Skip to content
Jump to bottom

Sample conf #1

Merged
2 commits merged into from Sep 12, 2016
Merged

Sample conf #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a58d229
Cleaning up module installs for style purposes, correct version refle…
Aug 25, 2016
5bcb08e
Adding sample configuration to all SP configured images
Sep 12, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
12 changes: 10 additions & 2 deletions Dockerfile
View file
Open in desktop
Expand Up @@ -3,7 +3,7 @@ FROM bigfleet/centos7base
# Define args and set a default value
ARG maintainer=tier
ARG imagename=shibboleth_sp
ARG version=1.0
ARG version=2.5.1

MAINTAINER $maintainer
LABEL Vendor="Internet2"
Expand All @@ -16,13 +16,21 @@ LABEL Build docker build --rm --tag $maintainer/$imagename .

RUN curl -o /etc/yum.repos.d/security:shibboleth.repo \
http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo \
&& yum -y update && yum -y install shibboleth.x86_64 httpd mod_ssl && yum clean all \
&& yum -y update \
&& yum -y install \
httpd \
mod_ssl \
shibboleth.x86_64 \
&& yum clean all \
&& rm /etc/httpd/conf.d/autoindex.conf \
&& rm /etc/httpd/conf.d/ssl.conf \
&& rm /etc/httpd/conf.d/userdir.conf \
&& rm /etc/httpd/conf.d/welcome.conf

COPY httpd-shib-foreground /usr/local/bin/
COPY conf/attribute-map.xml /opt/etc/shibboleth/attribute-map.xml
COPY conf/inc-md-cert.pem /opt/etc/shibboleth/inc-md-cert.pem
COPY conf/shibboleth_keygen.sh /opt/bin/shibboleth_keygen.sh

EXPOSE 80 443
CMD ["httpd-shib-foreground"]
3 changes: 2 additions & 1 deletion common.bash
View file
Open in desktop
@@ -1,2 +1,3 @@
maintainer="bigfleet"
imagename="shibboleth_sp"
imagename="shibboleth_sp"
version="2.5.1"
32 changes: 32 additions & 0 deletions conf/attribute-map.xml
View file
Open in desktop
@@ -0,0 +1,32 @@
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>

<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
<AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
</Attribute>

<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>

<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>

<Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
</Attribute>

<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>

<Attribute name="urn:oid:2.5.4.4" id="sn"/>
<Attribute name="urn:oid:2.5.4.42" id="givenName"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.3" id="employeeNumber"/>

</Attributes>
21 changes: 21 additions & 0 deletions conf/inc-md-cert.pem
View file
Open in desktop
@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
-----END CERTIFICATE-----
75 changes: 75 additions & 0 deletions conf/shibboleth_keygen.sh
View file
Open in desktop
@@ -0,0 +1,75 @@
#! /bin/sh

while getopts h:u:g:o:e:y:bf c
do
case $c in
o) OUT=$OPTARG;;
b) BATCH=1;;
f) FORCE=1;;
h) FQDN=$OPTARG;;
e) ENTITYID=$OPTARG;;
y) YEARS=$OPTARG;;
\?) echo "shibboleth_keygen [-o output directory (default .)] [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]"
exit 1;;
esac
done
if [ -z "$OUT" ] ; then
OUT=.
fi

if [ -n "$FORCE" ] ; then
rm $OUT/sp-key.pem $OUT/sp-cert.pem
fi

if [ -s $OUT/sp-key.pem -o -s $OUT/sp-cert.pem ] ; then
if [ -z "$BATCH" ] ; then
echo The files $OUT/sp-key.pem and/or $OUT/sp-cert.pem already exist!
echo Use -f option to force recreation of keypair.
exit 2
fi
exit 0
fi

if [ -z "$FQDN" ] ; then
FQDN=`hostname --fqdn`
fi

if [ -z "$YEARS" ] ; then
YEARS=10
fi

DAYS=`expr $YEARS \* 365`

if [ -z "$ENTITYID" ] ; then
ALTNAME=DNS:$FQDN
else
ALTNAME=DNS:$FQDN,URI:$ENTITYID
fi

SSLCNF=$OUT/sp-cert.cnf
cat >$SSLCNF <<EOF
# OpenSSL configuration file for creating sp-cert.pem
[req]
prompt=no
default_bits=2048
encrypt_key=no
default_md=sha1
distinguished_name=dn
# PrintableStrings only
string_mask=MASK:0002
x509_extensions=ext
[dn]
CN=$FQDN
[ext]
subjectAltName=$ALTNAME
subjectKeyIdentifier=hash
EOF

touch $OUT/sp-key.pem
chmod 600 $OUT/sp-key.pem
if [ -z "$BATCH" ] ; then
openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem
else
openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem 2> /dev/null
fi
rm $SSLCNF
12 changes: 12 additions & 0 deletions tests/image.bats
View file
Open in desktop
Expand Up @@ -8,4 +8,16 @@ load ../common

@test "Shibboleth root available" {
docker run -i $maintainer/$imagename find /etc/shibboleth
}

@test "Sample attribute map available" {
docker run -i $maintainer/$imagename find /opt/etc/shibboleth/attribute-map.xml
}

@test "Includes InCommon cert" {
docker run -i $maintainer/$imagename find /opt/etc/shibboleth/inc-md-cert.pem
}

@test "Includes Shibboleth keygenerator" {
docker run -i $maintainer/$imagename find /opt/bin/shibboleth_keygen.sh
}