-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
197 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| FROM microsoft/iis | ||
|
|
||
| ENV SP_VERSION=3.0.2.0 | ||
| RUN powershell [Environment]::SetEnvironmentVariable('SP_VERSION','%SP_VERSION%', [System.EnvironmentVariableTarget]::Machine ) | ||
|
|
||
| #install shibb sp | ||
| RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/service-provider/latest/win64/shibboleth-sp-%SP_VERSION%-win64.msi', 'C:\shibboleth-sp-%SP_VERSION%-win64.msi') | ||
| RUN powershell If ((Get-FileHash C:\shibboleth-sp-%SP_VERSION%-win64.msi -Algorithm SHA1).Hash.ToLower() -eq '4b9dcafb46ddc00849ccea96961d3fbb95bbd544') { ` \ | ||
| start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-sp-%SP_VERSION%-win64.msi','/qn' ` \ | ||
| } Else { throw 'bad hash comparison on SP download' } | ||
| RUN del C:\shibboleth-sp-%SP_VERSION%-win64.msi | ||
| RUN C:\Windows\System32\inetsrv\appcmd install module /name:ShibNative32 /image:"c:\opt\shibboleth-sp\lib\shibboleth\iis7_shib.dll" /precondition:bitness32 | ||
| RUN C:\Windows\System32\inetsrv\appcmd install module /name:ShibNative /image:"c:\opt\shibboleth-sp\lib64\shibboleth\iis7_shib.dll" /precondition:bitness64 | ||
| COPY container_files/attribute-map.xml c:/opt/shibboleth-sp/etc/shibboleth/ | ||
|
|
||
| #add ASP.NET and IIS svc monitor | ||
| SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] | ||
| RUN Add-WindowsFeature Web-Server; ` \ | ||
| Add-WindowsFeature NET-Framework-45-ASPNET; ` \ | ||
| Add-WindowsFeature Web-Asp-Net45; ` \ | ||
| Remove-Item -Recurse C:\inetpub\wwwroot\*; ` \ | ||
| Invoke-WebRequest -Uri https://dotnetbinaries.blob.core.windows.net/servicemonitor/2.0.1.6/ServiceMonitor.exe -OutFile C:\ServiceMonitor.exe | ||
|
|
||
| #healthcheck command for container state reporting | ||
| HEALTHCHECK --interval=1m --timeout=30s \ | ||
| CMD powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (new-object System.Net.WebClient).DownloadString("http://127.0.0.1/Shibboleth.sso/Status") | ||
|
|
||
| #start both shibd and IIS | ||
| COPY container_files/start.bat c:/ | ||
| ENTRYPOINT ["C:\\start.bat"] | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,162 @@ | ||
| <Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | ||
|
|
||
| <!-- | ||
| The mappings are a mix of SAML 1.1 and SAML 2.0 attribute names agreed to within the Shibboleth | ||
| community. The non-OID URNs are SAML 1.1 names and most of the OIDs are SAML 2.0 names, with a | ||
| few exceptions for newer attributes where the name is the same for both versions. You will | ||
| usually want to uncomment or map the names for both SAML versions as a unit. | ||
| --> | ||
|
|
||
| <!-- New standard identifier attributes for SAML. --> | ||
|
|
||
| <Attribute name="urn:oasis:names:tc:SAML:attribute:subject-id" id="subject-id"> | ||
| <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
|
|
||
| <Attribute name="urn:oasis:names:tc:SAML:attribute:pairwise-id" id="pairwise-id"> | ||
| <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
|
|
||
| <!-- The most typical eduPerson attributes. --> | ||
|
|
||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn"> | ||
| <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn"> | ||
| <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
|
|
||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation"> | ||
| <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" id="affiliation"> | ||
| <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
|
|
||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/> | ||
|
|
||
| <!-- | ||
| Legacy pairwise identifier attribute / NameID format, intended to be replaced by the | ||
| simpler pairwise-id attribute (see top of file). | ||
| --> | ||
|
|
||
| <!-- The eduPerson attribute version (note the OID-style name): --> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" id="persistent-id"> | ||
| <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/> | ||
| </Attribute> | ||
|
|
||
| <!-- The SAML 2.0 NameID Format: --> | ||
| <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id"> | ||
| <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/> | ||
| </Attribute> | ||
|
|
||
| <!-- Other eduPerson attributes (SAML 2 names followed by SAML 1 names)... --> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" id="assurance"/> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="member"/> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.1" id="eduCourseOffering"/> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2" id="eduCourseMember"/> | ||
|
|
||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation"> | ||
| <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation"> | ||
| <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" id="nickname"/> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" id="primary-orgunit-dn"/> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/> | ||
|
|
||
| <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation" id="unscoped-affiliation"> | ||
| <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation"> | ||
| <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:mace:dir:attribute-def:eduPersonNickname" id="nickname"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" id="primary-orgunit-dn"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" id="orgunit-dn"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN" id="org-dn"/> | ||
|
|
||
| <!-- Older LDAP-defined attributes (SAML 2.0 names followed by SAML 1 names)... --> | ||
| <Attribute name="urn:oid:2.5.4.3" id="cn"/> | ||
| <Attribute name="urn:oid:2.5.4.4" id="sn"/> | ||
| <Attribute name="urn:oid:2.5.4.42" id="givenName"/> | ||
| <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/> | ||
| <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/> | ||
| <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/> | ||
| <Attribute name="urn:oid:2.5.4.20" id="telephoneNumber"/> | ||
| <Attribute name="urn:oid:2.5.4.12" id="title"/> | ||
| <Attribute name="urn:oid:2.5.4.43" id="initials"/> | ||
| <Attribute name="urn:oid:2.5.4.13" id="description"/> | ||
| <Attribute name="urn:oid:2.16.840.1.113730.3.1.1" id="carLicense"/> | ||
| <Attribute name="urn:oid:2.16.840.1.113730.3.1.2" id="departmentNumber"/> | ||
| <Attribute name="urn:oid:2.16.840.1.113730.3.1.3" id="employeeNumber"/> | ||
| <Attribute name="urn:oid:2.16.840.1.113730.3.1.4" id="employeeType"/> | ||
| <Attribute name="urn:oid:2.16.840.1.113730.3.1.39" id="preferredLanguage"/> | ||
| <Attribute name="urn:oid:0.9.2342.19200300.100.1.10" id="manager"/> | ||
| <Attribute name="urn:oid:2.5.4.34" id="seeAlso"/> | ||
| <Attribute name="urn:oid:2.5.4.23" id="facsimileTelephoneNumber"/> | ||
| <Attribute name="urn:oid:2.5.4.9" id="street"/> | ||
| <Attribute name="urn:oid:2.5.4.18" id="postOfficeBox"/> | ||
| <Attribute name="urn:oid:2.5.4.17" id="postalCode"/> | ||
| <Attribute name="urn:oid:2.5.4.8" id="st"/> | ||
| <Attribute name="urn:oid:2.5.4.7" id="l"/> | ||
| <Attribute name="urn:oid:2.5.4.10" id="o"/> | ||
| <Attribute name="urn:oid:2.5.4.11" id="ou"/> | ||
| <Attribute name="urn:oid:2.5.4.15" id="businessCategory"/> | ||
| <Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/> | ||
|
|
||
| <Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:title" id="title"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:description" id="description"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:departmentNumber" id="departmentNumber"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:employeeNumber" id="employeeNumber"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:employeeType" id="employeeType"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:preferredLanguage" id="preferredLanguage"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:manager" id="manager"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:seeAlso" id="seeAlso"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" id="facsimileTelephoneNumber"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:street" id="street"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:postOfficeBox" id="postOfficeBox"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:postalCode" id="postalCode"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:st" id="st"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:l" id="l"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:o" id="o"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:ou" id="ou"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:businessCategory" id="businessCategory"/> | ||
| <Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" id="physicalDeliveryOfficeName"/> | ||
|
|
||
| <!-- SCHAC attributes... --> | ||
| <!-- | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.9" id="schacHomeOrganization"> | ||
| <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.10" id="schacHomeOrganizationType"> | ||
| <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.14" id="schacPersonalUniqueCode"> | ||
| <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.15" id="schacPersonalUniqueID"/> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.19" id="schacUserStatus"> | ||
| <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.20" id="schacProjectMembership"> | ||
| <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.21" id="schacProjectSpecificRole"> | ||
| <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/> | ||
| </Attribute> | ||
| --> | ||
|
|
||
| </Attributes> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
|
|
||
| C:\Windows\System32\sc start shibd_Default | ||
| C:\ServiceMonitor.exe w3svc | ||
|
|