From b9878c00878a8a4e91c5687a5262580e8c94b9f6 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 10 Oct 2018 12:03:09 -0400 Subject: [PATCH 01/30] initial 3.4.0 build --- Dockerfile | 4 ++-- container_files/idp/idp.installer.properties | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 170f632..733f307 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,9 +8,9 @@ FROM centos:centos7 ENV TOMCAT_MAJOR=9 \ TOMCAT_VERSION=9.0.12 \ ##shib-idp \ - VERSION=3.3.3 \ + VERSION=3.4.0 \ ##TIER \ - TIERVERSION=181001 \ + TIERVERSION=181002 \ ################## \ ### OTHER VARS ### \ ################## \ diff --git a/container_files/idp/idp.installer.properties b/container_files/idp/idp.installer.properties index dab46e4..5fdcac5 100644 --- a/container_files/idp/idp.installer.properties +++ b/container_files/idp/idp.installer.properties @@ -1,4 +1,4 @@ -idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.3.3 +idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.4.0 idp.target.dir=/opt/shibboleth-idp idp.host.name=idp.example.org idp.sealer.password=changeit From e5270d7b0e7aac35202fad90148ff6f951a8464a Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 10 Oct 2018 18:23:20 -0400 Subject: [PATCH 02/30] mods/cleanup for 3.4 --- test-compose/compose.sh | 6 - test-compose/docker-compose.yml | 18 +- test-compose/idp/Dockerfile | 2 +- .../config/shib-idp/conf/access-control.xml | 0 .../shib-idp/conf/admin/general-admin.xml | 0 .../config/shib-idp/conf/admin/metrics.xml | 0 .../config/shib-idp/conf/attribute-filter.xml | 2 +- .../conf/attribute-resolver-default.xml | 0 .../shib-idp/conf/attribute-resolver-full.xml | 202 ++++++++++-------- .../shib-idp/conf/attribute-resolver-ldap.xml | 0 .../shib-idp/conf/attribute-resolver.xml | 142 ++++++------ .../config/shib-idp/conf/audit.xml | 0 .../shib-idp/conf/authn/authn-comparison.xml | 0 .../shib-idp/conf/authn/authn-events-flow.xml | 0 .../shib-idp/conf/authn/duo-authn-config.xml | 0 .../config/shib-idp/conf/authn/duo.properties | 0 .../conf/authn/external-authn-config.xml | 0 .../shib-idp/conf/authn/general-authn.xml | 0 .../conf/authn/ipaddress-authn-config.xml | 0 .../shib-idp/conf/authn/jaas-authn-config.xml | 0 .../config/shib-idp/conf/authn/jaas.config | 0 .../shib-idp/conf/authn/krb5-authn-config.xml | 0 .../shib-idp/conf/authn/ldap-authn-config.xml | 0 .../shib-idp/conf/authn/mfa-authn-config.xml | 0 .../conf/authn/password-authn-config.xml | 0 .../conf/authn/remoteuser-authn-config.xml | 0 .../remoteuser-internal-authn-config.xml | 0 .../conf/authn/spnego-authn-config.xml | 0 .../shib-idp/conf/authn/x509-authn-config.xml | 0 .../conf/authn/x509-internal-authn-config.xml | 0 .../attribute-sourced-subject-c14n-config.xml | 0 .../conf/c14n/simple-subject-c14n-config.xml | 0 .../conf/c14n/subject-c14n-events-flow.xml | 0 .../shib-idp/conf/c14n/subject-c14n.xml | 0 .../conf/c14n/x500-subject-c14n-config.xml | 0 .../config/shib-idp/conf/cas-protocol.xml | 0 .../config/shib-idp/conf/credentials.xml | 0 .../config/shib-idp/conf/errors.xml | 0 .../config/shib-idp/conf/global.xml | 0 .../config/shib-idp/conf/idp.properties | 6 +- .../config/shib-idp/conf/idp.properties.dist | 2 +- .../intercept/consent-intercept-config.xml | 0 .../context-check-intercept-config.xml | 0 .../expiring-password-intercept-config.xml | 0 .../conf/intercept/intercept-events-flow.xml | 0 .../conf/intercept/profile-intercept.xml | 0 .../config/shib-idp/conf/ldap.properties | 0 .../config/shib-idp/conf/ldap.properties.dist | 0 .../config/shib-idp/conf/logback.xml | 0 .../shib-idp/conf/metadata-providers.xml | 17 +- .../config/shib-idp/conf/mvc-beans.xml | 0 .../config/shib-idp/conf/relying-party.xml | 0 .../shib-idp/conf/saml-nameid.properties | 0 .../config/shib-idp/conf/saml-nameid.xml | 0 .../config/shib-idp/conf/services.properties | 0 .../config/shib-idp/conf/services.xml | 0 .../config/shib-idp/conf/session-manager.xml | 0 .../shib-idp/edit-webapp/css/consent.css | 0 .../shib-idp/edit-webapp/css/logout.css | 0 .../config/shib-idp/edit-webapp/css/main.css | 0 .../edit-webapp/images/dummylogo-mobile.png | Bin .../shib-idp/edit-webapp/images/dummylogo.png | Bin .../edit-webapp/images/failure-32x32.png | Bin .../edit-webapp/images/success-32x32.png | Bin .../shib-idp/messages/messages.properties | 0 .../config/shib-idp/metadata/idp-metadata.xml | 32 +-- .../metadata/localCopyFromInCommon.xml | 0 .../client-storage/client-storage-read.vm | 0 .../client-storage/client-storage-write.vm | 0 .../config/shib-idp/views/duo.vm | 0 .../config/shib-idp/views/error.vm | 0 .../views/intercept/attribute-release.vm | 0 .../views/intercept/expiring-password.vm | 0 .../shib-idp/views/intercept/terms-of-use.vm | 0 .../config/shib-idp/views/login-error.vm | 0 .../config/shib-idp/views/login.vm | 0 .../config/shib-idp/views/logout-complete.vm | 0 .../config/shib-idp/views/logout-propagate.vm | 0 .../config/shib-idp/views/logout.vm | 0 .../shib-idp/views/spnego-unavailable.vm | 0 .../config/shib-idp/views/user-prefs.js | 0 .../config/shib-idp/views/user-prefs.vm | 0 .../config/tomcat/catalina.policy | 0 .../config/tomcat/catalina.properties | 0 .../{shib-idp => }/config/tomcat/context.xml | 0 .../config/tomcat/logging.properties | 0 .../{shib-idp => }/config/tomcat/server.xml | 2 +- .../config/tomcat/server.xml.dist | 0 .../config/tomcat/tomcat-users.xml | 0 .../config/tomcat/tomcat-users.xsd | 0 .../{shib-idp => }/config/tomcat/web.xml | 0 .../credentials/shib-idp/idp-encryption.crt | 19 ++ .../credentials/shib-idp/idp-encryption.key | 28 +++ .../credentials/shib-idp/idp-signing.crt | 19 ++ .../credentials/shib-idp/idp-signing.key | 28 +++ .../credentials/shib-idp/inc-md-cert.pem | 0 .../credentials/shib-idp/sealer.jks | Bin 0 -> 518 bytes .../credentials/shib-idp/sealer.kver | 0 .../credentials/tomcat/keystore.jks | Bin 0 -> 2281 bytes .../credentials/shib-idp/idp-encryption.crt | 19 -- .../credentials/shib-idp/idp-encryption.key | 28 --- .../credentials/shib-idp/idp-signing.crt | 19 -- .../credentials/shib-idp/idp-signing.key | 28 --- .../shib-idp/credentials/shib-idp/sealer.jks | Bin 518 -> 0 bytes .../shib-idp/credentials/tomcat/keystore.jks | Bin 2282 -> 0 bytes .../{shib-idp => }/wwwroot/robots.txt | 0 106 files changed, 320 insertions(+), 299 deletions(-) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/access-control.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/admin/general-admin.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/admin/metrics.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/attribute-filter.xml (99%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/attribute-resolver-default.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/attribute-resolver-full.xml (69%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/attribute-resolver-ldap.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/attribute-resolver.xml (78%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/audit.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/authn-comparison.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/authn-events-flow.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/duo-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/duo.properties (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/external-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/general-authn.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/ipaddress-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/jaas-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/jaas.config (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/krb5-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/ldap-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/mfa-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/password-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/remoteuser-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/remoteuser-internal-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/spnego-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/x509-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/authn/x509-internal-authn-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/c14n/attribute-sourced-subject-c14n-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/c14n/simple-subject-c14n-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/c14n/subject-c14n-events-flow.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/c14n/subject-c14n.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/c14n/x500-subject-c14n-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/cas-protocol.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/credentials.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/errors.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/global.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/idp.properties (98%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/idp.properties.dist (99%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/intercept/consent-intercept-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/intercept/context-check-intercept-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/intercept/expiring-password-intercept-config.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/intercept/intercept-events-flow.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/intercept/profile-intercept.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/ldap.properties (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/ldap.properties.dist (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/logback.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/metadata-providers.xml (99%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/mvc-beans.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/relying-party.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/saml-nameid.properties (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/saml-nameid.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/services.properties (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/services.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/conf/session-manager.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/edit-webapp/css/consent.css (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/edit-webapp/css/logout.css (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/edit-webapp/css/main.css (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/edit-webapp/images/dummylogo-mobile.png (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/edit-webapp/images/dummylogo.png (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/edit-webapp/images/failure-32x32.png (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/edit-webapp/images/success-32x32.png (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/messages/messages.properties (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/metadata/idp-metadata.xml (56%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/metadata/localCopyFromInCommon.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/client-storage/client-storage-read.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/client-storage/client-storage-write.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/duo.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/error.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/intercept/attribute-release.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/intercept/expiring-password.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/intercept/terms-of-use.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/login-error.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/login.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/logout-complete.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/logout-propagate.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/logout.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/spnego-unavailable.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/user-prefs.js (100%) rename test-compose/idp/container_files/{shib-idp => }/config/shib-idp/views/user-prefs.vm (100%) rename test-compose/idp/container_files/{shib-idp => }/config/tomcat/catalina.policy (100%) rename test-compose/idp/container_files/{shib-idp => }/config/tomcat/catalina.properties (100%) rename test-compose/idp/container_files/{shib-idp => }/config/tomcat/context.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/tomcat/logging.properties (100%) rename test-compose/idp/container_files/{shib-idp => }/config/tomcat/server.xml (90%) rename test-compose/idp/container_files/{shib-idp => }/config/tomcat/server.xml.dist (100%) rename test-compose/idp/container_files/{shib-idp => }/config/tomcat/tomcat-users.xml (100%) rename test-compose/idp/container_files/{shib-idp => }/config/tomcat/tomcat-users.xsd (100%) rename test-compose/idp/container_files/{shib-idp => }/config/tomcat/web.xml (100%) create mode 100644 test-compose/idp/container_files/credentials/shib-idp/idp-encryption.crt create mode 100644 test-compose/idp/container_files/credentials/shib-idp/idp-encryption.key create mode 100644 test-compose/idp/container_files/credentials/shib-idp/idp-signing.crt create mode 100644 test-compose/idp/container_files/credentials/shib-idp/idp-signing.key rename test-compose/idp/container_files/{shib-idp => }/credentials/shib-idp/inc-md-cert.pem (100%) create mode 100644 test-compose/idp/container_files/credentials/shib-idp/sealer.jks rename test-compose/idp/container_files/{shib-idp => }/credentials/shib-idp/sealer.kver (100%) create mode 100644 test-compose/idp/container_files/credentials/tomcat/keystore.jks delete mode 100644 test-compose/idp/container_files/shib-idp/credentials/shib-idp/idp-encryption.crt delete mode 100644 test-compose/idp/container_files/shib-idp/credentials/shib-idp/idp-encryption.key delete mode 100644 test-compose/idp/container_files/shib-idp/credentials/shib-idp/idp-signing.crt delete mode 100644 test-compose/idp/container_files/shib-idp/credentials/shib-idp/idp-signing.key delete mode 100644 test-compose/idp/container_files/shib-idp/credentials/shib-idp/sealer.jks delete mode 100644 test-compose/idp/container_files/shib-idp/credentials/tomcat/keystore.jks rename test-compose/idp/container_files/{shib-idp => }/wwwroot/robots.txt (100%) diff --git a/test-compose/compose.sh b/test-compose/compose.sh index 435144b..28d6353 100755 --- a/test-compose/compose.sh +++ b/test-compose/compose.sh @@ -5,10 +5,4 @@ echo "" echo "If everything above was successful, your IdP metadata can be retreived with this command (after a minute or two):" echo " curl -k https://127.0.0.1/idp/shibboleth" echo "" -echo "By default, this test IdP is pre-integrated with the samltest.id testing service." -echo "" -echo "If you are testing the default test config and have port 443 open," -echo " map your IP to idp.example.edu in your hosts file," -echo " then proceed to https://samltest.id/start-idp-test to test this IdP test instance." -echo "" diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml index ef12cd2..ddc465b 100644 --- a/test-compose/docker-compose.yml +++ b/test-compose/docker-compose.yml @@ -6,15 +6,15 @@ services: build: context: ./idp/ args: - TOMCFG: ./container_files/shib-idp/config/tomcat - TOMCERT: ./container_files/shib-idp/credentials/tomcat - TOMWWWROOT: ./container_files/shib-idp/wwwroot - SHBCFG: ./container_files/shib-idp/config/shib-idp/conf - SHBCREDS: ./container_files/shib-idp/credentials/shib-idp - SHBVIEWS: ./container_files/shib-idp/config/shib-idp/views - SHBEDWAPP: ./container_files/shib-idp/config/shib-idp/edit-webapp - SHBMSGS: ./container_files/shib-idp/config/shib-idp/messages - SHBMD: ./container_files/shib-idp/config/shib-idp/metadata + TOMCFG: ./container_files/config/tomcat + TOMCERT: ./container_files/credentials/tomcat + TOMWWWROOT: ./container_files/wwwroot + SHBCFG: ./container_files/config/shib-idp/conf + SHBCREDS: ./container_files/credentials/shib-idp + SHBVIEWS: ./container_files/config/shib-idp/views + SHBEDWAPP: ./container_files/config/shib-idp/edit-webapp + SHBMSGS: ./container_files/config/shib-idp/messages + SHBMD: ./container_files/config/shib-idp/metadata depends_on: - data networks: diff --git a/test-compose/idp/Dockerfile b/test-compose/idp/Dockerfile index d851db6..617c62d 100644 --- a/test-compose/idp/Dockerfile +++ b/test-compose/idp/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/shib-idp:latest +FROM tier/shib-idp:3.4.0_181002 # The build args below can be used at build-time to tell the build process where to find your config files. This is for a completely burned-in config. ARG TOMCFG=config/tomcat diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/access-control.xml b/test-compose/idp/container_files/config/shib-idp/conf/access-control.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/access-control.xml rename to test-compose/idp/container_files/config/shib-idp/conf/access-control.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/admin/general-admin.xml b/test-compose/idp/container_files/config/shib-idp/conf/admin/general-admin.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/admin/general-admin.xml rename to test-compose/idp/container_files/config/shib-idp/conf/admin/general-admin.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/admin/metrics.xml b/test-compose/idp/container_files/config/shib-idp/conf/admin/metrics.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/admin/metrics.xml rename to test-compose/idp/container_files/config/shib-idp/conf/admin/metrics.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-filter.xml b/test-compose/idp/container_files/config/shib-idp/conf/attribute-filter.xml similarity index 99% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-filter.xml rename to test-compose/idp/container_files/config/shib-idp/conf/attribute-filter.xml index 678e14d..326dfe9 100644 --- a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-filter.xml +++ b/test-compose/idp/container_files/config/shib-idp/conf/attribute-filter.xml @@ -115,5 +115,5 @@ - + diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-resolver-default.xml b/test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver-default.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-resolver-default.xml rename to test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver-default.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-resolver-full.xml b/test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver-full.xml similarity index 69% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-resolver-full.xml rename to test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver-full.xml index 4681b64..32647a3 100644 --- a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-resolver-full.xml +++ b/test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver-full.xml @@ -15,10 +15,8 @@ --> + xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd"> @@ -26,116 +24,117 @@ - - + + + + + + - + + + + + diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-resolver-ldap.xml b/test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver-ldap.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-resolver-ldap.xml rename to test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver-ldap.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-resolver.xml b/test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver.xml similarity index 78% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-resolver.xml rename to test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver.xml index e1396dc..fb963b2 100644 --- a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-resolver.xml +++ b/test-compose/idp/container_files/config/shib-idp/conf/attribute-resolver.xml @@ -25,217 +25,217 @@ - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - + - - + + - - + + - - + + - - + + diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/audit.xml b/test-compose/idp/container_files/config/shib-idp/conf/audit.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/audit.xml rename to test-compose/idp/container_files/config/shib-idp/conf/audit.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/authn-comparison.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/authn-comparison.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/authn-comparison.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/authn-comparison.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/authn-events-flow.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/authn-events-flow.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/authn-events-flow.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/authn-events-flow.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/duo-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/duo-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/duo-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/duo-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/duo.properties b/test-compose/idp/container_files/config/shib-idp/conf/authn/duo.properties similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/duo.properties rename to test-compose/idp/container_files/config/shib-idp/conf/authn/duo.properties diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/external-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/external-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/external-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/external-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/general-authn.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/general-authn.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/general-authn.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/general-authn.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/ipaddress-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/ipaddress-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/ipaddress-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/ipaddress-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/jaas-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/jaas-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/jaas-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/jaas-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/jaas.config b/test-compose/idp/container_files/config/shib-idp/conf/authn/jaas.config similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/jaas.config rename to test-compose/idp/container_files/config/shib-idp/conf/authn/jaas.config diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/krb5-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/krb5-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/krb5-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/krb5-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/ldap-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/ldap-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/ldap-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/ldap-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/mfa-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/mfa-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/mfa-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/mfa-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/password-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/password-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/password-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/password-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/remoteuser-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/remoteuser-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/remoteuser-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/remoteuser-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/remoteuser-internal-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/remoteuser-internal-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/remoteuser-internal-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/remoteuser-internal-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/spnego-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/spnego-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/spnego-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/spnego-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/x509-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/x509-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/x509-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/x509-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/x509-internal-authn-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/authn/x509-internal-authn-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/authn/x509-internal-authn-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/authn/x509-internal-authn-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/c14n/attribute-sourced-subject-c14n-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/c14n/attribute-sourced-subject-c14n-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/c14n/attribute-sourced-subject-c14n-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/c14n/attribute-sourced-subject-c14n-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/c14n/simple-subject-c14n-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/c14n/simple-subject-c14n-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/c14n/simple-subject-c14n-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/c14n/simple-subject-c14n-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/c14n/subject-c14n-events-flow.xml b/test-compose/idp/container_files/config/shib-idp/conf/c14n/subject-c14n-events-flow.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/c14n/subject-c14n-events-flow.xml rename to test-compose/idp/container_files/config/shib-idp/conf/c14n/subject-c14n-events-flow.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/c14n/subject-c14n.xml b/test-compose/idp/container_files/config/shib-idp/conf/c14n/subject-c14n.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/c14n/subject-c14n.xml rename to test-compose/idp/container_files/config/shib-idp/conf/c14n/subject-c14n.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/c14n/x500-subject-c14n-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/c14n/x500-subject-c14n-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/c14n/x500-subject-c14n-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/c14n/x500-subject-c14n-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/cas-protocol.xml b/test-compose/idp/container_files/config/shib-idp/conf/cas-protocol.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/cas-protocol.xml rename to test-compose/idp/container_files/config/shib-idp/conf/cas-protocol.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/credentials.xml b/test-compose/idp/container_files/config/shib-idp/conf/credentials.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/credentials.xml rename to test-compose/idp/container_files/config/shib-idp/conf/credentials.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/errors.xml b/test-compose/idp/container_files/config/shib-idp/conf/errors.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/errors.xml rename to test-compose/idp/container_files/config/shib-idp/conf/errors.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/global.xml b/test-compose/idp/container_files/config/shib-idp/conf/global.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/global.xml rename to test-compose/idp/container_files/config/shib-idp/conf/global.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/idp.properties b/test-compose/idp/container_files/config/shib-idp/conf/idp.properties similarity index 98% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/idp.properties rename to test-compose/idp/container_files/config/shib-idp/conf/idp.properties index 490d00f..ba38100 100644 --- a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/idp.properties +++ b/test-compose/idp/container_files/config/shib-idp/conf/idp.properties @@ -8,7 +8,7 @@ idp.entityID= https://idp.example.edu/idp/shibboleth idp.scope= example.edu # General cookie properties (maxAge only applies to persistent cookies) -#idp.cookie.secure = false +idp.cookie.secure = true #idp.cookie.httpOnly = true #idp.cookie.domain = #idp.cookie.path = @@ -26,8 +26,8 @@ idp.scope= example.edu #idp.sealer.aliasBase = secret idp.sealer.storeResource= %{idp.home}/credentials/sealer.jks idp.sealer.versionResource= %{idp.home}/credentials/sealer.kver -idp.sealer.storePassword= ce472e68-f433-4a77-aad2-b8697670158a -idp.sealer.keyPassword= ce472e68-f433-4a77-aad2-b8697670158a +idp.sealer.storePassword= 90fa668e-ce0f-45e7-82f1-fa4bd0273b51 +idp.sealer.keyPassword= 90fa668e-ce0f-45e7-82f1-fa4bd0273b51 # Settings for public/private signing and encryption key(s) # During decryption key rollover, point the ".2" properties at a second diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/idp.properties.dist b/test-compose/idp/container_files/config/shib-idp/conf/idp.properties.dist similarity index 99% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/idp.properties.dist rename to test-compose/idp/container_files/config/shib-idp/conf/idp.properties.dist index d7cfea7..2c5dcc0 100644 --- a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/idp.properties.dist +++ b/test-compose/idp/container_files/config/shib-idp/conf/idp.properties.dist @@ -8,7 +8,7 @@ idp.entityID= https://example.org/idp/shibboleth idp.scope= example.org # General cookie properties (maxAge only applies to persistent cookies) -#idp.cookie.secure = false +idp.cookie.secure = true #idp.cookie.httpOnly = true #idp.cookie.domain = #idp.cookie.path = diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/intercept/consent-intercept-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/intercept/consent-intercept-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/intercept/consent-intercept-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/intercept/consent-intercept-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/intercept/context-check-intercept-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/intercept/context-check-intercept-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/intercept/context-check-intercept-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/intercept/context-check-intercept-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/intercept/expiring-password-intercept-config.xml b/test-compose/idp/container_files/config/shib-idp/conf/intercept/expiring-password-intercept-config.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/intercept/expiring-password-intercept-config.xml rename to test-compose/idp/container_files/config/shib-idp/conf/intercept/expiring-password-intercept-config.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/intercept/intercept-events-flow.xml b/test-compose/idp/container_files/config/shib-idp/conf/intercept/intercept-events-flow.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/intercept/intercept-events-flow.xml rename to test-compose/idp/container_files/config/shib-idp/conf/intercept/intercept-events-flow.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/intercept/profile-intercept.xml b/test-compose/idp/container_files/config/shib-idp/conf/intercept/profile-intercept.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/intercept/profile-intercept.xml rename to test-compose/idp/container_files/config/shib-idp/conf/intercept/profile-intercept.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/ldap.properties b/test-compose/idp/container_files/config/shib-idp/conf/ldap.properties similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/ldap.properties rename to test-compose/idp/container_files/config/shib-idp/conf/ldap.properties diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/ldap.properties.dist b/test-compose/idp/container_files/config/shib-idp/conf/ldap.properties.dist similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/ldap.properties.dist rename to test-compose/idp/container_files/config/shib-idp/conf/ldap.properties.dist diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/logback.xml b/test-compose/idp/container_files/config/shib-idp/conf/logback.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/logback.xml rename to test-compose/idp/container_files/config/shib-idp/conf/logback.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/metadata-providers.xml b/test-compose/idp/container_files/config/shib-idp/conf/metadata-providers.xml similarity index 99% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/metadata-providers.xml rename to test-compose/idp/container_files/config/shib-idp/conf/metadata-providers.xml index 80178c4..48f06ca 100644 --- a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/metadata-providers.xml +++ b/test-compose/idp/container_files/config/shib-idp/conf/metadata-providers.xml @@ -62,15 +62,6 @@ --> - - - - - - + + + + + diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/mvc-beans.xml b/test-compose/idp/container_files/config/shib-idp/conf/mvc-beans.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/mvc-beans.xml rename to test-compose/idp/container_files/config/shib-idp/conf/mvc-beans.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/relying-party.xml b/test-compose/idp/container_files/config/shib-idp/conf/relying-party.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/relying-party.xml rename to test-compose/idp/container_files/config/shib-idp/conf/relying-party.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/saml-nameid.properties b/test-compose/idp/container_files/config/shib-idp/conf/saml-nameid.properties similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/saml-nameid.properties rename to test-compose/idp/container_files/config/shib-idp/conf/saml-nameid.properties diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/saml-nameid.xml b/test-compose/idp/container_files/config/shib-idp/conf/saml-nameid.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/saml-nameid.xml rename to test-compose/idp/container_files/config/shib-idp/conf/saml-nameid.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/services.properties b/test-compose/idp/container_files/config/shib-idp/conf/services.properties similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/services.properties rename to test-compose/idp/container_files/config/shib-idp/conf/services.properties diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/services.xml b/test-compose/idp/container_files/config/shib-idp/conf/services.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/services.xml rename to test-compose/idp/container_files/config/shib-idp/conf/services.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/conf/session-manager.xml b/test-compose/idp/container_files/config/shib-idp/conf/session-manager.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/conf/session-manager.xml rename to test-compose/idp/container_files/config/shib-idp/conf/session-manager.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/css/consent.css b/test-compose/idp/container_files/config/shib-idp/edit-webapp/css/consent.css similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/css/consent.css rename to test-compose/idp/container_files/config/shib-idp/edit-webapp/css/consent.css diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/css/logout.css b/test-compose/idp/container_files/config/shib-idp/edit-webapp/css/logout.css similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/css/logout.css rename to test-compose/idp/container_files/config/shib-idp/edit-webapp/css/logout.css diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/css/main.css b/test-compose/idp/container_files/config/shib-idp/edit-webapp/css/main.css similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/css/main.css rename to test-compose/idp/container_files/config/shib-idp/edit-webapp/css/main.css diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/images/dummylogo-mobile.png b/test-compose/idp/container_files/config/shib-idp/edit-webapp/images/dummylogo-mobile.png similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/images/dummylogo-mobile.png rename to test-compose/idp/container_files/config/shib-idp/edit-webapp/images/dummylogo-mobile.png diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/images/dummylogo.png b/test-compose/idp/container_files/config/shib-idp/edit-webapp/images/dummylogo.png similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/images/dummylogo.png rename to test-compose/idp/container_files/config/shib-idp/edit-webapp/images/dummylogo.png diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/images/failure-32x32.png b/test-compose/idp/container_files/config/shib-idp/edit-webapp/images/failure-32x32.png similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/images/failure-32x32.png rename to test-compose/idp/container_files/config/shib-idp/edit-webapp/images/failure-32x32.png diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/images/success-32x32.png b/test-compose/idp/container_files/config/shib-idp/edit-webapp/images/success-32x32.png similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/edit-webapp/images/success-32x32.png rename to test-compose/idp/container_files/config/shib-idp/edit-webapp/images/success-32x32.png diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/messages/messages.properties b/test-compose/idp/container_files/config/shib-idp/messages/messages.properties similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/messages/messages.properties rename to test-compose/idp/container_files/config/shib-idp/messages/messages.properties diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/metadata/idp-metadata.xml b/test-compose/idp/container_files/config/shib-idp/metadata/idp-metadata.xml similarity index 56% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/metadata/idp-metadata.xml rename to test-compose/idp/container_files/config/shib-idp/metadata/idp-metadata.xml index 2211379..af11f89 100644 --- a/test-compose/idp/container_files/shib-idp/config/shib-idp/metadata/idp-metadata.xml +++ b/test-compose/idp/container_files/config/shib-idp/metadata/idp-metadata.xml @@ -7,23 +7,23 @@ -MIIDHDCCAgSgAwIBAgIJAIb+Cd4BoYJmMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV -BAMMD2lkcC5leGFtcGxlLmVkdTAeFw0xODEwMDgyMTUwNTlaFw0yMzEwMDcyMTUw -NTlaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLmVkdTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBALPi8zCdYWjcTeWGLvCJrLHJ8kKAMx/U+ol468h+gWkW -6H9CbV02Bucmnuf7We66NPIhn3+ZjF6svBvS+wflOyBSOqo/BddH0t/CrDI3L4wv -LkTwogqVcUSubdUaHYVxitD8YyZGozg4l6NOKy2D1bFzzM8qB5Mdp2zW5k5Dbnza -7JTiSb/a6ILsugszhXA3LdA3NkzhSnWH5M8VbD22VwiWeWVuTLhhShdjWLT0FwMd -e/HeW3AGePN0/p4lH9excaMOHyxvJ2V89S3HPSZxLEjuo4TqQUqXdt0aeQcX3slj -w5jkZk/7N7LuEw+UIRIjOXIvZWv6f6QmH8j0kaFFMaUCAwEAAaNlMGMwQgYDVR0R +MIIDHDCCAgSgAwIBAgIJAPEnL5jgbeVoMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV +BAMMD2lkcC5leGFtcGxlLmVkdTAeFw0xODEwMTAyMDM1NDBaFw0yMzEwMDkyMDM1 +NDBaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLmVkdTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKwTrvQhmFX3SUNgJAhQ/YV0UX56Rt53mwbiKuH+Ez83 +7z6XRynBVsfzHfbWe0IpNKx5mIr84dfbGhQKQBEKzQuek7ihW3J6PIVZN1A3icZZ +B9i7gow902bT0ZfRG8QW49gl7pk3ASutPcO9Dq5Xc/AqWr3OSO/Pei0yBtTdzG3b +rm0u0gbj3P2tjt7BN77wIB+yjJsND3ITtP0MFXIJxLTlty8thwqQOAOAYcF+rhC5 +znnBLsRNo0E57PtzZs8i/BpEX2uPTxpEyvlU1vtyxcKUiHtK5ZjOsDEkS2rEualr ++FILYg/Oxw1gi0+mNO1a94Ft+UoLiREztq6MQt8OK98CAwEAAaNlMGMwQgYDVR0R BDswOYIPaWRwLmV4YW1wbGUuZWR1hiZodHRwczovL2lkcC5leGFtcGxlLmVkdS9p -ZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUCSovOIIkWFhQuaIudr7S361IT5AwDQYJ -KoZIhvcNAQELBQADggEBAHA8ov+paom/K9z4ssKRLb10zkXgDupziGY2rD4QAZ6U -cDF7nlJX0uaClimhJgwbagb64OVNwQ49RyzzLSLMQtrER1wEl+n2qs2HtPlGVlPk -9dtYXWL3gUrdGzniaUPP2tKMwtAgB3vh2NFHwQ57Lzyc7B8jNzcF3NtlckYidth/ -c5TjjIcoJMeRJtJsjAOYOUzMpH92qc853FM18FqjRi/lQEc1Sfn7j60vtpsfdlMC -djZJO1Ru8QqkNC1d/ZBVAxO+R7mN1FzmRDCuNlwredwaAePDrSr5MKv3Cel/I0V6 -D+x6OWB7iBrgi8kIf8j/pVmLqUxy2F0rnJkL8ooJM2o= +ZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQU3ZJ8oHkmlgPtZuZAxnzONccPsb8wDQYJ +KoZIhvcNAQELBQADggEBAIJ4oZKSMGpF8J3qdfjLZGkc3iVbu/eiE1MD77no0oCz +nelY0CNUBuFJk1Xv+Bv0fW0cVugtMPz4xi7zv0zkpS2IVxpPZWBosuVabUD9k+V4 +iN5woJdO7e2KRGvhlWmbkmoZUvhygDe0u0vblNfLzDwFQvxHXiWG//P7SanoQrjP +dE8U21tYz+EFm6s5TvHxVhr9id8c+UacAFCpAtzUB+J8K1abx05XlKsySflkOQV9 +JbM4zOy5gXSI5dY9dGUF77g0muyC+jAhIhLSt/7v3vJgvBurrxPoeBFXOU3D+siT +VZlKtYzYjJhVqXx1vKrWEE1hkpqm+iYgZe4MvgcdswY= diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/metadata/localCopyFromInCommon.xml b/test-compose/idp/container_files/config/shib-idp/metadata/localCopyFromInCommon.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/metadata/localCopyFromInCommon.xml rename to test-compose/idp/container_files/config/shib-idp/metadata/localCopyFromInCommon.xml diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/client-storage/client-storage-read.vm b/test-compose/idp/container_files/config/shib-idp/views/client-storage/client-storage-read.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/client-storage/client-storage-read.vm rename to test-compose/idp/container_files/config/shib-idp/views/client-storage/client-storage-read.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/client-storage/client-storage-write.vm b/test-compose/idp/container_files/config/shib-idp/views/client-storage/client-storage-write.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/client-storage/client-storage-write.vm rename to test-compose/idp/container_files/config/shib-idp/views/client-storage/client-storage-write.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/duo.vm b/test-compose/idp/container_files/config/shib-idp/views/duo.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/duo.vm rename to test-compose/idp/container_files/config/shib-idp/views/duo.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/error.vm b/test-compose/idp/container_files/config/shib-idp/views/error.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/error.vm rename to test-compose/idp/container_files/config/shib-idp/views/error.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/intercept/attribute-release.vm b/test-compose/idp/container_files/config/shib-idp/views/intercept/attribute-release.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/intercept/attribute-release.vm rename to test-compose/idp/container_files/config/shib-idp/views/intercept/attribute-release.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/intercept/expiring-password.vm b/test-compose/idp/container_files/config/shib-idp/views/intercept/expiring-password.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/intercept/expiring-password.vm rename to test-compose/idp/container_files/config/shib-idp/views/intercept/expiring-password.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/intercept/terms-of-use.vm b/test-compose/idp/container_files/config/shib-idp/views/intercept/terms-of-use.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/intercept/terms-of-use.vm rename to test-compose/idp/container_files/config/shib-idp/views/intercept/terms-of-use.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/login-error.vm b/test-compose/idp/container_files/config/shib-idp/views/login-error.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/login-error.vm rename to test-compose/idp/container_files/config/shib-idp/views/login-error.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/login.vm b/test-compose/idp/container_files/config/shib-idp/views/login.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/login.vm rename to test-compose/idp/container_files/config/shib-idp/views/login.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/logout-complete.vm b/test-compose/idp/container_files/config/shib-idp/views/logout-complete.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/logout-complete.vm rename to test-compose/idp/container_files/config/shib-idp/views/logout-complete.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/logout-propagate.vm b/test-compose/idp/container_files/config/shib-idp/views/logout-propagate.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/logout-propagate.vm rename to test-compose/idp/container_files/config/shib-idp/views/logout-propagate.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/logout.vm b/test-compose/idp/container_files/config/shib-idp/views/logout.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/logout.vm rename to test-compose/idp/container_files/config/shib-idp/views/logout.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/spnego-unavailable.vm b/test-compose/idp/container_files/config/shib-idp/views/spnego-unavailable.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/spnego-unavailable.vm rename to test-compose/idp/container_files/config/shib-idp/views/spnego-unavailable.vm diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/user-prefs.js b/test-compose/idp/container_files/config/shib-idp/views/user-prefs.js similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/user-prefs.js rename to test-compose/idp/container_files/config/shib-idp/views/user-prefs.js diff --git a/test-compose/idp/container_files/shib-idp/config/shib-idp/views/user-prefs.vm b/test-compose/idp/container_files/config/shib-idp/views/user-prefs.vm similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/shib-idp/views/user-prefs.vm rename to test-compose/idp/container_files/config/shib-idp/views/user-prefs.vm diff --git a/test-compose/idp/container_files/shib-idp/config/tomcat/catalina.policy b/test-compose/idp/container_files/config/tomcat/catalina.policy similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/tomcat/catalina.policy rename to test-compose/idp/container_files/config/tomcat/catalina.policy diff --git a/test-compose/idp/container_files/shib-idp/config/tomcat/catalina.properties b/test-compose/idp/container_files/config/tomcat/catalina.properties similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/tomcat/catalina.properties rename to test-compose/idp/container_files/config/tomcat/catalina.properties diff --git a/test-compose/idp/container_files/shib-idp/config/tomcat/context.xml b/test-compose/idp/container_files/config/tomcat/context.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/tomcat/context.xml rename to test-compose/idp/container_files/config/tomcat/context.xml diff --git a/test-compose/idp/container_files/shib-idp/config/tomcat/logging.properties b/test-compose/idp/container_files/config/tomcat/logging.properties similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/tomcat/logging.properties rename to test-compose/idp/container_files/config/tomcat/logging.properties diff --git a/test-compose/idp/container_files/shib-idp/config/tomcat/server.xml b/test-compose/idp/container_files/config/tomcat/server.xml similarity index 90% rename from test-compose/idp/container_files/shib-idp/config/tomcat/server.xml rename to test-compose/idp/container_files/config/tomcat/server.xml index 9991643..d0df37e 100644 --- a/test-compose/idp/container_files/shib-idp/config/tomcat/server.xml +++ b/test-compose/idp/container_files/config/tomcat/server.xml @@ -8,7 +8,7 @@ protocol="org.apache.coyote.http11.Http11NioProtocol" port="443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" - keystoreFile="/opt/certs/keystore.jks" keystorePass="34f9a51f-2a3a-42f8-b109-fce47dedeb24" + keystoreFile="/opt/certs/keystore.jks" keystorePass="e68cb9bc-bb21-4319-a664-1f755ad8b47c" clientAuth="false" sslProtocol="TLS"/> diff --git a/test-compose/idp/container_files/shib-idp/config/tomcat/server.xml.dist b/test-compose/idp/container_files/config/tomcat/server.xml.dist similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/tomcat/server.xml.dist rename to test-compose/idp/container_files/config/tomcat/server.xml.dist diff --git a/test-compose/idp/container_files/shib-idp/config/tomcat/tomcat-users.xml b/test-compose/idp/container_files/config/tomcat/tomcat-users.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/tomcat/tomcat-users.xml rename to test-compose/idp/container_files/config/tomcat/tomcat-users.xml diff --git a/test-compose/idp/container_files/shib-idp/config/tomcat/tomcat-users.xsd b/test-compose/idp/container_files/config/tomcat/tomcat-users.xsd similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/tomcat/tomcat-users.xsd rename to test-compose/idp/container_files/config/tomcat/tomcat-users.xsd diff --git a/test-compose/idp/container_files/shib-idp/config/tomcat/web.xml b/test-compose/idp/container_files/config/tomcat/web.xml similarity index 100% rename from test-compose/idp/container_files/shib-idp/config/tomcat/web.xml rename to test-compose/idp/container_files/config/tomcat/web.xml diff --git a/test-compose/idp/container_files/credentials/shib-idp/idp-encryption.crt b/test-compose/idp/container_files/credentials/shib-idp/idp-encryption.crt new file mode 100644 index 0000000..52a7085 --- /dev/null +++ b/test-compose/idp/container_files/credentials/shib-idp/idp-encryption.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHDCCAgSgAwIBAgIJAIg/g2B0+JTzMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV +BAMMD2lkcC5leGFtcGxlLmVkdTAeFw0xODEwMTAyMDM1NDBaFw0yMzEwMDkyMDM1 +NDBaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLmVkdTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAOXvrrP5G0yLd6OfWPO1NzKjTFqY6l9kyGid98uOOut3 +oFAwrjUgQ1gwVRNSVQNL7pfmiai1prNzzxo6oHXpctwJi+HK6l1JfKsmyOCo974d +S9HYnRL0HT59lIoT1oaIOr+5SGcSr0iFYLKkNwQz5FJrMIp0jkeFatoJ/FjZG8qy +z8NAaMTYMoR7pxWn6CuSTFPx0cKkSrxRwcUO+qsqBdrrweNSFUzo/KTmsl9wxga3 +bLdUJ4TzypQKRY5vFTO1yxk8ZM7JTUHYLEFXUyThjfUQLT2uMMGNpBO3dYWttGyY +yXOzFvuJiMp64JTcoDb698ca7e3oeLNa3SGOiPwHRnkCAwEAAaNlMGMwQgYDVR0R +BDswOYIPaWRwLmV4YW1wbGUuZWR1hiZodHRwczovL2lkcC5leGFtcGxlLmVkdS9p +ZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQURsDhZRUa47gaSCOLN4Uq1Jsgv0UwDQYJ +KoZIhvcNAQELBQADggEBAJ8PShxPRmdUeJJC/6lAGqGXlw3H+eVyC16hkU+Pozva +bjzDvJapj5r5MyUBkPvm6zPZKk2sDKGm640KVSxEjK+PHfCIIf/d3DQ6DgsvvBUu +/QLqG4dTOPwN6PJEVceo7jBAmMZk8nCMSMTfEl/nGwn0YxFbFVE6OamkYR9UuOD7 +qBfqXxNQspQvA74kP5iCW+5VNwmcmya2Zhe5yJtD0DS5EOLfu/elrrU6DuR9e8xv +SQnmhIXnMKQKMYmUcEuksved5NRkzHiojtMHKewlXpnB7rqJi7BUYkKqY3/vgOqD +iSIkxhgaixWy//7nNHLGeNsZgG9xmnQ41qYsRtw5RdY= +-----END CERTIFICATE----- diff --git a/test-compose/idp/container_files/credentials/shib-idp/idp-encryption.key b/test-compose/idp/container_files/credentials/shib-idp/idp-encryption.key new file mode 100644 index 0000000..1f570b4 --- /dev/null +++ b/test-compose/idp/container_files/credentials/shib-idp/idp-encryption.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDl766z+RtMi3ej +n1jztTcyo0xamOpfZMhonffLjjrrd6BQMK41IENYMFUTUlUDS+6X5omotaazc88a +OqB16XLcCYvhyupdSXyrJsjgqPe+HUvR2J0S9B0+fZSKE9aGiDq/uUhnEq9IhWCy +pDcEM+RSazCKdI5HhWraCfxY2RvKss/DQGjE2DKEe6cVp+grkkxT8dHCpEq8UcHF +DvqrKgXa68HjUhVM6Pyk5rJfcMYGt2y3VCeE88qUCkWObxUztcsZPGTOyU1B2CxB +V1Mk4Y31EC09rjDBjaQTt3WFrbRsmMlzsxb7iYjKeuCU3KA2+vfHGu3t6HizWt0h +joj8B0Z5AgMBAAECggEBANZTs+TOLkQLPFmoDqIcKHdq/6DzKIQCzUu282MqEIGr +4CLfPYMHr75kTujTtap8/MlaerZnnBtpt4IbY7aFBCtWOq0dF5gdB7gBTv0agtMT +O7k+0Cr6oMe/BtYt56k/EoPjkTmCkSBoMtpRd3bTZ9/rSjPEsVq5YgAbjrzCosUs +YyGoTQC+sjPCOQDglr4tujgveBvGatEonfTxurJrUqHr3QBd3Biop3UXuc3g3wx4 +yqXwHwACyPL9BY0r1e7WzfC1jSjWaxZkNg30XSJPuhvMoLaOunJUTqYMwlSlpuOJ +AdVPOBUXx5cmn7j8KZaTqdqKXM2G7JKH0BcW6KlMQAECgYEA+6vP9QY2Jw+v6xj1 +qK3QFSQIdvZq2zeJjmEgKkIFDsmdg4dxxu8awUOZFp/JQETsibmvuDlNHfSmmTMg +0PCMQE924e1fHU7GZfxK2gtM4sKWK/0PxQsLzWD/J8Q8fpMAMS5X4wvVLhyqrIPk +WrmGZb5RN7kbSvRbRJfCVwNd2rkCgYEA6eQqHxawUHD0lPNWBW4vI1C50H3qSbzB +TFfunUz1NCmVlxU55pyLlTzUuGxD9wRXVAs1YL6z6a6EjzbB2WfaTTQ7zD2pZldQ +NrRxigkqm/7RuNL+O26RH0VP8ANAryxnfbnRsU2kraATSt199cFSgb+eKjz3T7OD +rMrOvoJL6cECgYAGB22p7wYpFWUfeq+X5OIRP5W8U9bnfYMcGBOPL5mzav0NA5ek +LmIzswzdz+IgWgZYnkwpW6YPS6caEHF+z+RsPfsZGnim2RZDpzGb251x6TtzvlI8 +ZDFaMDKsnzTby2W7x+JvG/91ZVZpX5d+3ObtVQvZC+QtfYEaOZB8SSZccQKBgQDV +feQI3p/vvTsznu4dJNc4KB6ENfsedYIHmpf+01la1L5r2v8wBiLPBWiyMnjTSA4i +c9y0Qz5cBmWPiA7n0IkOQah3pK008mwQkyK0Oeu/2pg6WbWgMCudXJo73ew0OZb5 +xxyl99ZieaRCiOzJ3z3dmzfXHDEuehCuL60Jbku2wQKBgQCMN7ETD7apRliJosKb +UQDEA/hV3Nw3TqCEpCz01pR3HHLedHYwQhUsUNkMycVlV52/STqe/6c8rcZmt7hD +csAkWpoKHU9v5s6pdu3SMURzHi8q1p8hO49n3eqx2IhJOzpMFygmJgBy6jNiXkAD +/6HfDYCuMSxoqgofz0jtyZAMow== +-----END PRIVATE KEY----- diff --git a/test-compose/idp/container_files/credentials/shib-idp/idp-signing.crt b/test-compose/idp/container_files/credentials/shib-idp/idp-signing.crt new file mode 100644 index 0000000..5890db7 --- /dev/null +++ b/test-compose/idp/container_files/credentials/shib-idp/idp-signing.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHDCCAgSgAwIBAgIJAPEnL5jgbeVoMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV +BAMMD2lkcC5leGFtcGxlLmVkdTAeFw0xODEwMTAyMDM1NDBaFw0yMzEwMDkyMDM1 +NDBaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLmVkdTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKwTrvQhmFX3SUNgJAhQ/YV0UX56Rt53mwbiKuH+Ez83 +7z6XRynBVsfzHfbWe0IpNKx5mIr84dfbGhQKQBEKzQuek7ihW3J6PIVZN1A3icZZ +B9i7gow902bT0ZfRG8QW49gl7pk3ASutPcO9Dq5Xc/AqWr3OSO/Pei0yBtTdzG3b +rm0u0gbj3P2tjt7BN77wIB+yjJsND3ITtP0MFXIJxLTlty8thwqQOAOAYcF+rhC5 +znnBLsRNo0E57PtzZs8i/BpEX2uPTxpEyvlU1vtyxcKUiHtK5ZjOsDEkS2rEualr ++FILYg/Oxw1gi0+mNO1a94Ft+UoLiREztq6MQt8OK98CAwEAAaNlMGMwQgYDVR0R +BDswOYIPaWRwLmV4YW1wbGUuZWR1hiZodHRwczovL2lkcC5leGFtcGxlLmVkdS9p +ZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQU3ZJ8oHkmlgPtZuZAxnzONccPsb8wDQYJ +KoZIhvcNAQELBQADggEBAIJ4oZKSMGpF8J3qdfjLZGkc3iVbu/eiE1MD77no0oCz +nelY0CNUBuFJk1Xv+Bv0fW0cVugtMPz4xi7zv0zkpS2IVxpPZWBosuVabUD9k+V4 +iN5woJdO7e2KRGvhlWmbkmoZUvhygDe0u0vblNfLzDwFQvxHXiWG//P7SanoQrjP +dE8U21tYz+EFm6s5TvHxVhr9id8c+UacAFCpAtzUB+J8K1abx05XlKsySflkOQV9 +JbM4zOy5gXSI5dY9dGUF77g0muyC+jAhIhLSt/7v3vJgvBurrxPoeBFXOU3D+siT +VZlKtYzYjJhVqXx1vKrWEE1hkpqm+iYgZe4MvgcdswY= +-----END CERTIFICATE----- diff --git a/test-compose/idp/container_files/credentials/shib-idp/idp-signing.key b/test-compose/idp/container_files/credentials/shib-idp/idp-signing.key new file mode 100644 index 0000000..46de653 --- /dev/null +++ b/test-compose/idp/container_files/credentials/shib-idp/idp-signing.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsE670IZhV90lD +YCQIUP2FdFF+ekbed5sG4irh/hM/N+8+l0cpwVbH8x321ntCKTSseZiK/OHX2xoU +CkARCs0LnpO4oVtyejyFWTdQN4nGWQfYu4KMPdNm09GX0RvEFuPYJe6ZNwErrT3D +vQ6uV3PwKlq9zkjvz3otMgbU3cxt265tLtIG49z9rY7ewTe+8CAfsoybDQ9yE7T9 +DBVyCcS05bcvLYcKkDgDgGHBfq4Quc55wS7ETaNBOez7c2bPIvwaRF9rj08aRMr5 +VNb7csXClIh7SuWYzrAxJEtqxLmpa/hSC2IPzscNYItPpjTtWveBbflKC4kRM7au +jELfDivfAgMBAAECggEAXcm8qcNFzFUj0V0tRnseMwbbBByRU9/M10ueI97fjq1l +8K9zUgbWzdRsmIT+WWksFHWR9u8uCQCajiGoGaHRcGvWB+OqfBKzudqOk2Ix7bHI +3RAWb2mjN4Br1FtcztvLA5xpF4krUiryZyU8QznXLydmnd05U7u507hYkNzy90zI +ERp3p1PXL6XagW8SlraBbQW6HMCzwaILFT6v9Lxen8cw8VTSFEPfNthfGC2kmWRq +/ub/bbjx7HaV2p+U7FuXI2tk/pXbZxkHAMJ0OPcSx6lfcKU9m79peIgzA3vqALDj +QsvHioZ4O0ocOqj4ul1dojYrGYyjwXTNhGmytnXKwQKBgQDcAzg+FGMBDRuPLq7f +l9WoC4Pz/kN3nY0BGg6Ow5TW9SnDeUSZ5Mt3utuPyMtsHHwdTjR+iHMZv1uFOXCL +lI0SpkvRHCXCnsZqRPmnoGA0Tf+b1VfwjvZEiYJBnS5eKcy7nB81tBO/nty43eCo +241VeEX7USkrOqjVyYnK+YUwfQKBgQDIOTXewaEI3X/AOSXd35lZm9egGwTCTG3X +yIvZ6DghNLaAAVI52o9Y8mpLzdZP81+pATjgedR2UZbVt6blAT9BAqi+K6wZqZ3P +k8eRxm/h57zV/Ixlzxk6k5xzjzb4ZBSha+kAy8bvVqWYgIbbHEB5gMlorKF7m8Uy +A78p3N+4iwKBgHKM0pmv76Q6eODhw3bzDPEDnd5JwkLjKukp8e5u8m3BE8+MsiUW +NMHP7kU8nH1bj1uKvlYrIRKEyVfiAjEKVTEimFL1vstH87Kc2wdlvvE8sxslxzWe +maYxmjojZmLsjIYZ0T4a1jVstyshirkgJsQbbQRey3qQfhthZXbi12/ZAoGBAIg8 +rVQJ6nnuxUtVV1e2GlEnwjtVxxIyERefhNFbuj2V8Yv92iY1eg5qvDsiLu4tymxj +wYC0RQXRFFINaYkvJQwmNA1aB/taN2ATzNp67IwJM6ti8WEg3qjF4dGbpCq1ZnhD +xcJd5dna2kh/Q8N5YMGMCP+pXyONZUtX00431R5rAoGBAMIqlJSFfXtiAs+ox5Wo +RJTP1jXBMwLxIpAiA2831OG1I2MmuRFfcl7bw0Ei2XWGfanenLd6pCHo5wVWvZ/k +7f3zg2NItabMZLIpc3ES8Sr1N0IeSOuAlLwWQ4wTeaF673dwLaGJ+doQERc3psoY +PSJOpnyo7wRfuXWQaKpzcF+w +-----END PRIVATE KEY----- diff --git a/test-compose/idp/container_files/shib-idp/credentials/shib-idp/inc-md-cert.pem b/test-compose/idp/container_files/credentials/shib-idp/inc-md-cert.pem similarity index 100% rename from test-compose/idp/container_files/shib-idp/credentials/shib-idp/inc-md-cert.pem rename to test-compose/idp/container_files/credentials/shib-idp/inc-md-cert.pem diff --git a/test-compose/idp/container_files/credentials/shib-idp/sealer.jks b/test-compose/idp/container_files/credentials/shib-idp/sealer.jks new file mode 100644 index 0000000000000000000000000000000000000000..69d21ac92bb4c7602eddbe1812ced3867b32567a GIT binary patch literal 518 zcmX?i?%X*B1_mY|W&~np2KM6ART7Qd9hsvQm>v-13XOQ!4|C@=Ji6{Gzkrry`#l><$JRUQxs# znUz?USOL?Itj*5McG=ryDXA#|iA9OI#U%_((N56}0zg5Ky{ReA z`FSO&c_oDmbqq{C44egERgO97B@9A7APe+!67$magG-7s^U|$-K)y-L0ZN0^GglOp z7Jyzp&!EJ~yJ3Nn?q|XH`35Y&oVz9>6ee&#oLX5IJTYGg_?j3S+*zW0)&aRfj`Bv?@ z#-o)b3}OLJuHl&_8NM#2j(I5|MVSRTsV=U;I3-vbH+=s!=ScPe2K!W>do!E!3zt9a%#p!pMj$kv)TvU1Vvj6G@gw zcICE5xJB7UPquD~TiwqO_kZyG@cH5My3Td3bG^^GKIdrjXcGc~Ku-$zUCe=aANN4d zo44?8C*^5uI1#>Deu&FlC%Y&OL3;{Zd~e$b ztrmKR@C>uG_4H{6!NM6?54Kj{%9u^yFMcZ$A#*)_6p)%6`)FTjYZ0Q4$d=PO+p{>0 zOUbRc`5_h-rx8O@4i4KzX%Pzlpyzil13sYI}I^diT5gEC;XV>5xUabu~h5f>0 z54~nZ4v8UcK@{1e#pE8-H|=#9hghWrXAhp|{kkir<4Tv5Dy4V$SMvN8Az!(M_N>JL zl^b11mTSB+Q>zBB~D@TqC4qOy8oIT3Yjzrszd}ms5_n!AC5ZKKMd)Z)T=iSoy zN?~BxHm^mG>T;V$L=7=rR=wW`?Z0FZIViiN6PRpn@K{5$<~vX5Y@pXQxqFpu%!w%h zy_SPf9i9)SvZL&jz)_38N{X-Y8H>2*97jZ}4%nsB^|=M|9TjP?=Jwu1byKNDg)zpL zjjWaC?O)^>(8}DGotC4^WD79WeU9~#n!4=;2kK8VbYm&_2QtW`sFVr3xU&2!e^s+> z%alK_mX!EnC<;_cRWU4uynro+Ntlp6rUu0=4J#I*G2{02gc(hP@pN61c_4|}ysdNd zrUx#;9vA1NBrE#YFwa@#oztkN^C+@V(+^3RTfQOBbTNf>dFl%+zFYI_S`FnXyqr4u zb?dFgLSvC1q6t@h7X;YdS3Y+l#yF5GBv8y%9sc^cAMz{xV&XW7PuuWl5lMS-FAW!p z8k{qDOEM@;{?8aYgE6~GnDJmZ%YA0vOvjl8cp1SmI9*8b?g2u@U-A)mv}4IZ`NHw( zN?HDTy%I-k`1F&z_x-izDsLou*OwEjZ0fgMt-xu_Vq-TQviP5(J{_b2b61 z2>V;B7UC&06oj|;dwnxk+a2`Xg^lb_lrAngZDE-hdSP;SU9k4^gFT#7ENrv(=MW%Q6Hk}nwudBk4p}O zXG9x0uibz~1Yo?5da{0ezGQR-I?z30r#BnzKyzXCA8$xULokSHeNZ} zu0~un+_7~@N&3CTISz;ZYfB?k#+?sWgiQ%tja}IGu{?i9(=WC^X`?L#ud`Wl4oPL) zj1_I))%NS;&tH#o*i6ZzRDDWs@08d@Yl=UA{`O~7ZG zUC1Q{5|c_c;`YA8nQfyVKuE8lzE2qA4=>}a!Q!1=XWenCQirdzR`k6lBZKKPoyC8E z=VRb$Ar}s~AJ7(f1r&1PYEKC>363)_>P%U2+%p*+b~%jQ$PwZHBPeo0EB-i)raTNr z$!+>9U3g@Bkz!fu2wXg$?=A&}0T7^A6cho4PA*u84SovFBO>CrJNM?CdEDbH&c-9F zI;+uR$$y7<^6E}P1R&==6&_TM7dc<{TTh$QX;_$akk}bavsK;sD5~)6&qOkM9C)oNp5wZpJ6S{lwhnK$X9(sT4*DNQTfO9#%igpjr3)qwA( zo8qS`JU+QsEl36K;)p!EwwIgZsxCZu!i0W71YG5+m^R|tKOIz6C(KS4w3W?|ut~Oc z5D%#_(_o}(p{Isi`dlpi=S?Z)LrXSI>5RLPj!0rPx$MjmFLu_9FOs9!P1m`Lu^d`l z>A$9L(KQ=3&QFx9U^LXA9nMz9cRR1@GPTI?qvt{%zKAEx=a&WIt@YRlQUUl+=`f#G=I9;t~d?Xs2if0iYnr-qaN5 z{JfIXyplqOItC^m2F?PoD#x7k5(Xh3kOlfViFxVz!6ikRdFj?ZAm1eB0Hs0dnJWrP zi$LbB`7Hi}jU(g%$Xx|MPYW9GvvBx#)m(qQk5`?EnVHw26r`RND7E0RS?1K2_ZWo@ zu6r&JcmKlL>O15A>+FZEJ+l+Tl(xra|JHD}`TJ^x%Z76yJfBlI z)J}-@C;uys`*r1I_))&d?(_bPrKP=?ogbnBj5cCY>UNkv7o78X4W F2LOf^%TfRU diff --git a/test-compose/idp/container_files/shib-idp/credentials/tomcat/keystore.jks b/test-compose/idp/container_files/shib-idp/credentials/tomcat/keystore.jks deleted file mode 100644 index 4c2adaa7cd449d5fbbc19930a1633558fa99658c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2282 zcmc(g={ppP7sqF_&S30JxW+}RrmMe{s+Go=f(H)oaa2}`JVHfbFg@@2mk;;M*;j5+`$AtuVA7# ziQsvJyzEP^Yy$vnAQTO9fZ}E6R$>Q2fQle~Adn3Jp+V-zpr!5iODqqK&G^Lo=1ylR z)$-ArW8@l+m*IT;lR_L{s3EBVEIh~vjShwdyZWePb)Ez+GCeGrhSG4b0riM(m0Z#Df4>cSPd7fc5^+Im1qb%6;OU7dhHKh0(?r)+SQS6-jydjIfU7r(&G_B`lmAGBy3%U;cwI-p5pLE(q?*oVxaz74AGnjzCMfZ1w% zRjx##8y~W%nVcQnwFFGw7*W-53264PcA;)$zn?ij+r8uxc*A;_C&I1p50dC|%2y~{ zr9}r*787O43c7nTderm)ab|4qVKuX3G&5m#@iisN_JX%@>yLXL^_aI>bC>NX!QMPh zqwZwXIW@oA9wQC0H_;UUC(${r;h^YQo*wRN#-mZ-TVAVIG0$zn(;v+vvr0@vJ12gd zldP$C9yuxuo@DtCPQ>2a{gjh($e1va z24`;b2{HEFw1F__!$gakq~U4d2;+G>L{5RPN|{tu>NWmWJ}$umdaHkxF}9-#A;`k! z4sKGF+_d=^=k6xrXotMEHUAFyXjlFA3_j zb)v6$!%<)B>0mUSP*eZI+*f3cgLvy+n31yxyGQo9nxpGw%^o1itdc(Yi4a&R@}+G+9x>T}IaSf;v^0IXVVsx5s;zf=C3P@pkQ2l}=tJec zi8-2_i#Xg}7b|72;59vn9H0t%G7o_=_sdfl@^_T!(1C!H%9q8#d~o$meti$#r1R8U zU1zTg>Ah7Tm|Hqp%OW+rrp~ZdF?UOKkzSjN%Ycfq(6U>l+9MpiYkhX!jOp@BFq{uQ2U!4Nf7k|M+5Gt^=(vNGnNJ?_WD z?VhHjZS%8roMex`WHsY%0m5V=-7YGO^ESoTaXKQR`I@_pKRY{X>;Z4a`ai;6OvOe* zck9KK^_nb}RsxC5Ees)FWS7*}l{NOczg6_(@SHVB2J`HX`VhszQ4hGiq$Qr zy(bF+Gn+1f6BrNH`&mV|!}$$qk-Q*IycsB;6y(ph??f|jOj5H@+xm4K+3>2TP}%?h zI2%O+(@`|g^*k^L2m(Ru+;R6%JnUSGv1YMbJU}3n4S3~@?gEPHs)SHC|0{k3Rf1;-N=lRmt%XLRv`(T=p-yQ#9!c#Zss2Ct z|89>4l=-h=NB;y&1M&e-G$1#K1_T0P;3A=t`@;Y#JsQ-bYw@na3T;%|ka>SeL?(B) z-4q6}CJzhFzyo304XJAc6j8i|A-wPopW$p2x8adhn)WBXuTHeg_Ddr?G(NGdE;Bw` zWNhV=)OvVpV-m+e*@@cA$9_QX#8Zu+?hYnrX71T`M@A020JC|qWn^oyE zoh-M1=}^gqYPixbJ6SKLP>~~4obBybbnm;)hW%-E+q{U+&`-{dEzzye(JfXdB%8l? zNXv6iaNE=!w05-*-EZWHCyf{R%p0ZFOP14sEg-`9Zm{j8?P+zcME18z(}-kM-Gy6L zL|?}YmXG0sm)D|p!rBsQ6$C+GAOKi^ME!=6JQ}bhFGK_)lyX)4u{00qspW)mHYv`b z9GRf7{$CT1w(iJ8AOKb(U!(Kv7?ma}robROzDjoUo5wYZoX``P8y0P=PYhzT)Gn&* zRQeO_ESR$yRT)#-WE)q#!GI#^bQ19omlzk0qQbvM1*M|KK5Kq>Q6m-zXE~84&&Lm_ zNR?K>?qcpB$F2I^KArHzMZB$mT&wC!S50n%F$k7M!X+IMdff9W7FFr#-s2tk$$iB_ z{s;m~YKuN}{~*QFGO{ZLH8ql?yepGtlOgWrt5CUV-bUQD%kl4mrs&>?!+aEW?C9B@ z&8=#G(Pg*z`NqYCIN_R8AM!ik=~(POT&4S^Z|co_y~+g5K3DSsnKt!To_!21ozjp- iqqR1x*PR|boBG)Au2!!VqQdPm<(W^ls*fY8#r^@Z2;;l} diff --git a/test-compose/idp/container_files/shib-idp/wwwroot/robots.txt b/test-compose/idp/container_files/wwwroot/robots.txt similarity index 100% rename from test-compose/idp/container_files/shib-idp/wwwroot/robots.txt rename to test-compose/idp/container_files/wwwroot/robots.txt From 286b0d15a878ade7a21020719772af8954284b21 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 11 Oct 2018 17:41:45 -0400 Subject: [PATCH 03/30] add SP test --- test-compose/decompose.sh | 27 ++- test-compose/docker-compose.yml | 11 + .../config/shib-idp/conf/attribute-filter.xml | 9 +- .../shib-idp/conf/metadata-providers.xml | 11 +- .../shib-idp/metadata/testsp-metadata.xml | 77 +++++++ test-compose/sp/Dockerfile | 28 +++ .../sp/container_files/idp-metadata.xml | 37 +++ test-compose/sp/container_files/index.php | 2 + .../sp/container_files/shibboleth2.xml | 137 +++++++++++ test-compose/sp/container_files/ssl.conf | 218 ++++++++++++++++++ test-compose/sp/container_files/testsp.crt | 22 ++ test-compose/sp/container_files/testsp.key | 27 +++ tests/fulltest.sh | 39 ++++ tests/main.bats | 3 + tests/sptest.login | 2 + 15 files changed, 636 insertions(+), 14 deletions(-) create mode 100644 test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml create mode 100644 test-compose/sp/Dockerfile create mode 100644 test-compose/sp/container_files/idp-metadata.xml create mode 100644 test-compose/sp/container_files/index.php create mode 100644 test-compose/sp/container_files/shibboleth2.xml create mode 100644 test-compose/sp/container_files/ssl.conf create mode 100644 test-compose/sp/container_files/testsp.crt create mode 100644 test-compose/sp/container_files/testsp.key create mode 100755 tests/fulltest.sh create mode 100644 tests/sptest.login diff --git a/test-compose/decompose.sh b/test-compose/decompose.sh index 3139530..2472301 100755 --- a/test-compose/decompose.sh +++ b/test-compose/decompose.sh @@ -1,6 +1,11 @@ #!/bin/bash -read -r -p "Are you sure you want to remove the test idp and data images/containers? [y/N] " response +if [ "$1" == '-y' ]; then + response="Y" +else + read -r -p "Are you sure you want to remove the test idp and data images/containers? [y/N] " response +fi + if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then #kill, if running, and remove idp container docker ps | grep test-compose_idp &>/dev/null @@ -38,9 +43,29 @@ if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then fi fi + #kill, if running, and remove sp container + docker ps | grep test-compose_sp &>/dev/null + if [ $? == '0' ]; then + #get container ID + export contid2=$(docker ps | grep test-compose_sp | cut -f 1 -d ' ') + docker kill ${contid2} &>/dev/null + docker rm ${contid2} &>/dev/null + else + #check if an old container is present, rm if needed + docker container ls -a | grep test-compose_sp &>/dev/null + if [ $? == '0' ]; then + #get container ID + export contid2=$(docker container ls -a | grep test-compose_sp | cut -f 1 -d ' ') + docker kill ${contid2} &>/dev/null + docker rm ${contid2} &>/dev/null + fi + fi + + #remove images docker rmi -f test-compose_idp &>/dev/null docker rmi -f test-compose_data &>/dev/null + docker rmi -f test-compose_sp &>/dev/null else echo "Terminating..." diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml index ddc465b..43bc9cf 100644 --- a/test-compose/docker-compose.yml +++ b/test-compose/docker-compose.yml @@ -36,6 +36,17 @@ services: - shibidp_ldap:/var/lib/dirsrv + sp: + build: ./sp/ + expose: + - "8443" + networks: + - front + - back + ports: + - "8443:8443" + + networks: front: driver: bridge diff --git a/test-compose/idp/container_files/config/shib-idp/conf/attribute-filter.xml b/test-compose/idp/container_files/config/shib-idp/conf/attribute-filter.xml index 326dfe9..8e43db8 100644 --- a/test-compose/idp/container_files/config/shib-idp/conf/attribute-filter.xml +++ b/test-compose/idp/container_files/config/shib-idp/conf/attribute-filter.xml @@ -97,9 +97,9 @@ - - - + + + @@ -113,7 +113,6 @@ - - + diff --git a/test-compose/idp/container_files/config/shib-idp/conf/metadata-providers.xml b/test-compose/idp/container_files/config/shib-idp/conf/metadata-providers.xml index 48f06ca..6daa0ca 100644 --- a/test-compose/idp/container_files/config/shib-idp/conf/metadata-providers.xml +++ b/test-compose/idp/container_files/config/shib-idp/conf/metadata-providers.xml @@ -79,13 +79,8 @@ - - - - - + + + diff --git a/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml b/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml new file mode 100644 index 0000000..943d09b --- /dev/null +++ b/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml @@ -0,0 +1,77 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + 66388f647a9e + + CN=66388f647a9e + MIID6zCCAlOgAwIBAgIJAMCeCgmjpfr4MA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV +BAMTDDY2Mzg4ZjY0N2E5ZTAeFw0xODA2MTUxMjExNDFaFw0yODA2MTIxMjExNDFa +MBcxFTATBgNVBAMTDDY2Mzg4ZjY0N2E5ZTCCAaIwDQYJKoZIhvcNAQEBBQADggGP +ADCCAYoCggGBAMneS5jhJI6hTH0lIksMea1JkouRu3schI0M/VDq4RdVla0Y1R9e +ToipLSYfGlR7X17udgSlL1HRyDjE7/IRkFt5UzAkTy/DKE0gDnmfGz3OHWPSmTzm +uPvxmSeIHwqnVAoxnRkqNQDh7uReeskXuJmoxE98hSU41FjAJ12ADPqXVGtkNQhN +78rhTcdQqWQzu8Tlho/2Zl3U3B6ANMj1gbgK20TXL1iQs1eiKBQGnT+NMBuR+fHO +HRON8v+IcrYCVAwEG4gq36xv6J37bHY1ok/MydsglOGdEobHyHVNCgA3lgPUXuMJ +S1oSR7cCcjFowi0nVSHaYwBHAyQ1g1u9g0XD+lOpLGgzGJyIgnCG8IELmaaCQ74f +gtbd8GvXktX7TkLWlAcYEBmjbrqOTxoUY8b1Wbw3AK1y9flUFpmLNPTH+WSsI70F +wb1W0wpZ+bh/0c6jNhc1vJMUY9b06nSXuqYwrxOQ2P4BPlUrkY3DnIBduOh4RFii +9kp6RPqebrd0eQIDAQABozowODAXBgNVHREEEDAOggw2NjM4OGY2NDdhOWUwHQYD +VR0OBBYEFM8IntLcC3iWk5bKQViCAXpNLOcaMA0GCSqGSIb3DQEBCwUAA4IBgQCq +vck5pcsYJAXJ/weacPjq6rjDaKYLCSCjgXYR7Dm7nOwfVnebSjbhBVOyQztU4HSB +rm2tqQwNQDFHM/YBeQYbBkKy5mGW2FO0wQX8L2pDp2SAGDsjb4FE9w5wMRJrGdCg +LpeCnMRklSxFCtBedu8eWz5nbRwYUk77VcbcNbNxx+linPHvc2Vce4a26xaoXdzC +wip2F84pxTOqlVgTpX5g5fV0lhZiNDs+HZ5quUqW9CP3xxRdwCXzulpZaN411IbV +xU4Y/J4Hi+JSS3vp3xHRGGyNxW39ljNihOO2R2T+oGwHL8Ri3iYFMXEYaVJXoIrz +IzdnpziNptcaKLKk2k2bZW+t3we2XuhFG5h6qv6lWJW7EbBQCgBLtmy2xdSklrCj +zZ8Me+OHIItA9Voe329U6HV4n676L/X5j6omS7SRlwylJ/ljqt+htL5EUwTTC8H4 +3BnUQyPT4W3Qljjyv9Weg45iMXrZd6wVYFw5JK/uT/4ST4j0PLLkK3seh91gyac= + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test-compose/sp/Dockerfile b/test-compose/sp/Dockerfile new file mode 100644 index 0000000..d4de941 --- /dev/null +++ b/test-compose/sp/Dockerfile @@ -0,0 +1,28 @@ +FROM tier/shibboleth_sp + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Shibboleth SP" \ + ImageName=$imagename \ + ImageOS=centos7 + +RUN yum -y update; yum -y install php; mkdir -p /var/www/html/secure/ + +ADD container_files/shibboleth2.xml /etc/shibboleth/ +ADD container_files/idp-metadata.xml /etc/shibboleth/ +ADD container_files/ssl.conf /etc/httpd/conf.d/ +ADD container_files/testsp.crt /etc/pki/tls/certs/ +ADD container_files/testsp.key /etc/pki/tls/private/ +ADD container_files/index.php /var/www/html/secure/ + +RUN sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \ + && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \ + && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \ + && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \ + && sed -i '/UseCanonicalName/c\UseCanonicalName On' /etc/httpd/conf/httpd.conf \ + && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \ + && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf + + +EXPOSE 8443 + diff --git a/test-compose/sp/container_files/idp-metadata.xml b/test-compose/sp/container_files/idp-metadata.xml new file mode 100644 index 0000000..367fa2c --- /dev/null +++ b/test-compose/sp/container_files/idp-metadata.xml @@ -0,0 +1,37 @@ + + + + example.edu + + + + + +MIIDHDCCAgSgAwIBAgIJAPEnL5jgbeVoMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV +BAMMD2lkcC5leGFtcGxlLmVkdTAeFw0xODEwMTAyMDM1NDBaFw0yMzEwMDkyMDM1 +NDBaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLmVkdTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKwTrvQhmFX3SUNgJAhQ/YV0UX56Rt53mwbiKuH+Ez83 +7z6XRynBVsfzHfbWe0IpNKx5mIr84dfbGhQKQBEKzQuek7ihW3J6PIVZN1A3icZZ +B9i7gow902bT0ZfRG8QW49gl7pk3ASutPcO9Dq5Xc/AqWr3OSO/Pei0yBtTdzG3b +rm0u0gbj3P2tjt7BN77wIB+yjJsND3ITtP0MFXIJxLTlty8thwqQOAOAYcF+rhC5 +znnBLsRNo0E57PtzZs8i/BpEX2uPTxpEyvlU1vtyxcKUiHtK5ZjOsDEkS2rEualr ++FILYg/Oxw1gi0+mNO1a94Ft+UoLiREztq6MQt8OK98CAwEAAaNlMGMwQgYDVR0R +BDswOYIPaWRwLmV4YW1wbGUuZWR1hiZodHRwczovL2lkcC5leGFtcGxlLmVkdS9p +ZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQU3ZJ8oHkmlgPtZuZAxnzONccPsb8wDQYJ +KoZIhvcNAQELBQADggEBAIJ4oZKSMGpF8J3qdfjLZGkc3iVbu/eiE1MD77no0oCz +nelY0CNUBuFJk1Xv+Bv0fW0cVugtMPz4xi7zv0zkpS2IVxpPZWBosuVabUD9k+V4 +iN5woJdO7e2KRGvhlWmbkmoZUvhygDe0u0vblNfLzDwFQvxHXiWG//P7SanoQrjP +dE8U21tYz+EFm6s5TvHxVhr9id8c+UacAFCpAtzUB+J8K1abx05XlKsySflkOQV9 +JbM4zOy5gXSI5dY9dGUF77g0muyC+jAhIhLSt/7v3vJgvBurrxPoeBFXOU3D+siT +VZlKtYzYjJhVqXx1vKrWEE1hkpqm+iYgZe4MvgcdswY= + + + + + + + + + + + diff --git a/test-compose/sp/container_files/index.php b/test-compose/sp/container_files/index.php new file mode 100644 index 0000000..1d3efd3 --- /dev/null +++ b/test-compose/sp/container_files/index.php @@ -0,0 +1,2 @@ + + diff --git a/test-compose/sp/container_files/shibboleth2.xml b/test-compose/sp/container_files/shibboleth2.xml new file mode 100644 index 0000000..6caa45a --- /dev/null +++ b/test-compose/sp/container_files/shibboleth2.xml @@ -0,0 +1,137 @@ + + + + + + + + + + + + + + + + + SAML2 + + + + SAML2 Local + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test-compose/sp/container_files/ssl.conf b/test-compose/sp/container_files/ssl.conf new file mode 100644 index 0000000..19b1139 --- /dev/null +++ b/test-compose/sp/container_files/ssl.conf @@ -0,0 +1,218 @@ +# +# When we also provide SSL we have to listen to the +# the HTTPS port in addition. +# +Listen 8443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +ServerName sptest.example.edu:8443 +UseCanonicalName On + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Protocol support: +# List the enable protocol levels with which clients will be able to +# connect. Disable SSLv2 access by default: +SSLProtocol all -SSLv2 -SSLv3 + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA + +# Speed-optimized SSL Cipher configuration: +# If speed is your main concern (on busy HTTPS servers e.g.), +# you might want to force clients to specific, performance +# optimized ciphers. In this case, prepend those ciphers +# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. +# Caveat: by giving precedence to RC4-SHA and AES128-SHA +# (as in the example below), most connections will no longer +# have perfect forward secrecy - if the server's key is +# compromised, captures of past or future traffic must be +# considered compromised, too. +#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 +#SSLHonorCipherOrder on + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A new +# certificate can be generated using the genkey(1) command. +SSLCertificateFile /etc/pki/tls/certs/testsp.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/pki/tls/private/testsp.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + diff --git a/test-compose/sp/container_files/testsp.crt b/test-compose/sp/container_files/testsp.crt new file mode 100644 index 0000000..34a135d --- /dev/null +++ b/test-compose/sp/container_files/testsp.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDnTCCAoWgAwIBAgIJANYHemLHm+2hMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhNaWNoaWdhbjESMBAGA1UEBwwJQW5uIEFyYm9yMRIw +EAYDVQQKDAlJbnRlcm5ldDIxGzAZBgNVBAMMEnNwdGVzdC5leGFtcGxlLmVkdTAe +Fw0xODEwMTExNzE4MjBaFw0yMTEwMTAxNzE4MjBaMGUxCzAJBgNVBAYTAlVTMREw +DwYDVQQIDAhNaWNoaWdhbjESMBAGA1UEBwwJQW5uIEFyYm9yMRIwEAYDVQQKDAlJ +bnRlcm5ldDIxGzAZBgNVBAMMEnNwdGVzdC5leGFtcGxlLmVkdTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALWP3/PVFC+IoP8yvLz/fAz6Kt5owWyCcGeU +e0ujIcB566JfOtnY5NDsw0H6dtok7ZXwmlXBB+pUMgmA3M292V1Uchc92uM/7NJD +gEmPfw1O4ZA6hoC2jyGtg3vbaGVvYLMJ4ItHPVdsH/MARZz47WtYeGP8fCc2dgTO +BG4I7w2vNZOS0sgFKUXpwpMEOzprF9PDY6+c7v48hQxuhwIDORIeYXKBzp1Nl0Jr +FidZjnPsdrY4NFmqawhuV9eviwBO0a+tS/7RynxKRbFKpNO1tRv1K5UmtwtopChl +CcjeHlvhbUXp3KKBe7HSffTZwTiKYKAuSNqf++b9OBMXol0XBtsCAwEAAaNQME4w +HQYDVR0OBBYEFOUsErZhx0Jdla4+bUSL5dvVl1dsMB8GA1UdIwQYMBaAFOUsErZh +x0Jdla4+bUSL5dvVl1dsMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AC4JrL7YNOk3G4GiIQCJK0zBwzIMSaMcpi6SdjANrdZu+1lu5dj2AOBKL9seM88o +eqw5Kb0+fZFrpVm4MKTrIs/WtHTZVIhXQiaDBvuCllwbP8+leP/YFmEbWQ+tSzau +6gU6Po+K0jpQwyNTJABbxKGR80Dkq3+Y1JKMGM+MgL32IUUr4/pAG/tb/Y0tH0uC +qa5f9MihfT1iEKI1t5VYvX6gazB9y8OogxSvfG88KXYkx4NmIzpEVjVz/kmtdTyQ +c6OmH8dk8HhShS8Wvq3djzKMuaAqOL/1jCVPdOATDz/GNBYyNT1RV9z2xpPvmPeX +ohK/aCmoHBcAGjxEZhfUJQk= +-----END CERTIFICATE----- diff --git a/test-compose/sp/container_files/testsp.key b/test-compose/sp/container_files/testsp.key new file mode 100644 index 0000000..f954c3e --- /dev/null +++ b/test-compose/sp/container_files/testsp.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAtY/f89UUL4ig/zK8vP98DPoq3mjBbIJwZ5R7S6MhwHnrol86 +2djk0OzDQfp22iTtlfCaVcEH6lQyCYDczb3ZXVRyFz3a4z/s0kOASY9/DU7hkDqG +gLaPIa2De9toZW9gswngi0c9V2wf8wBFnPjta1h4Y/x8JzZ2BM4EbgjvDa81k5LS +yAUpRenCkwQ7OmsX08Njr5zu/jyFDG6HAgM5Eh5hcoHOnU2XQmsWJ1mOc+x2tjg0 +WaprCG5X16+LAE7Rr61L/tHKfEpFsUqk07W1G/UrlSa3C2ikKGUJyN4eW+FtRenc +ooF7sdJ99NnBOIpgoC5I2p/75v04ExeiXRcG2wIDAQABAoIBAQCZcKAZ12gZy+QU +CHMNXvUdmoaENA/TfmE0iH2yrIknu2HydXytAupNzuotZljvfunzH8Wu11WzKbin +42m3zsxWXbmV/sZv62RfRoCyqjz7qEBkvbFSMfbAxX0rPX/6yaf1Z1GHI4upyE0v +9njeclljsP79sTHTiekvolSIEbDF5HImDuwc10V9y0Ci0OO5TylASauUyhL066IW +4R4rRBx4xs86kkt2ch399d88qZ0rNLV5+GJmenEbKjlHaejYtwLL5bYnPpo4ODsX +6mGd5ZXNsnABCOGg9kitOkroMSdGQdaL8XgPhaUjnkQOmLZ88ryCWybbKvHrvsLa +YDvXc1NRAoGBAOFbceuhK6rTtWmiPWQ0Jd8jcFnOJ1q7Cm58vBi5KhUV7omAlYFa +wZRZkrHeB+WEfxZh5/xgFqUvzIJzjOp1btxuzQUOeN2RNAzt6QlgLM3mZPNGND5+ +2/VF9cAm3apcvJNZpbeqLxf/qMaPWrw+LX+/8ijzVCsEm526wpmSWBgHAoGBAM4/ +8bXfOBHnphYTqqSBAs70vI16rKqluhywF6ZsQvEZ0WLZ9tlq024dRRRlO4oOSPXO +HaHyU20AfLAxsX7HnCdq5d6fa4b84Tyw+n19UZ/IUsjHhkrDXj3sJ7fi5Veg/ujH +hTbj1Cp36vyV3hm0f6X+lc5uyh1XCkLE9LVpHx2NAoGBAMfO52vO48O7n/5/zcTZ +g7abWlMVuMj2S6J4z+Fv00MMxgl+S5B8YmRhIvK3dPLoDjJPLnwSyiE+Byqmvwtm +gZvKVdck5L82rhrEmjko37DTlTApT8sVeXq3w9PR4fnZ7Y0MECWPK+AwWnlqwz1i +N78r9c6fKEJX/I3V+BJnsdnjAoGBAJr5eUnLfHoXsbiM9n+9YLrZMoSsVOm0tW+w +8VRfrL01RRwd41ni5xOqcqmsl1xY94GbarCxQPZ6kzZhYJl+q1sC+86Xw1ge06+i +29VHQPnqsCmlosaynjGxLPcDSojZtDB9Gx/veRCgIrXAdq6h7fhwn2gJ31zEdjVN +gQJ/Bp5RAoGABD5G0sCcb+C5n2ch3emGfS8UL0NqbhwwHdDxQ7IOIjjjgms5wUQJ +ZMmUvRJr8jzCCPD8DrHf85GAACRPoVsBDLD3oXTLcY8Frum1npH57H6Eaa/Jmuk5 +UdDJprIEgUhY47jK1O+IKtxnTQPnqotqWC5Lk4Rhnr62APxhkl9jraI= +-----END RSA PRIVATE KEY----- diff --git a/tests/fulltest.sh b/tests/fulltest.sh new file mode 100755 index 0000000..7e541a2 --- /dev/null +++ b/tests/fulltest.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +pushd ../test-compose &>/dev/null +echo "Launching fresh containers..." +./decompose.sh -y &>/dev/null +./compose.sh &>/dev/null +popd &>/dev/null + +echo "Waiting 3 minutes while everything comes up..." +sleep 180 + +pushd tests &>/dev/null +rm -f lastpage.txt + +echo "Attempting full-cycle test..." +webisoget -verbose -out lastpage.txt -formfile sptest.login -url https://sptest.example.edu:8443/secure/ &>/dev/null + +cat lastpage.txt | grep kwhite@example.edu &>/dev/null +if [ $? == "0" ]; then + echo "The full-cycle test of the IdP and SP was successfull!" + echo "" + pushd ../test-compose &>/dev/null + ./decompose.sh -y &>/dev/null + popd &>/dev/null + rm -f lastpage.txt + popd &>/dev/null + exit 0 +else + echo "The full-cycle test of the IdP and SP failed." + echo "" + pushd ../test-compose &>/dev/null + #./decompose.sh -y &>/dev/null + popd &>/dev/null + rm -f lastpage.txt + popd &>/dev/null + exit 1 +fi + + diff --git a/tests/main.bats b/tests/main.bats index 6e9ee25..4fa64f1 100644 --- a/tests/main.bats +++ b/tests/main.bats @@ -50,4 +50,7 @@ load ../common ./tests/clairscan.sh ${maintainer}/${imagename}:latest } +@test "080 The IdP successfully completed a full-cycle test with an SP" { + ./tests/fulltest.sh +} diff --git a/tests/sptest.login b/tests/sptest.login new file mode 100644 index 0000000..53a2277 --- /dev/null +++ b/tests/sptest.login @@ -0,0 +1,2 @@ +name=; domain=idp.example.edu; j_username=kwhite; j_password=password; + From 8df6dee605ec8634d8167ab87e19d71bf45cceb7 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 11 Oct 2018 18:00:59 -0400 Subject: [PATCH 04/30] bugfix --- tests/fulltest.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/fulltest.sh b/tests/fulltest.sh index 7e541a2..6b8902f 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -12,6 +12,17 @@ sleep 180 pushd tests &>/dev/null rm -f lastpage.txt +#ensure webisoget is installed +rpm -q webisoget &>/dev/null +if [ $? -ne '0' ]; then + curl -s -o webisoget-2.8.7-1.x86_64.rpm https://github.internet2.edu/docker/util/blob/master/bin/webisoget-2.8.7-1.x86_64.rpm + if [ -s webisoget-2.8.7-1.x86_64.rpm ]; then + rpm -ivh webisoget-2.8.7-1.x86_64.rpm + else + echo "can't get webisoget rpm..." + exit 1 +fi + echo "Attempting full-cycle test..." webisoget -verbose -out lastpage.txt -formfile sptest.login -url https://sptest.example.edu:8443/secure/ &>/dev/null From 4b0e2c4f7182c9ed1f18c16d386d384717ab5c87 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 11 Oct 2018 18:15:11 -0400 Subject: [PATCH 05/30] another bugfix --- tests/fulltest.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/fulltest.sh b/tests/fulltest.sh index 6b8902f..c8edcd1 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -13,14 +13,19 @@ pushd tests &>/dev/null rm -f lastpage.txt #ensure webisoget is installed +echo "ensuring that webisoget is installed..." rpm -q webisoget &>/dev/null if [ $? -ne '0' ]; then - curl -s -o webisoget-2.8.7-1.x86_64.rpm https://github.internet2.edu/docker/util/blob/master/bin/webisoget-2.8.7-1.x86_64.rpm + echo "downloading webisoget rpm" + curl -s -L -o webisoget-2.8.7-1.x86_64.rpm https://github.internet2.edu/docker/util/blob/master/bin/webisoget-2.8.7-1.x86_64.rpm if [ -s webisoget-2.8.7-1.x86_64.rpm ]; then + echo "installing rpm..." rpm -ivh webisoget-2.8.7-1.x86_64.rpm else echo "can't get webisoget rpm..." exit 1 +else + echo "webisoget already installed..." fi echo "Attempting full-cycle test..." From 38b4c56cda89ed66acb312b0d9857c76ed91c399 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 11 Oct 2018 18:19:47 -0400 Subject: [PATCH 06/30] fix --- tests/fulltest.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/fulltest.sh b/tests/fulltest.sh index c8edcd1..476b262 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -1,6 +1,6 @@ #!/bin/bash -pushd ../test-compose &>/dev/null +pushd test-compose &>/dev/null echo "Launching fresh containers..." ./decompose.sh -y &>/dev/null ./compose.sh &>/dev/null From 6e68720c3c04b7d147ac2708b2c8dbdd7b63b848 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 11 Oct 2018 18:35:42 -0400 Subject: [PATCH 07/30] bugfix --- tests/fulltest.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/fulltest.sh b/tests/fulltest.sh index 476b262..bb1dd93 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -24,6 +24,7 @@ if [ $? -ne '0' ]; then else echo "can't get webisoget rpm..." exit 1 + fi else echo "webisoget already installed..." fi From 18284651681e3a0eaad6aefdb2177d6907424dd5 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 11 Oct 2018 18:52:02 -0400 Subject: [PATCH 08/30] fix util url --- tests/fulltest.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/fulltest.sh b/tests/fulltest.sh index bb1dd93..fd31b2d 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -17,7 +17,7 @@ echo "ensuring that webisoget is installed..." rpm -q webisoget &>/dev/null if [ $? -ne '0' ]; then echo "downloading webisoget rpm" - curl -s -L -o webisoget-2.8.7-1.x86_64.rpm https://github.internet2.edu/docker/util/blob/master/bin/webisoget-2.8.7-1.x86_64.rpm + curl -s -L -o webisoget-2.8.7-1.x86_64.rpm https://github.internet2.edu/docker/util/blob/master/bin/webisoget-2.8.7-1.x86_64.rpm?raw=true if [ -s webisoget-2.8.7-1.x86_64.rpm ]; then echo "installing rpm..." rpm -ivh webisoget-2.8.7-1.x86_64.rpm From 407493a1aa7f74147551c57aaef581ee36524a9c Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 11 Oct 2018 22:37:46 -0400 Subject: [PATCH 09/30] bug fix in fulltest.sh --- tests/fulltest.sh | 51 ++++++++++++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/tests/fulltest.sh b/tests/fulltest.sh index fd31b2d..8d16a7e 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -20,7 +20,8 @@ if [ $? -ne '0' ]; then curl -s -L -o webisoget-2.8.7-1.x86_64.rpm https://github.internet2.edu/docker/util/blob/master/bin/webisoget-2.8.7-1.x86_64.rpm?raw=true if [ -s webisoget-2.8.7-1.x86_64.rpm ]; then echo "installing rpm..." - rpm -ivh webisoget-2.8.7-1.x86_64.rpm + sudo rpm -ivh webisoget-2.8.7-1.x86_64.rpm + rm -f webisoget-2.8.7-1.x86_64.rpm else echo "can't get webisoget rpm..." exit 1 @@ -32,25 +33,35 @@ fi echo "Attempting full-cycle test..." webisoget -verbose -out lastpage.txt -formfile sptest.login -url https://sptest.example.edu:8443/secure/ &>/dev/null -cat lastpage.txt | grep kwhite@example.edu &>/dev/null -if [ $? == "0" ]; then - echo "The full-cycle test of the IdP and SP was successfull!" - echo "" - pushd ../test-compose &>/dev/null - ./decompose.sh -y &>/dev/null - popd &>/dev/null - rm -f lastpage.txt - popd &>/dev/null - exit 0 +if [ -s lastpage.txt ]; then + cat lastpage.txt | grep kwhite@example.edu &>/dev/null + if [ $? == "0" ]; then + echo "The full-cycle test of the IdP and SP was successfull!" + echo "" + pushd ../test-compose &>/dev/null + ./decompose.sh -y &>/dev/null + popd &>/dev/null + rm -f lastpage.txt + popd &>/dev/null + exit 0 + else + echo "The full-cycle test of the IdP and SP failed." + echo "" + pushd ../test-compose &>/dev/null + ./decompose.sh -y &>/dev/null + popd &>/dev/null + rm -f lastpage.txt + popd &>/dev/null + exit 1 + fi else - echo "The full-cycle test of the IdP and SP failed." - echo "" - pushd ../test-compose &>/dev/null - #./decompose.sh -y &>/dev/null - popd &>/dev/null - rm -f lastpage.txt - popd &>/dev/null - exit 1 + echo "The full-cycle test of the IdP and SP failed (no output)." + echo "" + pushd ../test-compose &>/dev/null + ./decompose.sh -y &>/dev/null + popd &>/dev/null + rm -f lastpage.txt + popd &>/dev/null + exit 1 fi - From 460374b6f4c59f9dac647b96cd1e0f56e283b6d0 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 11 Oct 2018 22:55:01 -0400 Subject: [PATCH 10/30] test fix --- tests/fulltest.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/fulltest.sh b/tests/fulltest.sh index 8d16a7e..01e5827 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -10,7 +10,7 @@ echo "Waiting 3 minutes while everything comes up..." sleep 180 pushd tests &>/dev/null -rm -f lastpage.txt +rm -f ./lastpage.txt #ensure webisoget is installed echo "ensuring that webisoget is installed..." @@ -31,9 +31,9 @@ else fi echo "Attempting full-cycle test..." -webisoget -verbose -out lastpage.txt -formfile sptest.login -url https://sptest.example.edu:8443/secure/ &>/dev/null +webisoget -verbose -out ./lastpage.txt -formfile ./sptest.login -url https://sptest.example.edu:8443/secure/ -if [ -s lastpage.txt ]; then +if [ -s ./lastpage.txt ]; then cat lastpage.txt | grep kwhite@example.edu &>/dev/null if [ $? == "0" ]; then echo "The full-cycle test of the IdP and SP was successfull!" From e31a4aa5d791817730c261a3fee34d476db8e86c Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 11 Oct 2018 23:14:42 -0400 Subject: [PATCH 11/30] full test fix --- tests/fulltest.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/fulltest.sh b/tests/fulltest.sh index 01e5827..0674469 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -30,6 +30,18 @@ else echo "webisoget already installed..." fi +#ensure that name resolution is in place +ping -c 1 sptest.example.edu &>/dev/null +if [ $? -ne '0' ]; then + echo "adding hosts record for sp..." + sudo echo "127.0.0.1 sptest.example.edu" >> /etc/hosts +fi +ping -c 1 idp.example.edu &>/dev/null +if [ $? -ne '0' ]; then + echo "adding hosts record for idp..." + sudo echo "127.0.0.1 idp.example.edu" >> /etc/hosts +fi + echo "Attempting full-cycle test..." webisoget -verbose -out ./lastpage.txt -formfile ./sptest.login -url https://sptest.example.edu:8443/secure/ From 85eeff3140b93e1616c2eaa8a8c897544eed2452 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 12 Oct 2018 08:00:46 -0400 Subject: [PATCH 12/30] full test fix --- tests/fulltest.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/fulltest.sh b/tests/fulltest.sh index 0674469..40fdcdd 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -34,12 +34,12 @@ fi ping -c 1 sptest.example.edu &>/dev/null if [ $? -ne '0' ]; then echo "adding hosts record for sp..." - sudo echo "127.0.0.1 sptest.example.edu" >> /etc/hosts + echo '127.0.0.1 sptest.example.edu' | sudo tee -a /etc/hosts fi ping -c 1 idp.example.edu &>/dev/null if [ $? -ne '0' ]; then echo "adding hosts record for idp..." - sudo echo "127.0.0.1 idp.example.edu" >> /etc/hosts + echo '127.0.0.1 idp.example.edu' | sudo tee -a /etc/hosts fi echo "Attempting full-cycle test..." From a81c0a62568fbf232f913b11def0b60e8b1ee715 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Mon, 15 Oct 2018 04:46:50 +0000 Subject: [PATCH 13/30] fix tests --- .../shib-idp/metadata/testsp-metadata.xml | 79 +++++++--- test-compose/sp/Dockerfile | 12 +- .../sp/container_files/shibboleth2.xml | 112 +++++++------- .../sp/container_files/shibboleth2.xml.orig | 140 ++++++++++++++++++ tests/fulltest.sh | 2 +- 5 files changed, 252 insertions(+), 93 deletions(-) create mode 100644 test-compose/sp/container_files/shibboleth2.xml.orig diff --git a/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml b/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml index 943d09b..b380b64 100644 --- a/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml +++ b/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml @@ -22,33 +22,64 @@ + - + - 66388f647a9e + 0242dfc3fa98 - CN=66388f647a9e - MIID6zCCAlOgAwIBAgIJAMCeCgmjpfr4MA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV -BAMTDDY2Mzg4ZjY0N2E5ZTAeFw0xODA2MTUxMjExNDFaFw0yODA2MTIxMjExNDFa -MBcxFTATBgNVBAMTDDY2Mzg4ZjY0N2E5ZTCCAaIwDQYJKoZIhvcNAQEBBQADggGP -ADCCAYoCggGBAMneS5jhJI6hTH0lIksMea1JkouRu3schI0M/VDq4RdVla0Y1R9e -ToipLSYfGlR7X17udgSlL1HRyDjE7/IRkFt5UzAkTy/DKE0gDnmfGz3OHWPSmTzm -uPvxmSeIHwqnVAoxnRkqNQDh7uReeskXuJmoxE98hSU41FjAJ12ADPqXVGtkNQhN -78rhTcdQqWQzu8Tlho/2Zl3U3B6ANMj1gbgK20TXL1iQs1eiKBQGnT+NMBuR+fHO -HRON8v+IcrYCVAwEG4gq36xv6J37bHY1ok/MydsglOGdEobHyHVNCgA3lgPUXuMJ -S1oSR7cCcjFowi0nVSHaYwBHAyQ1g1u9g0XD+lOpLGgzGJyIgnCG8IELmaaCQ74f -gtbd8GvXktX7TkLWlAcYEBmjbrqOTxoUY8b1Wbw3AK1y9flUFpmLNPTH+WSsI70F -wb1W0wpZ+bh/0c6jNhc1vJMUY9b06nSXuqYwrxOQ2P4BPlUrkY3DnIBduOh4RFii -9kp6RPqebrd0eQIDAQABozowODAXBgNVHREEEDAOggw2NjM4OGY2NDdhOWUwHQYD -VR0OBBYEFM8IntLcC3iWk5bKQViCAXpNLOcaMA0GCSqGSIb3DQEBCwUAA4IBgQCq -vck5pcsYJAXJ/weacPjq6rjDaKYLCSCjgXYR7Dm7nOwfVnebSjbhBVOyQztU4HSB -rm2tqQwNQDFHM/YBeQYbBkKy5mGW2FO0wQX8L2pDp2SAGDsjb4FE9w5wMRJrGdCg -LpeCnMRklSxFCtBedu8eWz5nbRwYUk77VcbcNbNxx+linPHvc2Vce4a26xaoXdzC -wip2F84pxTOqlVgTpX5g5fV0lhZiNDs+HZ5quUqW9CP3xxRdwCXzulpZaN411IbV -xU4Y/J4Hi+JSS3vp3xHRGGyNxW39ljNihOO2R2T+oGwHL8Ri3iYFMXEYaVJXoIrz -IzdnpziNptcaKLKk2k2bZW+t3we2XuhFG5h6qv6lWJW7EbBQCgBLtmy2xdSklrCj -zZ8Me+OHIItA9Voe329U6HV4n676L/X5j6omS7SRlwylJ/ljqt+htL5EUwTTC8H4 -3BnUQyPT4W3Qljjyv9Weg45iMXrZd6wVYFw5JK/uT/4ST4j0PLLkK3seh91gyac= + CN=0242dfc3fa98 + MIID6zCCAlOgAwIBAgIJAPGlx/vapK1FMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV +BAMTDDAyNDJkZmMzZmE5ODAeFw0xODEwMTMyMTAwNTdaFw0yODEwMTAyMTAwNTda +MBcxFTATBgNVBAMTDDAyNDJkZmMzZmE5ODCCAaIwDQYJKoZIhvcNAQEBBQADggGP +ADCCAYoCggGBAMngq+S4kntl6IDlx/doNvvCVu94/JJOEsqMjG3LxEjSDPWzuEdo +Keb2qovDHVmK/JGpSEf7imrRvIIiKOXtmqpYCRPKPrS4JORlQ8yryEaZzJ20WJgI +RqfiSQfvMzuBZG4Fi9r+m2Rh9io9yb2iAaszBEyVVhLxJCiMjU+zLEZ1pWe/HfAI +ZkMlv1M4lIgBVBvR4AVFdEHNgBE4ctvHfwAT4dYf78ZMMq2n3TCIQd+b8aF8POYm +uB/93ZmvJ9mt26J4iM4EFLGZlbNith87MBx/fWxWf37RydQEwAGjxWPLgqf0mmE4 +ej9WEx/xbppqqpiSecHwZazJq1NMDb5V7xyeBO46BvflcfTSd5qSUqsBtLsL14eR +2ZTwGCWU7e4mY7cMmbVm4s8sdXdIXVGKQ1IwtlIgiIoG5Q0pUh28HPBCoQKc9BMI +8M6MOrX6Z7Ci632IBOEGiuS7YbPw6YZ/ItaJZl6rhdVjIjQ8RgI1OmBLfiYQvBHm +s9lMoPX9L1M44QIDAQABozowODAXBgNVHREEEDAOggwwMjQyZGZjM2ZhOTgwHQYD +VR0OBBYEFHuMwUBDuIx2ykrwQsdOVODO925MMA0GCSqGSIb3DQEBCwUAA4IBgQCL +Y+qqlePmY5Otq2PjdcmyJm2+dW9I6ZhlM6pJ+6Fob/2fVoQXKQqVh9e7ZDwkUUBB +6PmL8YWDbo5hPS5kPqk3KbM0Z7DCvc7m+ZHYgQWHW0jLEgWFY2CoEq2pjCw2nqV1 +4QjAU++4L/No+2jiYFAK5ahv/PRlsaqToWmG+a1kOP2dlknsYzOpPzgbuz2SnKzL +X6l37QLDW0rfptmySFM+dtw5N+PeqgsuQL5qDxJSmep9kV9Toz46aEJB/zuGbvs0 +ospsV/HrdilQ0v2J4Hqxt4hquW7JryhYBzlT+kI+6Rpyg/+NKyPd3aV9TkFU/0V1 +4sbCdoAXq6g2+E4iiTS9o3nyq6VhVVUSj0mFwTa67xmhgZrCwj0CUuS84Ql1Jkw/ +25RIECKiS5CadA7GgP3W8Jki4NhKzIc7xtfDOmm+DY0ACUByBcre7BXLdiMWEiXg +EKlhYV/zpJbOEjoxUIB0Rx7899u02F8cGzWMX9iF3CWF+PNPyAoL5a7VWsOAAqc= + + + + + + + 0242dfc3fa98 + + CN=0242dfc3fa98 + MIID6zCCAlOgAwIBAgIJAMnGvDAQqA9PMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV +BAMTDDAyNDJkZmMzZmE5ODAeFw0xODEwMTMyMTAwNTdaFw0yODEwMTAyMTAwNTda +MBcxFTATBgNVBAMTDDAyNDJkZmMzZmE5ODCCAaIwDQYJKoZIhvcNAQEBBQADggGP +ADCCAYoCggGBAKkp742TbMqgG+CU2wNb08+3aOri2YsO/NndKRbkQBGs/BMMOn1V +FCwdCx+/SaAEHTQCw46E7Tb4uNBx0KzJABoREWcYCToGgL+2+dcQn57HwgT/CTFQ +UK1pESUurhkxHYSYR/ZqBFZbqZOI7MF6zxff8YmeG0D6ZBTtA74F7jjZP6qRlWc8 +XOPhFcoaQiMeYE2Kt6UNXm1tRr4FtdaEyVKXW6NpMYNMgNi9y+RbhN6NWYD3+8Bw +TJJlN9B1nsDLGQudf5iFlJiO2pYr8aIufORwmODCgodFSV/gfHR8g26+PcBC6Szp +RIiO4nwLaxIStBU/jKcBOgB3zs4rPtXPjt8M8tGmhAR6q+IyTEg5Ve43KUf6dmDa +t+8Svs0wFbB3raPyLnAxhMAfaiwYL2U9lc96up8iIWHiZhsl6TaIVZuaMqrKHiwd +ufn07gIJgTemdnot3G+zC1ecYDQofGhUvQ92iR15WlDRteW7WxI2tEfFAnMrO6Y5 +dL5dn2J3hMJJ2wIDAQABozowODAXBgNVHREEEDAOggwwMjQyZGZjM2ZhOTgwHQYD +VR0OBBYEFIJeSH6gswmOnzwanRLI8C45cty/MA0GCSqGSIb3DQEBCwUAA4IBgQAA +6pyReWFk6GIS44MJWlsZcdOLCZhbSGjNQKMUYeGoUFcSm/DnqT//zndq+Sl0T3Eg +8pPZRsTzv3eMdtS967X6R4PPH39/OgNQd3TWmjzGJj91FI8ZcAehqhcKPKV4h9OT +sqfUdT4hwZfkP+OwB46mlZHxeRGk6C7E3kkP9ItmNEL72BQyl+6exuZW+jfW0mIf +0Px3snM/3T08FtB9ahtZqDdWh0ktCWkCFfpc8RfPFGMgZw7racbV4F6+Ak2g+B1q +f028S/jQrPjwd6iI8WTPMfUgIXNmA+zCLszD5tuoa6ljjFT0qBSxMVZMDVlSRy7J +/LrxrTLRhH0CPXpEpqcrVNNXOrwDV3KF4piKK3O05YRRClstBSyUleGorJT6cRc/ +X3VQecHxY2EHQiC1fRFypCfODmYTDFivkzEiwiaKMg9yie+UcUdahixecZTnhBE9 +EhwaTLqZ1lxfQqsE2ubpqPVA+PxmtJjFZY/V8icFMDn8Md3+40oSwfLdBKeIQoc= diff --git a/test-compose/sp/Dockerfile b/test-compose/sp/Dockerfile index d4de941..c891d5d 100644 --- a/test-compose/sp/Dockerfile +++ b/test-compose/sp/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/shibboleth_sp +FROM tier/shibboleth_sp:3.0_181101 LABEL author="tier-packaging@internet2.edu " \ Vendor="TIER" \ @@ -6,7 +6,7 @@ LABEL author="tier-packaging@internet2.edu " \ ImageName=$imagename \ ImageOS=centos7 -RUN yum -y update; yum -y install php; mkdir -p /var/www/html/secure/ +RUN yum -y update; yum -y install php ADD container_files/shibboleth2.xml /etc/shibboleth/ ADD container_files/idp-metadata.xml /etc/shibboleth/ @@ -15,14 +15,6 @@ ADD container_files/testsp.crt /etc/pki/tls/certs/ ADD container_files/testsp.key /etc/pki/tls/private/ ADD container_files/index.php /var/www/html/secure/ -RUN sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \ - && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \ - && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \ - && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \ - && sed -i '/UseCanonicalName/c\UseCanonicalName On' /etc/httpd/conf/httpd.conf \ - && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \ - && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf - EXPOSE 8443 diff --git a/test-compose/sp/container_files/shibboleth2.xml b/test-compose/sp/container_files/shibboleth2.xml index 6caa45a..d45ceec 100644 --- a/test-compose/sp/container_files/shibboleth2.xml +++ b/test-compose/sp/container_files/shibboleth2.xml @@ -1,55 +1,46 @@ - + + - - - - + REMOTE_USER="eppn subject-id pairwise-id persistent-id" + cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1"> - - - SAML2 - + + SAML2 + SAML2 Local - + + + + @@ -57,7 +48,7 @@ - + @@ -65,19 +56,25 @@ - + + + + - + + + + + + - - - - - - - + + - Example of a second application (for a second vhost) that has a different entityID. - Resources on the vhost would map to an applicationId of "admin": - --> - diff --git a/test-compose/sp/container_files/shibboleth2.xml.orig b/test-compose/sp/container_files/shibboleth2.xml.orig new file mode 100644 index 0000000..9f955fb --- /dev/null +++ b/test-compose/sp/container_files/shibboleth2.xml.orig @@ -0,0 +1,140 @@ + + + + + + + + + + + + + + + + + SAML2 + + + + SAML2 Local + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/fulltest.sh b/tests/fulltest.sh index 40fdcdd..8088fd9 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -43,7 +43,7 @@ if [ $? -ne '0' ]; then fi echo "Attempting full-cycle test..." -webisoget -verbose -out ./lastpage.txt -formfile ./sptest.login -url https://sptest.example.edu:8443/secure/ +webisoget -verbose -out ./lastpage.txt -formfile ./sptest.login -url https://sptest.example.edu:8443/secure/index.php if [ -s ./lastpage.txt ]; then cat lastpage.txt | grep kwhite@example.edu &>/dev/null From 5085ee82ca2d2dde6a7d090909a8e524c390a5f9 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 25 Oct 2018 19:54:40 +0000 Subject: [PATCH 14/30] add individual compose scripts for idp/sp --- test-compose/idp/compose.sh | 11 ++++++ test-compose/idp/decompose.sh | 55 +++++++++++++++++++++++++++++ test-compose/idp/docker-compose.yml | 49 +++++++++++++++++++++++++ test-compose/sp/compose.sh | 11 ++++++ test-compose/sp/decompose.sh | 36 +++++++++++++++++++ test-compose/sp/docker-compose.yml | 22 ++++++++++++ 6 files changed, 184 insertions(+) create mode 100755 test-compose/idp/compose.sh create mode 100755 test-compose/idp/decompose.sh create mode 100644 test-compose/idp/docker-compose.yml create mode 100755 test-compose/sp/compose.sh create mode 100755 test-compose/sp/decompose.sh create mode 100644 test-compose/sp/docker-compose.yml diff --git a/test-compose/idp/compose.sh b/test-compose/idp/compose.sh new file mode 100755 index 0000000..6c768d5 --- /dev/null +++ b/test-compose/idp/compose.sh @@ -0,0 +1,11 @@ +#!/bin/sh +docker-compose up --build -d + +if [ $? == '0' ]; then + echo "" + echo "If everything above was successful, your IdP metadata can be retreived with this command (after a minute or two):" + echo " curl -k -s https://127.0.0.1/idp/shibboleth" + echo "" +else + echo "An error was encountered." +fi diff --git a/test-compose/idp/decompose.sh b/test-compose/idp/decompose.sh new file mode 100755 index 0000000..02d07bd --- /dev/null +++ b/test-compose/idp/decompose.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +if [ "$1" == '-y' ]; then + response="Y" +else + read -r -p "Are you sure you want to remove the test idp and data images/containers? [y/N] " response +fi + +if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then + #kill, if running, and remove idp container + docker ps | grep idp_idp &>/dev/null + if [ $? == '0' ]; then + #get container ID + export contid=$(docker ps | grep idp_idp | cut -f 1 -d ' ') + docker kill ${contid} &>/dev/null + docker rm ${contid} &>/dev/null + else + #check if an old container is present, rm if needed + docker container ls -a | grep idp_idp &>/dev/null + if [ $? == '0' ]; then + #get container ID + export contid=$(docker container ls -a | grep idp_idp | cut -f 1 -d ' ') + docker kill ${contid} &>/dev/null + docker rm ${contid} &>/dev/null + fi + fi + + #kill, if running, and remove data container + docker ps | grep idp_data &>/dev/null + if [ $? == '0' ]; then + #get container ID + export contid2=$(docker ps | grep idp_data | cut -f 1 -d ' ') + docker kill ${contid2} &>/dev/null + docker rm ${contid2} &>/dev/null + else + #check if an old container is present, rm if needed + docker container ls -a | grep idp_data &>/dev/null + if [ $? == '0' ]; then + #get container ID + export contid2=$(docker container ls -a | grep idp_data | cut -f 1 -d ' ') + docker kill ${contid2} &>/dev/null + docker rm ${contid2} &>/dev/null + fi + fi + + + #remove images + docker rmi -f idp_idp &>/dev/null + docker rmi -f idp_data &>/dev/null + +else + echo "Terminating..." + exit 0 +fi + diff --git a/test-compose/idp/docker-compose.yml b/test-compose/idp/docker-compose.yml new file mode 100644 index 0000000..27a1f1b --- /dev/null +++ b/test-compose/idp/docker-compose.yml @@ -0,0 +1,49 @@ + +version: "3.3" + +services: + idp: + build: + context: ./ + args: + TOMCFG: ./container_files/config/tomcat + TOMCERT: ./container_files/credentials/tomcat + TOMWWWROOT: ./container_files/wwwroot + SHBCFG: ./container_files/config/shib-idp/conf + SHBCREDS: ./container_files/credentials/shib-idp + SHBVIEWS: ./container_files/config/shib-idp/views + SHBEDWAPP: ./container_files/config/shib-idp/edit-webapp + SHBMSGS: ./container_files/config/shib-idp/messages + SHBMD: ./container_files/config/shib-idp/metadata + depends_on: + - data + networks: + - front + - back + ports: + - "443:443" + + + data: + build: ../data/ + expose: + - "389" + networks: + - back + ports: + - "389:389" + volumes: + - shibidp_ldap:/var/lib/dirsrv + + +networks: + front: + driver: bridge + back: + driver: bridge + + +volumes: + shibidp_ldap: + driver: local + diff --git a/test-compose/sp/compose.sh b/test-compose/sp/compose.sh new file mode 100755 index 0000000..4e6ba91 --- /dev/null +++ b/test-compose/sp/compose.sh @@ -0,0 +1,11 @@ +#!/bin/sh +docker-compose up --build -d + +if [ $? == '0' ]; then + echo "" + echo "If everything above was successful, your SP metadata can be retreived with this command (after a minute or two):" + echo " curl -k -s https://127.0.0.1:8443/Shibboleth.sso/Metadata" + echo "" +else + echo "An error was encountered." +fi diff --git a/test-compose/sp/decompose.sh b/test-compose/sp/decompose.sh new file mode 100755 index 0000000..7e80f54 --- /dev/null +++ b/test-compose/sp/decompose.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +if [ "$1" == '-y' ]; then + response="Y" +else + read -r -p "Are you sure you want to remove the test sp image/container? [y/N] " response +fi + +if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then + #kill, if running, and remove sp container + docker ps | grep sp_sp &>/dev/null + if [ $? == '0' ]; then + #get container ID + export contid2=$(docker ps | grep sp_sp | cut -f 1 -d ' ') + docker kill ${contid2} &>/dev/null + docker rm ${contid2} &>/dev/null + else + #check if an old container is present, rm if needed + docker container ls -a | grep sp_sp &>/dev/null + if [ $? == '0' ]; then + #get container ID + export contid2=$(docker container ls -a | grep sp_sp | cut -f 1 -d ' ') + docker kill ${contid2} &>/dev/null + docker rm ${contid2} &>/dev/null + fi + fi + + + #remove images + docker rmi -f sp_sp &>/dev/null + +else + echo "Terminating..." + exit 0 +fi + diff --git a/test-compose/sp/docker-compose.yml b/test-compose/sp/docker-compose.yml new file mode 100644 index 0000000..3c175bf --- /dev/null +++ b/test-compose/sp/docker-compose.yml @@ -0,0 +1,22 @@ + +version: "3.3" + +services: + sp: + build: ./ + expose: + - "8443" + networks: + - front + - back + ports: + - "8443:8443" + + +networks: + front: + driver: bridge + back: + driver: bridge + + From 15990190a20f8498fe565fede5c2255c25a1fb38 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 26 Oct 2018 21:00:42 +0000 Subject: [PATCH 15/30] add commented option in test-compose sp Dockerfile --- test-compose/sp/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test-compose/sp/Dockerfile b/test-compose/sp/Dockerfile index c891d5d..afe4769 100644 --- a/test-compose/sp/Dockerfile +++ b/test-compose/sp/Dockerfile @@ -15,6 +15,10 @@ ADD container_files/testsp.crt /etc/pki/tls/certs/ ADD container_files/testsp.key /etc/pki/tls/private/ ADD container_files/index.php /var/www/html/secure/ +## Uncomment the two lines below to generate new signing and encryption keys/certs for the Shibboleth SP +#RUN /etc/shibboleth/keygen.sh -o /etc/shibboleth/ -f -h my.special.name -y 10 -n sp-signing && \ +# /etc/shibboleth/keygen.sh -o /etc/shibboleth/ -f -h my.special.name -y 10 -n sp-encrypt + EXPOSE 8443 From a8e30ffec1a8bcc4b11279f9136f95bd69b38340 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 2 Nov 2018 09:17:51 -0500 Subject: [PATCH 16/30] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 733f307..9513c48 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,9 +8,9 @@ FROM centos:centos7 ENV TOMCAT_MAJOR=9 \ TOMCAT_VERSION=9.0.12 \ ##shib-idp \ - VERSION=3.4.0 \ + VERSION=3.4.1 \ ##TIER \ - TIERVERSION=181002 \ + TIERVERSION=181101 \ ################## \ ### OTHER VARS ### \ ################## \ From 3c382ea33897cc8f75a92281e9630e17dd836789 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 2 Nov 2018 09:27:36 -0500 Subject: [PATCH 17/30] Update idp.installer.properties --- container_files/idp/idp.installer.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container_files/idp/idp.installer.properties b/container_files/idp/idp.installer.properties index 5fdcac5..42e10ed 100644 --- a/container_files/idp/idp.installer.properties +++ b/container_files/idp/idp.installer.properties @@ -1,4 +1,4 @@ -idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.4.0 +idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.4.1 idp.target.dir=/opt/shibboleth-idp idp.host.name=idp.example.org idp.sealer.password=changeit From 255d90b77b9734bbeaf993578135aa747f802616 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 2 Nov 2018 09:34:58 -0500 Subject: [PATCH 18/30] Update Dockerfile --- test-compose/idp/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-compose/idp/Dockerfile b/test-compose/idp/Dockerfile index 617c62d..c348a45 100644 --- a/test-compose/idp/Dockerfile +++ b/test-compose/idp/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/shib-idp:3.4.0_181002 +FROM tier/shib-idp:3.4.1_181101 # The build args below can be used at build-time to tell the build process where to find your config files. This is for a completely burned-in config. ARG TOMCFG=config/tomcat From f740a8bf5291a295dcde94ba436116904c001ca3 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 14 Nov 2018 12:07:46 -0600 Subject: [PATCH 19/30] add attribute map --- .../sp/container_files/attribute-map.xml | 162 ++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 test-compose/sp/container_files/attribute-map.xml diff --git a/test-compose/sp/container_files/attribute-map.xml b/test-compose/sp/container_files/attribute-map.xml new file mode 100644 index 0000000..65475a9 --- /dev/null +++ b/test-compose/sp/container_files/attribute-map.xml @@ -0,0 +1,162 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From bf7b7b5ceacb1b232d90a8af10802ffcd232faf7 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 14 Nov 2018 12:08:33 -0600 Subject: [PATCH 20/30] Update Dockerfile --- test-compose/sp/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/test-compose/sp/Dockerfile b/test-compose/sp/Dockerfile index afe4769..6081077 100644 --- a/test-compose/sp/Dockerfile +++ b/test-compose/sp/Dockerfile @@ -14,6 +14,7 @@ ADD container_files/ssl.conf /etc/httpd/conf.d/ ADD container_files/testsp.crt /etc/pki/tls/certs/ ADD container_files/testsp.key /etc/pki/tls/private/ ADD container_files/index.php /var/www/html/secure/ +COPY container_files/attribute-map.xml /etc/shibboleth/ ## Uncomment the two lines below to generate new signing and encryption keys/certs for the Shibboleth SP #RUN /etc/shibboleth/keygen.sh -o /etc/shibboleth/ -f -h my.special.name -y 10 -n sp-signing && \ From c30b4e1eeede6fd4ca0860eb136cb33e942bb448 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 19 Dec 2018 15:31:35 +0000 Subject: [PATCH 21/30] bump idp to 3.4.2 and tomcat to 9.0.14 --- Dockerfile | 6 +++--- container_files/idp/idp.installer.properties | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9513c48..9609ee4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,11 +6,11 @@ FROM centos:centos7 # ##tomcat \ ENV TOMCAT_MAJOR=9 \ - TOMCAT_VERSION=9.0.12 \ + TOMCAT_VERSION=9.0.14 \ ##shib-idp \ - VERSION=3.4.1 \ + VERSION=3.4.2 \ ##TIER \ - TIERVERSION=181101 \ + TIERVERSION=181201 \ ################## \ ### OTHER VARS ### \ ################## \ diff --git a/container_files/idp/idp.installer.properties b/container_files/idp/idp.installer.properties index 42e10ed..65edd76 100644 --- a/container_files/idp/idp.installer.properties +++ b/container_files/idp/idp.installer.properties @@ -1,4 +1,4 @@ -idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.4.1 +idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.4.2 idp.target.dir=/opt/shibboleth-idp idp.host.name=idp.example.org idp.sealer.password=changeit From 02316ed06eb141d6faa724808b948fff84911ab8 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 19 Dec 2018 15:43:07 +0000 Subject: [PATCH 22/30] fix file issue in Jenkinsfile --- Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Jenkinsfile b/Jenkinsfile index bb501f6..8326969 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,6 +25,7 @@ node('docker') { dir('tmp'){ git([ url: "https://github.internet2.edu/docker/util.git", credentialsId: "jenkins-github-access-token" ]) + sh 'rm -rf ../bin/*' sh 'mv ./bin/* ../bin/.' } sh 'rm -rf tmp' From 4565d8602b978ab3e57fb146af89aac645dbd2e3 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 20 Dec 2018 21:48:24 +0000 Subject: [PATCH 23/30] update images for test-compose --- test-compose/idp/Dockerfile | 2 +- test-compose/sp/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test-compose/idp/Dockerfile b/test-compose/idp/Dockerfile index c348a45..fa8ed18 100644 --- a/test-compose/idp/Dockerfile +++ b/test-compose/idp/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/shib-idp:3.4.1_181101 +FROM tier/shib-idp:3.4.2_181201 # The build args below can be used at build-time to tell the build process where to find your config files. This is for a completely burned-in config. ARG TOMCFG=config/tomcat diff --git a/test-compose/sp/Dockerfile b/test-compose/sp/Dockerfile index 6081077..ca8527e 100644 --- a/test-compose/sp/Dockerfile +++ b/test-compose/sp/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/shibboleth_sp:3.0_181101 +FROM tier/shibboleth_sp:3.0.3_181201 LABEL author="tier-packaging@internet2.edu " \ Vendor="TIER" \ From 5aa70ca70a4c820284f1bd49c0d0094d3250522b Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 20 Dec 2018 23:09:18 +0000 Subject: [PATCH 24/30] fixes for full-cycle test --- test-compose/data/Dockerfile | 22 +++-- .../shib-idp/metadata/testsp-metadata.xml | 88 ++++++++++--------- test-compose/sp/Dockerfile | 4 + .../sp/container_files/sp-encrypt-cert.pem | 24 +++++ .../sp/container_files/sp-encrypt-key.pem | 40 +++++++++ .../sp/container_files/sp-signing-cert.pem | 24 +++++ .../sp/container_files/sp-signing-key.pem | 40 +++++++++ 7 files changed, 192 insertions(+), 50 deletions(-) create mode 100644 test-compose/sp/container_files/sp-encrypt-cert.pem create mode 100644 test-compose/sp/container_files/sp-encrypt-key.pem create mode 100644 test-compose/sp/container_files/sp-signing-cert.pem create mode 100644 test-compose/sp/container_files/sp-signing-key.pem diff --git a/test-compose/data/Dockerfile b/test-compose/data/Dockerfile index a175fb8..c876a2c 100644 --- a/test-compose/data/Dockerfile +++ b/test-compose/data/Dockerfile @@ -1,14 +1,20 @@ -FROM tier/shib-idp:latest +FROM centos:centos7 LABEL author="tier-packaging@internet2.edu " - -COPY container_files/seed-data/ /seed-data/ -RUN yum install -y epel-release \ - && yum update -y \ - && yum install -y 389-ds-base 389-admin 389-adminutil \ - && yum clean all \ - && rm -rf /var/cache/yum +# Set UTC Timezone & Networking +RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \ + && echo "NETWORKING=yes" > /etc/sysconfig/network + +# Install base deps +RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \ + yum -y install 389-ds-base 389-admin 389-adminutil net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cronie krb5-workstation openssl-devel wget supervisor && \ + yum -y clean all && \ + mkdir -p /opt/tier && \ +# Install Trusted Certificates + update-ca-trust force-enable + +COPY container_files/seed-data/ /seed-data/ RUN useradd ldapadmin \ && rm -fr /var/lock /usr/lib/systemd/system \ diff --git a/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml b/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml index b380b64..a2e9026 100644 --- a/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml +++ b/test-compose/idp/container_files/config/shib-idp/metadata/testsp-metadata.xml @@ -29,27 +29,29 @@ 0242dfc3fa98 CN=0242dfc3fa98 - MIID6zCCAlOgAwIBAgIJAPGlx/vapK1FMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV -BAMTDDAyNDJkZmMzZmE5ODAeFw0xODEwMTMyMTAwNTdaFw0yODEwMTAyMTAwNTda -MBcxFTATBgNVBAMTDDAyNDJkZmMzZmE5ODCCAaIwDQYJKoZIhvcNAQEBBQADggGP -ADCCAYoCggGBAMngq+S4kntl6IDlx/doNvvCVu94/JJOEsqMjG3LxEjSDPWzuEdo -Keb2qovDHVmK/JGpSEf7imrRvIIiKOXtmqpYCRPKPrS4JORlQ8yryEaZzJ20WJgI -RqfiSQfvMzuBZG4Fi9r+m2Rh9io9yb2iAaszBEyVVhLxJCiMjU+zLEZ1pWe/HfAI -ZkMlv1M4lIgBVBvR4AVFdEHNgBE4ctvHfwAT4dYf78ZMMq2n3TCIQd+b8aF8POYm -uB/93ZmvJ9mt26J4iM4EFLGZlbNith87MBx/fWxWf37RydQEwAGjxWPLgqf0mmE4 -ej9WEx/xbppqqpiSecHwZazJq1NMDb5V7xyeBO46BvflcfTSd5qSUqsBtLsL14eR -2ZTwGCWU7e4mY7cMmbVm4s8sdXdIXVGKQ1IwtlIgiIoG5Q0pUh28HPBCoQKc9BMI -8M6MOrX6Z7Ci632IBOEGiuS7YbPw6YZ/ItaJZl6rhdVjIjQ8RgI1OmBLfiYQvBHm -s9lMoPX9L1M44QIDAQABozowODAXBgNVHREEEDAOggwwMjQyZGZjM2ZhOTgwHQYD -VR0OBBYEFHuMwUBDuIx2ykrwQsdOVODO925MMA0GCSqGSIb3DQEBCwUAA4IBgQCL -Y+qqlePmY5Otq2PjdcmyJm2+dW9I6ZhlM6pJ+6Fob/2fVoQXKQqVh9e7ZDwkUUBB -6PmL8YWDbo5hPS5kPqk3KbM0Z7DCvc7m+ZHYgQWHW0jLEgWFY2CoEq2pjCw2nqV1 -4QjAU++4L/No+2jiYFAK5ahv/PRlsaqToWmG+a1kOP2dlknsYzOpPzgbuz2SnKzL -X6l37QLDW0rfptmySFM+dtw5N+PeqgsuQL5qDxJSmep9kV9Toz46aEJB/zuGbvs0 -ospsV/HrdilQ0v2J4Hqxt4hquW7JryhYBzlT+kI+6Rpyg/+NKyPd3aV9TkFU/0V1 -4sbCdoAXq6g2+E4iiTS9o3nyq6VhVVUSj0mFwTa67xmhgZrCwj0CUuS84Ql1Jkw/ -25RIECKiS5CadA7GgP3W8Jki4NhKzIc7xtfDOmm+DY0ACUByBcre7BXLdiMWEiXg -EKlhYV/zpJbOEjoxUIB0Rx7899u02F8cGzWMX9iF3CWF+PNPyAoL5a7VWsOAAqc= + +MIID/TCCAmWgAwIBAgIJAJZqOL69C6nRMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV +BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4NDhaFw0yODEyMTcy +MjM4NDhaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBANJ1OC6Ql4te2/7PArBkuM/EF1NcQILv7bJa +ecJDGYBVoWgL0a2KQ0XMESusgkVmVjj/jcbtvwIiXI/6BEu815OF6eSZIwxWdQBp +eKbrWTbt07GiGgdXoXot6oMs5a9YXuWLt8pTXrFVMmwXU+ZfWJtuU8OIgm9esAEI +QBHvDVOJtdKdBMWJFa5nUzkaVvA0Fr8r+/FHUvSCnlKOMaUIfTgtoS9AQnaRQ1dV +l39Z2KAh87JYvRIxvbaPaKgar2eGQ+PQD8rqsB5K5wgnADAxYM9Vo0YXSpPH+Fvw +N3EJgURUSEY2E0Jx8JOx368ERNLXx3kfnRxCiZRDkTZF9WP6lBnDwc1WXRwpVCDT +RnF+SIh6IC1Bj/qpkpCD3nri7tycejoeAtVj1YZHWarf9iqdcLYOAWmeyGbFl3hj +v6qcXnIfy1KyHLCAdIrg1TymLovXXKW09pEbVLdsHmLz0h+DxPs4FsinK2AQBMn1 +6u8BJJ/+spCzIQ2QNPcGORh6XemBpQIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl +c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFPC8rkASWHQxrtCQ4wwtnsJRy6K5MA0G +CSqGSIb3DQEBCwUAA4IBgQCks2nY7YzdIKV02NHD9STWD3yPtEwPYZZ3NBno0WW2 +0rS6cU+fxFx37nY8ULve4cFQkLR8fOO44e1qIuTgLGCauSGTx/Ts/tbmZXbpGTwV +7cjZDCfC7yEFAVrfQFOMNKeQEssuLFj+d4STGLorxsM+2YygdOgohJz0e3xOcmCN +HqEuC9RbzrnLc/A4/mOHKwnwCCg71zA1/Ew9NUoRm2n8IfaONIUaMg9opNiHxX4e +u3UFaaPmn/mInuWYYMXzbIbdlU/XhKvXrujWYWj7anTDWvGQmNEecsQH92SrO0pf ++9WwcWUQTQiWUdq8/OxjXfzs1PrQnSlp0eizgcdKHDKbCUaSuK1i2wdxfEsu5sbZ +AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq ++mjnyQSNe3s24VNeGc76jbHIrkEWuA460QGqz1Fa2CsQo5SH1IkxNIKpBZWt+w2L +dAza/NzYyDruY5IJCrZa9Qw= @@ -59,27 +61,29 @@ EKlhYV/zpJbOEjoxUIB0Rx7899u02F8cGzWMX9iF3CWF+PNPyAoL5a7VWsOAAqc= 0242dfc3fa98 CN=0242dfc3fa98 - MIID6zCCAlOgAwIBAgIJAMnGvDAQqA9PMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV -BAMTDDAyNDJkZmMzZmE5ODAeFw0xODEwMTMyMTAwNTdaFw0yODEwMTAyMTAwNTda -MBcxFTATBgNVBAMTDDAyNDJkZmMzZmE5ODCCAaIwDQYJKoZIhvcNAQEBBQADggGP -ADCCAYoCggGBAKkp742TbMqgG+CU2wNb08+3aOri2YsO/NndKRbkQBGs/BMMOn1V -FCwdCx+/SaAEHTQCw46E7Tb4uNBx0KzJABoREWcYCToGgL+2+dcQn57HwgT/CTFQ -UK1pESUurhkxHYSYR/ZqBFZbqZOI7MF6zxff8YmeG0D6ZBTtA74F7jjZP6qRlWc8 -XOPhFcoaQiMeYE2Kt6UNXm1tRr4FtdaEyVKXW6NpMYNMgNi9y+RbhN6NWYD3+8Bw -TJJlN9B1nsDLGQudf5iFlJiO2pYr8aIufORwmODCgodFSV/gfHR8g26+PcBC6Szp -RIiO4nwLaxIStBU/jKcBOgB3zs4rPtXPjt8M8tGmhAR6q+IyTEg5Ve43KUf6dmDa -t+8Svs0wFbB3raPyLnAxhMAfaiwYL2U9lc96up8iIWHiZhsl6TaIVZuaMqrKHiwd -ufn07gIJgTemdnot3G+zC1ecYDQofGhUvQ92iR15WlDRteW7WxI2tEfFAnMrO6Y5 -dL5dn2J3hMJJ2wIDAQABozowODAXBgNVHREEEDAOggwwMjQyZGZjM2ZhOTgwHQYD -VR0OBBYEFIJeSH6gswmOnzwanRLI8C45cty/MA0GCSqGSIb3DQEBCwUAA4IBgQAA -6pyReWFk6GIS44MJWlsZcdOLCZhbSGjNQKMUYeGoUFcSm/DnqT//zndq+Sl0T3Eg -8pPZRsTzv3eMdtS967X6R4PPH39/OgNQd3TWmjzGJj91FI8ZcAehqhcKPKV4h9OT -sqfUdT4hwZfkP+OwB46mlZHxeRGk6C7E3kkP9ItmNEL72BQyl+6exuZW+jfW0mIf -0Px3snM/3T08FtB9ahtZqDdWh0ktCWkCFfpc8RfPFGMgZw7racbV4F6+Ak2g+B1q -f028S/jQrPjwd6iI8WTPMfUgIXNmA+zCLszD5tuoa6ljjFT0qBSxMVZMDVlSRy7J -/LrxrTLRhH0CPXpEpqcrVNNXOrwDV3KF4piKK3O05YRRClstBSyUleGorJT6cRc/ -X3VQecHxY2EHQiC1fRFypCfODmYTDFivkzEiwiaKMg9yie+UcUdahixecZTnhBE9 -EhwaTLqZ1lxfQqsE2ubpqPVA+PxmtJjFZY/V8icFMDn8Md3+40oSwfLdBKeIQoc= + +MIID/TCCAmWgAwIBAgIJAINng1bI63LGMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV +BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4MDJaFw0yODEyMTcy +MjM4MDJaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBAOjmPSBzRsjbPBBA6jYVW+QtsYM5fvIuNErG +VDRvKHyCTNbmdFZ37qEl/fwsrdF4hn4V7fAZ6jW6R1aMGFl1vQyJ289B8l5HOPjf +GuB2gL9IxulOmrkYVN8nfgjlbFNNktMQJ8NprYEyl3o786xCCxx3AiA5Mgdv400L +6vlmEfNHIwsOHAUTNRyCwMS9P6jBJ5IIxD0Mef+3oUjAvVsPZu24EJnzTUasZnI0 +F8aC/YzVbxObBNcymtA2Ipec/gLe1B09eDZUduXPL/as57QWvgJrWj8bCK+Ldj0P +MPSvWzr4BnN58dxaYgCgRH7tnhZudPvCjBakQzkxo/njsRIKtm3lN9UmUYiXbl+e +bu0DSQFUaFfO2hOOUTNAr/QuC+GQL+U7VAdybTbP+KcH5LbNUSqYkxSwhbFz5aym +o5KppnYB9K5iySRWvGIhnwXHNv5yFrmUbet2BPJlMzv7NaePaZ76ypobzNjjNBbg +aNECsQ1ZD9fe2Q8UBe0m2gQP5Yux5QIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl +c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFGcLIl5kg+GFIh9HXeZyLzsv5e7qMA0G +CSqGSIb3DQEBCwUAA4IBgQAf8/iZXUWtWGMBw2OfonDDWbuhgLnNWddpllcVx7v/ +Yu75+wgfIdNXg6XM4WkGkpbhlkpDLRt2c6rMQpxrQtq/5G3OKEXKyjUOl5pZsYkG +asVENYPSCfuu3rlK85XaW3H1SSJqSax/UKcYXyB1TIW6mNy3OxuvHak6y4LzFnug +CO7p/W2jvffwmxfqjbO7wQfXUQz3SZS04sHMqQoStOwy2N5xxQ3uTF34EoXBto+n +XIEOptKPhV2NkEzj+UUIi1588dck8T0SstbSElbTnJ4sNZFriX6JOPFNW08fezot +izerOHuAFpFQvtugWoZT87YYaFwG+Zr5QNa4fNOcAL+FHvbOfEqIGs+H6GSf0dZV +lkcJyzWZvuK/4RGqWbLvfAYRm0PAGTQSLdO8QJSYWdJtJvZFEMgddQ2HoIzeO5wo +B42FKDSHottI9avilApQBdRCtust8XRPtEAzDB/t/1jbO7u2tkzgY3614mX5xgut +Ileaae5eVCjw4uYbkh+Mt5M= diff --git a/test-compose/sp/Dockerfile b/test-compose/sp/Dockerfile index ca8527e..0a08863 100644 --- a/test-compose/sp/Dockerfile +++ b/test-compose/sp/Dockerfile @@ -15,6 +15,10 @@ ADD container_files/testsp.crt /etc/pki/tls/certs/ ADD container_files/testsp.key /etc/pki/tls/private/ ADD container_files/index.php /var/www/html/secure/ COPY container_files/attribute-map.xml /etc/shibboleth/ +COPY container_files/sp-signing-key.pem /etc/shibboleth/ +COPY container_files/sp-signing-cert.pem /etc/shibboleth/ +COPY container_files/sp-encrypt-key.pem /etc/shibboleth/ +COPY container_files/sp-encrypt-cert.pem /etc/shibboleth/ ## Uncomment the two lines below to generate new signing and encryption keys/certs for the Shibboleth SP #RUN /etc/shibboleth/keygen.sh -o /etc/shibboleth/ -f -h my.special.name -y 10 -n sp-signing && \ diff --git a/test-compose/sp/container_files/sp-encrypt-cert.pem b/test-compose/sp/container_files/sp-encrypt-cert.pem new file mode 100644 index 0000000..7a66196 --- /dev/null +++ b/test-compose/sp/container_files/sp-encrypt-cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/TCCAmWgAwIBAgIJAINng1bI63LGMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV +BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4MDJaFw0yODEyMTcy +MjM4MDJaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBAOjmPSBzRsjbPBBA6jYVW+QtsYM5fvIuNErG +VDRvKHyCTNbmdFZ37qEl/fwsrdF4hn4V7fAZ6jW6R1aMGFl1vQyJ289B8l5HOPjf +GuB2gL9IxulOmrkYVN8nfgjlbFNNktMQJ8NprYEyl3o786xCCxx3AiA5Mgdv400L +6vlmEfNHIwsOHAUTNRyCwMS9P6jBJ5IIxD0Mef+3oUjAvVsPZu24EJnzTUasZnI0 +F8aC/YzVbxObBNcymtA2Ipec/gLe1B09eDZUduXPL/as57QWvgJrWj8bCK+Ldj0P +MPSvWzr4BnN58dxaYgCgRH7tnhZudPvCjBakQzkxo/njsRIKtm3lN9UmUYiXbl+e +bu0DSQFUaFfO2hOOUTNAr/QuC+GQL+U7VAdybTbP+KcH5LbNUSqYkxSwhbFz5aym +o5KppnYB9K5iySRWvGIhnwXHNv5yFrmUbet2BPJlMzv7NaePaZ76ypobzNjjNBbg +aNECsQ1ZD9fe2Q8UBe0m2gQP5Yux5QIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl +c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFGcLIl5kg+GFIh9HXeZyLzsv5e7qMA0G +CSqGSIb3DQEBCwUAA4IBgQAf8/iZXUWtWGMBw2OfonDDWbuhgLnNWddpllcVx7v/ +Yu75+wgfIdNXg6XM4WkGkpbhlkpDLRt2c6rMQpxrQtq/5G3OKEXKyjUOl5pZsYkG +asVENYPSCfuu3rlK85XaW3H1SSJqSax/UKcYXyB1TIW6mNy3OxuvHak6y4LzFnug +CO7p/W2jvffwmxfqjbO7wQfXUQz3SZS04sHMqQoStOwy2N5xxQ3uTF34EoXBto+n +XIEOptKPhV2NkEzj+UUIi1588dck8T0SstbSElbTnJ4sNZFriX6JOPFNW08fezot +izerOHuAFpFQvtugWoZT87YYaFwG+Zr5QNa4fNOcAL+FHvbOfEqIGs+H6GSf0dZV +lkcJyzWZvuK/4RGqWbLvfAYRm0PAGTQSLdO8QJSYWdJtJvZFEMgddQ2HoIzeO5wo +B42FKDSHottI9avilApQBdRCtust8XRPtEAzDB/t/1jbO7u2tkzgY3614mX5xgut +Ileaae5eVCjw4uYbkh+Mt5M= +-----END CERTIFICATE----- diff --git a/test-compose/sp/container_files/sp-encrypt-key.pem b/test-compose/sp/container_files/sp-encrypt-key.pem new file mode 100644 index 0000000..1622ef3 --- /dev/null +++ b/test-compose/sp/container_files/sp-encrypt-key.pem @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDo5j0gc0bI2zwQ +QOo2FVvkLbGDOX7yLjRKxlQ0byh8gkzW5nRWd+6hJf38LK3ReIZ+Fe3wGeo1ukdW +jBhZdb0MidvPQfJeRzj43xrgdoC/SMbpTpq5GFTfJ34I5WxTTZLTECfDaa2BMpd6 +O/OsQgscdwIgOTIHb+NNC+r5ZhHzRyMLDhwFEzUcgsDEvT+owSeSCMQ9DHn/t6FI +wL1bD2btuBCZ801GrGZyNBfGgv2M1W8TmwTXMprQNiKXnP4C3tQdPXg2VHblzy/2 +rOe0Fr4Ca1o/Gwivi3Y9DzD0r1s6+AZzefHcWmIAoER+7Z4WbnT7wowWpEM5MaP5 +47ESCrZt5TfVJlGIl25fnm7tA0kBVGhXztoTjlEzQK/0LgvhkC/lO1QHcm02z/in +B+S2zVEqmJMUsIWxc+WspqOSqaZ2AfSuYskkVrxiIZ8Fxzb+cha5lG3rdgTyZTM7 ++zWnj2me+sqaG8zY4zQW4GjRArENWQ/X3tkPFAXtJtoED+WLseUCAwEAAQKCAYBM +3eCC20kbdbAnNSWX4AjKEIKr6sgJKlK78yVLgPx9y4uMydbPyxmJOj7PgfeEUSEi +cB5txj/Up7xvxiErNX7FqqJPj1Zs41jcWtZGCxaHC4AK9JSATpWEaUZhrUbJX6r7 +2jMlfbV0FLyF7U+JJOsB5A1hkT7/0V/Vx/8vfQ6jmnDobym0SxiWZlk1Fbjy+30R +567M71c8nOCwYFyet0CjaMKh7PkuQCw3uRW3wPfqCW91qw438E3ENnnITFpRnDUI +iZIXJSj3Sqcx/W7Q6xei+y95U4tksT3/SQ7hVXp+BhfyjXdK/k0vNzxZfWk9nCD8 +h7HeiQuLPENzrlOwuWtI+gLDIdFplXUJ+/piK3okdstdHJcWcNUelW8yr7JSpv1I +a2KMgHI2F4UVcTYLZrevzxd5a0cpvFW7vmvdw2vFrCb5JsVsmqBu5OLeaVGDIbIA +2SLfJqq12fi2rxk28VtwXXgaCTttSM+8VY7dlT/mPCqX3Sx2eM7EPt6RVHuri4EC +gcEA+3q6Vht60YXNaw7m4BFISntVm4Z2gGFNswLlrgPRHOacaQVMKhpqt3HmNKAT +1MD/a5C60HkUjMB95m2nE4k1Iade8EzUPXD1FvFbE9/+ifNx2OrC8pKrEmRiTmCY +oel45uoXsksNGJynfuRp2TpAVSZrXaIbGKZiMJZv0QZAilVBurZnZyV0jKQYkSFM +FOt60PDJJEqZzG01dvDJxsIYQURtjNscO0R2ncloLXm7qu1/fcP7CAawWgFYyer2 +WEdVAoHBAO0WAhxCvFoev348Wf33lQi9c6w7WN/WEkhNOJ5p4PKsJphSZbt2bjCt +RdRmvahSXeiGrDPuaxoWaQqcXprcu3ndFYBcK2xZpIl/mf0wr1QTEHCkRXzfxRjC +Mmy+yTeKT4L18xKgg6pJn+wC3hwsv2BQPkp+NPJhD2bmVUWorqXq5fiBV2b7lTg0 +q1HHXYtxk22bw7xtstFENGTqa22KwD5Wd6nj9DamLzKhUhOdcJ7yGVu9se7YcGGh +pg57muigUQKBwQD5feH96Zdo5UFN9GPTavH4ivH8sWNBrMeEUNyDTuAYtyX3/zx4 +DOtRAhwsm5/xFGSTV+wvReDAX3zIroLym85ti/phlyd9qWJOl7cPOcvzGuYZGZe9 +RwuX3KW3MphbEiFTnm1SAqmEgG6gMoZc8DDBCbO9GkWdp/yETcuzaWuAkmL6lVpy +97LwkSCaY5lyq8iWIDy915FMQhCn5u2YVhnwLq4s73jLx/mSQy4q57nrM2Kn6FZV +uSUetnVbJdOu810CgcBNCzbaWjF9E7rk2dXguwD6Wx5o3MxPyPAeAMIicIPCOIE+ +RKB8n8rFFLm5gT2mokWUF5eENLknPBsccJ4pswtVWavwD4Oo7SST7hxrc9O1/Y/9 +GtTd9JXHKuxZ/FHFM7QM+cHozrKattw6ROBKxZvXP5xOdt7b2QC5TqZtQZinoELl +U5rEg4MFRdBafe//LYRcPR8Jb5iJeqGQHcGVUl6Qo2a1lbc5vx1dVaEncKU1cbUd +4/IbjMhQYchlsnMvn1ECgcEAxwT/UvLwhYeFK6UHRwJ/z1eKGAC8R2B9tlmgddZx +T93qbVq4lZXKw3osqdi+pgWvvmg9aK9r/dO1E93S11msnoTI+W9xTr+y5y9dN/hx +5deQMUK+3woLog6LsGiKE2IamCNQBFkgd4VvhXgG+2pTPYJ9nyuEA+na+tfE6bSa +foJ8KQT1rmRFQYRboBY/xxqtsl6Nh84JK7kCw27NNdhssyuiipfa8NLM4m+yeA6n +/oz8xKl5PKwOrvk2DH+FwaAg +-----END PRIVATE KEY----- diff --git a/test-compose/sp/container_files/sp-signing-cert.pem b/test-compose/sp/container_files/sp-signing-cert.pem new file mode 100644 index 0000000..73aaaab --- /dev/null +++ b/test-compose/sp/container_files/sp-signing-cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/TCCAmWgAwIBAgIJAJZqOL69C6nRMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV +BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4NDhaFw0yODEyMTcy +MjM4NDhaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBANJ1OC6Ql4te2/7PArBkuM/EF1NcQILv7bJa +ecJDGYBVoWgL0a2KQ0XMESusgkVmVjj/jcbtvwIiXI/6BEu815OF6eSZIwxWdQBp +eKbrWTbt07GiGgdXoXot6oMs5a9YXuWLt8pTXrFVMmwXU+ZfWJtuU8OIgm9esAEI +QBHvDVOJtdKdBMWJFa5nUzkaVvA0Fr8r+/FHUvSCnlKOMaUIfTgtoS9AQnaRQ1dV +l39Z2KAh87JYvRIxvbaPaKgar2eGQ+PQD8rqsB5K5wgnADAxYM9Vo0YXSpPH+Fvw +N3EJgURUSEY2E0Jx8JOx368ERNLXx3kfnRxCiZRDkTZF9WP6lBnDwc1WXRwpVCDT +RnF+SIh6IC1Bj/qpkpCD3nri7tycejoeAtVj1YZHWarf9iqdcLYOAWmeyGbFl3hj +v6qcXnIfy1KyHLCAdIrg1TymLovXXKW09pEbVLdsHmLz0h+DxPs4FsinK2AQBMn1 +6u8BJJ/+spCzIQ2QNPcGORh6XemBpQIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl +c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFPC8rkASWHQxrtCQ4wwtnsJRy6K5MA0G +CSqGSIb3DQEBCwUAA4IBgQCks2nY7YzdIKV02NHD9STWD3yPtEwPYZZ3NBno0WW2 +0rS6cU+fxFx37nY8ULve4cFQkLR8fOO44e1qIuTgLGCauSGTx/Ts/tbmZXbpGTwV +7cjZDCfC7yEFAVrfQFOMNKeQEssuLFj+d4STGLorxsM+2YygdOgohJz0e3xOcmCN +HqEuC9RbzrnLc/A4/mOHKwnwCCg71zA1/Ew9NUoRm2n8IfaONIUaMg9opNiHxX4e +u3UFaaPmn/mInuWYYMXzbIbdlU/XhKvXrujWYWj7anTDWvGQmNEecsQH92SrO0pf ++9WwcWUQTQiWUdq8/OxjXfzs1PrQnSlp0eizgcdKHDKbCUaSuK1i2wdxfEsu5sbZ +AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq ++mjnyQSNe3s24VNeGc76jbHIrkEWuA460QGqz1Fa2CsQo5SH1IkxNIKpBZWt+w2L +dAza/NzYyDruY5IJCrZa9Qw= +-----END CERTIFICATE----- diff --git a/test-compose/sp/container_files/sp-signing-key.pem b/test-compose/sp/container_files/sp-signing-key.pem new file mode 100644 index 0000000..9e979fe --- /dev/null +++ b/test-compose/sp/container_files/sp-signing-key.pem @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDSdTgukJeLXtv+ +zwKwZLjPxBdTXECC7+2yWnnCQxmAVaFoC9GtikNFzBErrIJFZlY4/43G7b8CIlyP ++gRLvNeThenkmSMMVnUAaXim61k27dOxohoHV6F6LeqDLOWvWF7li7fKU16xVTJs +F1PmX1ibblPDiIJvXrABCEAR7w1TibXSnQTFiRWuZ1M5GlbwNBa/K/vxR1L0gp5S +jjGlCH04LaEvQEJ2kUNXVZd/WdigIfOyWL0SMb22j2ioGq9nhkPj0A/K6rAeSucI +JwAwMWDPVaNGF0qTx/hb8DdxCYFEVEhGNhNCcfCTsd+vBETS18d5H50cQomUQ5E2 +RfVj+pQZw8HNVl0cKVQg00ZxfkiIeiAtQY/6qZKQg9564u7cnHo6HgLVY9WGR1mq +3/YqnXC2DgFpnshmxZd4Y7+qnF5yH8tSshywgHSK4NU8pi6L11yltPaRG1S3bB5i +89Ifg8T7OBbIpytgEATJ9ervASSf/rKQsyENkDT3BjkYel3pgaUCAwEAAQKCAYEA +kmBxGQH8RTVO8eTtS95iJC+QwavyOp/BxUDkWtbsj7P/NSyzQ25c59jNQIEVgktx +QOeNpoSJS2S22HTeNAc+MR781MAl/ljLu+OfxQj/3hKAIJZMYDr01tPEvkOl5NUj ++6e3xwNBYzmMfl2jPyGlsUWFAQSbI/bJl44zccXAkQ/A5KHNRc7Yw5qd6aOGQD8a +axCehOxEqEeI8oZvxQcogMBL0V9yWqEiI0Ymvq6w2n+CzdKmflcWSjloYzNcODbL +Ef2+8/fBZhHTS0GLCIqQpK+tZxt4K77DK2p2L9dYuHK7vtWn1j0YIwPqD+QVVtuT +d7BOOmakPj2E7EXq/GvFw8gB/gRLoLuJSq5vvhPrSVuJqWdxDuxSutGgIoN3mQxd +2AjuBXvqwYaZ3UGHZlBYAQx5ICiAGjxv/1zmKp+9OJHge/a1e6Z8jgQcpS7OWNhU +dj6qfs+IiWKEaMM7D8dj4ncoArBpE7/BzlVuJ377cqRx35alMcKlawQWF1YqSDrB +AoHBAPSipCLz4sr3U2jluXehntYsKevWcBtFkEd49Ay5uZTu/aweKWIozjDt7T3L +mjYi+QGpt28MdNmpoofYOmpt+lrc0HWrv+UB9k/qFxfwgZKaXa1nm/VLfK77L4IB +8I9dpjvDi724Xg/JJ1jsGM13+jGEfTQTl4Hi0lZwMydUO+O4oWB4kG9qhF8C+yQc +12CCFH+Da8uwcwM+zCJwRm3qMKceifhEGAuFJ430Rp7cuqlJYfQZ4pVhRxwP6vns +cLCz+QKBwQDcPB5bCjci/HMe0V19HxPrKh0hGPLIRCPAakT8Mz8N2lVAtWDXFL5q +eHskl6cf8RQLfrcUiL+jQvD5VV8I7BkolCv0GZT/q36I/Z1QKlQC1O0IGG/hNqwt +PS85YM6yC84YIKx0rN6O03/nYcslRv19q+MNiR9sZEeN6cScUc6aUINhWjzQ4mb8 +Z9ErguJrq0sCoAVU+t/yRo/YB/d2xdN9XLe+2cgsM6s0TiHo4v2SeFHKewBw+RLp +yrShY6COzg0CgcEA0EFwt2ylgiGgeSkvhV8qJ6s7GNDZaO4EUEPwhrDJAredbhvT +IQQZ29+AWl3sbu/AySCgzsFs7CsT+M8jk50CRr26HKJUXvEXrZpbhH6y34nX+5m7 +U8uqXg/ptqROFM4liLUETkMYmBmnDHUY/DmJ3QOrzlxrWyAr7XfgpDd6MHbpsoWQ +d7jW7UdNYsXGuBqktpS7fJA+qOGZyCuKWWHHf01pKNdXHN+C976fK/g+U4TsBXDP +ylkgvwvx/kbA/DyJAoHAQxXA/WRYNT0G6B1ISAO+coTKiLlrwtsWtNbqGpSVoWef +Tm2xiPKVqiL3B8d2LgGmZHX92LBrB5UtiBWcNECOzVCNLvbX7yVTDvGKCNBL9Ozd +Ivkmo0ifG8ymZOj7LTrxVWImhgfeZ00/icC9O6arMqu4Jvhc7QyCy1SpAiDdOR5L +Vs1A9zPvwPTyvzlINRnhaHRMC32717XsvRZ4J+LMsEQc6HK4SdaXUQB3zdPO/93M +tEvRb5g/TZ3kdcC+OKHFAoHAO9R3y6ZjUM8T8/4XcyRD968V4sZIvVQfpSaH86GO +TrECZp5SqSWUTqAWTJWS0yIctAML60nWF+OPRUlrq0yk2veN9Re6eWfyoyQOFd92 +U+bxh3QEue5LGOwpqrPV/1cJSFdv88eS+F8q7i/dD765Tio6kJjKzXPN3FJqAvNB +lAnaO4Apbuzob25Qkmm0NVQHap+TJGJMvX2vVX9CjE6haVWq1lJMakkoQOeIlyi5 +iDjt9rDlIwDYeGWk4KFgsKM7 +-----END PRIVATE KEY----- From a5f8c5ee5d97debe4a59ec1f5a11f3c5c68c93cb Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 10 Jan 2019 08:43:19 -0600 Subject: [PATCH 25/30] bump shib to 3.4.3 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9609ee4..570f3ea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,9 +8,9 @@ FROM centos:centos7 ENV TOMCAT_MAJOR=9 \ TOMCAT_VERSION=9.0.14 \ ##shib-idp \ - VERSION=3.4.2 \ + VERSION=3.4.3 \ ##TIER \ - TIERVERSION=181201 \ + TIERVERSION=20190101 \ ################## \ ### OTHER VARS ### \ ################## \ From 1d8164786b6fdf9667010674116623e7635c8460 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 10 Jan 2019 08:46:49 -0600 Subject: [PATCH 26/30] bump shib version --- container_files/idp/idp.installer.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container_files/idp/idp.installer.properties b/container_files/idp/idp.installer.properties index 65edd76..321a842 100644 --- a/container_files/idp/idp.installer.properties +++ b/container_files/idp/idp.installer.properties @@ -1,4 +1,4 @@ -idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.4.2 +idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.4.3 idp.target.dir=/opt/shibboleth-idp idp.host.name=idp.example.org idp.sealer.password=changeit From ed8c3e5792f7346e59a1cae9c376d6ffcc74cde8 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 10 Jan 2019 08:59:38 -0600 Subject: [PATCH 27/30] Update Dockerfile --- test-compose/idp/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-compose/idp/Dockerfile b/test-compose/idp/Dockerfile index fa8ed18..457b563 100644 --- a/test-compose/idp/Dockerfile +++ b/test-compose/idp/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/shib-idp:3.4.2_181201 +FROM tier/shib-idp:3.4.3_20190101 # The build args below can be used at build-time to tell the build process where to find your config files. This is for a completely burned-in config. ARG TOMCFG=config/tomcat From 027b0912a40806be815534c2b304b1cc0b46e377 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 10 Jan 2019 16:33:20 +0000 Subject: [PATCH 28/30] increase wait time on tests --- test-compose/idp/Dockerfile | 2 +- tests/fulltest.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test-compose/idp/Dockerfile b/test-compose/idp/Dockerfile index 457b563..fa8ed18 100644 --- a/test-compose/idp/Dockerfile +++ b/test-compose/idp/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/shib-idp:3.4.3_20190101 +FROM tier/shib-idp:3.4.2_181201 # The build args below can be used at build-time to tell the build process where to find your config files. This is for a completely burned-in config. ARG TOMCFG=config/tomcat diff --git a/tests/fulltest.sh b/tests/fulltest.sh index 8088fd9..22b4a73 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -6,8 +6,8 @@ echo "Launching fresh containers..." ./compose.sh &>/dev/null popd &>/dev/null -echo "Waiting 3 minutes while everything comes up..." -sleep 180 +echo "Waiting 4 minutes while everything comes up..." +sleep 240 pushd tests &>/dev/null rm -f ./lastpage.txt From cdc44f20f7a8b471650414b3316ea0bc0ca567bd Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Tue, 12 Feb 2019 16:26:21 +0000 Subject: [PATCH 29/30] bump tomcat --- Dockerfile | 4 ++-- Jenkinsfile | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 570f3ea..eb7624e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,11 +6,11 @@ FROM centos:centos7 # ##tomcat \ ENV TOMCAT_MAJOR=9 \ - TOMCAT_VERSION=9.0.14 \ + TOMCAT_VERSION=9.0.16 \ ##shib-idp \ VERSION=3.4.3 \ ##TIER \ - TIERVERSION=20190101 \ + TIERVERSION=20190201 \ ################## \ ### OTHER VARS ### \ ################## \ diff --git a/Jenkinsfile b/Jenkinsfile index 8326969..cf3a68d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -82,7 +82,7 @@ node('docker') { stage 'Notify' - slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub" + slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHubi (<${env.BUILD_URL}|Open>)" } From 87373bddf4d08ee20897d7e30a7b3d18b30fae70 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Tue, 12 Feb 2019 19:37:02 +0000 Subject: [PATCH 30/30] add url to slack notify on failure --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index cf3a68d..9ea40c4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -82,7 +82,7 @@ node('docker') { stage 'Notify' - slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHubi (<${env.BUILD_URL}|Open>)" + slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub" } @@ -99,7 +99,7 @@ def imagename() { def handleError(String message){ echo "${message}" currentBuild.setResult("FAILED") - slackSend color: 'danger', message: "${message}" + slackSend color: 'danger', message: "${message} (<${env.BUILD_URL}|Open>)" sh 'exit 1' }