Skip to content
Permalink
Browse files

adaptation mP container on new version of shibboleth_sp

  • Loading branch information
skublik committed Mar 28, 2019
1 parent a384fd4 commit 582f64f88699590d7cd4aa10630d6ccb276d36be
Showing with 811 additions and 5,010 deletions.
  1. +3 −5 Dockerfile
  2. +7 −4 container_files/usr-local-bin/start-httpd.sh
  3. +3 −0 demo/complex/after-installation.sh
  4. +5 −2 demo/complex/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
  5. +0 −22 demo/complex/configs-and-secrets/midpoint/shibboleth/sp-cert.pem
  6. +24 −0 demo/complex/configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem
  7. +40 −0 demo/complex/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem
  8. +0 −28 demo/complex/configs-and-secrets/midpoint/shibboleth/sp-key.pem
  9. +24 −0 demo/complex/configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem
  10. +40 −0 demo/complex/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem
  11. +29 −12 demo/complex/docker-compose.yml
  12. +1 −1 demo/complex/grouper_daemon/Dockerfile
  13. +1 −1 demo/complex/grouper_data/Dockerfile
  14. +1 −1 demo/complex/grouper_ui/Dockerfile
  15. +1 −1 demo/complex/grouper_ws/Dockerfile
  16. +1 −1 demo/complex/idp/Dockerfile
  17. +37 −0 demo/complex/idp/shibboleth-idp/metadata/midpoint-sp-new.xml
  18. +1 −1 demo/complex/midpoint-objects/resources/resource-grouper.xml
  19. +22 −0 demo/complex/midpoint_server/container_files/httpd/host-cert.pem
  20. +28 −0 demo/complex/midpoint_server/container_files/httpd/host-key.pem
  21. BIN demo/complex/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.2.jar
  22. +239 −4,777 demo/complex/sources/container_files/seed-data/persons-and-courses.sql
  23. +9 −4 demo/complex/tests/main.bats
  24. +0 −31 demo/complex/tests/resources/grouper/t260.gsh
  25. +5 −2 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
  26. +0 −22 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-cert.pem
  27. +24 −0 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem
  28. +40 −0 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem
  29. +0 −28 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-key.pem
  30. +24 −0 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem
  31. +40 −0 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem
  32. +5 −2 demo/shibboleth/configs-and-secrets/shibboleth/shibboleth2.xml
  33. +0 −20 demo/shibboleth/configs-and-secrets/shibboleth/sp-cert.pem
  34. +24 −0 demo/shibboleth/configs-and-secrets/shibboleth/sp-encrypt-cert.pem
  35. +40 −0 demo/shibboleth/configs-and-secrets/shibboleth/sp-encrypt-key.pem
  36. +0 −28 demo/shibboleth/configs-and-secrets/shibboleth/sp-key.pem
  37. +24 −0 demo/shibboleth/configs-and-secrets/shibboleth/sp-signing-cert.pem
  38. +40 −0 demo/shibboleth/configs-and-secrets/shibboleth/sp-signing-key.pem
  39. +14 −8 demo/shibboleth/docker-compose-tests.yml
  40. +14 −8 demo/shibboleth/docker-compose.yml
  41. +1 −1 demo/shibboleth/idp/Dockerfile
@@ -16,7 +16,7 @@ RUN yum -y install \
libcurl \
&& yum clean -y all

RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem \
RUN rm /etc/shibboleth/sp-signing-key.pem /etc/shibboleth/sp-signing-cert.pem /etc/shibboleth/sp-encrypt-key.pem /etc/shibboleth/sp-encrypt-cert.pem\
&& cd /etc/httpd/conf.d/ \
&& rm -f autoindex.conf ssl.conf userdir.conf welcome.conf

@@ -38,8 +38,6 @@ RUN chmod 755 /opt/tier/setenv.sh \
RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
&& mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.auth.shibboleth \
&& touch /etc/httpd/conf.d/shib.conf.auth.internal \
&& mv /etc/httpd/conf.modules.d/00-shib.conf /etc/httpd/conf.modules.d/00-shib.conf.auth.shibboleth \
&& touch /etc/httpd/conf.modules.d/00-shib.conf.auth.internal \
&& sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
&& sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
@@ -49,7 +47,7 @@ RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \

# Build arguments

ARG MP_VERSION=3.9
ARG MP_VERSION=4.0
ARG MP_DIST_FILE=midpoint-dist.tar.gz

ENV MP_DIR /opt/midpoint
@@ -100,7 +98,7 @@ ENV TIER_MAINTAINER tier

# TIER Beacon Opt-out
# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage/midPoint) and version (3.9, etc)
# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage/midPoint) and version (4.0, etc)
# once daily between midnight and 4am. There is no configuration or private information collected or sent.
# This data helps with the scaling and funding of TIER. Please do not disable it if you find the TIER tools useful.
# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
@@ -3,8 +3,10 @@
echo "Linking secrets"
for filepath in /run/secrets/*; do
label_file=`basename $filepath`
if [ "$label_file" == "mp_sp-key.pem" ]; then
ln -sf /run/secrets/mp_sp-key.pem /etc/shibboleth/sp-key.pem
if [ "$label_file" == "mp_sp-signing-key.pem" ]; then
ln -sf /run/secrets/mp_sp-key.pem /etc/shibboleth/sp-signing-key.pem
elif [ "$label_file" == "mp_sp-encrypt-key.pem" ]; then
ln -sf /run/secrets/mp_sp-key.pem /etc/shibboleth/sp-encrypt-key.pem
elif [ "$label_file" == "mp_host-key.pem" ]; then
ln -sf /run/secrets/mp_host-key.pem /etc/pki/tls/private/host-key.pem
fi
@@ -13,12 +15,13 @@ done
echo "Linking config files; using authentication: $AUTHENTICATION"
ln -sf /etc/httpd/conf.d/midpoint.conf.auth.$AUTHENTICATION /etc/httpd/conf.d/midpoint.conf
ln -sf /etc/httpd/conf.d/shib.conf.auth.$AUTHENTICATION /etc/httpd/conf.d/shib.conf
ln -sf /etc/httpd/conf.modules.d/00-shib.conf.auth.$AUTHENTICATION /etc/httpd/conf.modules.d/00-shib.conf

case $AUTHENTICATION in
shibboleth)
echo "*** Starting httpd WITH Shibboleth support"
httpd-shib-foreground
set -e
rm -f /etc/httpd/logs/httpd.pid
(/usr/sbin/shibd) & httpd -DFOREGROUND
;;
internal)
echo "*** Starting httpd WITHOUT Shibboleth support"
@@ -12,6 +12,9 @@ $(dirname "$0")/test-resources-1.sh
echo -e "${B} * Recomputing Grouper admin group and user object...${N}"
$(dirname "$0")/recompute.sh

echo -e "${B} * Waiting 120 seconds for changes to propagate to Grouper...${N}"
sleep 120

echo -e "${B} * Testing Grouper resource...${N}"
$(dirname "$0")/test-resource-grouper.sh

@@ -110,8 +110,11 @@
<!-- Default filtering policy for recognized attributes, lets other data pass. -->
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>

<!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
<!-- Simple file-based resolvers for separate signing/encryption keys. -->
<CredentialResolver type="File" use="signing"
key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
<CredentialResolver type="File" use="encryption"
key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>

<!--
The default settings can be overridden by creating ApplicationOverride elements (see

This file was deleted.

@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIID/TCCAmWgAwIBAgIJAINng1bI63LGMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV
BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4MDJaFw0yODEyMTcy
MjM4MDJaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI
hvcNAQEBBQADggGPADCCAYoCggGBAOjmPSBzRsjbPBBA6jYVW+QtsYM5fvIuNErG
VDRvKHyCTNbmdFZ37qEl/fwsrdF4hn4V7fAZ6jW6R1aMGFl1vQyJ289B8l5HOPjf
GuB2gL9IxulOmrkYVN8nfgjlbFNNktMQJ8NprYEyl3o786xCCxx3AiA5Mgdv400L
6vlmEfNHIwsOHAUTNRyCwMS9P6jBJ5IIxD0Mef+3oUjAvVsPZu24EJnzTUasZnI0
F8aC/YzVbxObBNcymtA2Ipec/gLe1B09eDZUduXPL/as57QWvgJrWj8bCK+Ldj0P
MPSvWzr4BnN58dxaYgCgRH7tnhZudPvCjBakQzkxo/njsRIKtm3lN9UmUYiXbl+e
bu0DSQFUaFfO2hOOUTNAr/QuC+GQL+U7VAdybTbP+KcH5LbNUSqYkxSwhbFz5aym
o5KppnYB9K5iySRWvGIhnwXHNv5yFrmUbet2BPJlMzv7NaePaZ76ypobzNjjNBbg
aNECsQ1ZD9fe2Q8UBe0m2gQP5Yux5QIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl
c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFGcLIl5kg+GFIh9HXeZyLzsv5e7qMA0G
CSqGSIb3DQEBCwUAA4IBgQAf8/iZXUWtWGMBw2OfonDDWbuhgLnNWddpllcVx7v/
Yu75+wgfIdNXg6XM4WkGkpbhlkpDLRt2c6rMQpxrQtq/5G3OKEXKyjUOl5pZsYkG
asVENYPSCfuu3rlK85XaW3H1SSJqSax/UKcYXyB1TIW6mNy3OxuvHak6y4LzFnug
CO7p/W2jvffwmxfqjbO7wQfXUQz3SZS04sHMqQoStOwy2N5xxQ3uTF34EoXBto+n
XIEOptKPhV2NkEzj+UUIi1588dck8T0SstbSElbTnJ4sNZFriX6JOPFNW08fezot
izerOHuAFpFQvtugWoZT87YYaFwG+Zr5QNa4fNOcAL+FHvbOfEqIGs+H6GSf0dZV
lkcJyzWZvuK/4RGqWbLvfAYRm0PAGTQSLdO8QJSYWdJtJvZFEMgddQ2HoIzeO5wo
B42FKDSHottI9avilApQBdRCtust8XRPtEAzDB/t/1jbO7u2tkzgY3614mX5xgut
Ileaae5eVCjw4uYbkh+Mt5M=
-----END CERTIFICATE-----
@@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDo5j0gc0bI2zwQ
QOo2FVvkLbGDOX7yLjRKxlQ0byh8gkzW5nRWd+6hJf38LK3ReIZ+Fe3wGeo1ukdW
jBhZdb0MidvPQfJeRzj43xrgdoC/SMbpTpq5GFTfJ34I5WxTTZLTECfDaa2BMpd6
O/OsQgscdwIgOTIHb+NNC+r5ZhHzRyMLDhwFEzUcgsDEvT+owSeSCMQ9DHn/t6FI
wL1bD2btuBCZ801GrGZyNBfGgv2M1W8TmwTXMprQNiKXnP4C3tQdPXg2VHblzy/2
rOe0Fr4Ca1o/Gwivi3Y9DzD0r1s6+AZzefHcWmIAoER+7Z4WbnT7wowWpEM5MaP5
47ESCrZt5TfVJlGIl25fnm7tA0kBVGhXztoTjlEzQK/0LgvhkC/lO1QHcm02z/in
B+S2zVEqmJMUsIWxc+WspqOSqaZ2AfSuYskkVrxiIZ8Fxzb+cha5lG3rdgTyZTM7
+zWnj2me+sqaG8zY4zQW4GjRArENWQ/X3tkPFAXtJtoED+WLseUCAwEAAQKCAYBM
3eCC20kbdbAnNSWX4AjKEIKr6sgJKlK78yVLgPx9y4uMydbPyxmJOj7PgfeEUSEi
cB5txj/Up7xvxiErNX7FqqJPj1Zs41jcWtZGCxaHC4AK9JSATpWEaUZhrUbJX6r7
2jMlfbV0FLyF7U+JJOsB5A1hkT7/0V/Vx/8vfQ6jmnDobym0SxiWZlk1Fbjy+30R
567M71c8nOCwYFyet0CjaMKh7PkuQCw3uRW3wPfqCW91qw438E3ENnnITFpRnDUI
iZIXJSj3Sqcx/W7Q6xei+y95U4tksT3/SQ7hVXp+BhfyjXdK/k0vNzxZfWk9nCD8
h7HeiQuLPENzrlOwuWtI+gLDIdFplXUJ+/piK3okdstdHJcWcNUelW8yr7JSpv1I
a2KMgHI2F4UVcTYLZrevzxd5a0cpvFW7vmvdw2vFrCb5JsVsmqBu5OLeaVGDIbIA
2SLfJqq12fi2rxk28VtwXXgaCTttSM+8VY7dlT/mPCqX3Sx2eM7EPt6RVHuri4EC
gcEA+3q6Vht60YXNaw7m4BFISntVm4Z2gGFNswLlrgPRHOacaQVMKhpqt3HmNKAT
1MD/a5C60HkUjMB95m2nE4k1Iade8EzUPXD1FvFbE9/+ifNx2OrC8pKrEmRiTmCY
oel45uoXsksNGJynfuRp2TpAVSZrXaIbGKZiMJZv0QZAilVBurZnZyV0jKQYkSFM
FOt60PDJJEqZzG01dvDJxsIYQURtjNscO0R2ncloLXm7qu1/fcP7CAawWgFYyer2
WEdVAoHBAO0WAhxCvFoev348Wf33lQi9c6w7WN/WEkhNOJ5p4PKsJphSZbt2bjCt
RdRmvahSXeiGrDPuaxoWaQqcXprcu3ndFYBcK2xZpIl/mf0wr1QTEHCkRXzfxRjC
Mmy+yTeKT4L18xKgg6pJn+wC3hwsv2BQPkp+NPJhD2bmVUWorqXq5fiBV2b7lTg0
q1HHXYtxk22bw7xtstFENGTqa22KwD5Wd6nj9DamLzKhUhOdcJ7yGVu9se7YcGGh
pg57muigUQKBwQD5feH96Zdo5UFN9GPTavH4ivH8sWNBrMeEUNyDTuAYtyX3/zx4
DOtRAhwsm5/xFGSTV+wvReDAX3zIroLym85ti/phlyd9qWJOl7cPOcvzGuYZGZe9
RwuX3KW3MphbEiFTnm1SAqmEgG6gMoZc8DDBCbO9GkWdp/yETcuzaWuAkmL6lVpy
97LwkSCaY5lyq8iWIDy915FMQhCn5u2YVhnwLq4s73jLx/mSQy4q57nrM2Kn6FZV
uSUetnVbJdOu810CgcBNCzbaWjF9E7rk2dXguwD6Wx5o3MxPyPAeAMIicIPCOIE+
RKB8n8rFFLm5gT2mokWUF5eENLknPBsccJ4pswtVWavwD4Oo7SST7hxrc9O1/Y/9
GtTd9JXHKuxZ/FHFM7QM+cHozrKattw6ROBKxZvXP5xOdt7b2QC5TqZtQZinoELl
U5rEg4MFRdBafe//LYRcPR8Jb5iJeqGQHcGVUl6Qo2a1lbc5vx1dVaEncKU1cbUd
4/IbjMhQYchlsnMvn1ECgcEAxwT/UvLwhYeFK6UHRwJ/z1eKGAC8R2B9tlmgddZx
T93qbVq4lZXKw3osqdi+pgWvvmg9aK9r/dO1E93S11msnoTI+W9xTr+y5y9dN/hx
5deQMUK+3woLog6LsGiKE2IamCNQBFkgd4VvhXgG+2pTPYJ9nyuEA+na+tfE6bSa
foJ8KQT1rmRFQYRboBY/xxqtsl6Nh84JK7kCw27NNdhssyuiipfa8NLM4m+yeA6n
/oz8xKl5PKwOrvk2DH+FwaAg
-----END PRIVATE KEY-----

This file was deleted.

@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIID/TCCAmWgAwIBAgIJAJZqOL69C6nRMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV
BAMTEnNwdGVzdC5leGFtcGxlLmVkdTAeFw0xODEyMjAyMjM4NDhaFw0yODEyMTcy
MjM4NDhaMB0xGzAZBgNVBAMTEnNwdGVzdC5leGFtcGxlLmVkdTCCAaIwDQYJKoZI
hvcNAQEBBQADggGPADCCAYoCggGBANJ1OC6Ql4te2/7PArBkuM/EF1NcQILv7bJa
ecJDGYBVoWgL0a2KQ0XMESusgkVmVjj/jcbtvwIiXI/6BEu815OF6eSZIwxWdQBp
eKbrWTbt07GiGgdXoXot6oMs5a9YXuWLt8pTXrFVMmwXU+ZfWJtuU8OIgm9esAEI
QBHvDVOJtdKdBMWJFa5nUzkaVvA0Fr8r+/FHUvSCnlKOMaUIfTgtoS9AQnaRQ1dV
l39Z2KAh87JYvRIxvbaPaKgar2eGQ+PQD8rqsB5K5wgnADAxYM9Vo0YXSpPH+Fvw
N3EJgURUSEY2E0Jx8JOx368ERNLXx3kfnRxCiZRDkTZF9WP6lBnDwc1WXRwpVCDT
RnF+SIh6IC1Bj/qpkpCD3nri7tycejoeAtVj1YZHWarf9iqdcLYOAWmeyGbFl3hj
v6qcXnIfy1KyHLCAdIrg1TymLovXXKW09pEbVLdsHmLz0h+DxPs4FsinK2AQBMn1
6u8BJJ/+spCzIQ2QNPcGORh6XemBpQIDAQABo0AwPjAdBgNVHREEFjAUghJzcHRl
c3QuZXhhbXBsZS5lZHUwHQYDVR0OBBYEFPC8rkASWHQxrtCQ4wwtnsJRy6K5MA0G
CSqGSIb3DQEBCwUAA4IBgQCks2nY7YzdIKV02NHD9STWD3yPtEwPYZZ3NBno0WW2
0rS6cU+fxFx37nY8ULve4cFQkLR8fOO44e1qIuTgLGCauSGTx/Ts/tbmZXbpGTwV
7cjZDCfC7yEFAVrfQFOMNKeQEssuLFj+d4STGLorxsM+2YygdOgohJz0e3xOcmCN
HqEuC9RbzrnLc/A4/mOHKwnwCCg71zA1/Ew9NUoRm2n8IfaONIUaMg9opNiHxX4e
u3UFaaPmn/mInuWYYMXzbIbdlU/XhKvXrujWYWj7anTDWvGQmNEecsQH92SrO0pf
+9WwcWUQTQiWUdq8/OxjXfzs1PrQnSlp0eizgcdKHDKbCUaSuK1i2wdxfEsu5sbZ
AIW0+dXJ2IyzM+0sv2g4DOsXsnSvinGqjr82A54mXGSr7edhPdlQhILFkJfhTwLq
+mjnyQSNe3s24VNeGc76jbHIrkEWuA460QGqz1Fa2CsQo5SH1IkxNIKpBZWt+w2L
dAza/NzYyDruY5IJCrZa9Qw=
-----END CERTIFICATE-----
@@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDSdTgukJeLXtv+
zwKwZLjPxBdTXECC7+2yWnnCQxmAVaFoC9GtikNFzBErrIJFZlY4/43G7b8CIlyP
+gRLvNeThenkmSMMVnUAaXim61k27dOxohoHV6F6LeqDLOWvWF7li7fKU16xVTJs
F1PmX1ibblPDiIJvXrABCEAR7w1TibXSnQTFiRWuZ1M5GlbwNBa/K/vxR1L0gp5S
jjGlCH04LaEvQEJ2kUNXVZd/WdigIfOyWL0SMb22j2ioGq9nhkPj0A/K6rAeSucI
JwAwMWDPVaNGF0qTx/hb8DdxCYFEVEhGNhNCcfCTsd+vBETS18d5H50cQomUQ5E2
RfVj+pQZw8HNVl0cKVQg00ZxfkiIeiAtQY/6qZKQg9564u7cnHo6HgLVY9WGR1mq
3/YqnXC2DgFpnshmxZd4Y7+qnF5yH8tSshywgHSK4NU8pi6L11yltPaRG1S3bB5i
89Ifg8T7OBbIpytgEATJ9ervASSf/rKQsyENkDT3BjkYel3pgaUCAwEAAQKCAYEA
kmBxGQH8RTVO8eTtS95iJC+QwavyOp/BxUDkWtbsj7P/NSyzQ25c59jNQIEVgktx
QOeNpoSJS2S22HTeNAc+MR781MAl/ljLu+OfxQj/3hKAIJZMYDr01tPEvkOl5NUj
+6e3xwNBYzmMfl2jPyGlsUWFAQSbI/bJl44zccXAkQ/A5KHNRc7Yw5qd6aOGQD8a
axCehOxEqEeI8oZvxQcogMBL0V9yWqEiI0Ymvq6w2n+CzdKmflcWSjloYzNcODbL
Ef2+8/fBZhHTS0GLCIqQpK+tZxt4K77DK2p2L9dYuHK7vtWn1j0YIwPqD+QVVtuT
d7BOOmakPj2E7EXq/GvFw8gB/gRLoLuJSq5vvhPrSVuJqWdxDuxSutGgIoN3mQxd
2AjuBXvqwYaZ3UGHZlBYAQx5ICiAGjxv/1zmKp+9OJHge/a1e6Z8jgQcpS7OWNhU
dj6qfs+IiWKEaMM7D8dj4ncoArBpE7/BzlVuJ377cqRx35alMcKlawQWF1YqSDrB
AoHBAPSipCLz4sr3U2jluXehntYsKevWcBtFkEd49Ay5uZTu/aweKWIozjDt7T3L
mjYi+QGpt28MdNmpoofYOmpt+lrc0HWrv+UB9k/qFxfwgZKaXa1nm/VLfK77L4IB
8I9dpjvDi724Xg/JJ1jsGM13+jGEfTQTl4Hi0lZwMydUO+O4oWB4kG9qhF8C+yQc
12CCFH+Da8uwcwM+zCJwRm3qMKceifhEGAuFJ430Rp7cuqlJYfQZ4pVhRxwP6vns
cLCz+QKBwQDcPB5bCjci/HMe0V19HxPrKh0hGPLIRCPAakT8Mz8N2lVAtWDXFL5q
eHskl6cf8RQLfrcUiL+jQvD5VV8I7BkolCv0GZT/q36I/Z1QKlQC1O0IGG/hNqwt
PS85YM6yC84YIKx0rN6O03/nYcslRv19q+MNiR9sZEeN6cScUc6aUINhWjzQ4mb8
Z9ErguJrq0sCoAVU+t/yRo/YB/d2xdN9XLe+2cgsM6s0TiHo4v2SeFHKewBw+RLp
yrShY6COzg0CgcEA0EFwt2ylgiGgeSkvhV8qJ6s7GNDZaO4EUEPwhrDJAredbhvT
IQQZ29+AWl3sbu/AySCgzsFs7CsT+M8jk50CRr26HKJUXvEXrZpbhH6y34nX+5m7
U8uqXg/ptqROFM4liLUETkMYmBmnDHUY/DmJ3QOrzlxrWyAr7XfgpDd6MHbpsoWQ
d7jW7UdNYsXGuBqktpS7fJA+qOGZyCuKWWHHf01pKNdXHN+C976fK/g+U4TsBXDP
ylkgvwvx/kbA/DyJAoHAQxXA/WRYNT0G6B1ISAO+coTKiLlrwtsWtNbqGpSVoWef
Tm2xiPKVqiL3B8d2LgGmZHX92LBrB5UtiBWcNECOzVCNLvbX7yVTDvGKCNBL9Ozd
Ivkmo0ifG8ymZOj7LTrxVWImhgfeZ00/icC9O6arMqu4Jvhc7QyCy1SpAiDdOR5L
Vs1A9zPvwPTyvzlINRnhaHRMC32717XsvRZ4J+LMsEQc6HK4SdaXUQB3zdPO/93M
tEvRb5g/TZ3kdcC+OKHFAoHAO9R3y6ZjUM8T8/4XcyRD968V4sZIvVQfpSaH86GO
TrECZp5SqSWUTqAWTJWS0yIctAML60nWF+OPRUlrq0yk2veN9Re6eWfyoyQOFd92
U+bxh3QEue5LGOwpqrPV/1cJSFdv88eS+F8q7i/dD765Tio6kJjKzXPN3FJqAvNB
lAnaO4Apbuzob25Qkmm0NVQHap+TJGJMvX2vVX9CjE6haVWq1lJMakkoQOeIlyi5
iDjt9rDlIwDYeGWk4KFgsKM7
-----END PRIVATE KEY-----
@@ -15,7 +15,9 @@ services:
- RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
networks:
- net
net:
aliases:
- grouper-daemon
secrets:
- g_database_password.txt
- rabbitmq_password.txt
@@ -33,7 +35,6 @@ services:
source: ./configs-and-secrets/grouper/application/grouper.client.properties
target: /opt/grouper/conf/grouper.client.properties


grouper_ui:
build: ./grouper_ui/
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
@@ -46,7 +47,9 @@ services:
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
networks:
- net
net:
aliases:
- grouper-ui
ports:
- 4443:443
secrets:
@@ -96,7 +99,9 @@ services:
- SUBJECT_SOURCE_LDAP_PASSWORD=password
- USERTOKEN
networks:
- net
net:
aliases:
- grouper-ws
ports:
- 9443:443
secrets:
@@ -128,7 +133,9 @@ services:
grouper_data:
build: ./grouper_data/
networks:
- net
net:
aliases:
- grouper-data
ports:
- 3306:3306
volumes:
@@ -166,7 +173,9 @@ services:
ports:
- 33306:3306
networks:
- net
net:
aliases:
- midpoint-data
volumes:
- midpoint_mysql:/var/lib/mysql
- midpoint_data:/var/lib/mysqlmounted
@@ -200,11 +209,14 @@ services:
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
- net
net:
aliases:
- midpoint-server
secrets:
- mp_database_password.txt
- mp_keystore_password.txt
- mp_sp-key.pem
- mp_sp-encrypt-key.pem
- mp_sp-signing-key.pem
- mp_host-key.pem
volumes:
- midpoint_home:/opt/midpoint/var
@@ -215,8 +227,11 @@ services:
source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
target: /etc/shibboleth/idp-metadata.xml
- type: bind
source: ./configs-and-secrets/midpoint/shibboleth/sp-cert.pem
target: /etc/shibboleth/sp-cert.pem
source: ./configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem
target: /etc/shibboleth/sp-signing-cert.pem
- type: bind
source: ./configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem
target: /etc/shibboleth/sp-encrypt-cert.pem
- type: bind
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
@@ -272,8 +287,10 @@ secrets:
# midPoint
mp_host-key.pem:
file: ./configs-and-secrets/midpoint/httpd/host-key.pem
mp_sp-key.pem:
file: ./configs-and-secrets/midpoint/shibboleth/sp-key.pem
mp_sp-signing-key.pem:
file: ./configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem
mp_sp-encrypt-key.pem:
file: ./configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem
mp_database_password.txt:
file: ./configs-and-secrets/midpoint/application/database_password.txt
mp_keystore_password.txt:
@@ -1,4 +1,4 @@
FROM tier/grouper:2.4.0-a2-u1-w0-p0
FROM tier/grouper

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"

@@ -1,4 +1,4 @@
FROM tier/grouper:2.4.0-a2-u1-w0-p0
FROM tier/grouper

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"

@@ -1,4 +1,4 @@
FROM tier/grouper:2.4.0-a2-u1-w0-p0
FROM tier/grouper

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"

0 comments on commit 582f64f

Please sign in to comment.
You can’t perform that action at this time.