Passes tests, includes a shim TCP listener to explore which aspects o…

…f the configuration belong in which places
docker · Jul 13, 2017 · 155a177 · 155a177
1 parent 0bf8d0f
commit 155a177
Showing 5 changed files with 23 additions and 13 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -16,7 +16,8 @@ LABEL Build docker build --rm --tag $maintainer/$imagename .
 
 ADD ./container_files /opt
 # This SP will connect via the TCP listener
-RUN cp /opt/etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf && rm /opt/bin/httpd-shib-foreground
-
+RUN rm /opt/bin/httpd-shib-foreground /etc/httpd/conf.d/ssl.conf && \
+    cp /opt/etc/httpd/conf.d/*.conf /etc/httpd/conf.d/. && \
+    cp /opt/etc/shibboleth/* /etc/shibboleth/.
 EXPOSE 80 443
 CMD ["/usr/sbin/httpd"]
diff --git a/container_files/etc/httpd/conf.d/log.conf b/container_files/etc/httpd/conf.d/log.conf
@@ -0,0 +1,2 @@
+ErrorLog /dev/stderr
+TransferLog /dev/stdout
diff --git a/container_files/etc/httpd/conf.d/shib.conf b/container_files/etc/httpd/conf.d/shib.conf
@@ -1,16 +1,5 @@
 # https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
 
-# RPM installations on platforms with a conf.d directory will
-# result in this file being copied into that directory for you
-# and preserved across upgrades.
-
-# For non-RPM installs, you should copy the relevant contents of
-# this file to a configuration location you control.
-
-#
-# Load the Shibboleth module.
-#
-LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
 
 #
 # Turn this on to support "require valid-user" rules from other

diff --git a/container_files/etc/shibboleth/shibboleth2.xml b/container_files/etc/shibboleth/shibboleth2.xml
@@ -0,0 +1,10 @@
+<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
+    xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"    
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    clockSkew="180">
+
+	<TCPListener address="shibd" port="1600" acl="0.0.0.0"/>
+
+</SPConfig>
diff --git a/tests/image.bats b/tests/image.bats
@@ -5,4 +5,12 @@ load ../common
 
 @test "Shibboleth configuration for httpd secures siteadmin" {
   docker run -i $maintainer/$imagename grep siteadmin /etc/httpd/conf.d/shib.conf
+}
+
+@test "Log configuration in place" {
+  docker run -i $maintainer/$imagename find /etc/httpd/conf.d/log.conf
+}
+
+@test "shibboleth2.xml using a TCP Listener configuration" {
+  docker run -i $maintainer/$imagename grep TCPListener /etc/shibboleth/shibboleth2.xml
 }