Merge branch 'latest4' into 4.3.2_20240321_rocky8_multiarch

Dockerfile

@@ -116,6 +116,8 @@ RUN mkdir -p $CATALINA_HOME/conf/Catalina \
 ADD container_files/tomcat/jstl-1.2.jar /usr/local/tomcat/lib/	
 ADD container_files/idp/idp.xml /usr/local/tomcat/conf/Catalina/idp.xml
 ADD container_files/tomcat/server.xml /usr/local/tomcat/conf/server.xml
+#ADD https://repo.maven.apache.org/maven2/jstl/jstl/1.2/jstl-1.2.jar /usr/local/tomcat/lib/
+ADD container_files/tomcat/jstl-1.2.jar /usr/local/tomcat/lib/
 
 #use log4j for tomcat logging
 ADD container_files/tomcat/log4j-core-2.18.0.jar /usr/local/tomcat/bin/

container_files/system/startup.sh

@@ -60,4 +60,4 @@ sed -i -e '/<rollingPolicy/,/<\/rollingPolicy>/d' ${IDP_LOG_CFG_FILE}
 
 
 #launch supervisord
-/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

test-compose/idp/Dockerfile

@@ -1,4 +1,4 @@
-FROM tier/shib-idp:latest4
+FROM i2incommon/shib-idp:latest4
 
 # The build args below can be used at build-time to tell the build process where to find your config files.  This is for a completely burned-in config.
 ARG TOMCFG=config/tomcat

test-compose/idp/container_files/config/tomcat/server.xml

@@ -4,12 +4,22 @@
   <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
 
   <Service name="Catalina">
-<Connector
-          protocol="org.apache.coyote.http11.Http11NioProtocol"
-          port="443" maxThreads="200"
-          scheme="https" secure="true" SSLEnabled="true"
-          keystoreFile="/opt/certs/keystore.jks" keystorePass="e68cb9bc-bb21-4319-a664-1f755ad8b47c"
-          clientAuth="false" sslProtocol="TLS"/>
+        <Connector
+        protocol="org.apache.coyote.http11.Http11NioProtocol"
+        port="443" maxThreads="200"
+        scheme="https" secure="true" SSLEnabled="true">
+      <SSLHostConfig
+          ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
+          disableSessionTickets="true"
+          honorCipherOrder="false"
+          protocols="TLSv1.2,TLSv1.3">
+        <Certificate
+            certificateKeystoreFile="/opt/certs/keystore.jks" 
+            certificateKeystorePassword="e68cb9bc-bb21-4319-a664-1f755ad8b47c" />
+      </SSLHostConfig>
+      <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+    </Connector>
+
     <Engine name="Catalina" defaultHost="localhost">
 
       <Host name="localhost"  appBase="webapps"

tests/checkidpver.sh

@@ -23,8 +23,8 @@ if [ $? == '0' ]; then
   if [  $? -ne '0' ]; then
      docker run -d $1 &>/dev/null
      launchflag="yes"
-     echo 'launching container (will take about a minute)...'
-     sleep 60
+     echo 'launching container (will take about 2 minutes)...'
+     sleep 120
   fi
 
   #get container ID
@@ -34,6 +34,8 @@ if [ $? == '0' ]; then
 	echo "Specified container does not appear to be running...  Terminating."
 	echo ""
 	exit 1
+  else
+        echo "Container is running at id: $contid"
   fi
 
   #get version from running status page inside container
@@ -47,10 +49,12 @@ if [ -z "$(echo $shibver | xargs)" ]; then
       echo "Unable to determine version from a running instance...  Terminating."
       echo ""
       exit 1
+else
+      echo "Running shibb version is: $shibver"
 fi
 
 #check if that version is available in the 'latest' download area (return is 0 if current, non-zero if not current)
-wget -q --spider https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-${shibver}.tar.gz
+wget --no-check-certificate --spider https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-${shibver}.tar.gz
 
 if [  $? == '0' ]; then
   echo "Running IdP version (${shibver}) is current!"