From 36100deceb52140400d19a83274146c436130272 Mon Sep 17 00:00:00 2001 From: lskublik Date: Mon, 3 Feb 2020 21:04:42 +0100 Subject: [PATCH 1/3] adding first test for REST authentication by flexible authentication --- container_files/httpd/conf/midpoint.conf | 6 + container_files/usr-local-bin/start-httpd.sh | 30 +- demo/grouper/.env | 1 - .../midpoint/shibboleth/idp-metadata.xml | 10 +- .../midpoint/shibboleth/sp-encrypt-key.pem | 205 ++++++++++--- .../midpoint/shibboleth/sp-signing-key.pem | 205 ++++++++++--- demo/grouper/docker-compose.yml | 16 -- .../shibboleth-idp/conf/attribute-filter.xml | 2 +- .../idp/shibboleth-idp/conf/idp.properties | 4 +- .../shibboleth-idp/metadata/idp-metadata.xml | 5 +- .../shibboleth-idp/metadata/midpoint-sp.xml | 55 ++-- .../securityPolicy/SecurityPolicy.xml | 272 ++++++++++++++++++ demo/shibboleth/.env | 1 - .../midpoint/shibboleth/idp-metadata.xml | 6 +- demo/shibboleth/docker-compose-tests.yml | 18 +- demo/shibboleth/docker-compose.yml | 18 +- .../shibboleth-idp/conf/attribute-filter.xml | 2 +- .../idp/shibboleth-idp/conf/idp.properties | 4 +- .../shibboleth-idp/metadata/midpoint-sp.xml | 57 ++-- demo/shibboleth/midpoint_server/Dockerfile | 9 + .../container_files/httpd/host-cert.pem | 22 ++ .../container_files/httpd/host-key.pem | 28 ++ .../securityPolicy/SecurityPolicy.xml | 272 ++++++++++++++++++ demo/shibboleth/tests/main.bats | 59 ++-- 24 files changed, 1032 insertions(+), 275 deletions(-) create mode 100644 container_files/httpd/conf/midpoint.conf create mode 100644 demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml create mode 100644 demo/shibboleth/midpoint_server/Dockerfile create mode 100644 demo/shibboleth/midpoint_server/container_files/httpd/host-cert.pem create mode 100644 demo/shibboleth/midpoint_server/container_files/httpd/host-key.pem create mode 100644 demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml diff --git a/container_files/httpd/conf/midpoint.conf b/container_files/httpd/conf/midpoint.conf new file mode 100644 index 0000000..2d63bda --- /dev/null +++ b/container_files/httpd/conf/midpoint.conf @@ -0,0 +1,6 @@ + +Timeout 2400 +ProxyTimeout 2400 +ProxyBadHeader Ignore + +ProxyPass /midpoint ajp://localhost:9090/midpoint timeout=2400 retry=0 diff --git a/container_files/usr-local-bin/start-httpd.sh b/container_files/usr-local-bin/start-httpd.sh index 29827f8..787d293 100755 --- a/container_files/usr-local-bin/start-httpd.sh +++ b/container_files/usr-local-bin/start-httpd.sh @@ -3,34 +3,10 @@ echo "Linking secrets" for filepath in /run/secrets/*; do label_file=`basename $filepath` - if [ "$label_file" == "mp_sp-signing-key.pem" ]; then - ln -sf /run/secrets/mp_sp-key.pem /etc/shibboleth/sp-signing-key.pem - elif [ "$label_file" == "mp_sp-encrypt-key.pem" ]; then - ln -sf /run/secrets/mp_sp-key.pem /etc/shibboleth/sp-encrypt-key.pem - elif [ "$label_file" == "mp_host-key.pem" ]; then + if [ "$label_file" == "mp_host-key.pem" ]; then ln -sf /run/secrets/mp_host-key.pem /etc/pki/tls/private/host-key.pem fi done -echo "Linking config files; using authentication: $AUTHENTICATION" -ln -sf /etc/httpd/conf.d/midpoint.conf.auth.$AUTHENTICATION /etc/httpd/conf.d/midpoint.conf -ln -sf /etc/httpd/conf.d/shib.conf.auth.$AUTHENTICATION /etc/httpd/conf.d/shib.conf - -case $AUTHENTICATION in - shibboleth) - echo "*** Starting httpd WITH Shibboleth support" - set -e - rm -f /etc/httpd/logs/httpd.pid - export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH - (/usr/sbin/shibd -f) & httpd -DFOREGROUND - ;; - internal) - echo "*** Starting httpd WITHOUT Shibboleth support" - rm -f /etc/httpd/logs/httpd.pid /run/httpd/httpd.pid - httpd -DFOREGROUND - ;; - *) - echo "*** Couldn't start httpd: unsupported AUTHENTICATION variable value: '$AUTHENTICATION'" - sleep infinity - ;; -esac +rm -f /etc/httpd/logs/httpd.pid /run/httpd/httpd.pid +httpd -DFOREGROUND diff --git a/demo/grouper/.env b/demo/grouper/.env index 75949b1..1a7a71d 100644 --- a/demo/grouper/.env +++ b/demo/grouper/.env @@ -1,4 +1,3 @@ -AUTHENTICATION=internal ENV=demo REPO_DATABASE_TYPE=mariadb REPO_JDBC_URL=default diff --git a/demo/grouper/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml b/demo/grouper/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml index 4fa67a7..28ae7d1 100644 --- a/demo/grouper/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml +++ b/demo/grouper/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml @@ -101,8 +101,12 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo= - urn:mace:shibboleth:1.0:nameIdentifier + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + urn:mace:shibboleth:1.0:nameIdentifier @@ -198,8 +202,8 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo= - - + + diff --git a/demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem b/demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem index 1622ef3..901ce4b 100644 --- a/demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem +++ b/demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem @@ -1,40 +1,165 @@ ------BEGIN PRIVATE KEY----- -MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDo5j0gc0bI2zwQ -QOo2FVvkLbGDOX7yLjRKxlQ0byh8gkzW5nRWd+6hJf38LK3ReIZ+Fe3wGeo1ukdW -jBhZdb0MidvPQfJeRzj43xrgdoC/SMbpTpq5GFTfJ34I5WxTTZLTECfDaa2BMpd6 -O/OsQgscdwIgOTIHb+NNC+r5ZhHzRyMLDhwFEzUcgsDEvT+owSeSCMQ9DHn/t6FI -wL1bD2btuBCZ801GrGZyNBfGgv2M1W8TmwTXMprQNiKXnP4C3tQdPXg2VHblzy/2 -rOe0Fr4Ca1o/Gwivi3Y9DzD0r1s6+AZzefHcWmIAoER+7Z4WbnT7wowWpEM5MaP5 -47ESCrZt5TfVJlGIl25fnm7tA0kBVGhXztoTjlEzQK/0LgvhkC/lO1QHcm02z/in -B+S2zVEqmJMUsIWxc+WspqOSqaZ2AfSuYskkVrxiIZ8Fxzb+cha5lG3rdgTyZTM7 -+zWnj2me+sqaG8zY4zQW4GjRArENWQ/X3tkPFAXtJtoED+WLseUCAwEAAQKCAYBM -3eCC20kbdbAnNSWX4AjKEIKr6sgJKlK78yVLgPx9y4uMydbPyxmJOj7PgfeEUSEi -cB5txj/Up7xvxiErNX7FqqJPj1Zs41jcWtZGCxaHC4AK9JSATpWEaUZhrUbJX6r7 -2jMlfbV0FLyF7U+JJOsB5A1hkT7/0V/Vx/8vfQ6jmnDobym0SxiWZlk1Fbjy+30R -567M71c8nOCwYFyet0CjaMKh7PkuQCw3uRW3wPfqCW91qw438E3ENnnITFpRnDUI -iZIXJSj3Sqcx/W7Q6xei+y95U4tksT3/SQ7hVXp+BhfyjXdK/k0vNzxZfWk9nCD8 -h7HeiQuLPENzrlOwuWtI+gLDIdFplXUJ+/piK3okdstdHJcWcNUelW8yr7JSpv1I -a2KMgHI2F4UVcTYLZrevzxd5a0cpvFW7vmvdw2vFrCb5JsVsmqBu5OLeaVGDIbIA -2SLfJqq12fi2rxk28VtwXXgaCTttSM+8VY7dlT/mPCqX3Sx2eM7EPt6RVHuri4EC -gcEA+3q6Vht60YXNaw7m4BFISntVm4Z2gGFNswLlrgPRHOacaQVMKhpqt3HmNKAT -1MD/a5C60HkUjMB95m2nE4k1Iade8EzUPXD1FvFbE9/+ifNx2OrC8pKrEmRiTmCY -oel45uoXsksNGJynfuRp2TpAVSZrXaIbGKZiMJZv0QZAilVBurZnZyV0jKQYkSFM -FOt60PDJJEqZzG01dvDJxsIYQURtjNscO0R2ncloLXm7qu1/fcP7CAawWgFYyer2 -WEdVAoHBAO0WAhxCvFoev348Wf33lQi9c6w7WN/WEkhNOJ5p4PKsJphSZbt2bjCt -RdRmvahSXeiGrDPuaxoWaQqcXprcu3ndFYBcK2xZpIl/mf0wr1QTEHCkRXzfxRjC -Mmy+yTeKT4L18xKgg6pJn+wC3hwsv2BQPkp+NPJhD2bmVUWorqXq5fiBV2b7lTg0 -q1HHXYtxk22bw7xtstFENGTqa22KwD5Wd6nj9DamLzKhUhOdcJ7yGVu9se7YcGGh -pg57muigUQKBwQD5feH96Zdo5UFN9GPTavH4ivH8sWNBrMeEUNyDTuAYtyX3/zx4 -DOtRAhwsm5/xFGSTV+wvReDAX3zIroLym85ti/phlyd9qWJOl7cPOcvzGuYZGZe9 -RwuX3KW3MphbEiFTnm1SAqmEgG6gMoZc8DDBCbO9GkWdp/yETcuzaWuAkmL6lVpy -97LwkSCaY5lyq8iWIDy915FMQhCn5u2YVhnwLq4s73jLx/mSQy4q57nrM2Kn6FZV -uSUetnVbJdOu810CgcBNCzbaWjF9E7rk2dXguwD6Wx5o3MxPyPAeAMIicIPCOIE+ -RKB8n8rFFLm5gT2mokWUF5eENLknPBsccJ4pswtVWavwD4Oo7SST7hxrc9O1/Y/9 -GtTd9JXHKuxZ/FHFM7QM+cHozrKattw6ROBKxZvXP5xOdt7b2QC5TqZtQZinoELl -U5rEg4MFRdBafe//LYRcPR8Jb5iJeqGQHcGVUl6Qo2a1lbc5vx1dVaEncKU1cbUd -4/IbjMhQYchlsnMvn1ECgcEAxwT/UvLwhYeFK6UHRwJ/z1eKGAC8R2B9tlmgddZx -T93qbVq4lZXKw3osqdi+pgWvvmg9aK9r/dO1E93S11msnoTI+W9xTr+y5y9dN/hx -5deQMUK+3woLog6LsGiKE2IamCNQBFkgd4VvhXgG+2pTPYJ9nyuEA+na+tfE6bSa -foJ8KQT1rmRFQYRboBY/xxqtsl6Nh84JK7kCw27NNdhssyuiipfa8NLM4m+yeA6n -/oz8xKl5PKwOrvk2DH+FwaAg ------END PRIVATE KEY----- +RSA Private-Key: (3072 bit, 2 primes) +modulus: + 00:e8:e6:3d:20:73:46:c8:db:3c:10:40:ea:36:15: + 5b:e4:2d:b1:83:39:7e:f2:2e:34:4a:c6:54:34:6f: + 28:7c:82:4c:d6:e6:74:56:77:ee:a1:25:fd:fc:2c: + ad:d1:78:86:7e:15:ed:f0:19:ea:35:ba:47:56:8c: + 18:59:75:bd:0c:89:db:cf:41:f2:5e:47:38:f8:df: + 1a:e0:76:80:bf:48:c6:e9:4e:9a:b9:18:54:df:27: + 7e:08:e5:6c:53:4d:92:d3:10:27:c3:69:ad:81:32: + 97:7a:3b:f3:ac:42:0b:1c:77:02:20:39:32:07:6f: + e3:4d:0b:ea:f9:66:11:f3:47:23:0b:0e:1c:05:13: + 35:1c:82:c0:c4:bd:3f:a8:c1:27:92:08:c4:3d:0c: + 79:ff:b7:a1:48:c0:bd:5b:0f:66:ed:b8:10:99:f3: + 4d:46:ac:66:72:34:17:c6:82:fd:8c:d5:6f:13:9b: + 04:d7:32:9a:d0:36:22:97:9c:fe:02:de:d4:1d:3d: + 78:36:54:76:e5:cf:2f:f6:ac:e7:b4:16:be:02:6b: + 5a:3f:1b:08:af:8b:76:3d:0f:30:f4:af:5b:3a:f8: + 06:73:79:f1:dc:5a:62:00:a0:44:7e:ed:9e:16:6e: + 74:fb:c2:8c:16:a4:43:39:31:a3:f9:e3:b1:12:0a: + b6:6d:e5:37:d5:26:51:88:97:6e:5f:9e:6e:ed:03: + 49:01:54:68:57:ce:da:13:8e:51:33:40:af:f4:2e: + 0b:e1:90:2f:e5:3b:54:07:72:6d:36:cf:f8:a7:07: + e4:b6:cd:51:2a:98:93:14:b0:85:b1:73:e5:ac:a6: + a3:92:a9:a6:76:01:f4:ae:62:c9:24:56:bc:62:21: + 9f:05:c7:36:fe:72:16:b9:94:6d:eb:76:04:f2:65: + 33:3b:fb:35:a7:8f:69:9e:fa:ca:9a:1b:cc:d8:e3: + 34:16:e0:68:d1:02:b1:0d:59:0f:d7:de:d9:0f:14: + 05:ed:26:da:04:0f:e5:8b:b1:e5 +publicExponent: 65537 (0x10001) +privateExponent: + 4c:dd:e0:82:db:49:1b:75:b0:27:35:25:97:e0:08: + ca:10:82:ab:ea:c8:09:2a:52:bb:f3:25:4b:80:fc: + 7d:cb:8b:8c:c9:d6:cf:cb:19:89:3a:3e:cf:81:f7: + 84:51:21:22:70:1e:6d:c6:3f:d4:a7:bc:6f:c6:21: + 2b:35:7e:c5:aa:a2:4f:8f:56:6c:e3:58:dc:5a:d6: + 46:0b:16:87:0b:80:0a:f4:94:80:4e:95:84:69:46: + 61:ad:46:c9:5f:aa:fb:da:33:25:7d:b5:74:14:bc: + 85:ed:4f:89:24:eb:01:e4:0d:61:91:3e:ff:d1:5f: + d5:c7:ff:2f:7d:0e:a3:9a:70:e8:6f:29:b4:4b:18: + 96:66:59:35:15:b8:f2:fb:7d:11:e7:ae:cc:ef:57: + 3c:9c:e0:b0:60:5c:9e:b7:40:a3:68:c2:a1:ec:f9: + 2e:40:2c:37:b9:15:b7:c0:f7:ea:09:6f:75:ab:0e: + 37:f0:4d:c4:36:79:c8:4c:5a:51:9c:35:08:89:92: + 17:25:28:f7:4a:a7:31:fd:6e:d0:eb:17:a2:fb:2f: + 79:53:8b:64:b1:3d:ff:49:0e:e1:55:7a:7e:06:17: + f2:8d:77:4a:fe:4d:2f:37:3c:59:7d:69:3d:9c:20: + fc:87:b1:de:89:0b:8b:3c:43:73:ae:53:b0:b9:6b: + 48:fa:02:c3:21:d1:69:95:75:09:fb:fa:62:2b:7a: + 24:76:cb:5d:1c:97:16:70:d5:1e:95:6f:32:af:b2: + 52:a6:fd:48:6b:62:8c:80:72:36:17:85:15:71:36: + 0b:66:b7:af:cf:17:79:6b:47:29:bc:55:bb:be:6b: + dd:c3:6b:c5:ac:26:f9:26:c5:6c:9a:a0:6e:e4:e2: + de:69:51:83:21:b2:00:d9:22:df:26:aa:b5:d9:f8: + b6:af:19:36:f1:5b:70:5d:78:1a:09:3b:6d:48:cf: + bc:55:8e:dd:95:3f:e6:3c:2a:97:dd:2c:76:78:ce: + c4:3e:de:91:54:7b:ab:8b:81 +prime1: + 00:fb:7a:ba:56:1b:7a:d1:85:cd:6b:0e:e6:e0:11: + 48:4a:7b:55:9b:86:76:80:61:4d:b3:02:e5:ae:03: + d1:1c:e6:9c:69:05:4c:2a:1a:6a:b7:71:e6:34:a0: + 13:d4:c0:ff:6b:90:ba:d0:79:14:8c:c0:7d:e6:6d: + a7:13:89:35:21:a7:5e:f0:4c:d4:3d:70:f5:16:f1: + 5b:13:df:fe:89:f3:71:d8:ea:c2:f2:92:ab:12:64: + 62:4e:60:98:a1:e9:78:e6:ea:17:b2:4b:0d:18:9c: + a7:7e:e4:69:d9:3a:40:55:26:6b:5d:a2:1b:18:a6: + 62:30:96:6f:d1:06:40:8a:55:41:ba:b6:67:67:25: + 74:8c:a4:18:91:21:4c:14:eb:7a:d0:f0:c9:24:4a: + 99:cc:6d:35:76:f0:c9:c6:c2:18:41:44:6d:8c:db: + 1c:3b:44:76:9d:c9:68:2d:79:bb:aa:ed:7f:7d:c3: + fb:08:06:b0:5a:01:58:c9:ea:f6:58:47:55 +prime2: + 00:ed:16:02:1c:42:bc:5a:1e:bf:7e:3c:59:fd:f7: + 95:08:bd:73:ac:3b:58:df:d6:12:48:4d:38:9e:69: + e0:f2:ac:26:98:52:65:bb:76:6e:30:ad:45:d4:66: + bd:a8:52:5d:e8:86:ac:33:ee:6b:1a:16:69:0a:9c: + 5e:9a:dc:bb:79:dd:15:80:5c:2b:6c:59:a4:89:7f: + 99:fd:30:af:54:13:10:70:a4:45:7c:df:c5:18:c2: + 32:6c:be:c9:37:8a:4f:82:f5:f3:12:a0:83:aa:49: + 9f:ec:02:de:1c:2c:bf:60:50:3e:4a:7e:34:f2:61: + 0f:66:e6:55:45:a8:ae:a5:ea:e5:f8:81:57:66:fb: + 95:38:34:ab:51:c7:5d:8b:71:93:6d:9b:c3:bc:6d: + b2:d1:44:34:64:ea:6b:6d:8a:c0:3e:56:77:a9:e3: + f4:36:a6:2f:32:a1:52:13:9d:70:9e:f2:19:5b:bd: + b1:ee:d8:70:61:a1:a6:0e:7b:9a:e8:a0:51 +exponent1: + 00:f9:7d:e1:fd:e9:97:68:e5:41:4d:f4:63:d3:6a: + f1:f8:8a:f1:fc:b1:63:41:ac:c7:84:50:dc:83:4e: + e0:18:b7:25:f7:ff:3c:78:0c:eb:51:02:1c:2c:9b: + 9f:f1:14:64:93:57:ec:2f:45:e0:c0:5f:7c:c8:ae: + 82:f2:9b:ce:6d:8b:fa:61:97:27:7d:a9:62:4e:97: + b7:0f:39:cb:f3:1a:e6:19:19:97:bd:47:0b:97:dc: + a5:b7:32:98:5b:12:21:53:9e:6d:52:02:a9:84:80: + 6e:a0:32:86:5c:f0:30:c1:09:b3:bd:1a:45:9d:a7: + fc:84:4d:cb:b3:69:6b:80:92:62:fa:95:5a:72:f7: + b2:f0:91:20:9a:63:99:72:ab:c8:96:20:3c:bd:d7: + 91:4c:42:10:a7:e6:ed:98:56:19:f0:2e:ae:2c:ef: + 78:cb:c7:f9:92:43:2e:2a:e7:b9:eb:33:62:a7:e8: + 56:55:b9:25:1e:b6:75:5b:25:d3:ae:f3:5d +exponent2: + 4d:0b:36:da:5a:31:7d:13:ba:e4:d9:d5:e0:bb:00: + fa:5b:1e:68:dc:cc:4f:c8:f0:1e:00:c2:22:70:83: + c2:38:81:3e:44:a0:7c:9f:ca:c5:14:b9:b9:81:3d: + a6:a2:45:94:17:97:84:34:b9:27:3c:1b:1c:70:9e: + 29:b3:0b:55:59:ab:f0:0f:83:a8:ed:24:93:ee:1c: + 6b:73:d3:b5:fd:8f:fd:1a:d4:dd:f4:95:c7:2a:ec: + 59:fc:51:c5:33:b4:0c:f9:c1:e8:ce:b2:9a:b6:dc: + 3a:44:e0:4a:c5:9b:d7:3f:9c:4e:76:de:db:d9:00: + b9:4e:a6:6d:41:98:a7:a0:42:e5:53:9a:c4:83:83: + 05:45:d0:5a:7d:ef:ff:2d:84:5c:3d:1f:09:6f:98: + 89:7a:a1:90:1d:c1:95:52:5e:90:a3:66:b5:95:b7: + 39:bf:1d:5d:55:a1:27:70:a5:35:71:b5:1d:e3:f2: + 1b:8c:c8:50:61:c8:65:b2:73:2f:9f:51 +coefficient: + 00:c7:04:ff:52:f2:f0:85:87:85:2b:a5:07:47:02: + 7f:cf:57:8a:18:00:bc:47:60:7d:b6:59:a0:75:d6: + 71:4f:dd:ea:6d:5a:b8:95:95:ca:c3:7a:2c:a9:d8: + be:a6:05:af:be:68:3d:68:af:6b:fd:d3:b5:13:dd: + d2:d7:59:ac:9e:84:c8:f9:6f:71:4e:bf:b2:e7:2f: + 5d:37:f8:71:e5:d7:90:31:42:be:df:0a:0b:a2:0e: + 8b:b0:68:8a:13:62:1a:98:23:50:04:59:20:77:85: + 6f:85:78:06:fb:6a:53:3d:82:7d:9f:2b:84:03:e9: + da:fa:d7:c4:e9:b4:9a:7e:82:7c:29:04:f5:ae:64: + 45:41:84:5b:a0:16:3f:c7:1a:ad:b2:5e:8d:87:ce: + 09:2b:b9:02:c3:6e:cd:35:d8:6c:b3:2b:a2:8a:97: + da:f0:d2:cc:e2:6f:b2:78:0e:a7:fe:8c:fc:c4:a9: + 79:3c:ac:0e:ae:f9:36:0c:7f:85:c1:a0:20 +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEA6OY9IHNGyNs8EEDqNhVb5C2xgzl+8i40SsZUNG8ofIJM1uZ0 +VnfuoSX9/Cyt0XiGfhXt8BnqNbpHVowYWXW9DInbz0HyXkc4+N8a4HaAv0jG6U6a +uRhU3yd+COVsU02S0xAnw2mtgTKXejvzrEILHHcCIDkyB2/jTQvq+WYR80cjCw4c +BRM1HILAxL0/qMEnkgjEPQx5/7ehSMC9Ww9m7bgQmfNNRqxmcjQXxoL9jNVvE5sE +1zKa0DYil5z+At7UHT14NlR25c8v9qzntBa+AmtaPxsIr4t2PQ8w9K9bOvgGc3nx +3FpiAKBEfu2eFm50+8KMFqRDOTGj+eOxEgq2beU31SZRiJduX55u7QNJAVRoV87a +E45RM0Cv9C4L4ZAv5TtUB3JtNs/4pwfkts1RKpiTFLCFsXPlrKajkqmmdgH0rmLJ +JFa8YiGfBcc2/nIWuZRt63YE8mUzO/s1p49pnvrKmhvM2OM0FuBo0QKxDVkP197Z +DxQF7SbaBA/li7HlAgMBAAECggGATN3ggttJG3WwJzUll+AIyhCCq+rICSpSu/Ml +S4D8fcuLjMnWz8sZiTo+z4H3hFEhInAebcY/1Ke8b8YhKzV+xaqiT49WbONY3FrW +RgsWhwuACvSUgE6VhGlGYa1GyV+q+9ozJX21dBS8he1PiSTrAeQNYZE+/9Ff1cf/ +L30Oo5pw6G8ptEsYlmZZNRW48vt9EeeuzO9XPJzgsGBcnrdAo2jCoez5LkAsN7kV +t8D36glvdasON/BNxDZ5yExaUZw1CImSFyUo90qnMf1u0OsXovsveVOLZLE9/0kO +4VV6fgYX8o13Sv5NLzc8WX1pPZwg/Iex3okLizxDc65TsLlrSPoCwyHRaZV1Cfv6 +Yit6JHbLXRyXFnDVHpVvMq+yUqb9SGtijIByNheFFXE2C2a3r88XeWtHKbxVu75r +3cNrxawm+SbFbJqgbuTi3mlRgyGyANki3yaqtdn4tq8ZNvFbcF14Ggk7bUjPvFWO +3ZU/5jwql90sdnjOxD7ekVR7q4uBAoHBAPt6ulYbetGFzWsO5uARSEp7VZuGdoBh +TbMC5a4D0RzmnGkFTCoaardx5jSgE9TA/2uQutB5FIzAfeZtpxOJNSGnXvBM1D1w +9RbxWxPf/onzcdjqwvKSqxJkYk5gmKHpeObqF7JLDRicp37kadk6QFUma12iGxim +YjCWb9EGQIpVQbq2Z2cldIykGJEhTBTretDwySRKmcxtNXbwycbCGEFEbYzbHDtE +dp3JaC15u6rtf33D+wgGsFoBWMnq9lhHVQKBwQDtFgIcQrxaHr9+PFn995UIvXOs +O1jf1hJITTieaeDyrCaYUmW7dm4wrUXUZr2oUl3ohqwz7msaFmkKnF6a3Lt53RWA +XCtsWaSJf5n9MK9UExBwpEV838UYwjJsvsk3ik+C9fMSoIOqSZ/sAt4cLL9gUD5K +fjTyYQ9m5lVFqK6l6uX4gVdm+5U4NKtRx12LcZNtm8O8bbLRRDRk6mttisA+Vnep +4/Q2pi8yoVITnXCe8hlbvbHu2HBhoaYOe5rooFECgcEA+X3h/emXaOVBTfRj02rx ++Irx/LFjQazHhFDcg07gGLcl9/88eAzrUQIcLJuf8RRkk1fsL0XgwF98yK6C8pvO +bYv6YZcnfaliTpe3DznL8xrmGRmXvUcLl9yltzKYWxIhU55tUgKphIBuoDKGXPAw +wQmzvRpFnaf8hE3Ls2lrgJJi+pVacvey8JEgmmOZcqvIliA8vdeRTEIQp+btmFYZ +8C6uLO94y8f5kkMuKue56zNip+hWVbklHrZ1WyXTrvNdAoHATQs22loxfRO65NnV +4LsA+lseaNzMT8jwHgDCInCDwjiBPkSgfJ/KxRS5uYE9pqJFlBeXhDS5JzwbHHCe +KbMLVVmr8A+DqO0kk+4ca3PTtf2P/RrU3fSVxyrsWfxRxTO0DPnB6M6ymrbcOkTg +SsWb1z+cTnbe29kAuU6mbUGYp6BC5VOaxIODBUXQWn3v/y2EXD0fCW+YiXqhkB3B +lVJekKNmtZW3Ob8dXVWhJ3ClNXG1HePyG4zIUGHIZbJzL59RAoHBAMcE/1Ly8IWH +hSulB0cCf89XihgAvEdgfbZZoHXWcU/d6m1auJWVysN6LKnYvqYFr75oPWiva/3T +tRPd0tdZrJ6EyPlvcU6/sucvXTf4ceXXkDFCvt8KC6IOi7BoihNiGpgjUARZIHeF +b4V4BvtqUz2CfZ8rhAPp2vrXxOm0mn6CfCkE9a5kRUGEW6AWP8carbJejYfOCSu5 +AsNuzTXYbLMrooqX2vDSzOJvsngOp/6M/MSpeTysDq75Ngx/hcGgIA== +-----END RSA PRIVATE KEY----- diff --git a/demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem b/demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem index 9e979fe..16f582a 100644 --- a/demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem +++ b/demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem @@ -1,40 +1,165 @@ ------BEGIN PRIVATE KEY----- -MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDSdTgukJeLXtv+ -zwKwZLjPxBdTXECC7+2yWnnCQxmAVaFoC9GtikNFzBErrIJFZlY4/43G7b8CIlyP -+gRLvNeThenkmSMMVnUAaXim61k27dOxohoHV6F6LeqDLOWvWF7li7fKU16xVTJs -F1PmX1ibblPDiIJvXrABCEAR7w1TibXSnQTFiRWuZ1M5GlbwNBa/K/vxR1L0gp5S -jjGlCH04LaEvQEJ2kUNXVZd/WdigIfOyWL0SMb22j2ioGq9nhkPj0A/K6rAeSucI -JwAwMWDPVaNGF0qTx/hb8DdxCYFEVEhGNhNCcfCTsd+vBETS18d5H50cQomUQ5E2 -RfVj+pQZw8HNVl0cKVQg00ZxfkiIeiAtQY/6qZKQg9564u7cnHo6HgLVY9WGR1mq -3/YqnXC2DgFpnshmxZd4Y7+qnF5yH8tSshywgHSK4NU8pi6L11yltPaRG1S3bB5i -89Ifg8T7OBbIpytgEATJ9ervASSf/rKQsyENkDT3BjkYel3pgaUCAwEAAQKCAYEA -kmBxGQH8RTVO8eTtS95iJC+QwavyOp/BxUDkWtbsj7P/NSyzQ25c59jNQIEVgktx -QOeNpoSJS2S22HTeNAc+MR781MAl/ljLu+OfxQj/3hKAIJZMYDr01tPEvkOl5NUj -+6e3xwNBYzmMfl2jPyGlsUWFAQSbI/bJl44zccXAkQ/A5KHNRc7Yw5qd6aOGQD8a -axCehOxEqEeI8oZvxQcogMBL0V9yWqEiI0Ymvq6w2n+CzdKmflcWSjloYzNcODbL -Ef2+8/fBZhHTS0GLCIqQpK+tZxt4K77DK2p2L9dYuHK7vtWn1j0YIwPqD+QVVtuT -d7BOOmakPj2E7EXq/GvFw8gB/gRLoLuJSq5vvhPrSVuJqWdxDuxSutGgIoN3mQxd -2AjuBXvqwYaZ3UGHZlBYAQx5ICiAGjxv/1zmKp+9OJHge/a1e6Z8jgQcpS7OWNhU -dj6qfs+IiWKEaMM7D8dj4ncoArBpE7/BzlVuJ377cqRx35alMcKlawQWF1YqSDrB -AoHBAPSipCLz4sr3U2jluXehntYsKevWcBtFkEd49Ay5uZTu/aweKWIozjDt7T3L -mjYi+QGpt28MdNmpoofYOmpt+lrc0HWrv+UB9k/qFxfwgZKaXa1nm/VLfK77L4IB -8I9dpjvDi724Xg/JJ1jsGM13+jGEfTQTl4Hi0lZwMydUO+O4oWB4kG9qhF8C+yQc -12CCFH+Da8uwcwM+zCJwRm3qMKceifhEGAuFJ430Rp7cuqlJYfQZ4pVhRxwP6vns -cLCz+QKBwQDcPB5bCjci/HMe0V19HxPrKh0hGPLIRCPAakT8Mz8N2lVAtWDXFL5q -eHskl6cf8RQLfrcUiL+jQvD5VV8I7BkolCv0GZT/q36I/Z1QKlQC1O0IGG/hNqwt -PS85YM6yC84YIKx0rN6O03/nYcslRv19q+MNiR9sZEeN6cScUc6aUINhWjzQ4mb8 -Z9ErguJrq0sCoAVU+t/yRo/YB/d2xdN9XLe+2cgsM6s0TiHo4v2SeFHKewBw+RLp -yrShY6COzg0CgcEA0EFwt2ylgiGgeSkvhV8qJ6s7GNDZaO4EUEPwhrDJAredbhvT -IQQZ29+AWl3sbu/AySCgzsFs7CsT+M8jk50CRr26HKJUXvEXrZpbhH6y34nX+5m7 -U8uqXg/ptqROFM4liLUETkMYmBmnDHUY/DmJ3QOrzlxrWyAr7XfgpDd6MHbpsoWQ -d7jW7UdNYsXGuBqktpS7fJA+qOGZyCuKWWHHf01pKNdXHN+C976fK/g+U4TsBXDP -ylkgvwvx/kbA/DyJAoHAQxXA/WRYNT0G6B1ISAO+coTKiLlrwtsWtNbqGpSVoWef -Tm2xiPKVqiL3B8d2LgGmZHX92LBrB5UtiBWcNECOzVCNLvbX7yVTDvGKCNBL9Ozd -Ivkmo0ifG8ymZOj7LTrxVWImhgfeZ00/icC9O6arMqu4Jvhc7QyCy1SpAiDdOR5L -Vs1A9zPvwPTyvzlINRnhaHRMC32717XsvRZ4J+LMsEQc6HK4SdaXUQB3zdPO/93M -tEvRb5g/TZ3kdcC+OKHFAoHAO9R3y6ZjUM8T8/4XcyRD968V4sZIvVQfpSaH86GO -TrECZp5SqSWUTqAWTJWS0yIctAML60nWF+OPRUlrq0yk2veN9Re6eWfyoyQOFd92 -U+bxh3QEue5LGOwpqrPV/1cJSFdv88eS+F8q7i/dD765Tio6kJjKzXPN3FJqAvNB -lAnaO4Apbuzob25Qkmm0NVQHap+TJGJMvX2vVX9CjE6haVWq1lJMakkoQOeIlyi5 -iDjt9rDlIwDYeGWk4KFgsKM7 ------END PRIVATE KEY----- +RSA Private-Key: (3072 bit, 2 primes) +modulus: + 00:d2:75:38:2e:90:97:8b:5e:db:fe:cf:02:b0:64: + b8:cf:c4:17:53:5c:40:82:ef:ed:b2:5a:79:c2:43: + 19:80:55:a1:68:0b:d1:ad:8a:43:45:cc:11:2b:ac: + 82:45:66:56:38:ff:8d:c6:ed:bf:02:22:5c:8f:fa: + 04:4b:bc:d7:93:85:e9:e4:99:23:0c:56:75:00:69: + 78:a6:eb:59:36:ed:d3:b1:a2:1a:07:57:a1:7a:2d: + ea:83:2c:e5:af:58:5e:e5:8b:b7:ca:53:5e:b1:55: + 32:6c:17:53:e6:5f:58:9b:6e:53:c3:88:82:6f:5e: + b0:01:08:40:11:ef:0d:53:89:b5:d2:9d:04:c5:89: + 15:ae:67:53:39:1a:56:f0:34:16:bf:2b:fb:f1:47: + 52:f4:82:9e:52:8e:31:a5:08:7d:38:2d:a1:2f:40: + 42:76:91:43:57:55:97:7f:59:d8:a0:21:f3:b2:58: + bd:12:31:bd:b6:8f:68:a8:1a:af:67:86:43:e3:d0: + 0f:ca:ea:b0:1e:4a:e7:08:27:00:30:31:60:cf:55: + a3:46:17:4a:93:c7:f8:5b:f0:37:71:09:81:44:54: + 48:46:36:13:42:71:f0:93:b1:df:af:04:44:d2:d7: + c7:79:1f:9d:1c:42:89:94:43:91:36:45:f5:63:fa: + 94:19:c3:c1:cd:56:5d:1c:29:54:20:d3:46:71:7e: + 48:88:7a:20:2d:41:8f:fa:a9:92:90:83:de:7a:e2: + ee:dc:9c:7a:3a:1e:02:d5:63:d5:86:47:59:aa:df: + f6:2a:9d:70:b6:0e:01:69:9e:c8:66:c5:97:78:63: + bf:aa:9c:5e:72:1f:cb:52:b2:1c:b0:80:74:8a:e0: + d5:3c:a6:2e:8b:d7:5c:a5:b4:f6:91:1b:54:b7:6c: + 1e:62:f3:d2:1f:83:c4:fb:38:16:c8:a7:2b:60:10: + 04:c9:f5:ea:ef:01:24:9f:fe:b2:90:b3:21:0d:90: + 34:f7:06:39:18:7a:5d:e9:81:a5 +publicExponent: 65537 (0x10001) +privateExponent: + 00:92:60:71:19:01:fc:45:35:4e:f1:e4:ed:4b:de: + 62:24:2f:90:c1:ab:f2:3a:9f:c1:c5:40:e4:5a:d6: + ec:8f:b3:ff:35:2c:b3:43:6e:5c:e7:d8:cd:40:81: + 15:82:4b:71:40:e7:8d:a6:84:89:4b:64:b6:d8:74: + de:34:07:3e:31:1e:fc:d4:c0:25:fe:58:cb:bb:e3: + 9f:c5:08:ff:de:12:80:20:96:4c:60:3a:f4:d6:d3: + c4:be:43:a5:e4:d5:23:fb:a7:b7:c7:03:41:63:39: + 8c:7e:5d:a3:3f:21:a5:b1:45:85:01:04:9b:23:f6: + c9:97:8e:33:71:c5:c0:91:0f:c0:e4:a1:cd:45:ce: + d8:c3:9a:9d:e9:a3:86:40:3f:1a:6b:10:9e:84:ec: + 44:a8:47:88:f2:86:6f:c5:07:28:80:c0:4b:d1:5f: + 72:5a:a1:22:23:46:26:be:ae:b0:da:7f:82:cd:d2: + a6:7e:57:16:4a:39:68:63:33:5c:38:36:cb:11:fd: + be:f3:f7:c1:66:11:d3:4b:41:8b:08:8a:90:a4:af: + ad:67:1b:78:2b:be:c3:2b:6a:76:2f:d7:58:b8:72: + bb:be:d5:a7:d6:3d:18:23:03:ea:0f:e4:15:56:db: + 93:77:b0:4e:3a:66:a4:3e:3d:84:ec:45:ea:fc:6b: + c5:c3:c8:01:fe:04:4b:a0:bb:89:4a:ae:6f:be:13: + eb:49:5b:89:a9:67:71:0e:ec:52:ba:d1:a0:22:83: + 77:99:0c:5d:d8:08:ee:05:7b:ea:c1:86:99:dd:41: + 87:66:50:58:01:0c:79:20:28:80:1a:3c:6f:ff:5c: + e6:2a:9f:bd:38:91:e0:7b:f6:b5:7b:a6:7c:8e:04: + 1c:a5:2e:ce:58:d8:54:76:3e:aa:7e:cf:88:89:62: + 84:68:c3:3b:0f:c7:63:e2:77:28:02:b0:69:13:bf: + c1:ce:55:6e:27:7e:fb:72:a4:71:df:96:a5:31:c2: + a5:6b:04:16:17:56:2a:48:3a:c1 +prime1: + 00:f4:a2:a4:22:f3:e2:ca:f7:53:68:e5:b9:77:a1: + 9e:d6:2c:29:eb:d6:70:1b:45:90:47:78:f4:0c:b9: + b9:94:ee:fd:ac:1e:29:62:28:ce:30:ed:ed:3d:cb: + 9a:36:22:f9:01:a9:b7:6f:0c:74:d9:a9:a2:87:d8: + 3a:6a:6d:fa:5a:dc:d0:75:ab:bf:e5:01:f6:4f:ea: + 17:17:f0:81:92:9a:5d:ad:67:9b:f5:4b:7c:ae:fb: + 2f:82:01:f0:8f:5d:a6:3b:c3:8b:bd:b8:5e:0f:c9: + 27:58:ec:18:cd:77:fa:31:84:7d:34:13:97:81:e2: + d2:56:70:33:27:54:3b:e3:b8:a1:60:78:90:6f:6a: + 84:5f:02:fb:24:1c:d7:60:82:14:7f:83:6b:cb:b0: + 73:03:3e:cc:22:70:46:6d:ea:30:a7:1e:89:f8:44: + 18:0b:85:27:8d:f4:46:9e:dc:ba:a9:49:61:f4:19: + e2:95:61:47:1c:0f:ea:f9:ec:70:b0:b3:f9 +prime2: + 00:dc:3c:1e:5b:0a:37:22:fc:73:1e:d1:5d:7d:1f: + 13:eb:2a:1d:21:18:f2:c8:44:23:c0:6a:44:fc:33: + 3f:0d:da:55:40:b5:60:d7:14:be:6a:78:7b:24:97: + a7:1f:f1:14:0b:7e:b7:14:88:bf:a3:42:f0:f9:55: + 5f:08:ec:19:28:94:2b:f4:19:94:ff:ab:7e:88:fd: + 9d:50:2a:54:02:d4:ed:08:18:6f:e1:36:ac:2d:3d: + 2f:39:60:ce:b2:0b:ce:18:20:ac:74:ac:de:8e:d3: + 7f:e7:61:cb:25:46:fd:7d:ab:e3:0d:89:1f:6c:64: + 47:8d:e9:c4:9c:51:ce:9a:50:83:61:5a:3c:d0:e2: + 66:fc:67:d1:2b:82:e2:6b:ab:4b:02:a0:05:54:fa: + df:f2:46:8f:d8:07:f7:76:c5:d3:7d:5c:b7:be:d9: + c8:2c:33:ab:34:4e:21:e8:e2:fd:92:78:51:ca:7b: + 00:70:f9:12:e9:ca:b4:a1:63:a0:8e:ce:0d +exponent1: + 00:d0:41:70:b7:6c:a5:82:21:a0:79:29:2f:85:5f: + 2a:27:ab:3b:18:d0:d9:68:ee:04:50:43:f0:86:b0: + c9:02:b7:9d:6e:1b:d3:21:04:19:db:df:80:5a:5d: + ec:6e:ef:c0:c9:20:a0:ce:c1:6c:ec:2b:13:f8:cf: + 23:93:9d:02:46:bd:ba:1c:a2:54:5e:f1:17:ad:9a: + 5b:84:7e:b2:df:89:d7:fb:99:bb:53:cb:aa:5e:0f: + e9:b6:a4:4e:14:ce:25:88:b5:04:4e:43:18:98:19: + a7:0c:75:18:fc:39:89:dd:03:ab:ce:5c:6b:5b:20: + 2b:ed:77:e0:a4:37:7a:30:76:e9:b2:85:90:77:b8: + d6:ed:47:4d:62:c5:c6:b8:1a:a4:b6:94:bb:7c:90: + 3e:a8:e1:99:c8:2b:8a:59:61:c7:7f:4d:69:28:d7: + 57:1c:df:82:f7:be:9f:2b:f8:3e:53:84:ec:05:70: + cf:ca:59:20:bf:0b:f1:fe:46:c0:fc:3c:89 +exponent2: + 43:15:c0:fd:64:58:35:3d:06:e8:1d:48:48:03:be: + 72:84:ca:88:b9:6b:c2:db:16:b4:d6:ea:1a:94:95: + a1:67:9f:4e:6d:b1:88:f2:95:aa:22:f7:07:c7:76: + 2e:01:a6:64:75:fd:d8:b0:6b:07:95:2d:88:15:9c: + 34:40:8e:cd:50:8d:2e:f6:d7:ef:25:53:0e:f1:8a: + 08:d0:4b:f4:ec:dd:22:f9:26:a3:48:9f:1b:cc:a6: + 64:e8:fb:2d:3a:f1:55:62:26:86:07:de:67:4d:3f: + 89:c0:bd:3b:a6:ab:32:ab:b8:26:f8:5c:ed:0c:82: + cb:54:a9:02:20:dd:39:1e:4b:56:cd:40:f7:33:ef: + c0:f4:f2:bf:39:48:35:19:e1:68:74:4c:0b:7d:bb: + d7:b5:ec:bd:16:78:27:e2:cc:b0:44:1c:e8:72:b8: + 49:d6:97:51:00:77:cd:d3:ce:ff:dd:cc:b4:4b:d1: + 6f:98:3f:4d:9d:e4:75:c0:be:38:a1:c5 +coefficient: + 3b:d4:77:cb:a6:63:50:cf:13:f3:fe:17:73:24:43: + f7:af:15:e2:c6:48:bd:54:1f:a5:26:87:f3:a1:8e: + 4e:b1:02:66:9e:52:a9:25:94:4e:a0:16:4c:95:92: + d3:22:1c:b4:03:0b:eb:49:d6:17:e3:8f:45:49:6b: + ab:4c:a4:da:f7:8d:f5:17:ba:79:67:f2:a3:24:0e: + 15:df:76:53:e6:f1:87:74:04:b9:ee:4b:18:ec:29: + aa:b3:d5:ff:57:09:48:57:6f:f3:c7:92:f8:5f:2a: + ee:2f:dd:0f:be:b9:4e:2a:3a:90:98:ca:cd:73:cd: + dc:52:6a:02:f3:41:94:09:da:3b:80:29:6e:ec:e8: + 6f:6e:50:92:69:b4:35:54:07:6a:9f:93:24:62:4c: + bd:7d:af:55:7f:42:8c:4e:a1:69:55:aa:d6:52:4c: + 6a:49:28:40:e7:88:97:28:b9:88:38:ed:f6:b0:e5: + 23:00:d8:78:65:a4:e0:a1:60:b0:a3:3b +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEA0nU4LpCXi17b/s8CsGS4z8QXU1xAgu/tslp5wkMZgFWhaAvR +rYpDRcwRK6yCRWZWOP+Nxu2/AiJcj/oES7zXk4Xp5JkjDFZ1AGl4putZNu3TsaIa +B1ehei3qgyzlr1he5Yu3ylNesVUybBdT5l9Ym25Tw4iCb16wAQhAEe8NU4m10p0E +xYkVrmdTORpW8DQWvyv78UdS9IKeUo4xpQh9OC2hL0BCdpFDV1WXf1nYoCHzsli9 +EjG9to9oqBqvZ4ZD49APyuqwHkrnCCcAMDFgz1WjRhdKk8f4W/A3cQmBRFRIRjYT +QnHwk7HfrwRE0tfHeR+dHEKJlEORNkX1Y/qUGcPBzVZdHClUINNGcX5IiHogLUGP ++qmSkIPeeuLu3Jx6Oh4C1WPVhkdZqt/2Kp1wtg4BaZ7IZsWXeGO/qpxech/LUrIc +sIB0iuDVPKYui9dcpbT2kRtUt2weYvPSH4PE+zgWyKcrYBAEyfXq7wEkn/6ykLMh +DZA09wY5GHpd6YGlAgMBAAECggGBAJJgcRkB/EU1TvHk7UveYiQvkMGr8jqfwcVA +5FrW7I+z/zUss0NuXOfYzUCBFYJLcUDnjaaEiUtktth03jQHPjEe/NTAJf5Yy7vj +n8UI/94SgCCWTGA69NbTxL5DpeTVI/unt8cDQWM5jH5doz8hpbFFhQEEmyP2yZeO +M3HFwJEPwOShzUXO2MOanemjhkA/GmsQnoTsRKhHiPKGb8UHKIDAS9FfclqhIiNG +Jr6usNp/gs3Spn5XFko5aGMzXDg2yxH9vvP3wWYR00tBiwiKkKSvrWcbeCu+wytq +di/XWLhyu77Vp9Y9GCMD6g/kFVbbk3ewTjpmpD49hOxF6vxrxcPIAf4ES6C7iUqu +b74T60lbialncQ7sUrrRoCKDd5kMXdgI7gV76sGGmd1Bh2ZQWAEMeSAogBo8b/9c +5iqfvTiR4Hv2tXumfI4EHKUuzljYVHY+qn7PiIlihGjDOw/HY+J3KAKwaRO/wc5V +bid++3Kkcd+WpTHCpWsEFhdWKkg6wQKBwQD0oqQi8+LK91No5bl3oZ7WLCnr1nAb +RZBHePQMubmU7v2sHiliKM4w7e09y5o2IvkBqbdvDHTZqaKH2Dpqbfpa3NB1q7/l +AfZP6hcX8IGSml2tZ5v1S3yu+y+CAfCPXaY7w4u9uF4PySdY7BjNd/oxhH00E5eB +4tJWcDMnVDvjuKFgeJBvaoRfAvskHNdgghR/g2vLsHMDPswicEZt6jCnHon4RBgL +hSeN9Eae3LqpSWH0GeKVYUccD+r57HCws/kCgcEA3DweWwo3IvxzHtFdfR8T6yod +IRjyyEQjwGpE/DM/DdpVQLVg1xS+anh7JJenH/EUC363FIi/o0Lw+VVfCOwZKJQr +9BmU/6t+iP2dUCpUAtTtCBhv4TasLT0vOWDOsgvOGCCsdKzejtN/52HLJUb9favj +DYkfbGRHjenEnFHOmlCDYVo80OJm/GfRK4Lia6tLAqAFVPrf8kaP2Af3dsXTfVy3 +vtnILDOrNE4h6OL9knhRynsAcPkS6cq0oWOgjs4NAoHBANBBcLdspYIhoHkpL4Vf +KierOxjQ2WjuBFBD8IawyQK3nW4b0yEEGdvfgFpd7G7vwMkgoM7BbOwrE/jPI5Od +Aka9uhyiVF7xF62aW4R+st+J1/uZu1PLql4P6bakThTOJYi1BE5DGJgZpwx1GPw5 +id0Dq85ca1sgK+134KQ3ejB26bKFkHe41u1HTWLFxrgapLaUu3yQPqjhmcgrillh +x39NaSjXVxzfgve+nyv4PlOE7AVwz8pZIL8L8f5GwPw8iQKBwEMVwP1kWDU9Bugd +SEgDvnKEyoi5a8LbFrTW6hqUlaFnn05tsYjylaoi9wfHdi4BpmR1/diwaweVLYgV +nDRAjs1QjS721+8lUw7xigjQS/Ts3SL5JqNInxvMpmTo+y068VViJoYH3mdNP4nA +vTumqzKruCb4XO0MgstUqQIg3TkeS1bNQPcz78D08r85SDUZ4Wh0TAt9u9e17L0W +eCfizLBEHOhyuEnWl1EAd83Tzv/dzLRL0W+YP02d5HXAvjihxQKBwDvUd8umY1DP +E/P+F3MkQ/evFeLGSL1UH6Umh/Ohjk6xAmaeUqkllE6gFkyVktMiHLQDC+tJ1hfj +j0VJa6tMpNr3jfUXunln8qMkDhXfdlPm8Yd0BLnuSxjsKaqz1f9XCUhXb/PHkvhf +Ku4v3Q++uU4qOpCYys1zzdxSagLzQZQJ2juAKW7s6G9uUJJptDVUB2qfkyRiTL19 +r1V/QoxOoWlVqtZSTGpJKEDniJcouYg47faw5SMA2HhlpOChYLCjOw== +-----END RSA PRIVATE KEY----- diff --git a/demo/grouper/docker-compose.yml b/demo/grouper/docker-compose.yml index 280980c..be418a8 100644 --- a/demo/grouper/docker-compose.yml +++ b/demo/grouper/docker-compose.yml @@ -193,7 +193,6 @@ services: ports: - 8443:443 environment: - - AUTHENTICATION - ENV - USERTOKEN - REPO_DATABASE_TYPE @@ -219,23 +218,12 @@ services: secrets: - mp_database_password.txt - mp_keystore_password.txt - - mp_sp-encrypt-key.pem - - mp_sp-signing-key.pem - mp_host-key.pem volumes: - midpoint_home:/opt/midpoint/var - - type: bind - source: ./configs-and-secrets/midpoint/shibboleth/shibboleth2.xml - target: /etc/shibboleth/shibboleth2.xml - type: bind source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml target: /etc/shibboleth/idp-metadata.xml - - type: bind - source: ./configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem - target: /etc/shibboleth/sp-signing-cert.pem - - type: bind - source: ./configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem - target: /etc/shibboleth/sp-encrypt-cert.pem - type: bind source: ./configs-and-secrets/midpoint/httpd/host-cert.pem target: /etc/pki/tls/certs/host-cert.pem @@ -291,10 +279,6 @@ secrets: # midPoint mp_host-key.pem: file: ./configs-and-secrets/midpoint/httpd/host-key.pem - mp_sp-signing-key.pem: - file: ./configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem - mp_sp-encrypt-key.pem: - file: ./configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem mp_database_password.txt: file: ./configs-and-secrets/midpoint/application/database_password.txt mp_keystore_password.txt: diff --git a/demo/grouper/idp/shibboleth-idp/conf/attribute-filter.xml b/demo/grouper/idp/shibboleth-idp/conf/attribute-filter.xml index 21ffdb8..b3cfee1 100644 --- a/demo/grouper/idp/shibboleth-idp/conf/attribute-filter.xml +++ b/demo/grouper/idp/shibboleth-idp/conf/attribute-filter.xml @@ -36,7 +36,7 @@ - + diff --git a/demo/grouper/idp/shibboleth-idp/conf/idp.properties b/demo/grouper/idp/shibboleth-idp/conf/idp.properties index 4396f49..6294a30 100644 --- a/demo/grouper/idp/shibboleth-idp/conf/idp.properties +++ b/demo/grouper/idp/shibboleth-idp/conf/idp.properties @@ -91,9 +91,9 @@ idp.session.StorageService = shibboleth.StorageService # Tolerate storage-related errors #idp.session.maskStorageFailure = false # Track information about SPs logged into -#idp.session.trackSPSessions = false +idp.session.trackSPSessions = true # Support lookup by SP for SAML logout -#idp.session.secondaryServiceIndex = false +idp.session.secondaryServiceIndex = true # Length of time to track SP sessions #idp.session.defaultSPlifetime = PT2H diff --git a/demo/grouper/idp/shibboleth-idp/metadata/idp-metadata.xml b/demo/grouper/idp/shibboleth-idp/metadata/idp-metadata.xml index 84266d4..65db47e 100644 --- a/demo/grouper/idp/shibboleth-idp/metadata/idp-metadata.xml +++ b/demo/grouper/idp/shibboleth-idp/metadata/idp-metadata.xml @@ -197,8 +197,9 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo= - - + + + diff --git a/demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp.xml b/demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp.xml index 54f0577..5789ed8 100644 --- a/demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp.xml +++ b/demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp.xml @@ -2,7 +2,7 @@ This is example metadata only. Do *NOT* supply it as is without review, and do *NOT* provide it in real time to your partners. --> - + @@ -23,7 +23,7 @@ and do *NOT* provide it in real time to your partners. - + @@ -32,27 +32,25 @@ and do *NOT* provide it in real time to your partners. midpoint.sp.example.org - CN=midpoint.sp.example.org,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US - MIIDqDCCApCgAwIBAgIJAKUZrfriIt9cMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK -DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXZXZvbHZldW0uc3AuZXhhbXBsZS5v -cmcwHhcNMTgwOTE0MDU0NjU3WhcNMTkwOTE0MDU0NjU3WjBpMQswCQYDVQQGEwJV -UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50 -ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF2V2b2x2ZXVtLnNwLmV4YW1wbGUub3JnMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5v1zxlM94yaBssgNNbIUJwW -XxbGxgSs2AWBeg2aEi/VQd2UE5ivZakNJlqWSJyHo2xE4kxeSyBBxinjSyhmpNao -xIcqQsgW0gxo4SEHo3kUXWPo+of/pj6CslutsSJZWGTRV0dHITvaWX+NM8eXMfgu -mJFwy3RMdLaWQhY1Dyi2jNoO+DZnfNgPyPeEZcmORaoeEID9QdZfHtcgTf2QfSHq -+xsTwHB6Ro5t7YD2ma8Krb/XcDTfsq3qJemd7LhPj5lGmhYSMgDbgwEkZgZ1kBOP -lfsP2BvX5nipv7Vd1C5YXmv+NDR8V3yAWBC7ZAenxGmrnkaSVXnpUplUsGGm1QID -AQABo1MwUTAdBgNVHQ4EFgQUuxSZwW6V1P/b0tsTM32OU/v/n+UwHwYDVR0jBBgw -FoAUuxSZwW6V1P/b0tsTM32OU/v/n+UwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG -9w0BAQsFAAOCAQEAJWLXEfZkPeUyiGvsIUjczzdF3ptqXoP9aETS2pOV9sTri19R -TsQZW6XQRHGtuEOsqEGH8yiTdGR5hbGC+ynH/xTJnK+tBn/R3KrgxLKyMvoUzAPl -mhVq1dh+ZEtbsRpQRRubP6nm9kXNma0cXrkJSzuWM0W+l/xSOOYiSRRk3XWJfVjn -9jQlcJRh5SOkKN08oZHrCYKxToEuOfV8PtRj3T80DhsBTv2SHqhg4cBhzQPb0Kjm -9m4IkYOz8c5ZtuHDGnqMHw60Nyt+jyik4mMFP2frcOVP0W0sgwcfHllYzHoA/Khq -Yk3TBVs1BjPuNDJWHct8Eo68YP2/ZvzqfVM87Q== + CN=sptest.example.edu,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US + MIID/TCCAmWgAwIBAgIJAJZqOL69C6nRMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNVBAMTEnNwdGVz +dC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4NDhaFw0yODEyMTcyMjM4NDhaMB0xGzAZBgNVBAMT +EnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANJ1OC6Q +l4te2/7PArBkuM/EF1NcQILv7bJaecJDGYBVoWgL0a2KQ0XMESusgkVmVjj/jcbtvwIiXI/6BEu8 +15OF6eSZIwxWdQBpeKbrWTbt07GiGgdXoXot6oMs5a9YXuWLt8pTXrFVMmwXU+ZfWJtuU8OIgm9e +sAEIQBHvDVOJtdKdBMWJFa5nUzkaVvA0Fr8r+/FHUvSCnlKOMaUIfTgtoS9AQnaRQ1dVl39Z2KAh +87JYvRIxvbaPaKgar2eGQ+PQD8rqsB5K5wgnADAxYM9Vo0YXSpPH+FvwN3EJgURUSEY2E0Jx8JOx +368ERNLXx3kfnRxCiZRDkTZF9WP6lBnDwc1WXRwpVCDTRnF+SIh6IC1Bj/qpkpCD3nri7tycejoe +AtVj1YZHWarf9iqdcLYOAWmeyGbFl3hjv6qcXnIfy1KyHLCAdIrg1TymLovXXKW09pEbVLdsHmLz +0h+DxPs4FsinK2AQBMn16u8BJJ/+spCzIQ2QNPcGORh6XemBpQIDAQABo0AwPjAdBgNVHREEFjAU +ghJzcHRlc3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFPC8rkASWHQxrtCQ4wwtnsJRy6K5MA0GCSqG +SIb3DQEBCwUAA4IBgQCks2nY7YzdIKV02NHD9STWD3yPtEwPYZZ3NBno0WW20rS6cU+fxFx37nY8 +ULve4cFQkLR8fOO44e1qIuTgLGCauSGTx/Ts/tbmZXbpGTwV7cjZDCfC7yEFAVrfQFOMNKeQEssu +LFj+d4STGLorxsM+2YygdOgohJz0e3xOcmCNHqEuC9RbzrnLc/A4/mOHKwnwCCg71zA1/Ew9NUoR +m2n8IfaONIUaMg9opNiHxX4eu3UFaaPmn/mInuWYYMXzbIbdlU/XhKvXrujWYWj7anTDWvGQmNEe +csQH92SrO0pf+9WwcWUQTQiWUdq8/OxjXfzs1PrQnSlp0eizgcdKHDKbCUaSuK1i2wdxfEsu5sbZ +AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq+mjnyQSNe3s2 +4VNeGc76jbHIrkEWuA460QGqz1Fa2CsQo5SH1IkxNIKpBZWt+w2LdAza/NzYyDruY5IJCrZa9Qw= @@ -66,15 +64,8 @@ Yk3TBVs1BjPuNDJWHct8Eo68YP2/ZvzqfVM87Q== - - - - - - - - - + + diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml new file mode 100644 index 0000000..9a5a139 --- /dev/null +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml @@ -0,0 +1,272 @@ + + + + Default Security Policy + + + + internalLoginForm + Internal username/password authentication, default user password, login form + + + internalBasic + Internal username/password authentication, using HTTP basic auth + + + mySamlSso + My internal enterprise SAML-based SSO system. + + 10000 + 5000 + + + midpointdemo-shibboleth + true + true + true + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + sp-signing-key-1 + + -----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEA0nU4LpCXi17b/s8CsGS4z8QXU1xAgu/tslp5wkMZgFWhaAvR +rYpDRcwRK6yCRWZWOP+Nxu2/AiJcj/oES7zXk4Xp5JkjDFZ1AGl4putZNu3TsaIa +B1ehei3qgyzlr1he5Yu3ylNesVUybBdT5l9Ym25Tw4iCb16wAQhAEe8NU4m10p0E +xYkVrmdTORpW8DQWvyv78UdS9IKeUo4xpQh9OC2hL0BCdpFDV1WXf1nYoCHzsli9 +EjG9to9oqBqvZ4ZD49APyuqwHkrnCCcAMDFgz1WjRhdKk8f4W/A3cQmBRFRIRjYT +QnHwk7HfrwRE0tfHeR+dHEKJlEORNkX1Y/qUGcPBzVZdHClUINNGcX5IiHogLUGP ++qmSkIPeeuLu3Jx6Oh4C1WPVhkdZqt/2Kp1wtg4BaZ7IZsWXeGO/qpxech/LUrIc +sIB0iuDVPKYui9dcpbT2kRtUt2weYvPSH4PE+zgWyKcrYBAEyfXq7wEkn/6ykLMh +DZA09wY5GHpd6YGlAgMBAAECggGBAJJgcRkB/EU1TvHk7UveYiQvkMGr8jqfwcVA +5FrW7I+z/zUss0NuXOfYzUCBFYJLcUDnjaaEiUtktth03jQHPjEe/NTAJf5Yy7vj +n8UI/94SgCCWTGA69NbTxL5DpeTVI/unt8cDQWM5jH5doz8hpbFFhQEEmyP2yZeO +M3HFwJEPwOShzUXO2MOanemjhkA/GmsQnoTsRKhHiPKGb8UHKIDAS9FfclqhIiNG +Jr6usNp/gs3Spn5XFko5aGMzXDg2yxH9vvP3wWYR00tBiwiKkKSvrWcbeCu+wytq +di/XWLhyu77Vp9Y9GCMD6g/kFVbbk3ewTjpmpD49hOxF6vxrxcPIAf4ES6C7iUqu +b74T60lbialncQ7sUrrRoCKDd5kMXdgI7gV76sGGmd1Bh2ZQWAEMeSAogBo8b/9c +5iqfvTiR4Hv2tXumfI4EHKUuzljYVHY+qn7PiIlihGjDOw/HY+J3KAKwaRO/wc5V +bid++3Kkcd+WpTHCpWsEFhdWKkg6wQKBwQD0oqQi8+LK91No5bl3oZ7WLCnr1nAb +RZBHePQMubmU7v2sHiliKM4w7e09y5o2IvkBqbdvDHTZqaKH2Dpqbfpa3NB1q7/l +AfZP6hcX8IGSml2tZ5v1S3yu+y+CAfCPXaY7w4u9uF4PySdY7BjNd/oxhH00E5eB +4tJWcDMnVDvjuKFgeJBvaoRfAvskHNdgghR/g2vLsHMDPswicEZt6jCnHon4RBgL +hSeN9Eae3LqpSWH0GeKVYUccD+r57HCws/kCgcEA3DweWwo3IvxzHtFdfR8T6yod +IRjyyEQjwGpE/DM/DdpVQLVg1xS+anh7JJenH/EUC363FIi/o0Lw+VVfCOwZKJQr +9BmU/6t+iP2dUCpUAtTtCBhv4TasLT0vOWDOsgvOGCCsdKzejtN/52HLJUb9favj +DYkfbGRHjenEnFHOmlCDYVo80OJm/GfRK4Lia6tLAqAFVPrf8kaP2Af3dsXTfVy3 +vtnILDOrNE4h6OL9knhRynsAcPkS6cq0oWOgjs4NAoHBANBBcLdspYIhoHkpL4Vf +KierOxjQ2WjuBFBD8IawyQK3nW4b0yEEGdvfgFpd7G7vwMkgoM7BbOwrE/jPI5Od +Aka9uhyiVF7xF62aW4R+st+J1/uZu1PLql4P6bakThTOJYi1BE5DGJgZpwx1GPw5 +id0Dq85ca1sgK+134KQ3ejB26bKFkHe41u1HTWLFxrgapLaUu3yQPqjhmcgrillh +x39NaSjXVxzfgve+nyv4PlOE7AVwz8pZIL8L8f5GwPw8iQKBwEMVwP1kWDU9Bugd +SEgDvnKEyoi5a8LbFrTW6hqUlaFnn05tsYjylaoi9wfHdi4BpmR1/diwaweVLYgV +nDRAjs1QjS721+8lUw7xigjQS/Ts3SL5JqNInxvMpmTo+y068VViJoYH3mdNP4nA +vTumqzKruCb4XO0MgstUqQIg3TkeS1bNQPcz78D08r85SDUZ4Wh0TAt9u9e17L0W +eCfizLBEHOhyuEnWl1EAd83Tzv/dzLRL0W+YP02d5HXAvjihxQKBwDvUd8umY1DP +E/P+F3MkQ/evFeLGSL1UH6Umh/Ohjk6xAmaeUqkllE6gFkyVktMiHLQDC+tJ1hfj +j0VJa6tMpNr3jfUXunln8qMkDhXfdlPm8Yd0BLnuSxjsKaqz1f9XCUhXb/PHkvhf +Ku4v3Q++uU4qOpCYys1zzdxSagLzQZQJ2juAKW7s6G9uUJJptDVUB2qfkyRiTL19 +r1V/QoxOoWlVqtZSTGpJKEDniJcouYg47faw5SMA2HhlpOChYLCjOw== +-----END RSA PRIVATE KEY----- + + + password + + + -----BEGIN CERTIFICATE----- +MIID/TCCAmWgAwIBAgIJAJZqOL69C6nRMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV +BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4NDhaFw0yODEyMTcy +MjM4NDhaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBANJ1OC6Ql4te2/7PArBkuM/EF1NcQILv7bJa +ecJDGYBVoWgL0a2KQ0XMESusgkVmVjj/jcbtvwIiXI/6BEu815OF6eSZIwxWdQBp +eKbrWTbt07GiGgdXoXot6oMs5a9YXuWLt8pTXrFVMmwXU+ZfWJtuU8OIgm9esAEI +QBHvDVOJtdKdBMWJFa5nUzkaVvA0Fr8r+/FHUvSCnlKOMaUIfTgtoS9AQnaRQ1dV +l39Z2KAh87JYvRIxvbaPaKgar2eGQ+PQD8rqsB5K5wgnADAxYM9Vo0YXSpPH+Fvw +N3EJgURUSEY2E0Jx8JOx368ERNLXx3kfnRxCiZRDkTZF9WP6lBnDwc1WXRwpVCDT +RnF+SIh6IC1Bj/qpkpCD3nri7tycejoeAtVj1YZHWarf9iqdcLYOAWmeyGbFl3hj +v6qcXnIfy1KyHLCAdIrg1TymLovXXKW09pEbVLdsHmLz0h+DxPs4FsinK2AQBMn1 +6u8BJJ/+spCzIQ2QNPcGORh6XemBpQIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl +c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFPC8rkASWHQxrtCQ4wwtnsJRy6K5MA0G +CSqGSIb3DQEBCwUAA4IBgQCks2nY7YzdIKV02NHD9STWD3yPtEwPYZZ3NBno0WW2 +0rS6cU+fxFx37nY8ULve4cFQkLR8fOO44e1qIuTgLGCauSGTx/Ts/tbmZXbpGTwV +7cjZDCfC7yEFAVrfQFOMNKeQEssuLFj+d4STGLorxsM+2YygdOgohJz0e3xOcmCN +HqEuC9RbzrnLc/A4/mOHKwnwCCg71zA1/Ew9NUoRm2n8IfaONIUaMg9opNiHxX4e +u3UFaaPmn/mInuWYYMXzbIbdlU/XhKvXrujWYWj7anTDWvGQmNEecsQH92SrO0pf ++9WwcWUQTQiWUdq8/OxjXfzs1PrQnSlp0eizgcdKHDKbCUaSuK1i2wdxfEsu5sbZ +AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq ++mjnyQSNe3s24VNeGc76jbHIrkEWuA460QGqz1Fa2CsQo5SH1IkxNIKpBZWt+w2L +dAza/NzYyDruY5IJCrZa9Qw= +-----END CERTIFICATE----- + + + + sp-encrypt-key-1 + + -----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEA6OY9IHNGyNs8EEDqNhVb5C2xgzl+8i40SsZUNG8ofIJM1uZ0 +VnfuoSX9/Cyt0XiGfhXt8BnqNbpHVowYWXW9DInbz0HyXkc4+N8a4HaAv0jG6U6a +uRhU3yd+COVsU02S0xAnw2mtgTKXejvzrEILHHcCIDkyB2/jTQvq+WYR80cjCw4c +BRM1HILAxL0/qMEnkgjEPQx5/7ehSMC9Ww9m7bgQmfNNRqxmcjQXxoL9jNVvE5sE +1zKa0DYil5z+At7UHT14NlR25c8v9qzntBa+AmtaPxsIr4t2PQ8w9K9bOvgGc3nx +3FpiAKBEfu2eFm50+8KMFqRDOTGj+eOxEgq2beU31SZRiJduX55u7QNJAVRoV87a +E45RM0Cv9C4L4ZAv5TtUB3JtNs/4pwfkts1RKpiTFLCFsXPlrKajkqmmdgH0rmLJ +JFa8YiGfBcc2/nIWuZRt63YE8mUzO/s1p49pnvrKmhvM2OM0FuBo0QKxDVkP197Z +DxQF7SbaBA/li7HlAgMBAAECggGATN3ggttJG3WwJzUll+AIyhCCq+rICSpSu/Ml +S4D8fcuLjMnWz8sZiTo+z4H3hFEhInAebcY/1Ke8b8YhKzV+xaqiT49WbONY3FrW +RgsWhwuACvSUgE6VhGlGYa1GyV+q+9ozJX21dBS8he1PiSTrAeQNYZE+/9Ff1cf/ +L30Oo5pw6G8ptEsYlmZZNRW48vt9EeeuzO9XPJzgsGBcnrdAo2jCoez5LkAsN7kV +t8D36glvdasON/BNxDZ5yExaUZw1CImSFyUo90qnMf1u0OsXovsveVOLZLE9/0kO +4VV6fgYX8o13Sv5NLzc8WX1pPZwg/Iex3okLizxDc65TsLlrSPoCwyHRaZV1Cfv6 +Yit6JHbLXRyXFnDVHpVvMq+yUqb9SGtijIByNheFFXE2C2a3r88XeWtHKbxVu75r +3cNrxawm+SbFbJqgbuTi3mlRgyGyANki3yaqtdn4tq8ZNvFbcF14Ggk7bUjPvFWO +3ZU/5jwql90sdnjOxD7ekVR7q4uBAoHBAPt6ulYbetGFzWsO5uARSEp7VZuGdoBh +TbMC5a4D0RzmnGkFTCoaardx5jSgE9TA/2uQutB5FIzAfeZtpxOJNSGnXvBM1D1w +9RbxWxPf/onzcdjqwvKSqxJkYk5gmKHpeObqF7JLDRicp37kadk6QFUma12iGxim +YjCWb9EGQIpVQbq2Z2cldIykGJEhTBTretDwySRKmcxtNXbwycbCGEFEbYzbHDtE +dp3JaC15u6rtf33D+wgGsFoBWMnq9lhHVQKBwQDtFgIcQrxaHr9+PFn995UIvXOs +O1jf1hJITTieaeDyrCaYUmW7dm4wrUXUZr2oUl3ohqwz7msaFmkKnF6a3Lt53RWA +XCtsWaSJf5n9MK9UExBwpEV838UYwjJsvsk3ik+C9fMSoIOqSZ/sAt4cLL9gUD5K +fjTyYQ9m5lVFqK6l6uX4gVdm+5U4NKtRx12LcZNtm8O8bbLRRDRk6mttisA+Vnep +4/Q2pi8yoVITnXCe8hlbvbHu2HBhoaYOe5rooFECgcEA+X3h/emXaOVBTfRj02rx ++Irx/LFjQazHhFDcg07gGLcl9/88eAzrUQIcLJuf8RRkk1fsL0XgwF98yK6C8pvO +bYv6YZcnfaliTpe3DznL8xrmGRmXvUcLl9yltzKYWxIhU55tUgKphIBuoDKGXPAw +wQmzvRpFnaf8hE3Ls2lrgJJi+pVacvey8JEgmmOZcqvIliA8vdeRTEIQp+btmFYZ +8C6uLO94y8f5kkMuKue56zNip+hWVbklHrZ1WyXTrvNdAoHATQs22loxfRO65NnV +4LsA+lseaNzMT8jwHgDCInCDwjiBPkSgfJ/KxRS5uYE9pqJFlBeXhDS5JzwbHHCe +KbMLVVmr8A+DqO0kk+4ca3PTtf2P/RrU3fSVxyrsWfxRxTO0DPnB6M6ymrbcOkTg +SsWb1z+cTnbe29kAuU6mbUGYp6BC5VOaxIODBUXQWn3v/y2EXD0fCW+YiXqhkB3B +lVJekKNmtZW3Ob8dXVWhJ3ClNXG1HePyG4zIUGHIZbJzL59RAoHBAMcE/1Ly8IWH +hSulB0cCf89XihgAvEdgfbZZoHXWcU/d6m1auJWVysN6LKnYvqYFr75oPWiva/3T +tRPd0tdZrJ6EyPlvcU6/sucvXTf4ceXXkDFCvt8KC6IOi7BoihNiGpgjUARZIHeF +b4V4BvtqUz2CfZ8rhAPp2vrXxOm0mn6CfCkE9a5kRUGEW6AWP8carbJejYfOCSu5 +AsNuzTXYbLMrooqX2vDSzOJvsngOp/6M/MSpeTysDq75Ngx/hcGgIA== +-----END RSA PRIVATE KEY----- + + + password + + + -----BEGIN CERTIFICATE----- +MIID/TCCAmWgAwIBAgIJAINng1bI63LGMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV +BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4MDJaFw0yODEyMTcy +MjM4MDJaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBAOjmPSBzRsjbPBBA6jYVW+QtsYM5fvIuNErG +VDRvKHyCTNbmdFZ37qEl/fwsrdF4hn4V7fAZ6jW6R1aMGFl1vQyJ289B8l5HOPjf +GuB2gL9IxulOmrkYVN8nfgjlbFNNktMQJ8NprYEyl3o786xCCxx3AiA5Mgdv400L +6vlmEfNHIwsOHAUTNRyCwMS9P6jBJ5IIxD0Mef+3oUjAvVsPZu24EJnzTUasZnI0 +F8aC/YzVbxObBNcymtA2Ipec/gLe1B09eDZUduXPL/as57QWvgJrWj8bCK+Ldj0P +MPSvWzr4BnN58dxaYgCgRH7tnhZudPvCjBakQzkxo/njsRIKtm3lN9UmUYiXbl+e +bu0DSQFUaFfO2hOOUTNAr/QuC+GQL+U7VAdybTbP+KcH5LbNUSqYkxSwhbFz5aym +o5KppnYB9K5iySRWvGIhnwXHNv5yFrmUbet2BPJlMzv7NaePaZ76ypobzNjjNBbg +aNECsQ1ZD9fe2Q8UBe0m2gQP5Yux5QIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl +c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFGcLIl5kg+GFIh9HXeZyLzsv5e7qMA0G +CSqGSIb3DQEBCwUAA4IBgQAf8/iZXUWtWGMBw2OfonDDWbuhgLnNWddpllcVx7v/ +Yu75+wgfIdNXg6XM4WkGkpbhlkpDLRt2c6rMQpxrQtq/5G3OKEXKyjUOl5pZsYkG +asVENYPSCfuu3rlK85XaW3H1SSJqSax/UKcYXyB1TIW6mNy3OxuvHak6y4LzFnug +CO7p/W2jvffwmxfqjbO7wQfXUQz3SZS04sHMqQoStOwy2N5xxQ3uTF34EoXBto+n +XIEOptKPhV2NkEzj+UUIi1588dck8T0SstbSElbTnJ4sNZFriX6JOPFNW08fezot +izerOHuAFpFQvtugWoZT87YYaFwG+Zr5QNa4fNOcAL+FHvbOfEqIGs+H6GSf0dZV +lkcJyzWZvuK/4RGqWbLvfAYRm0PAGTQSLdO8QJSYWdJtJvZFEMgddQ2HoIzeO5wo +B42FKDSHottI9avilApQBdRCtust8XRPtEAzDB/t/1jbO7u2tkzgY3614mX5xgut +Ileaae5eVCjw4uYbkh+Mt5M= +-----END CERTIFICATE----- + + encryption + + + + https://idptestbed/idp/shibboleth + idp-shibboleth + + /etc/shibboleth/idp-metadata.xml + + true + Shibboleth + urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST + uid + + + + + + admin-gui-default + + Default GUI authentication sequence. + + + http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user + true + gui-default + + + internalLoginForm + 30 + sufficient + + + + admin-gui-emergency + + Special GUI authentication sequence that is using just the internal user password. + + + http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user + false + emergency + + + + + internalLoginForm + 30 + sufficient + + + + rest + + Authentication sequence for REST service. + + + http://midpoint.evolveum.com/xml/ns/public/model/channels-3#rest + true + rest-default + + + internalBasic + 10 + sufficient + + + + actuator + + Authentication sequence for actuator. + + + http://midpoint.evolveum.com/xml/ns/public/model/channels-3#actuator + true + actuator-default + + + internalBasic + 10 + sufficient + + + + + + 0 + 3 + PT3M + PT15M + + + + + + + diff --git a/demo/shibboleth/.env b/demo/shibboleth/.env index f41f626..9f71d51 100644 --- a/demo/shibboleth/.env +++ b/demo/shibboleth/.env @@ -1,5 +1,4 @@ # These parameters can be overridden by setting environment variables before calling docker-compose up -AUTHENTICATION=shibboleth ENV=demo USERTOKEN= REPO_DATABASE_TYPE=mariadb diff --git a/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml b/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml index 65db47e..28ae7d1 100644 --- a/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml +++ b/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml @@ -101,8 +101,12 @@ p+tGUbGS2l873J5PrsbpeKEVR/IIoKo= - urn:mace:shibboleth:1.0:nameIdentifier + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + urn:mace:shibboleth:1.0:nameIdentifier diff --git a/demo/shibboleth/docker-compose-tests.yml b/demo/shibboleth/docker-compose-tests.yml index 1a5b9d9..b6e2860 100644 --- a/demo/shibboleth/docker-compose-tests.yml +++ b/demo/shibboleth/docker-compose-tests.yml @@ -18,11 +18,10 @@ services: - CREATE_NEW_DATABASE=if_needed midpoint_server: - image: tier/midpoint:latest + build: ./midpoint_server/ ports: - 8443:443 environment: - - AUTHENTICATION - ENV - USERTOKEN - REPO_DATABASE_TYPE @@ -45,8 +44,6 @@ services: secrets: - mp_database_password.txt - mp_keystore_password.txt - - mp_sp-encrypt-key.pem - - mp_sp-signing-key.pem - mp_host-key.pem volumes: - midpoint_home:/opt/midpoint/var @@ -56,18 +53,9 @@ services: - type: bind source: ./configs-and-secrets/midpoint/httpd/host-cert.pem target: /etc/pki/tls/certs/cachain.pem - - type: bind - source: ./configs-and-secrets/midpoint/shibboleth/shibboleth2.xml - target: /etc/shibboleth/shibboleth2.xml - type: bind source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml target: /etc/shibboleth/idp-metadata.xml - - type: bind - source: ./configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem - target: /etc/shibboleth/sp-signing-cert.pem - - type: bind - source: ./configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem - target: /etc/shibboleth/sp-encrypt-cert.pem directory: build: ./directory/ @@ -98,10 +86,6 @@ networks: secrets: mp_host-key.pem: file: ./configs-and-secrets/midpoint/httpd/host-key.pem - mp_sp-signing-key.pem: - file: ./configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem - mp_sp-encrypt-key.pem: - file: ./configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem mp_database_password.txt: file: ./configs-and-secrets/midpoint/application/database_password.txt mp_keystore_password.txt: diff --git a/demo/shibboleth/docker-compose.yml b/demo/shibboleth/docker-compose.yml index 5425490..9caf8b2 100644 --- a/demo/shibboleth/docker-compose.yml +++ b/demo/shibboleth/docker-compose.yml @@ -15,11 +15,10 @@ services: - CREATE_NEW_DATABASE=if_needed midpoint_server: - image: tier/midpoint:latest + build: ./midpoint_server/ ports: - 8443:443 environment: - - AUTHENTICATION - ENV - USERTOKEN - REPO_DATABASE_TYPE @@ -42,8 +41,6 @@ services: secrets: - mp_database_password.txt - mp_keystore_password.txt - - mp_sp-encrypt-key.pem - - mp_sp-signing-key.pem - mp_host-key.pem volumes: - midpoint_home:/opt/midpoint/var @@ -53,18 +50,9 @@ services: - type: bind source: ./configs-and-secrets/midpoint/httpd/host-cert.pem target: /etc/pki/tls/certs/cachain.pem - - type: bind - source: ./configs-and-secrets/midpoint/shibboleth/shibboleth2.xml - target: /etc/shibboleth/shibboleth2.xml - type: bind source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml target: /etc/shibboleth/idp-metadata.xml - - type: bind - source: ./configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem - target: /etc/shibboleth/sp-signing-cert.pem - - type: bind - source: ./configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem - target: /etc/shibboleth/sp-encrypt-cert.pem directory: build: ./directory/ @@ -95,10 +83,6 @@ networks: secrets: mp_host-key.pem: file: ./configs-and-secrets/midpoint/httpd/host-key.pem - mp_sp-signing-key.pem: - file: ./configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem - mp_sp-encrypt-key.pem: - file: ./configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem mp_database_password.txt: file: ./configs-and-secrets/midpoint/application/database_password.txt mp_keystore_password.txt: diff --git a/demo/shibboleth/idp/shibboleth-idp/conf/attribute-filter.xml b/demo/shibboleth/idp/shibboleth-idp/conf/attribute-filter.xml index facaa6d..2fcb257 100644 --- a/demo/shibboleth/idp/shibboleth-idp/conf/attribute-filter.xml +++ b/demo/shibboleth/idp/shibboleth-idp/conf/attribute-filter.xml @@ -18,7 +18,7 @@ urn:mace:shibboleth:2.0:afp:mf:saml http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd"> - + diff --git a/demo/shibboleth/idp/shibboleth-idp/conf/idp.properties b/demo/shibboleth/idp/shibboleth-idp/conf/idp.properties index 4396f49..6294a30 100644 --- a/demo/shibboleth/idp/shibboleth-idp/conf/idp.properties +++ b/demo/shibboleth/idp/shibboleth-idp/conf/idp.properties @@ -91,9 +91,9 @@ idp.session.StorageService = shibboleth.StorageService # Tolerate storage-related errors #idp.session.maskStorageFailure = false # Track information about SPs logged into -#idp.session.trackSPSessions = false +idp.session.trackSPSessions = true # Support lookup by SP for SAML logout -#idp.session.secondaryServiceIndex = false +idp.session.secondaryServiceIndex = true # Length of time to track SP sessions #idp.session.defaultSPlifetime = PT2H diff --git a/demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-sp.xml b/demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-sp.xml index 35ea75d..5789ed8 100644 --- a/demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-sp.xml +++ b/demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-sp.xml @@ -2,7 +2,7 @@ This is example metadata only. Do *NOT* supply it as is without review, and do *NOT* provide it in real time to your partners. --> - + @@ -23,7 +23,7 @@ and do *NOT* provide it in real time to your partners. - + @@ -32,29 +32,25 @@ and do *NOT* provide it in real time to your partners. midpoint.sp.example.org - CN=midpoint.sp.example.org,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US - MIID/TCCAmWgAwIBAgIJAINng1bI63LGMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV -BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4MDJaFw0yODEyMTcy -MjM4MDJaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI -hvcNAQEBBQADggGPADCCAYoCggGBAOjmPSBzRsjbPBBA6jYVW+QtsYM5fvIuNErG -VDRvKHyCTNbmdFZ37qEl/fwsrdF4hn4V7fAZ6jW6R1aMGFl1vQyJ289B8l5HOPjf -GuB2gL9IxulOmrkYVN8nfgjlbFNNktMQJ8NprYEyl3o786xCCxx3AiA5Mgdv400L -6vlmEfNHIwsOHAUTNRyCwMS9P6jBJ5IIxD0Mef+3oUjAvVsPZu24EJnzTUasZnI0 -F8aC/YzVbxObBNcymtA2Ipec/gLe1B09eDZUduXPL/as57QWvgJrWj8bCK+Ldj0P -MPSvWzr4BnN58dxaYgCgRH7tnhZudPvCjBakQzkxo/njsRIKtm3lN9UmUYiXbl+e -bu0DSQFUaFfO2hOOUTNAr/QuC+GQL+U7VAdybTbP+KcH5LbNUSqYkxSwhbFz5aym -o5KppnYB9K5iySRWvGIhnwXHNv5yFrmUbet2BPJlMzv7NaePaZ76ypobzNjjNBbg -aNECsQ1ZD9fe2Q8UBe0m2gQP5Yux5QIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl -c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFGcLIl5kg+GFIh9HXeZyLzsv5e7qMA0G -CSqGSIb3DQEBCwUAA4IBgQAf8/iZXUWtWGMBw2OfonDDWbuhgLnNWddpllcVx7v/ -Yu75+wgfIdNXg6XM4WkGkpbhlkpDLRt2c6rMQpxrQtq/5G3OKEXKyjUOl5pZsYkG -asVENYPSCfuu3rlK85XaW3H1SSJqSax/UKcYXyB1TIW6mNy3OxuvHak6y4LzFnug -CO7p/W2jvffwmxfqjbO7wQfXUQz3SZS04sHMqQoStOwy2N5xxQ3uTF34EoXBto+n -XIEOptKPhV2NkEzj+UUIi1588dck8T0SstbSElbTnJ4sNZFriX6JOPFNW08fezot -izerOHuAFpFQvtugWoZT87YYaFwG+Zr5QNa4fNOcAL+FHvbOfEqIGs+H6GSf0dZV -lkcJyzWZvuK/4RGqWbLvfAYRm0PAGTQSLdO8QJSYWdJtJvZFEMgddQ2HoIzeO5wo -B42FKDSHottI9avilApQBdRCtust8XRPtEAzDB/t/1jbO7u2tkzgY3614mX5xgut -Ileaae5eVCjw4uYbkh+Mt5M= + CN=sptest.example.edu,O=Internet2/TIER,L=Ann Arbor,ST=MI,C=US + MIID/TCCAmWgAwIBAgIJAJZqOL69C6nRMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNVBAMTEnNwdGVz +dC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4NDhaFw0yODEyMTcyMjM4NDhaMB0xGzAZBgNVBAMT +EnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANJ1OC6Q +l4te2/7PArBkuM/EF1NcQILv7bJaecJDGYBVoWgL0a2KQ0XMESusgkVmVjj/jcbtvwIiXI/6BEu8 +15OF6eSZIwxWdQBpeKbrWTbt07GiGgdXoXot6oMs5a9YXuWLt8pTXrFVMmwXU+ZfWJtuU8OIgm9e +sAEIQBHvDVOJtdKdBMWJFa5nUzkaVvA0Fr8r+/FHUvSCnlKOMaUIfTgtoS9AQnaRQ1dVl39Z2KAh +87JYvRIxvbaPaKgar2eGQ+PQD8rqsB5K5wgnADAxYM9Vo0YXSpPH+FvwN3EJgURUSEY2E0Jx8JOx +368ERNLXx3kfnRxCiZRDkTZF9WP6lBnDwc1WXRwpVCDTRnF+SIh6IC1Bj/qpkpCD3nri7tycejoe +AtVj1YZHWarf9iqdcLYOAWmeyGbFl3hjv6qcXnIfy1KyHLCAdIrg1TymLovXXKW09pEbVLdsHmLz +0h+DxPs4FsinK2AQBMn16u8BJJ/+spCzIQ2QNPcGORh6XemBpQIDAQABo0AwPjAdBgNVHREEFjAU +ghJzcHRlc3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFPC8rkASWHQxrtCQ4wwtnsJRy6K5MA0GCSqG +SIb3DQEBCwUAA4IBgQCks2nY7YzdIKV02NHD9STWD3yPtEwPYZZ3NBno0WW20rS6cU+fxFx37nY8 +ULve4cFQkLR8fOO44e1qIuTgLGCauSGTx/Ts/tbmZXbpGTwV7cjZDCfC7yEFAVrfQFOMNKeQEssu +LFj+d4STGLorxsM+2YygdOgohJz0e3xOcmCNHqEuC9RbzrnLc/A4/mOHKwnwCCg71zA1/Ew9NUoR +m2n8IfaONIUaMg9opNiHxX4eu3UFaaPmn/mInuWYYMXzbIbdlU/XhKvXrujWYWj7anTDWvGQmNEe +csQH92SrO0pf+9WwcWUQTQiWUdq8/OxjXfzs1PrQnSlp0eizgcdKHDKbCUaSuK1i2wdxfEsu5sbZ +AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq+mjnyQSNe3s2 +4VNeGc76jbHIrkEWuA460QGqz1Fa2CsQo5SH1IkxNIKpBZWt+w2LdAza/NzYyDruY5IJCrZa9Qw= @@ -68,15 +64,8 @@ Ileaae5eVCjw4uYbkh+Mt5M= - - - - - - - - - + + diff --git a/demo/shibboleth/midpoint_server/Dockerfile b/demo/shibboleth/midpoint_server/Dockerfile new file mode 100644 index 0000000..34ce0cd --- /dev/null +++ b/demo/shibboleth/midpoint_server/Dockerfile @@ -0,0 +1,9 @@ +FROM tier/midpoint:latest + +MAINTAINER info@evolveum.com + +ENV MP_DIR /opt/midpoint + +VOLUME ${MP_DIR}/var + +COPY container_files/mp-home/ ${MP_DIR}/var/ diff --git a/demo/shibboleth/midpoint_server/container_files/httpd/host-cert.pem b/demo/shibboleth/midpoint_server/container_files/httpd/host-cert.pem new file mode 100644 index 0000000..9b1021b --- /dev/null +++ b/demo/shibboleth/midpoint_server/container_files/httpd/host-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK +DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v +cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50 +ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7 +a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM +lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH +8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1 +f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B +vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID +AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw +FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f +h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN +BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+ +JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp +GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS +Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g== +-----END CERTIFICATE----- diff --git a/demo/shibboleth/midpoint_server/container_files/httpd/host-key.pem b/demo/shibboleth/midpoint_server/container_files/httpd/host-key.pem new file mode 100644 index 0000000..5746e59 --- /dev/null +++ b/demo/shibboleth/midpoint_server/container_files/httpd/host-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh +cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8 +KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e +xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY +3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas +RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon +IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR +Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ +2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H +NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V +HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s +V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh +yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76 +LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ +VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2 +76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA +LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy +LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW +QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7 +5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04 +JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9 +0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+ +VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H +bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM +4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME +CWYCgOnmiTHcj83UaTqEXtmv +-----END PRIVATE KEY----- diff --git a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml new file mode 100644 index 0000000..29b3e37 --- /dev/null +++ b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml @@ -0,0 +1,272 @@ + + + + Default Security Policy + + + + internalLoginForm + Internal username/password authentication, default user password, login form + + + internalBasic + Internal username/password authentication, using HTTP basic auth + + + mySamlSso + My internal enterprise SAML-based SSO system. + + 10000 + 5000 + + + midpointdemo-shibboleth + true + true + true + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + sp-signing-key-1 + + -----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEA0nU4LpCXi17b/s8CsGS4z8QXU1xAgu/tslp5wkMZgFWhaAvR +rYpDRcwRK6yCRWZWOP+Nxu2/AiJcj/oES7zXk4Xp5JkjDFZ1AGl4putZNu3TsaIa +B1ehei3qgyzlr1he5Yu3ylNesVUybBdT5l9Ym25Tw4iCb16wAQhAEe8NU4m10p0E +xYkVrmdTORpW8DQWvyv78UdS9IKeUo4xpQh9OC2hL0BCdpFDV1WXf1nYoCHzsli9 +EjG9to9oqBqvZ4ZD49APyuqwHkrnCCcAMDFgz1WjRhdKk8f4W/A3cQmBRFRIRjYT +QnHwk7HfrwRE0tfHeR+dHEKJlEORNkX1Y/qUGcPBzVZdHClUINNGcX5IiHogLUGP ++qmSkIPeeuLu3Jx6Oh4C1WPVhkdZqt/2Kp1wtg4BaZ7IZsWXeGO/qpxech/LUrIc +sIB0iuDVPKYui9dcpbT2kRtUt2weYvPSH4PE+zgWyKcrYBAEyfXq7wEkn/6ykLMh +DZA09wY5GHpd6YGlAgMBAAECggGBAJJgcRkB/EU1TvHk7UveYiQvkMGr8jqfwcVA +5FrW7I+z/zUss0NuXOfYzUCBFYJLcUDnjaaEiUtktth03jQHPjEe/NTAJf5Yy7vj +n8UI/94SgCCWTGA69NbTxL5DpeTVI/unt8cDQWM5jH5doz8hpbFFhQEEmyP2yZeO +M3HFwJEPwOShzUXO2MOanemjhkA/GmsQnoTsRKhHiPKGb8UHKIDAS9FfclqhIiNG +Jr6usNp/gs3Spn5XFko5aGMzXDg2yxH9vvP3wWYR00tBiwiKkKSvrWcbeCu+wytq +di/XWLhyu77Vp9Y9GCMD6g/kFVbbk3ewTjpmpD49hOxF6vxrxcPIAf4ES6C7iUqu +b74T60lbialncQ7sUrrRoCKDd5kMXdgI7gV76sGGmd1Bh2ZQWAEMeSAogBo8b/9c +5iqfvTiR4Hv2tXumfI4EHKUuzljYVHY+qn7PiIlihGjDOw/HY+J3KAKwaRO/wc5V +bid++3Kkcd+WpTHCpWsEFhdWKkg6wQKBwQD0oqQi8+LK91No5bl3oZ7WLCnr1nAb +RZBHePQMubmU7v2sHiliKM4w7e09y5o2IvkBqbdvDHTZqaKH2Dpqbfpa3NB1q7/l +AfZP6hcX8IGSml2tZ5v1S3yu+y+CAfCPXaY7w4u9uF4PySdY7BjNd/oxhH00E5eB +4tJWcDMnVDvjuKFgeJBvaoRfAvskHNdgghR/g2vLsHMDPswicEZt6jCnHon4RBgL +hSeN9Eae3LqpSWH0GeKVYUccD+r57HCws/kCgcEA3DweWwo3IvxzHtFdfR8T6yod +IRjyyEQjwGpE/DM/DdpVQLVg1xS+anh7JJenH/EUC363FIi/o0Lw+VVfCOwZKJQr +9BmU/6t+iP2dUCpUAtTtCBhv4TasLT0vOWDOsgvOGCCsdKzejtN/52HLJUb9favj +DYkfbGRHjenEnFHOmlCDYVo80OJm/GfRK4Lia6tLAqAFVPrf8kaP2Af3dsXTfVy3 +vtnILDOrNE4h6OL9knhRynsAcPkS6cq0oWOgjs4NAoHBANBBcLdspYIhoHkpL4Vf +KierOxjQ2WjuBFBD8IawyQK3nW4b0yEEGdvfgFpd7G7vwMkgoM7BbOwrE/jPI5Od +Aka9uhyiVF7xF62aW4R+st+J1/uZu1PLql4P6bakThTOJYi1BE5DGJgZpwx1GPw5 +id0Dq85ca1sgK+134KQ3ejB26bKFkHe41u1HTWLFxrgapLaUu3yQPqjhmcgrillh +x39NaSjXVxzfgve+nyv4PlOE7AVwz8pZIL8L8f5GwPw8iQKBwEMVwP1kWDU9Bugd +SEgDvnKEyoi5a8LbFrTW6hqUlaFnn05tsYjylaoi9wfHdi4BpmR1/diwaweVLYgV +nDRAjs1QjS721+8lUw7xigjQS/Ts3SL5JqNInxvMpmTo+y068VViJoYH3mdNP4nA +vTumqzKruCb4XO0MgstUqQIg3TkeS1bNQPcz78D08r85SDUZ4Wh0TAt9u9e17L0W +eCfizLBEHOhyuEnWl1EAd83Tzv/dzLRL0W+YP02d5HXAvjihxQKBwDvUd8umY1DP +E/P+F3MkQ/evFeLGSL1UH6Umh/Ohjk6xAmaeUqkllE6gFkyVktMiHLQDC+tJ1hfj +j0VJa6tMpNr3jfUXunln8qMkDhXfdlPm8Yd0BLnuSxjsKaqz1f9XCUhXb/PHkvhf +Ku4v3Q++uU4qOpCYys1zzdxSagLzQZQJ2juAKW7s6G9uUJJptDVUB2qfkyRiTL19 +r1V/QoxOoWlVqtZSTGpJKEDniJcouYg47faw5SMA2HhlpOChYLCjOw== +-----END RSA PRIVATE KEY----- + + + password + + + -----BEGIN CERTIFICATE----- +MIID/TCCAmWgAwIBAgIJAJZqOL69C6nRMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV +BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4NDhaFw0yODEyMTcy +MjM4NDhaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBANJ1OC6Ql4te2/7PArBkuM/EF1NcQILv7bJa +ecJDGYBVoWgL0a2KQ0XMESusgkVmVjj/jcbtvwIiXI/6BEu815OF6eSZIwxWdQBp +eKbrWTbt07GiGgdXoXot6oMs5a9YXuWLt8pTXrFVMmwXU+ZfWJtuU8OIgm9esAEI +QBHvDVOJtdKdBMWJFa5nUzkaVvA0Fr8r+/FHUvSCnlKOMaUIfTgtoS9AQnaRQ1dV +l39Z2KAh87JYvRIxvbaPaKgar2eGQ+PQD8rqsB5K5wgnADAxYM9Vo0YXSpPH+Fvw +N3EJgURUSEY2E0Jx8JOx368ERNLXx3kfnRxCiZRDkTZF9WP6lBnDwc1WXRwpVCDT +RnF+SIh6IC1Bj/qpkpCD3nri7tycejoeAtVj1YZHWarf9iqdcLYOAWmeyGbFl3hj +v6qcXnIfy1KyHLCAdIrg1TymLovXXKW09pEbVLdsHmLz0h+DxPs4FsinK2AQBMn1 +6u8BJJ/+spCzIQ2QNPcGORh6XemBpQIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl +c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFPC8rkASWHQxrtCQ4wwtnsJRy6K5MA0G +CSqGSIb3DQEBCwUAA4IBgQCks2nY7YzdIKV02NHD9STWD3yPtEwPYZZ3NBno0WW2 +0rS6cU+fxFx37nY8ULve4cFQkLR8fOO44e1qIuTgLGCauSGTx/Ts/tbmZXbpGTwV +7cjZDCfC7yEFAVrfQFOMNKeQEssuLFj+d4STGLorxsM+2YygdOgohJz0e3xOcmCN +HqEuC9RbzrnLc/A4/mOHKwnwCCg71zA1/Ew9NUoRm2n8IfaONIUaMg9opNiHxX4e +u3UFaaPmn/mInuWYYMXzbIbdlU/XhKvXrujWYWj7anTDWvGQmNEecsQH92SrO0pf ++9WwcWUQTQiWUdq8/OxjXfzs1PrQnSlp0eizgcdKHDKbCUaSuK1i2wdxfEsu5sbZ +AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq ++mjnyQSNe3s24VNeGc76jbHIrkEWuA460QGqz1Fa2CsQo5SH1IkxNIKpBZWt+w2L +dAza/NzYyDruY5IJCrZa9Qw= +-----END CERTIFICATE----- + + + + sp-encrypt-key-1 + + -----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEA6OY9IHNGyNs8EEDqNhVb5C2xgzl+8i40SsZUNG8ofIJM1uZ0 +VnfuoSX9/Cyt0XiGfhXt8BnqNbpHVowYWXW9DInbz0HyXkc4+N8a4HaAv0jG6U6a +uRhU3yd+COVsU02S0xAnw2mtgTKXejvzrEILHHcCIDkyB2/jTQvq+WYR80cjCw4c +BRM1HILAxL0/qMEnkgjEPQx5/7ehSMC9Ww9m7bgQmfNNRqxmcjQXxoL9jNVvE5sE +1zKa0DYil5z+At7UHT14NlR25c8v9qzntBa+AmtaPxsIr4t2PQ8w9K9bOvgGc3nx +3FpiAKBEfu2eFm50+8KMFqRDOTGj+eOxEgq2beU31SZRiJduX55u7QNJAVRoV87a +E45RM0Cv9C4L4ZAv5TtUB3JtNs/4pwfkts1RKpiTFLCFsXPlrKajkqmmdgH0rmLJ +JFa8YiGfBcc2/nIWuZRt63YE8mUzO/s1p49pnvrKmhvM2OM0FuBo0QKxDVkP197Z +DxQF7SbaBA/li7HlAgMBAAECggGATN3ggttJG3WwJzUll+AIyhCCq+rICSpSu/Ml +S4D8fcuLjMnWz8sZiTo+z4H3hFEhInAebcY/1Ke8b8YhKzV+xaqiT49WbONY3FrW +RgsWhwuACvSUgE6VhGlGYa1GyV+q+9ozJX21dBS8he1PiSTrAeQNYZE+/9Ff1cf/ +L30Oo5pw6G8ptEsYlmZZNRW48vt9EeeuzO9XPJzgsGBcnrdAo2jCoez5LkAsN7kV +t8D36glvdasON/BNxDZ5yExaUZw1CImSFyUo90qnMf1u0OsXovsveVOLZLE9/0kO +4VV6fgYX8o13Sv5NLzc8WX1pPZwg/Iex3okLizxDc65TsLlrSPoCwyHRaZV1Cfv6 +Yit6JHbLXRyXFnDVHpVvMq+yUqb9SGtijIByNheFFXE2C2a3r88XeWtHKbxVu75r +3cNrxawm+SbFbJqgbuTi3mlRgyGyANki3yaqtdn4tq8ZNvFbcF14Ggk7bUjPvFWO +3ZU/5jwql90sdnjOxD7ekVR7q4uBAoHBAPt6ulYbetGFzWsO5uARSEp7VZuGdoBh +TbMC5a4D0RzmnGkFTCoaardx5jSgE9TA/2uQutB5FIzAfeZtpxOJNSGnXvBM1D1w +9RbxWxPf/onzcdjqwvKSqxJkYk5gmKHpeObqF7JLDRicp37kadk6QFUma12iGxim +YjCWb9EGQIpVQbq2Z2cldIykGJEhTBTretDwySRKmcxtNXbwycbCGEFEbYzbHDtE +dp3JaC15u6rtf33D+wgGsFoBWMnq9lhHVQKBwQDtFgIcQrxaHr9+PFn995UIvXOs +O1jf1hJITTieaeDyrCaYUmW7dm4wrUXUZr2oUl3ohqwz7msaFmkKnF6a3Lt53RWA +XCtsWaSJf5n9MK9UExBwpEV838UYwjJsvsk3ik+C9fMSoIOqSZ/sAt4cLL9gUD5K +fjTyYQ9m5lVFqK6l6uX4gVdm+5U4NKtRx12LcZNtm8O8bbLRRDRk6mttisA+Vnep +4/Q2pi8yoVITnXCe8hlbvbHu2HBhoaYOe5rooFECgcEA+X3h/emXaOVBTfRj02rx ++Irx/LFjQazHhFDcg07gGLcl9/88eAzrUQIcLJuf8RRkk1fsL0XgwF98yK6C8pvO +bYv6YZcnfaliTpe3DznL8xrmGRmXvUcLl9yltzKYWxIhU55tUgKphIBuoDKGXPAw +wQmzvRpFnaf8hE3Ls2lrgJJi+pVacvey8JEgmmOZcqvIliA8vdeRTEIQp+btmFYZ +8C6uLO94y8f5kkMuKue56zNip+hWVbklHrZ1WyXTrvNdAoHATQs22loxfRO65NnV +4LsA+lseaNzMT8jwHgDCInCDwjiBPkSgfJ/KxRS5uYE9pqJFlBeXhDS5JzwbHHCe +KbMLVVmr8A+DqO0kk+4ca3PTtf2P/RrU3fSVxyrsWfxRxTO0DPnB6M6ymrbcOkTg +SsWb1z+cTnbe29kAuU6mbUGYp6BC5VOaxIODBUXQWn3v/y2EXD0fCW+YiXqhkB3B +lVJekKNmtZW3Ob8dXVWhJ3ClNXG1HePyG4zIUGHIZbJzL59RAoHBAMcE/1Ly8IWH +hSulB0cCf89XihgAvEdgfbZZoHXWcU/d6m1auJWVysN6LKnYvqYFr75oPWiva/3T +tRPd0tdZrJ6EyPlvcU6/sucvXTf4ceXXkDFCvt8KC6IOi7BoihNiGpgjUARZIHeF +b4V4BvtqUz2CfZ8rhAPp2vrXxOm0mn6CfCkE9a5kRUGEW6AWP8carbJejYfOCSu5 +AsNuzTXYbLMrooqX2vDSzOJvsngOp/6M/MSpeTysDq75Ngx/hcGgIA== +-----END RSA PRIVATE KEY----- + + + password + + + -----BEGIN CERTIFICATE----- +MIID/TCCAmWgAwIBAgIJAINng1bI63LGMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV +BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4MDJaFw0yODEyMTcy +MjM4MDJaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBAOjmPSBzRsjbPBBA6jYVW+QtsYM5fvIuNErG +VDRvKHyCTNbmdFZ37qEl/fwsrdF4hn4V7fAZ6jW6R1aMGFl1vQyJ289B8l5HOPjf +GuB2gL9IxulOmrkYVN8nfgjlbFNNktMQJ8NprYEyl3o786xCCxx3AiA5Mgdv400L +6vlmEfNHIwsOHAUTNRyCwMS9P6jBJ5IIxD0Mef+3oUjAvVsPZu24EJnzTUasZnI0 +F8aC/YzVbxObBNcymtA2Ipec/gLe1B09eDZUduXPL/as57QWvgJrWj8bCK+Ldj0P +MPSvWzr4BnN58dxaYgCgRH7tnhZudPvCjBakQzkxo/njsRIKtm3lN9UmUYiXbl+e +bu0DSQFUaFfO2hOOUTNAr/QuC+GQL+U7VAdybTbP+KcH5LbNUSqYkxSwhbFz5aym +o5KppnYB9K5iySRWvGIhnwXHNv5yFrmUbet2BPJlMzv7NaePaZ76ypobzNjjNBbg +aNECsQ1ZD9fe2Q8UBe0m2gQP5Yux5QIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl +c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFGcLIl5kg+GFIh9HXeZyLzsv5e7qMA0G +CSqGSIb3DQEBCwUAA4IBgQAf8/iZXUWtWGMBw2OfonDDWbuhgLnNWddpllcVx7v/ +Yu75+wgfIdNXg6XM4WkGkpbhlkpDLRt2c6rMQpxrQtq/5G3OKEXKyjUOl5pZsYkG +asVENYPSCfuu3rlK85XaW3H1SSJqSax/UKcYXyB1TIW6mNy3OxuvHak6y4LzFnug +CO7p/W2jvffwmxfqjbO7wQfXUQz3SZS04sHMqQoStOwy2N5xxQ3uTF34EoXBto+n +XIEOptKPhV2NkEzj+UUIi1588dck8T0SstbSElbTnJ4sNZFriX6JOPFNW08fezot +izerOHuAFpFQvtugWoZT87YYaFwG+Zr5QNa4fNOcAL+FHvbOfEqIGs+H6GSf0dZV +lkcJyzWZvuK/4RGqWbLvfAYRm0PAGTQSLdO8QJSYWdJtJvZFEMgddQ2HoIzeO5wo +B42FKDSHottI9avilApQBdRCtust8XRPtEAzDB/t/1jbO7u2tkzgY3614mX5xgut +Ileaae5eVCjw4uYbkh+Mt5M= +-----END CERTIFICATE----- + + encryption + + + + https://idptestbed/idp/shibboleth + idp-shibboleth + + /etc/shibboleth/idp-metadata.xml + + true + Shibboleth + urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST + uid + + + + + + admin-gui-default + + Default GUI authentication sequence. + + + http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user + true + gui-default + + + mySamlSso + 30 + sufficient + + + + admin-gui-emergency + + Special GUI authentication sequence that is using just the internal user password. + + + http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user + false + emergency + + + + + internalLoginForm + 30 + sufficient + + + + rest + + Authentication sequence for REST service. + + + http://midpoint.evolveum.com/xml/ns/public/model/channels-3#rest + true + rest-default + + + internalBasic + 10 + sufficient + + + + actuator + + Authentication sequence for actuator. + + + http://midpoint.evolveum.com/xml/ns/public/model/channels-3#actuator + true + actuator-default + + + internalBasic + 10 + sufficient + + + + + + 0 + 3 + PT3M + PT15M + + + + + + + diff --git a/demo/shibboleth/tests/main.bats b/demo/shibboleth/tests/main.bats index 4ca3a5d..06a01da 100755 --- a/demo/shibboleth/tests/main.bats +++ b/demo/shibboleth/tests/main.bats @@ -30,28 +30,31 @@ load ../../../library check_health_shibboleth_idp } -@test "040 Check Shibboleth redirection (/midpoint)" { - curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint | grep 'https:\/\/localhost\/idp\/profile\/SAML2\/Redirect' -} - -@test "041 Check Shibboleth redirection (/midpoint/)" { - curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/ | grep 'https:\/\/localhost\/idp\/profile\/SAML2\/Redirect' -} - -@test "042 Check Shibboleth redirection (/midpoint/login)" { - curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/login | grep 'https:\/\/localhost\/idp\/profile\/SAML2\/Redirect' -} - -@test "043 Check Shibboleth redirection (/midpoint/something)" { - curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/something | grep 'https:\/\/localhost\/idp\/profile\/SAML2\/Redirect' -} - -@test "044 Check SOAP without Shibboleth redirection (/midpoint/ws/)" { +@test "040 Check Shibboleth redirection (/midpoint/self/dashboard)" { + curl -k --write-out %{redirect_url} --silen --output /dev/null https://localhost:8443/midpoint/self/dashboard | grep 'https:\/\/localhost:8443\/midpoint\/auth\/gui-default\/mySamlSso\/discovery?idp=https%3A%2F%2Fidptestbed%2Fidp%2Fshibboleth' +} + +@test "041 Check Shibboleth redirection action (midpoint/..../discovery?...)" { + TMPFILE=$(mktemp /tmp/samlForm.XXXXXX) + curl -k https://localhost:8443/midpoint/auth/gui-default/mySamlSso/discovery?idp=https://idptestbed/idp/shibboleth >$TMPFILE || (rm $TMPFILE ; return 1) + if (grep -q " Date: Mon, 3 Feb 2020 21:22:54 +0100 Subject: [PATCH 2/3] modifying of DockerFile --- Dockerfile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index c9ea017..8044503 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,8 +36,7 @@ RUN chmod 755 /opt/tier/setenv.sh \ && chmod 755 /usr/local/bin/healthcheck.sh RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \ - && mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.auth.shibboleth \ - && touch /etc/httpd/conf.d/shib.conf.auth.internal \ + && rm /etc/httpd/conf.d/shib.conf \ && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \ && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \ && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \ @@ -83,11 +82,8 @@ ENV USERTOKEN "" # Authentication/web -ENV AUTHENTICATION internal -ENV SSO_HEADER uid ENV AJP_ENABLED true ENV AJP_PORT 9090 -ENV LOGOUT_URL https://localhost:8443/Shibboleth.sso/Logout # Other parameters From 284f4229b4372656902fa0f274bd28206c0f2a04 Mon Sep 17 00:00:00 2001 From: slavek Date: Mon, 2 Mar 2020 15:42:10 +0100 Subject: [PATCH 3/3] Add superuser role to banderson user (#3) User banderson is used in the shibboleth authentication demo. For that, he needs to have a role in midPoint to be able to access the midPoint GUI. Superuser role was chosen because the shibboleth authentication replaces the internal authentication with default administrator account. --- .../mp-home/post-initial-objects/users/user-banderson.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/users/user-banderson.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/users/user-banderson.xml index 10197ea..eb6dd26 100644 --- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/users/user-banderson.xml +++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/users/user-banderson.xml @@ -15,6 +15,11 @@ + + + + + Bob Anderson Bob Anderson