Every tests passes

Dockerfile

@@ -10,14 +10,21 @@ RUN apt-get install -y dirmngr gnupg && \
       apache2-threaded-dev \
       apache2-mpm-worker \
       libapache2-mod-passenger \
+      libapache2-mod-shib2 \
       odbc-postgresql \
       passenger \
       shibboleth-sp2-utils
 
 ADD ./container_files /opt
 
-RUN cp /opt/etc/httpd/conf.d/*.conf /etc/apache2/conf-available/. && \
+RUN cp /opt/etc/apache2/conf-available/*.conf /etc/apache2/conf-available/. && \
+    cp /opt/etc/apache2/sites-available/*.conf /etc/apache2/sites-available/. && \
     cp /opt/etc/shibboleth/* /etc/shibboleth/. && \
-    a2enconf log && a2enconf shib
+    a2enconf log && a2enconf shib && \
+    a2enmod shib2 && a2ensite siteadmin && \
+#    mv /etc/shibboleth/console.logger /etc/shibboleth/shibd.logger && \
+    chmod +x /opt/etc/docker_config/docker_config.sh && \
+    shib-keygen
 
-EXPOSE 80 443
+EXPOSE 80 443
+CMD [ "/opt/etc/docker_config/docker_config.sh" ]

container_files/bin/httpd-shib-foreground

@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+
+# Apache gets grumpy about PID files pre-existing
+rm -f /etc/httpd/logs/httpd.pid
+
+(/usr/sbin/shibd) & apachectl -D FOREGROUND

container_files/etc/apache2/sites-available/siteadmin.conf

@@ -0,0 +1,24 @@
+<VirtualHost *:80>
+    ServerName siteadmin.example.com
+
+    # Tell Apache and Passenger where your app's 'public' directory is
+    DocumentRoot /var/www/html
+
+    PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
+    PassengerDefaultRuby /usr/local/bin/ruby
+
+    Alias /siteadmin /app/public
+      <Location /siteadmin>
+          PassengerBaseURI /siteadmin
+          PassengerAppRoot /app/public
+      </Location>
+
+    # Relax Apache security settings
+    <Directory /app/public>
+      Allow from all
+      Options -MultiViews
+      # Uncomment this if you're on Apache > 2.4:
+      Require all granted
+      RailsEnv staging
+    </Directory>
+</VirtualHost>

container_files/etc/docker_config/docker_config.sh

@@ -1,4 +1,4 @@
-#/bin/sh
+#!/bin/sh
 entityID_file="/etc/docker_config/entity_id.txt"
 dicoveryURL_file="/etc/docker_config/discovery_url.txt"
 if [ -f $entityID_file ]; then
@@ -17,8 +17,6 @@ else
     fi
 fi
 
-
 sed -e "s/\${entityID}/$entityID/"  -e "s/\${discoveryURL}/$discoveryURL/"  /etc/docker_config/shibboleth2.xml > /etc/shibboleth/shibboleth2.xml
-cp /etc/docker_config/mfa-proxy.incommon.org-metdata.xml /etc/shibboleth/
 ln -s /etc/docker_config/proxy.conf /etc/httpd/conf.d/proxy.conf
 /opt/bin/httpd-shib-foreground

container_files/etc/shibboleth/attribute-map.xml

@@ -0,0 +1,32 @@
+<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
+        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
+    </Attribute>
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
+        <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
+    </Attribute>
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
+        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
+    </Attribute>
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>
+
+    <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
+        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
+    </Attribute>
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
+        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
+    </Attribute>
+
+    <Attribute name="urn:oid:2.5.4.4" id="sn"/>
+    <Attribute name="urn:oid:2.5.4.42" id="givenName"/>
+    <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
+    <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
+    <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
+    <Attribute name="urn:oid:2.16.840.1.113730.3.1.3" id="employeeNumber"/>
+
+</Attributes>

container_files/etc/shibboleth/inc-md-cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
+IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
+WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
+b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
+Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
+g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
+CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
+/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
+TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
+C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
+lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
+WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
+Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
+AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
+CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
+GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
+-----END CERTIFICATE-----

tests/image.bats

@@ -15,6 +15,14 @@ load ../common
   docker run -i $maintainer/$imagename /usr/bin/passenger-config validate-install --auto
 }
 
+@test "MFA Proxy Metadata in place" {
+  docker run -i $maintainer/$imagename find /etc/shibboleth/mfa-proxy.incommon.org-metdata.xml
+}
+
+@test "Shib SP key in place" {
+  docker run -i $maintainer/$imagename find /etc/shibboleth/sp-key.pem
+}
+
 @test "shibboleth2.xml not using a TCP Listener configuration" {
   docker run -i $maintainer/$imagename grep -v TCPListener /etc/shibboleth/shibboleth2.xml
 }