Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
shib-idp-standalone/README.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
90 lines (48 sloc)
2.51 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Supported tags and respective `Dockerfile` links | |
| _TBD_ | |
| # What is Shibboleth IdP? | |
| Shibboleth is among the world's most widely deployed federated identity solutions, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source. | |
| Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. | |
| # How to use this image | |
| Since no two users of Shibboleth IdP are likely to configure it exactly alike, this image does not come with any default configuration. | |
| ## Acquire Oracle Java | |
| You should visit a page similar to [this one](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html) at Oracle to download the Oracle JDK. | |
| Select *the Linux x64 RPM* and agree to the Oracle Binary Code License Agreement. | |
| ## Acquire JCE | |
| You should visit a page similar to [this one](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) at Oracle to download the Oracle Java Crypography Extension policy files. | |
| ## Create a `Dockerfile` | |
| ```dockerfile | |
| FROM tier/shibboleth_idp:3.3 | |
| COPY jdk-8u121-linux-x64.rpm /tmp/oracle_jdk.rpm | |
| COPY jce_policy-8.zip /tmp/$oracle_jce_zip | |
| ``` | |
| Common additional sample configurations may include: | |
| ```dockerfile | |
| COPY server.xml /usr/local/tomcat/conf/ | |
| COPY krb5.conf /etc/ | |
| ``` | |
| ## Build the container | |
| ```console | |
| $ docker build -t my-shibboleth-idp . | |
| ``` | |
| ## Test the configuration file | |
| _CAN THIS BE DONE? [jvf]_ | |
| ```console | |
| $ docker run -it --rm --name shibboleth-idp-test-run my-shibboleth-idp /usr/local/tomcat/bin/startup.sh | |
| ``` | |
| ## Run using a bind mount to share secrets | |
| ```console | |
| $ docker run -d --name my-running-shibboleth-idp -v /path/to/shibboleth_idp/certs:/opt/certs my-shibboleth-idp | |
| ``` | |
| Note that your host's `/path/to/shibboleth_idp/certs` folder should contain... | |
| __TBD__. | |
| You may need to publish the ports your Shibboleth IdP is listening on to the host by specifying the -p option, for example -p 8080:80 to publish port 8080 from the container host to port 80 in the container. Make sure the port you're using is free. | |
| ### Reloading config | |
| __TBD__ | |
| N.B. that if every config file were on the bind mount, a REHUP of the container would work, but with the files scattered about the filesystem / unspecified.... | |
| # License | |
| # Supported Docker versions | |
| # User Feedback | |
| ## Issues | |
| ## Contributing | |
| ## Documentation |