From 155a1775e5cf0ffbdcf2e276298a380e4d59d439 Mon Sep 17 00:00:00 2001
From: Jim Van Fleet <jim.van.fleet@levvel.io>
Date: Thu, 13 Jul 2017 11:31:26 -0400
Subject: [PATCH] Passes tests, includes a shim TCP listener to explore which
 aspects of the configuration belong in which places

---
 Dockerfile                                     |  5 +++--
 container_files/etc/httpd/conf.d/log.conf      |  2 ++
 container_files/etc/httpd/conf.d/shib.conf     | 11 -----------
 container_files/etc/shibboleth/shibboleth2.xml | 10 ++++++++++
 tests/image.bats                               |  8 ++++++++
 5 files changed, 23 insertions(+), 13 deletions(-)
 create mode 100644 container_files/etc/httpd/conf.d/log.conf
 create mode 100644 container_files/etc/shibboleth/shibboleth2.xml

diff --git a/Dockerfile b/Dockerfile
index a0492de..9e3aeec 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,7 +16,8 @@ LABEL Build docker build --rm --tag $maintainer/$imagename .
 
 ADD ./container_files /opt
 # This SP will connect via the TCP listener
-RUN cp /opt/etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf && rm /opt/bin/httpd-shib-foreground
-
+RUN rm /opt/bin/httpd-shib-foreground /etc/httpd/conf.d/ssl.conf && \
+    cp /opt/etc/httpd/conf.d/*.conf /etc/httpd/conf.d/. && \
+    cp /opt/etc/shibboleth/* /etc/shibboleth/.
 EXPOSE 80 443
 CMD ["/usr/sbin/httpd"]
diff --git a/container_files/etc/httpd/conf.d/log.conf b/container_files/etc/httpd/conf.d/log.conf
new file mode 100644
index 0000000..589adf4
--- /dev/null
+++ b/container_files/etc/httpd/conf.d/log.conf
@@ -0,0 +1,2 @@
+ErrorLog /dev/stderr
+TransferLog /dev/stdout
\ No newline at end of file
diff --git a/container_files/etc/httpd/conf.d/shib.conf b/container_files/etc/httpd/conf.d/shib.conf
index 12c28d3..f0d9252 100644
--- a/container_files/etc/httpd/conf.d/shib.conf
+++ b/container_files/etc/httpd/conf.d/shib.conf
@@ -1,16 +1,5 @@
 # https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
 
-# RPM installations on platforms with a conf.d directory will
-# result in this file being copied into that directory for you
-# and preserved across upgrades.
-
-# For non-RPM installs, you should copy the relevant contents of
-# this file to a configuration location you control.
-
-#
-# Load the Shibboleth module.
-#
-LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
 
 #
 # Turn this on to support "require valid-user" rules from other
diff --git a/container_files/etc/shibboleth/shibboleth2.xml b/container_files/etc/shibboleth/shibboleth2.xml
new file mode 100644
index 0000000..916eae9
--- /dev/null
+++ b/container_files/etc/shibboleth/shibboleth2.xml
@@ -0,0 +1,10 @@
+<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
+    xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"    
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    clockSkew="180">
+
+	<TCPListener address="shibd" port="1600" acl="0.0.0.0"/>
+
+</SPConfig>
\ No newline at end of file
diff --git a/tests/image.bats b/tests/image.bats
index a37260d..b6924eb 100644
--- a/tests/image.bats
+++ b/tests/image.bats
@@ -5,4 +5,12 @@ load ../common
 
 @test "Shibboleth configuration for httpd secures siteadmin" {
   docker run -i $maintainer/$imagename grep siteadmin /etc/httpd/conf.d/shib.conf
+}
+
+@test "Log configuration in place" {
+  docker run -i $maintainer/$imagename find /etc/httpd/conf.d/log.conf
+}
+
+@test "shibboleth2.xml using a TCP Listener configuration" {
+  docker run -i $maintainer/$imagename grep TCPListener /etc/shibboleth/shibboleth2.xml
 }
\ No newline at end of file