update 'latest' to current

Dockerfile

@@ -6,11 +6,11 @@ FROM centos:centos7
 #
 ##tomcat \
 ENV TOMCAT_MAJOR=9 \
-    TOMCAT_VERSION=9.0.12 \
+    TOMCAT_VERSION=9.0.16 \
 ##shib-idp \
-    VERSION=3.3.3 \
+    VERSION=3.4.3 \
 ##TIER \
-    TIERVERSION=181001 \
+    TIERVERSION=20190201 \
 ################## \
 ### OTHER VARS ### \
 ################## \

Jenkinsfile

@@ -25,6 +25,7 @@ node('docker') {
     dir('tmp'){
       git([ url: "https://github.internet2.edu/docker/util.git",
           credentialsId: "jenkins-github-access-token" ])
+      sh 'rm -rf ../bin/*'
       sh 'mv ./bin/* ../bin/.'
     }
     sh 'rm -rf tmp'
@@ -98,7 +99,7 @@ def imagename() {
 def handleError(String message){
   echo "${message}"
   currentBuild.setResult("FAILED")
-  slackSend color: 'danger', message: "${message}"
+  slackSend color: 'danger', message: "${message} (<${env.BUILD_URL}|Open>)"
   sh 'exit 1'
 }
 

container_files/idp/idp.installer.properties

@@ -1,4 +1,4 @@
-idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.3.3
+idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.4.3
 idp.target.dir=/opt/shibboleth-idp
 idp.host.name=idp.example.org
 idp.sealer.password=changeit

test-compose/compose.sh

@@ -5,10 +5,4 @@ echo ""
 echo "If everything above was successful, your IdP metadata can be retreived with this command (after a minute or two):"
 echo "                    curl -k https://127.0.0.1/idp/shibboleth"
 echo ""
-echo "By default, this test IdP is pre-integrated with the samltest.id testing service."
-echo ""
-echo "If you are testing the default test config and have port 443 open,"
-echo " map your IP to idp.example.edu in your hosts file,"
-echo " then proceed to https://samltest.id/start-idp-test to test this IdP test instance."
-echo ""
 

test-compose/data/Dockerfile

@@ -1,14 +1,20 @@
-FROM tier/shib-idp:latest
+FROM centos:centos7
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
-
-COPY container_files/seed-data/ /seed-data/
 
-RUN yum install -y epel-release \
-    && yum update -y \
-    && yum install -y 389-ds-base 389-admin 389-adminutil \
-    && yum clean all \
-    && rm -rf /var/cache/yum
+# Set UTC Timezone & Networking
+RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
+    && echo "NETWORKING=yes" > /etc/sysconfig/network
+
+# Install base deps
+RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \
+    yum -y install 389-ds-base 389-admin 389-adminutil net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cronie krb5-workstation openssl-devel wget supervisor && \
+    yum -y clean all && \
+    mkdir -p /opt/tier && \
+# Install Trusted Certificates
+    update-ca-trust force-enable
+
+COPY container_files/seed-data/ /seed-data/
 
 RUN useradd ldapadmin \
     && rm -fr /var/lock /usr/lib/systemd/system \

test-compose/decompose.sh

@@ -1,6 +1,11 @@
 #!/bin/bash
 
-read -r -p "Are you sure you want to remove the test idp and data images/containers? [y/N] " response
+if [ "$1" == '-y' ]; then
+  response="Y"
+else
+  read -r -p "Are you sure you want to remove the test idp and data images/containers? [y/N] " response
+fi
+
 if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   #kill, if running, and remove idp container
   docker ps | grep test-compose_idp &>/dev/null
@@ -38,9 +43,29 @@ if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
     fi
   fi
 
+  #kill, if running, and remove sp container
+  docker ps | grep test-compose_sp &>/dev/null
+  if [  $? == '0' ]; then
+    #get container ID
+    export contid2=$(docker ps | grep test-compose_sp | cut -f 1 -d ' ')
+    docker kill ${contid2} &>/dev/null
+    docker rm ${contid2} &>/dev/null
+  else
+    #check if an old container is present, rm if needed
+    docker container ls -a | grep test-compose_sp &>/dev/null
+    if [  $? == '0' ]; then
+        #get container ID
+          export contid2=$(docker container ls -a | grep test-compose_sp | cut -f 1 -d ' ')
+          docker kill ${contid2} &>/dev/null
+          docker rm ${contid2} &>/dev/null
+    fi
+  fi
+
+
   #remove images
   docker rmi -f test-compose_idp &>/dev/null
   docker rmi -f test-compose_data &>/dev/null
+  docker rmi -f test-compose_sp &>/dev/null
 
 else
     echo "Terminating..."

test-compose/docker-compose.yml

@@ -6,15 +6,15 @@ services:
     build: 
       context: ./idp/
       args:
-        TOMCFG: ./container_files/shib-idp/config/tomcat
-        TOMCERT: ./container_files/shib-idp/credentials/tomcat
-        TOMWWWROOT: ./container_files/shib-idp/wwwroot
-        SHBCFG: ./container_files/shib-idp/config/shib-idp/conf
-        SHBCREDS: ./container_files/shib-idp/credentials/shib-idp
-        SHBVIEWS: ./container_files/shib-idp/config/shib-idp/views
-        SHBEDWAPP: ./container_files/shib-idp/config/shib-idp/edit-webapp
-        SHBMSGS: ./container_files/shib-idp/config/shib-idp/messages
-        SHBMD: ./container_files/shib-idp/config/shib-idp/metadata
+        TOMCFG: ./container_files/config/tomcat
+        TOMCERT: ./container_files/credentials/tomcat
+        TOMWWWROOT: ./container_files/wwwroot
+        SHBCFG: ./container_files/config/shib-idp/conf
+        SHBCREDS: ./container_files/credentials/shib-idp
+        SHBVIEWS: ./container_files/config/shib-idp/views
+        SHBEDWAPP: ./container_files/config/shib-idp/edit-webapp
+        SHBMSGS: ./container_files/config/shib-idp/messages
+        SHBMD: ./container_files/config/shib-idp/metadata
     depends_on:
      - data
     networks:
@@ -36,6 +36,17 @@ services:
      - shibidp_ldap:/var/lib/dirsrv
 
 
+  sp:
+    build: ./sp/
+    expose:
+     - "8443"
+    networks:
+     - front
+     - back
+    ports:
+     - "8443:8443"
+
+
 networks:
   front:
     driver: bridge

test-compose/idp/Dockerfile

@@ -1,4 +1,4 @@
-FROM tier/shib-idp:latest
+FROM tier/shib-idp:3.4.2_181201
 
 # The build args below can be used at build-time to tell the build process where to find your config files.  This is for a completely burned-in config.
 ARG TOMCFG=config/tomcat

test-compose/idp/compose.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+docker-compose up --build -d
+
+if [ $? == '0' ]; then
+ echo ""
+ echo "If everything above was successful, your IdP metadata can be retreived with this command (after a minute or two):"
+ echo "                    curl -k -s https://127.0.0.1/idp/shibboleth"
+ echo ""
+else
+ echo "An error was encountered."
+fi

test-compose/idp/container_files/shib-idp/config/shib-idp/conf/attribute-filter.xml → test-compose/idp/container_files/config/shib-idp/conf/attribute-filter.xml

@@ -97,9 +97,9 @@
         </AttributeRule>
     </AttributeFilterPolicy>
 
-    <!-- SAMLtest SP for testing purposes only, remove for production use -->
-    <AttributeFilterPolicy id="SAMLtest">
-        <PolicyRequirementRule xsi:type="Requester" value="https://samltest.id/saml/sp" />
+    <!-- the test SP container -->
+    <AttributeFilterPolicy id="SPtest">
+        <PolicyRequirementRule xsi:type="Requester" value="https://sptest.example.edu/shibboleth" />
         <AttributeRule attributeID="eduPersonPrincipalName">
             <PermitValueRule xsi:type="ANY" />
         </AttributeRule>
@@ -113,7 +113,6 @@
             <PermitValueRule xsi:type="ANY" />
         </AttributeRule>
     </AttributeFilterPolicy>
-    <!-- end of SAMLtest SP -->
+    <!-- end of test SP container -->
 
-
 </AttributeFilterPolicyGroup>