diff --git a/Dockerfile b/Dockerfile
index 0b1f6f9..a988329 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,14 +10,21 @@ RUN apt-get install -y dirmngr gnupg && \
apache2-threaded-dev \
apache2-mpm-worker \
libapache2-mod-passenger \
+ libapache2-mod-shib2 \
odbc-postgresql \
passenger \
shibboleth-sp2-utils
ADD ./container_files /opt
-RUN cp /opt/etc/httpd/conf.d/*.conf /etc/apache2/conf-available/. && \
+RUN cp /opt/etc/apache2/conf-available/*.conf /etc/apache2/conf-available/. && \
+ cp /opt/etc/apache2/sites-available/*.conf /etc/apache2/sites-available/. && \
cp /opt/etc/shibboleth/* /etc/shibboleth/. && \
- a2enconf log && a2enconf shib
+ a2enconf log && a2enconf shib && \
+ a2enmod shib2 && a2ensite siteadmin && \
+# mv /etc/shibboleth/console.logger /etc/shibboleth/shibd.logger && \
+ chmod +x /opt/etc/docker_config/docker_config.sh && \
+ shib-keygen
-EXPOSE 80 443
\ No newline at end of file
+EXPOSE 80 443
+CMD [ "/opt/etc/docker_config/docker_config.sh" ]
\ No newline at end of file
diff --git a/container_files/bin/httpd-shib-foreground b/container_files/bin/httpd-shib-foreground
new file mode 100755
index 0000000..e73a1b0
--- /dev/null
+++ b/container_files/bin/httpd-shib-foreground
@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+
+# Apache gets grumpy about PID files pre-existing
+rm -f /etc/httpd/logs/httpd.pid
+
+(/usr/sbin/shibd) & apachectl -D FOREGROUND
diff --git a/container_files/etc/apache2/conf-available.txt b/container_files/etc/apache2/conf-available.txt
new file mode 100644
index 0000000..e69de29
diff --git a/container_files/etc/httpd/conf.d/log.conf b/container_files/etc/apache2/conf-available/log.conf
similarity index 100%
rename from container_files/etc/httpd/conf.d/log.conf
rename to container_files/etc/apache2/conf-available/log.conf
diff --git a/container_files/etc/httpd/conf.d/shib.conf b/container_files/etc/apache2/conf-available/shib.conf
similarity index 100%
rename from container_files/etc/httpd/conf.d/shib.conf
rename to container_files/etc/apache2/conf-available/shib.conf
diff --git a/container_files/etc/apache2/sites-available/siteadmin.conf b/container_files/etc/apache2/sites-available/siteadmin.conf
new file mode 100644
index 0000000..c1a3c5d
--- /dev/null
+++ b/container_files/etc/apache2/sites-available/siteadmin.conf
@@ -0,0 +1,24 @@
+
+ ServerName siteadmin.example.com
+
+ # Tell Apache and Passenger where your app's 'public' directory is
+ DocumentRoot /var/www/html
+
+ PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
+ PassengerDefaultRuby /usr/local/bin/ruby
+
+ Alias /siteadmin /app/public
+
+ PassengerBaseURI /siteadmin
+ PassengerAppRoot /app/public
+
+
+ # Relax Apache security settings
+
+ Allow from all
+ Options -MultiViews
+ # Uncomment this if you're on Apache > 2.4:
+ Require all granted
+ RailsEnv staging
+
+
\ No newline at end of file
diff --git a/container_files/etc/docker_config/docker_config.sh b/container_files/etc/docker_config/docker_config.sh
old mode 100644
new mode 100755
index d637eb0..cf294f7
--- a/container_files/etc/docker_config/docker_config.sh
+++ b/container_files/etc/docker_config/docker_config.sh
@@ -1,4 +1,4 @@
-#/bin/sh
+#!/bin/sh
entityID_file="/etc/docker_config/entity_id.txt"
dicoveryURL_file="/etc/docker_config/discovery_url.txt"
if [ -f $entityID_file ]; then
@@ -17,8 +17,6 @@ else
fi
fi
-
sed -e "s/\${entityID}/$entityID/" -e "s/\${discoveryURL}/$discoveryURL/" /etc/docker_config/shibboleth2.xml > /etc/shibboleth/shibboleth2.xml
-cp /etc/docker_config/mfa-proxy.incommon.org-metdata.xml /etc/shibboleth/
ln -s /etc/docker_config/proxy.conf /etc/httpd/conf.d/proxy.conf
/opt/bin/httpd-shib-foreground
diff --git a/container_files/etc/docker_config/proxy.conf b/container_files/etc/docker_config/proxy.conf
deleted file mode 100644
index 0f2289b..0000000
--- a/container_files/etc/docker_config/proxy.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-ProxyPass /siteadmin/ http://siteadmin-svc:3000/
-ProxyPassReverse /siteadmin/ http://siteadmin-svc:3000/
diff --git a/container_files/etc/shibboleth/attribute-map.xml b/container_files/etc/shibboleth/attribute-map.xml
new file mode 100644
index 0000000..12c4019
--- /dev/null
+++ b/container_files/etc/shibboleth/attribute-map.xml
@@ -0,0 +1,32 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/container_files/etc/shibboleth/inc-md-cert.pem b/container_files/etc/shibboleth/inc-md-cert.pem
new file mode 100644
index 0000000..5ec4ec6
--- /dev/null
+++ b/container_files/etc/shibboleth/inc-md-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
+IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
+WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
+b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
+Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
+g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
+CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
+/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
+TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
+C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
+lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
+WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
+Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
+AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
+CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
+GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
+-----END CERTIFICATE-----
diff --git a/container_files/etc/docker_config/mfa-proxy.incommon.org-metdata.xml b/container_files/etc/shibboleth/mfa-proxy.incommon.org-metdata.xml
similarity index 100%
rename from container_files/etc/docker_config/mfa-proxy.incommon.org-metdata.xml
rename to container_files/etc/shibboleth/mfa-proxy.incommon.org-metdata.xml
diff --git a/tests/image.bats b/tests/image.bats
index 057f8f0..d0337a4 100644
--- a/tests/image.bats
+++ b/tests/image.bats
@@ -15,6 +15,14 @@ load ../common
docker run -i $maintainer/$imagename /usr/bin/passenger-config validate-install --auto
}
+@test "MFA Proxy Metadata in place" {
+ docker run -i $maintainer/$imagename find /etc/shibboleth/mfa-proxy.incommon.org-metdata.xml
+}
+
+@test "Shib SP key in place" {
+ docker run -i $maintainer/$imagename find /etc/shibboleth/sp-key.pem
+}
+
@test "shibboleth2.xml not using a TCP Listener configuration" {
docker run -i $maintainer/$imagename grep -v TCPListener /etc/shibboleth/shibboleth2.xml
}