Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
updates
  • Loading branch information
pcaskey committed Oct 12, 2018
1 parent 1894a02 commit 4d8885c
Show file tree
Hide file tree
Showing 12 changed files with 134 additions and 72 deletions.
41 changes: 0 additions & 41 deletions BINSCRIPTS.md

This file was deleted.

28 changes: 19 additions & 9 deletions Dockerfile
Expand Up @@ -14,11 +14,6 @@ LABEL Version=$version

LABEL Build docker build --rm --tag $maintainer/$imagename .

ADD ./container_files/bin/httpd-shib-foreground /usr/local/bin/
ADD ./container_files/bin/shibboleth_keygen.sh /usr/local/bin/
ADD ./container_files/etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/


RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
&& echo "NETWORKING=yes" > /etc/sysconfig/network

Expand All @@ -32,17 +27,32 @@ RUN curl -o /etc/yum.repos.d/security:shibboleth.repo \
&& yum clean all \
&& rm /etc/httpd/conf.d/autoindex.conf \
&& rm /etc/httpd/conf.d/userdir.conf \
&& rm /etc/httpd/conf.d/welcome.conf \
&& chmod +x /usr/local/bin/httpd-shib-foreground \
&& chmod +x /usr/local/bin/shibboleth_keygen.sh
&& rm /etc/httpd/conf.d/welcome.conf

# Export this variable so that shibd can find its CURL library
RUN LD_LIBRARY_PATH="/opt/shibboleth/lib64"
RUN export LD_LIBRARY_PATH

# fix shibd.logger, other?.logger
ADD ./container_files/system/httpd-shib-foreground /usr/local/bin/
ADD ./container_files/system/shibboleth_keygen.sh /usr/local/bin/
ADD ./container_files/httpd/ssl.conf /etc/httpd/conf.d/
ADD ./container_files/shibboleth/* /etc/shibboleth/

RUN chmod +x /usr/local/bin/httpd-shib-foreground \
&& chmod +x /usr/local/bin/shibboleth_keygen.sh

# fix httpd logging to tier format
RUN sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
&& sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
&& sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
&& echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf \
&& sed -i '/UseCanonicalName/c\UseCanonicalName On' /etc/httpd/conf/httpd.conf

# add a basic page to shibb's default protected directory
RUN mkdir -p /var/www/html/secure/
ADD container_files/httpd/index.html /var/www/html/secure/


EXPOSE 80 443
Expand Down
1 change: 0 additions & 1 deletion README.md
Expand Up @@ -2,5 +2,4 @@

[![Build Status](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/shib-sp/master)](https://jenkins.testbed.tier.internet2.edu/job/docker/shib-sp/master)

This image is the parent of COmanage and Grouper containers, as it contains the OpenSUSE repositories for shibboleth package management, and an apache installation.

3 changes: 2 additions & 1 deletion bin/ci-run.sh
Expand Up @@ -3,4 +3,5 @@
# This file will run a container in the background
source common.bash .

docker run -d --name=$imagename -p 80:80 -p 443:443 $maintainer/$imagename
docker run -d --name=$imagename -p 80:80 -p 443:443 $maintainer/$imagename

1 change: 1 addition & 0 deletions bin/ci-stop.sh
Expand Up @@ -6,3 +6,4 @@ source common.bash .
echo "Cleaning up Docker image($maintainer/$imagename)"
docker stop $imagename >> /dev/null
docker rm $imagename

2 changes: 1 addition & 1 deletion common.bash
@@ -1,3 +1,3 @@
maintainer="tier"
imagename="shibboleth_sp"
version="2.5.1"
version="3.0.2"
3 changes: 3 additions & 0 deletions container_files/httpd/index.html
@@ -0,0 +1,3 @@
<br />
<h3>This page is protected by the Shibboleth SP.</h3>

40 changes: 40 additions & 0 deletions container_files/shibboleth/native.logger
@@ -0,0 +1,40 @@
# set overall behavior
log4j.rootCategory=INFO, native_log, warn_log

# fairly verbose for DEBUG, so generally leave at INFO
log4j.category.XMLTooling.XMLObject=INFO
log4j.category.XMLTooling.KeyInfoResolver=INFO
log4j.category.Shibboleth.IPRange=INFO
log4j.category.Shibboleth.PropertySet=INFO

# raise for low-level tracing of SOAP client HTTP/SSL behavior
log4j.category.XMLTooling.libcurl=INFO

# useful categories to tune independently:
#
# tracing of SAML messages and security policies
#log4j.category.OpenSAML.MessageDecoder=DEBUG
#log4j.category.OpenSAML.MessageEncoder=DEBUG
#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
# interprocess message remoting
#log4j.category.Shibboleth.Listener=DEBUG
# mapping of requests to applicationId
#log4j.category.Shibboleth.RequestMapper=DEBUG
# high level session cache operations
#log4j.category.Shibboleth.SessionCache=DEBUG
# persistent storage and caching
#log4j.category.XMLTooling.StorageService=DEBUG

# define the appender

log4j.appender.native_log=org.apache.log4j.FileAppender
log4j.appender.native_log.fileName=/tmp/logpipe
log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
log4j.appender.native_log.layout.ConversionPattern=shibd;native.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n

log4j.appender.warn_log=org.apache.log4j.FileAppender
log4j.appender.warn_log.fileName=/tmp/logpipe
log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
log4j.appender.warn_log.layout.ConversionPattern=shibd;native_warn.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
log4j.appender.warn_log.threshold=WARN

60 changes: 60 additions & 0 deletions container_files/shibboleth/shibd.logger
@@ -0,0 +1,60 @@
# set overall behavior
log4j.rootCategory=INFO, shibd_log

# fairly verbose for DEBUG, so generally leave at INFO
log4j.category.XMLTooling.XMLObject=INFO
log4j.category.XMLTooling.KeyInfoResolver=INFO
log4j.category.Shibboleth.IPRange=INFO
log4j.category.Shibboleth.PropertySet=INFO

# raise for low-level tracing of SOAP client HTTP/SSL behavior
log4j.category.XMLTooling.libcurl=INFO

# useful categories to tune independently:
#
# tracing of SAML messages and security policies
#log4j.category.OpenSAML.MessageDecoder=DEBUG
#log4j.category.OpenSAML.MessageEncoder=DEBUG
#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
#log4j.category.XMLTooling.SOAPClient=DEBUG
# interprocess message remoting
#log4j.category.Shibboleth.Listener=DEBUG
# mapping of requests to applicationId
#log4j.category.Shibboleth.RequestMapper=DEBUG
# high level session cache operations
#log4j.category.Shibboleth.SessionCache=DEBUG
# persistent storage and caching
#log4j.category.XMLTooling.StorageService=DEBUG

# logs XML being signed or verified if set to DEBUG
log4j.category.XMLTooling.Signature.Debugger=INFO, sig_log
log4j.additivity.XMLTooling.Signature.Debugger=false

# the tran log blocks the "default" appender(s) at runtime
# Level should be left at INFO for this category
log4j.category.Shibboleth-TRANSACTION=INFO, tran_log
log4j.additivity.Shibboleth-TRANSACTION=false
# uncomment to suppress particular event types
#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
#log4j.category.Shibboleth-TRANSACTION.Login=WARN
#log4j.category.Shibboleth-TRANSACTION.Logout=WARN

# define the appenders

log4j.appender.shibd_log=org.apache.log4j.FileAppender
log4j.appender.shibd_log.fileName=/tmp/logpipe
log4j.appender.shibd_log.maxFileSize=0
log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
log4j.appender.shibd_log.layout.ConversionPattern=shibd;shibd.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n

log4j.appender.tran_log=org.apache.log4j.FileAppender
log4j.appender.tran_log.fileName=/tmp/logpipe
log4j.appender.tran_log.maxFileSize=0
log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
log4j.appender.tran_log.layout.ConversionPattern=shibd;transaction.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n

log4j.appender.sig_log=org.apache.log4j.FileAppender
log4j.appender.sig_log.fileName=/tmp/logpipe
log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
log4j.appender.sig_log.layout.ConversionPattern=shibd;signature.log;${ENV};${USERTOKEN};%m

13 changes: 0 additions & 13 deletions install.sh

This file was deleted.

11 changes: 6 additions & 5 deletions tests/image.bats
Expand Up @@ -11,17 +11,18 @@ load ../common
}

@test "Sample attribute map available" {
docker run -i $maintainer/$imagename find /opt/etc/shibboleth/attribute-map.xml
docker run -i $maintainer/$imagename find /etc/shibboleth/attribute-map.xml
}

@test "Includes InCommon cert" {
docker run -i $maintainer/$imagename find /opt/etc/shibboleth/inc-md-cert.pem
docker run -i $maintainer/$imagename find /etc/shibboleth/inc-md-cert.pem
}

@test "Includes Shibboleth keygenerator" {
docker run -i $maintainer/$imagename find /opt/bin/shibboleth_keygen.sh
docker run -i $maintainer/$imagename find /usr/local/bin/shibboleth_keygen.sh
}

@test "Includes httpd + shibd startup script" {
docker run -i $maintainer/$imagename find /opt/bin/httpd-shib-foreground
}
docker run -i $maintainer/$imagename find /usr/local/bin/httpd-shib-foreground
}

3 changes: 2 additions & 1 deletion tests/running.bats
Expand Up @@ -17,4 +17,5 @@ load ../common
@test "Exposes running SSO process" {
result="$(docker exec -i $imagename curl http://localhost/Shibboleth.sso/Status)"
[ "$result" != '' ]
}
}

0 comments on commit 4d8885c

Please sign in to comment.