diff --git a/Dockerfile b/Dockerfile index e072a52..6b88639 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,12 +5,12 @@ FROM --platform=$TARGETPLATFORM rockylinux:8.6 ######################## # ##tomcat \ -ENV TOMCAT_MAJOR=9 \ - TOMCAT_VERSION=9.0.76 \ +ENV TOMCAT_MAJOR=10 \ + TOMCAT_VERSION=10.1.11 \ ##shib-idp \ - VERSION=4.3.1 \ + VERSION=5.0.0-beta1 \ ##TIER \ - TIERVERSION=20230706_rocky8_multiarch \ + TIERVERSION=20230810_rocky8_multiarch \ #################### \ #### OTHER VARS #### \ #################### \ @@ -25,8 +25,12 @@ ENV TOMCAT_MAJOR=9 \ ENV TOMCAT_TGZ_URL=https://archive.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz \ PATH=$CATALINA_HOME/bin:$JAVA_HOME/bin:$PATH \ #shib-idp \ - SHIB_RELDIR=http://shibboleth.net/downloads/identity-provider/$VERSION \ - SHIB_PREFIX=shibboleth-identity-provider-$VERSION + SHIB_RELDIR=https://shibboleth.net/downloads/prerelease/identity-provider-$VERSION \ +# remove line above and uncomment line below for non-beta release +# SHIB_RELDIR=http://shibboleth.net/downloads/identity-provider/$VERSION \ + SHIB_PREFIX=shibboleth-identity-provider-$VERSION \ +#below is only needed for beta + SHIB_PREFIX2=shibboleth-identity-provider-5.0.0-SNAPSHOT ENV ENV=dev \ USERTOKEN=nothing @@ -39,7 +43,7 @@ ENV ENABLE_SEALER_KEY_ROTATION=True LABEL Vendor="Internet2" \ ImageType="Shibboleth IDP Release" \ ImageName=$imagename \ - ImageOS=centos7 \ + ImageOS=RockyLinux8 \ Version=$VERSION ######################### @@ -72,8 +76,8 @@ RUN update-ca-trust extract # Install Corretto Java JDK (from Amazon repo, more arch independent) RUN rpm --import https://yum.corretto.aws/corretto.key \ && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \ - && yum install -y java-11-amazon-corretto-devel -ENV JAVA_HOME=/usr/lib/jvm/java-11-amazon-corretto + && yum install -y java-17-amazon-corretto-devel +ENV JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto # Copy IdP installer properties file(s) ADD container_files/idp/idp.installer.properties container_files/idp/idp.merge.properties container_files/idp/ldap.merge.properties /tmp/ @@ -90,10 +94,11 @@ RUN mkdir -p /tmp/shibboleth && cd /tmp/shibboleth && \ # Unzip tar xf $SHIB_PREFIX.tar.gz && \ # Install - cd /tmp/shibboleth/$SHIB_PREFIX && \ + cd /tmp/shibboleth/$SHIB_PREFIX2 && \ +# cd /tmp/shibboleth/$SHIB_PREFIX && \ ./bin/install.sh \ - -Didp.noprompt=true \ - -Didp.property.file=/tmp/idp.installer.properties && \ + --noPrompt true \ + --propertyFile /tmp/idp.installer.properties && \ # Cleanup cd ~ && \ rm -rf /tmp/shibboleth @@ -113,10 +118,15 @@ RUN mkdir -p $CATALINA_HOME/conf/Catalina \ && rm -rf /usr/local/tomcat/webapps/* \ && ln -s /opt/shibboleth-idp/war/idp.war $CATALINA_HOME/webapps/idp.war -ADD container_files/tomcat/jstl-1.2.jar /usr/local/tomcat/lib/ ADD container_files/idp/idp.xml /usr/local/tomcat/conf/Catalina/idp.xml ADD container_files/tomcat/server.xml /usr/local/tomcat/conf/server.xml +# add JSTL support +## from https://repo1.maven.org/maven2/org/glassfish/web/jakarta.servlet.jsp.jstl/2.0.0/ +ADD container_files/tomcat/jakarta.servlet.jsp.jstl-2.0.0.jar /usr/local/tomcat/lib/ +## from https://repo1.maven.org/maven2/jakarta/servlet/jsp/jstl/jakarta.servlet.jsp.jstl-api/2.0.0/ +ADD container_files/tomcat/jakarta.servlet.jsp.jstl-api-2.0.0.jar /usr/local/tomcat/lib/ + #use log4j for tomcat logging ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.18.0/log4j-core-2.18.0.jar /usr/local/tomcat/bin/ ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.18.0/log4j-api-2.18.0.jar /usr/local/tomcat/bin/ @@ -127,7 +137,19 @@ ADD container_files/tomcat/log4j2.xml /usr/local/tomcat/conf/ ADD container_files/tomcat/setenv.sh /usr/local/tomcat/bin/ RUN mkdir -p /usr/local/tomcat/webapps/ROOT ADD container_files/tomcat/robots.txt /usr/local/tomcat/webapps/ROOT -ADD container_files/tomcat/keystore.jks /opt/certs/ +ADD container_files/tomcat/idp-default.key /opt/certs/ +ADD container_files/tomcat/idp-default.crt /opt/certs/ + +# install needed IdP plugins +#ARG truststore="/opt/shibboleth-idp/credentials/PGP_KEYS" +#ARG plugin_args="--noPrompt --noRebuild --truststore ${truststore}" +#RUN /bin/curl -Lo ${truststore} https://shibboleth.net/downloads/PGP_KEYS && \ +# /opt/shibboleth-idp/bin/plugin.sh ${plugin_args} -I net.shibboleth.idp.plugin.nashorn +####remove below and switch to above for non-beta release ###### +ARG truststore="/opt/shibboleth-idp/credentials/beta1-keys" +ARG plugin_args="--noPrompt --noRebuild --noCheck --truststore ${truststore}" +RUN /bin/curl -Lo ${truststore} https://shibboleth.net/downloads/prerelease/identity-provider-5.0.0-beta1/beta1-plugin-truststore.gpg && \ + /opt/shibboleth-idp/bin/plugin.sh ${plugin_args} -i https://shibboleth.net/downloads/prerelease/identity-provider-5.0.0-beta1/shibboleth-idp-plugin-nashorn-jdk-2.0.0-beta1.tar.gz # Copy TIER helper scripts ADD container_files/idp/rotateSealerKey.sh /opt/shibboleth-idp/bin/rotateSealerKey.sh diff --git a/container_files/tomcat/idp-default.crt b/container_files/tomcat/idp-default.crt new file mode 100644 index 0000000..c086e61 --- /dev/null +++ b/container_files/tomcat/idp-default.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgIEc3Xh/jANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJV +UzELMAkGA1UECBMCVVMxETAPBgNVBAcTCEFueXdoZXJlMRQwEgYDVQQKEwtFeGFt +cGxlIE9yZzELMAkGA1UECxMCSVQxGDAWBgNVBAMTD2lkcC5leGFtcGxlLm9yZzAe +Fw0xODA2MTMxODE2NTZaFw0yODA2MTAxODE2NTZaMGoxCzAJBgNVBAYTAlVTMQsw +CQYDVQQIEwJVUzERMA8GA1UEBxMIQW55d2hlcmUxFDASBgNVBAoTC0V4YW1wbGUg +T3JnMQswCQYDVQQLEwJJVDEYMBYGA1UEAxMPaWRwLmV4YW1wbGUub3JnMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn29yHNKZZVM2dyA/MP8ItBnJiIHK +Bj4HJA+x/+7d9Uw0VKNYWLBGd6eo48wZNUx/fSkamgsJnJJEcQ9ZB6Kh7Sr5Cv+j +Kn+ttQ/xRBW/TOUInCi/+TE5tpHdqsc5jhvpDvJzyd4AjhWD98BRjnqO7Vdllh0h +XY0eWwnURTC5RTjnTy8x0k8NGl+4/gICWcab10uOS6WziT/BiwWZiAFK+30aOzqv +Qo9MLdP2iRNqhnXh21KCAEw/dm0iMOYa3c460cI5Wpz16BN0hBKJa2eLIsUz1Ei8 +e6d2bfgRsXSVuiwMG7/6kLcbqJSHMnLT2V17IzxpMMg4g2TV69MHAI0WfwIDAQAB +oyEwHzAdBgNVHQ4EFgQUnUHUCeihIylq0vGUhtaZ3radUncwDQYJKoZIhvcNAQEL +BQADggEBAJ47J4Q6Mgqt3TMyiwH0YTcL7KpFOTIX/BdaeG5c/QAuO+ASxxPeUSHd +gy1GymRxrQp/9XXCjGRIVwSsgrZ0IZHhogIZCOTA+j+kri0TtZrhkKy6TCFimd1J +JMmLmrT5uaEPAnL42jvet0rToPqx3gt9AdGbmWf+OyXT8pLMPRKvf6xTQSh1XJZH +CXbNcMzEp7wq3Z3vDQZ498CM7mEb7y+2cF0iCKydHSL0VvqmjDicj2+4J6qKHBFW +4cWkzmVmQTT8MEHYyq/Fif8ElE7PiRow3vhO7WEy7pfhcmrz3DPqRVDLk2AgmYBn +rPigRnfDmz0Cc/zvxbd3UxfRATCNYcU= +-----END CERTIFICATE----- + diff --git a/container_files/tomcat/idp-default.key b/container_files/tomcat/idp-default.key new file mode 100644 index 0000000..cea75aa --- /dev/null +++ b/container_files/tomcat/idp-default.key @@ -0,0 +1,29 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCfb3Ic0pllUzZ3 +ID8w/wi0GcmIgcoGPgckD7H/7t31TDRUo1hYsEZ3p6jjzBk1TH99KRqaCwmckkRx +D1kHoqHtKvkK/6Mqf621D/FEFb9M5QicKL/5MTm2kd2qxzmOG+kO8nPJ3gCOFYP3 +wFGOeo7tV2WWHSFdjR5bCdRFMLlFOOdPLzHSTw0aX7j+AgJZxpvXS45LpbOJP8GL +BZmIAUr7fRo7Oq9Cj0wt0/aJE2qGdeHbUoIATD92bSIw5hrdzjrRwjlanPXoE3SE +EolrZ4sixTPUSLx7p3Zt+BGxdJW6LAwbv/qQtxuolIcyctPZXXsjPGkwyDiDZNXr +0wcAjRZ/AgMBAAECggEAI43/3audZ7o54DEBxpRpRXimt9lxyxiUEReq8086klRv +KxzOO+D7pf1urXY7fOZVW/0JoKarew4nUytACHLdN32o0ioWIgkdHM60WCGdarF8 +zQ5NWW3/19YJn+cTz7wrqhipd7AZYZYsuthZl7N/IjCmR+axJSKuTVEQ1Gk8N9JR +rY8CujwI8RRtVd1NQwFc+mEgjesCvqctoBBRUI5oP5uhwkbF9TLbs0nLZ9Q6EXpi +LTViJA/q+/Qjl2Fi9V9291lMJfXEN5saNiFpYXGQtajEnzO30W7lTMi7IXHrSJpY +BiLiPpGL6Rsk/aV/Cmk9kg7hTKGfW0c4m4U92LRsAQKBgQDMtWUA38K2izrkBKZU +DjoV3QY0smA7V6RZtMuK9p4ntk23fE7SdcdJn6ILCUVl1V/TnFYRYIGbU4z/mBdb +YHwfqtcp69GzQNXc4aJFghB0HGKmbomMZKddDVKZ6YyTZLiLDoMKLyyauuL0unGe +b89CfqVK3KpqKQBkO0TMXibcfwKBgQDHYhf1VdobcJbNisRSGgl8DOgGSmc/KrCC +AHobcc9xtS+kXP8Fa6ymwA4aw8G5RZ21IWiqrsjRk1zb23CXm/d9EjWZygUmAfgb +ymHXJ9bQ1Vk/DDua/SbDHZf24C7VApac+1IOkjRwGflIL555ms5rLA2XlaniPFwA +1kVNbiTGAQKBgQCfhryvcbDLkLTT/MuhtXSOlS/A4UEc/a+WOM5l/MpDKE5oLvc+ +C4rCVSRydUcflKiYv7xSzmIyKWo3xM5u50HTa89BXASPLHd9KljK0hEAax51lK6c +OdQzL66vQtHKCzPFKgn0Zc7cxccX8DOaxIc/ynIFZPFoyYsEkSuMF9MxAQKBgAOW +PS4ZtEnIFb5u36dGdqM3rDjov8DAKNq93XR+8KdwBgJj9eaIEFwTmm1a1jJaEUM/ +7Z0cddpnV0VRRk5D7Qjf+fzhSIRthqQhWO9A9TlejTN4Kd5Y7YiXELPNRqpoWINM +diZy9OSLYxOsX6J6aXo+GaR/ecXrJhCRyj9hWuIBAoGAaOGaWVRmKISH8lf57SEV +fZCuPA1cplMpToHYK/uXdLBZuMkeG89jSLBN8fXx86KfRuUXrBDXgGs5zHF0BS7u +dvOtw+lGj3WhYcWg2D/9mUoiOQ9i9dSxDM/pg6BH65ZrhNlnBnjVrSyN2A4AjfRw +NfRiVLTvQIYmTSq8H+NxFAc= +-----END PRIVATE KEY----- + diff --git a/container_files/tomcat/jakarta.servlet.jsp.jstl-2.0.0.jar b/container_files/tomcat/jakarta.servlet.jsp.jstl-2.0.0.jar new file mode 100644 index 0000000..92712b0 Binary files /dev/null and b/container_files/tomcat/jakarta.servlet.jsp.jstl-2.0.0.jar differ diff --git a/container_files/tomcat/jakarta.servlet.jsp.jstl-api-2.0.0.jar b/container_files/tomcat/jakarta.servlet.jsp.jstl-api-2.0.0.jar new file mode 100644 index 0000000..81059ec Binary files /dev/null and b/container_files/tomcat/jakarta.servlet.jsp.jstl-api-2.0.0.jar differ diff --git a/container_files/tomcat/jstl-1.2.jar b/container_files/tomcat/jstl-1.2.jar deleted file mode 100755 index 0fd275e..0000000 Binary files a/container_files/tomcat/jstl-1.2.jar and /dev/null differ diff --git a/container_files/tomcat/keystore.jks b/container_files/tomcat/keystore.jks deleted file mode 100644 index 6a28c4f..0000000 Binary files a/container_files/tomcat/keystore.jks and /dev/null differ diff --git a/container_files/tomcat/server.xml b/container_files/tomcat/server.xml index f25cad4..f316955 100644 --- a/container_files/tomcat/server.xml +++ b/container_files/tomcat/server.xml @@ -5,20 +5,23 @@ - - + + certificateFile="/opt/certs/idp-default.crt" + certificateKeyFile="/opt/certs/idp-default.key" /> - +