-partial - + required - + connectorConfiguration/configurationProperties/jdbcUrlTemplate - + connectorConfiguration/configurationProperties/jdbcDriver - + connectorConfiguration/configurationProperties/password - + connectorConfiguration/configurationProperties/user - + connectorConfiguration/configurationProperties/port - + connectorConfiguration/configurationProperties/host - + connectorConfiguration/configurationProperties/database - + hidden connectorConfiguration/configurationProperties @@ -1400,33 +1499,33 @@ - - + + rw-connectorConfiguration-partial - + required - + connectorConfiguration/configurationProperties/host - + connectorConfiguration/configurationProperties/port - + connectorConfiguration/configurationProperties/connectionSecurity - + connectorConfiguration/configurationProperties/bindDn visible - + connectorConfiguration/configurationProperties/bindPassword visible - + hidden connectorConfiguration/configurationProperties @@ -1448,33 +1547,33 @@ - - + + rw-connectorConfiguration-partial - + required - + connectorConfiguration/configurationProperties/host - + connectorConfiguration/configurationProperties/port - + connectorConfiguration/configurationProperties/connectionSecurity - + connectorConfiguration/configurationProperties/bindDn visible - + connectorConfiguration/configurationProperties/bindPassword visible - + hidden connectorConfiguration/configurationProperties @@ -1498,22 +1597,22 @@ true - + admin-dashboard - + allRoles true allRoles - + allOrgs allOrgs - + allServices allServices @@ -1526,7 +1625,7 @@ - + safe "Safe" expression profile. It is supposed to contain only operations that are "safe", @@ -1537,26 +1636,26 @@ without any guarantees. Use at your own risk. deny - + asIs allow - + path allow - + value allow - + const allow - + script deny - - + script-safe deny - + com.evolveum.midpoint.xml.ns._public.common.common_3 MidPoint common schema - generated bean classes allow - + com.evolveum.prism.xml.ns._public.types_3 Prism schema - bean classes allow - + java.lang.Integer allow - + java.lang.Object Basic Java operations. deny - + equals allow - + hashCode allow - + java.lang.String String operations are generally safe. But Groovy is adding execute() method which is very dangerous. allow - + execute deny - + java.lang.CharSequence allow - + java.lang.Enum allow - + java.util.List List operations are generally safe. But Groovy is adding execute() method which is very dangerous. allow - + execute deny - + java.util.ArrayList List operations are generally safe. But Groovy is adding execute() method which is very dangerous. allow - + execute deny - + java.util.Map allow - + java.util.HashMap allow - + java.util.Date allow - + javax.xml.namespace.QName allow - + javax.xml.datatype.XMLGregorianCalendar allow - + java.lang.System Just a few methods of System are safe enough. deny - + currentTimeMillis allow - + java.lang.IllegalStateException Basic Java exception. Also used in test. allow - + java.lang.IllegalArgumentException Basic Java exception. allow - + com.evolveum.midpoint.model.common.expression.functions.BasicExpressionFunctions MidPoint basic functions library allow - + com.evolveum.midpoint.model.common.expression.functions.LogExpressionFunctions MidPoint logging functions library allow - + com.evolveum.midpoint.report.impl.ReportFunctions MidPoint report functions library allow - + org.apache.commons.lang3.StringUtils Apache Commons: Strings allow diff --git a/demo/shibboleth/docker-compose-tests.yml b/demo/shibboleth/docker-compose-tests.yml index 1d38ec4..377a686 100644 --- a/demo/shibboleth/docker-compose-tests.yml +++ b/demo/shibboleth/docker-compose-tests.yml @@ -5,7 +5,7 @@ version: "3.3" services: data_init: - image: i2incommon/midpoint:${tag:-4.7.2} + image: i2incommon/midpoint:${tag:-4.8} command: > bash -c " chmod 777 /opt/mp-pw/ ; @@ -61,7 +61,7 @@ services: build: context: ./midpoint_server/ args: - tag: ${tag:-4.7.2} + tag: ${tag:-4.8} command: /usr/local/bin/startup.sh depends_on: - data_init diff --git a/demo/shibboleth/docker-compose.yml b/demo/shibboleth/docker-compose.yml index 805e053..5f908dd 100644 --- a/demo/shibboleth/docker-compose.yml +++ b/demo/shibboleth/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.3" services: data_init: - image: i2incommon/midpoint:${tag:-4.7.2} + image: i2incommon/midpoint:${tag:-4.8} command: > bash -c " chmod 777 /opt/mp-pw/ ; @@ -58,7 +58,7 @@ services: build: context: ./midpoint_server/ args: - tag: ${tag:-4.7.2} + tag: ${tag:-4.8} command: /usr/local/bin/startup.sh depends_on: - data_init diff --git a/demo/shibboleth/midpoint_server/Dockerfile b/demo/shibboleth/midpoint_server/Dockerfile index 0e8d4f0..d1ef481 100644 --- a/demo/shibboleth/midpoint_server/Dockerfile +++ b/demo/shibboleth/midpoint_server/Dockerfile @@ -1,4 +1,4 @@ -ARG tag=4.7.2 +ARG tag=4.8 FROM i2incommon/midpoint:${tag} diff --git a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml index bb86eb7..da3f8e7 100644 --- a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml +++ b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml @@ -1,7 +1,3 @@ - - Default Security Policy @@ -12,6 +8,11 @@ httpBasic + + httpHeader + REMOTE_USER + https://localhost:8443/Shibboleth.sso/Logout + mySamlSso My internal enterprise SAML-based SSO system. @@ -41,11 +42,6 @@ - - httpHeader - https://localhost:8443/Shibboleth.sso/Logout - REMOTE_USER - admin-gui-saml-internal @@ -64,7 +60,7 @@ - admin-gui-emergency + admin-gui-emergency Special GUI authentication sequence that is using just the internal user password. @@ -76,20 +72,20 @@ - internalLoginForm + internalLoginForm 30 sufficient - admin-gui-default + admin-gui-default Default gui sequence Special GUI authentication sequence that is using Shibboleth SP - true http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user + true shib @@ -101,8 +97,8 @@ rest-default - true http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest + true rest-default @@ -114,8 +110,8 @@ actuator-default - true http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator + true actuator-default @@ -136,4 +132,3 @@ - diff --git a/demo/simple/docker-compose.yml b/demo/simple/docker-compose.yml index c62b7e1..83aeb19 100644 --- a/demo/simple/docker-compose.yml +++ b/demo/simple/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.3" services: data_init: - image: i2incommon/midpoint:${tag:-4.7.2} + image: i2incommon/midpoint:${tag:-4.8} command: > bash -c " chmod 777 /opt/mp-pw/ ; @@ -57,7 +57,7 @@ services: - mp_pw:/opt/mp-pw midpoint_server: - image: i2incommon/midpoint:${tag:-4.7.2} + image: i2incommon/midpoint:${tag:-4.8} depends_on: - data_init - midpoint_data diff --git a/download-midpoint.sh b/download-midpoint.sh index d171b59..7c35db6 100755 --- a/download-midpoint.sh +++ b/download-midpoint.sh @@ -10,7 +10,7 @@ else # But if we need to incorporate interim changes to I2 distribution during # midPoint development cycle, we can specify concrete file from "midpoint-tier" # download directory by using its name (like "latest-stable"). - MP_VERSION="4.7.2" + MP_VERSION="4.8" else MP_VERSION=$tag fi