midpoint-PG, update IdP, UI

internet2 · Aug 13, 2021 · 00094df · 00094df
1 parent 2e99d84
commit 00094df
Show file tree

Hide file tree

Showing 7 changed files with 88 additions and 62 deletions.
diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
@@ -223,23 +223,26 @@ services:
      - CREATE_NEW_DATABASE=if_needed
 
   midpoint_data:
-    image: tier/mariadb:mariadb10
+    image: postgres:11
+    environment:
+     - POSTGRES_PASSWORD_FILE=/run/secrets/mp_database_password.txt
+     - POSTGRES_USER=midpoint
+     - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
     ports:
-     - 33306:3306
+     - 5432:5432
     networks:
       net:
         aliases:
          - midpoint-data
+    secrets:
+     - mp_database_password.txt
     healthcheck:
-      test: curl -s 127.0.0.1:3306
+      test: /usr/bin/pg_isready
       interval: 30s
       timeout: 30s
       retries: 3
     volumes:
-     - midpoint_mysql:/var/lib/mysql
-     - midpoint_data:/var/lib/mysqlmounted
-    environment:
-     - CREATE_NEW_DATABASE=if_needed
+     - midpoint_data:/var/lib/postgresql/data
 
   midpoint_server:
     build: 
@@ -255,12 +258,12 @@ services:
     environment:
      - ENV
      - USERTOKEN
-     - REPO_DATABASE_TYPE
+     - REPO_DATABASE_TYPE=postgresql
+     - REPO_HOST=midpoint_data
      - REPO_JDBC_URL
-     - REPO_HOST
-     - REPO_PORT
-     - REPO_DATABASE
-     - REPO_USER
+     - REPO_PORT=5432
+     - REPO_DATABASE=midpoint
+     - REPO_USER=midpoint
      - REPO_MISSING_SCHEMA_ACTION
      - REPO_UPGRADEABLE_SCHEMA_ACTION
      - REPO_SCHEMA_VERSION_IF_MISSING

diff --git a/Workbench/idp_ui/Dockerfile b/Workbench/idp_ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/shib-idp-ui:1.7.0
+FROM i2incommon/shib-idp-ui:1.8.0
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME

diff --git a/...idpoint_server/container_files/mp-home/icf-connectors/connector-sympa-1.0.2-connector.jar b/...idpoint_server/container_files/mp-home/icf-connectors/connector-sympa-1.0.2-connector.jar
diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
@@ -11,7 +11,7 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 <li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (2.5.37.1)</a></li>
 <li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.2)</a></li>
 <li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage Registry (3.3.2)</a></li>
-<li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.7.0)</a></li>
+<li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.8.0)</a></li>
 </ul>
 <br />
 The system also contains the following downstream/target applications:
@@ -29,7 +29,7 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 <br />
 Shibboleth SAML Identity Provider and Service Providers:
 <ul>
-<li><a href="https://__CSPHOSTNAME__/idp/status" target="TAP-WB-IDP">Shibboleth IdP (4.1.0) status</a></li>
+<li><a href="https://__CSPHOSTNAME__/idp/status" target="TAP-WB-IDP">Shibboleth IdP (4.1.4) status</a></li>
 <li>Shibboleth SPs:</li>
 <ul>
   <li><a href="https://__CSPHOSTNAME__/grouperSSO/Shibboleth.sso/Status" target="TAP-WB-gSP">Grouper SP (3.2.0) status</a></li>

diff --git a/Workbench/webproxy/container_files/httpd/localhost.crt b/Workbench/webproxy/container_files/httpd/localhost.crt
@@ -1,22 +1,38 @@
 -----BEGIN CERTIFICATE-----
-MIIDnzCCAoegAwIBAgIJAICPzWSqr8oQMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV
-BAYTAi0tMRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkw
-FwYDVQQKDBBTb21lT3JnYW5pemF0aW9uMRUwEwYDVQQDDAxiYWFhMWFiNTE0NGEw
-HhcNMjEwNDEzMjAyMjU0WhcNMjMwNDEzMjAyMjU0WjBmMQswCQYDVQQGEwItLTES
-MBAGA1UECAwJU29tZVN0YXRlMREwDwYDVQQHDAhTb21lQ2l0eTEZMBcGA1UECgwQ
-U29tZU9yZ2FuaXphdGlvbjEVMBMGA1UEAwwMYmFhYTFhYjUxNDRhMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6sabg+Oi6s4Bl/EEQ1KzJB2so9DnGgU
-HJH0wPUF55HQ9S5gOe4IEv3j0Msvg4wjwRcwlr0mOWaXYhqzhNznCzUgy0ct/PD1
-zY2jn6pTZAY+AXPh3vx90bAyRnuiDhaOIdpn0B+5HyOTg5gMCq+z93q0aCniFted
-VA0ztzRqcQuM7IXoxNN2YIF/eQJ+gbLtAzWSOPhMTU/Go2BdXsyVYAUwwrQrGQU7
-BxNRwXsOdWyU0ST+9ot7KQ0SP1MrYD0fxNrNdDXtHbLs/rGpvfQ991zvya+Jwb+W
-RlfjDJmm94I8ePFk4iaVJAEDxSfRfswEdBsgvhBaTYl4rvqz6WwYxQIDAQABo1Aw
-TjAdBgNVHQ4EFgQUoS1eGluEUpxOVaSekZwQ3KdY9XcwHwYDVR0jBBgwFoAUoS1e
-GluEUpxOVaSekZwQ3KdY9XcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
-AQEAgiP5nc3L18KETthXieMvAjD8RdvDaAKBWRFARIq0o0en0woXdL4Wme+1gnYT
-+Xnup6g6/oDFc96S4atNPuc4DZYcRt/jPiIBV3lHQfUeg7BGll7e8H3HltiIpDWT
-uWUoah7vTmZ+TPGUGz4giryTrvTZOYpVh64Z7Zw2h0T/Z3tzsm+u7hrgnRhopkgK
-S9CdVFrjPsXEXR6xgkc+9MMp8gm9jE8zCWtchUuRJ4U8NzU7Gis+Iv/FV2U20zMu
-4kLztJG8DPTgNZQrQSa6BZZDgIAEuA9frTY0ZXu+T2US4YSaEwPU7StS3bxHM9Rl
-E80fmNm6AJm9ZttThX3wRZTR5Q==
+MIIGjTCCBXWgAwIBAgIQQJPcKW5rMFkDTb3/94jT4zANBgkqhkiG9w0BAQsFADB2
+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
+MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
+SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0yMDExMTQwMDAwMDBaFw0yMTExMTQy
+MzU5NTlaMIG0MQswCQYDVQQGEwJVUzEOMAwGA1UEERMFNDgxMDQxETAPBgNVBAgT
+CE1pY2hpZ2FuMRIwEAYDVQQHEwlBbm4gQXJib3IxEjAQBgNVBAkTCVN1aXRlIDMw
+MDEcMBoGA1UECRMTMTAwMCBPYWticm9vayBEcml2ZTEWMBQGA1UEChMNSW5Db21t
+b24sIExMQzEkMCIGA1UEAxMbdGVzdC53b3JrYmVuY2guaW5jb21tb24ub3JnMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ9iRTm8KnmhjYdxZgj1ikTq
+FcME2ni2jI2ErwVQ4guFbuovAvCAL1y1byeDyxzyqMMkZVL83FipgWf4sdb82yCW
+26TvEJnXxgf9uBSyWp73Lv1XCmZXRTNnBmIpWcz/M0n6bDnMFqVn9XQY7enMV5Db
+SsBbmE/qXr8vjtSlU12MniW/OnrCWLo2Ef0tYiPJMTXo827jBXUj938G0uxG76xE
+SPm99uPf0/hBF90jsQ6WTpgsSMm3fDaZd6Ldx/moD6KNB3MSPkA1hPp0D9rOtgy7
+HsE7El+m3KQgthDoL38XT69SZXJCW3l66u6RQmIljAAiM51dW5AOtnYpvnSB9QID
+AQABo4IC1jCCAtIwHwYDVR0jBBgwFoAUHgWjd49sluJbh0umtIascQAM5zgwHQYD
+VR0OBBYEFMAS9Y/q89ArwPjG6kzg8asBSNY9MA4GA1UdDwEB/wQEAwIFoDAMBgNV
+HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBnBgNVHSAE
+YDBeMFIGDCsGAQQBriMBBAMBATBCMEAGCCsGAQUFBwIBFjRodHRwczovL3d3dy5p
+bmNvbW1vbi5vcmcvY2VydC9yZXBvc2l0b3J5L2Nwc19zc2wucGRmMAgGBmeBDAEC
+AjBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLmluY29tbW9uLXJzYS5vcmcv
+SW5Db21tb25SU0FTZXJ2ZXJDQS5jcmwwdQYIKwYBBQUHAQEEaTBnMD4GCCsGAQUF
+BzAChjJodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vSW5Db21tb25SU0FTZXJ2ZXJD
+QV8yLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTAm
+BgNVHREEHzAdght0ZXN0LndvcmtiZW5jaC5pbmNvbW1vbi5vcmcwggEDBgorBgEE
+AdZ5AgQCBIH0BIHxAO8AdgB9PvL4j/+IVWgkwsDKnlKJeSvFDngJfy5ql2iZfiLw
+1wAAAXXHv4EHAAAEAwBHMEUCIQCfNiz2XGoL7oS0ZZ5o9MjiXd4S6pwGpankXEM1
+omvaRQIgd5SdXmuRs+w2BwVfzE9MIqgUuPkU0LUUoShnDBYJK44AdQCUILwejtWN
+bIhzH4KLIiwN0dpNXmxPlD1h204vWE2iwgAAAXXHv4EvAAAEAwBGMEQCIG3HR30D
+EuZ08pmRjo2HfC0QsA3Qj++5WGY6L+tc+jfWAiBmdGNheyZo+H1WM1W1McJgFqvM
+og2DBAPO0ycmgVCBPjANBgkqhkiG9w0BAQsFAAOCAQEAc2tSGiMa+fngF+Rw0YNi
+/R/HyWwV0td+fp7xHaGSzcIWp5KEuL4kM7KQjTSn+3k1uY+BVrMrmQScSUpSM2Hb
+r83aG78nOkDddP0d46Rls1HrgiznIQfPIvernYHlqUKg01z/tpHa7mnUOjns7eaX
+S4rN9CYf1F5lYYsW2WSZkKtzvRTvJ1iGgmuivQQhKVyje/M3YrRFHYS/yZTYF9X5
+NcU1opTD32EmbQmI9Z9IbXIkAsiZhy+JtoTqAqVwfn/3I2XVQNEoC8qIl14vRGt8
+vPRvzqUskJp1HCdn/2C8Llf1AA+yf2qyMXw6+B315Ej8A4vZEZ9UuLCcUaFiGSxn
+0w==
 -----END CERTIFICATE-----
diff --git a/Workbench/webproxy/container_files/httpd/localhost.key b/Workbench/webproxy/container_files/httpd/localhost.key
@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAx6sabg+Oi6s4Bl/EEQ1KzJB2so9DnGgUHJH0wPUF55HQ9S5g
-Oe4IEv3j0Msvg4wjwRcwlr0mOWaXYhqzhNznCzUgy0ct/PD1zY2jn6pTZAY+AXPh
-3vx90bAyRnuiDhaOIdpn0B+5HyOTg5gMCq+z93q0aCniFtedVA0ztzRqcQuM7IXo
-xNN2YIF/eQJ+gbLtAzWSOPhMTU/Go2BdXsyVYAUwwrQrGQU7BxNRwXsOdWyU0ST+
-9ot7KQ0SP1MrYD0fxNrNdDXtHbLs/rGpvfQ991zvya+Jwb+WRlfjDJmm94I8ePFk
-4iaVJAEDxSfRfswEdBsgvhBaTYl4rvqz6WwYxQIDAQABAoIBACReLP05Biy4bgbz
-MIIump4x/fy+DYGSj384sozm1EF+lMHjxZEnov7akcE5ERlz0BtefvIl162C2zX6
-SRJ9LfQjpCqCd4Tn2s2q68+sNW41mNuo4M49zSkBX9bos/a+8vqFjn0hGhXq4/aH
-HkJgCHaeOffzEQQ6F6T0lqPa/zxBnK66p5QdMn95ZmhawlI1cAzZaH3KGdt/A+Ey
-1XicJtNBqRMWXjjSlo3uU4dHtJTi1uGrZ+yoSbTY+EjcvEz+ewB49Tt7b95oxDsL
-7b6ehKdXs+P1nx+QxS+ey98fYNqTftVh9B0PUb5H16H5DT/GFkM+rtrpVamzyWqZ
-Tq0VhO0CgYEA9cM/4aP+7x1YwZoNdf58hA781iGyzyZr5C8qa+Q0v3YtteNdqgV5
-pdvkNsQK63K14FUR+BgWXrmwiaPrmqQoGgmrU8fuP7sRU09NzYze3GBSWL1VZ3il
-+/A90ha5fGKZigDZqO+Aeqs8WtSBo6dmOQlmBBfEWqn8KCo52FGygicCgYEAz/xQ
-zvzexDJ/czkRwZzubpEROVoxA/23e8Qq0ealUNUtyu96KYIwV/jq1UyXBWyKUSLf
-4xMJzy8S0jaLP3Xfc1eiY42DHiw1lb46LHk401IbRRxRfUxMOHhfbuqybDUJx4gY
-j1cMo/3ZW2q/X46J4yZ9OMCg3oaMJ2YBfWpMXTMCgYB46SWdqqR7GdIX9eXXfmve
-QM1twEiLl9iO/BF/4Vd+NvNIQGNNicIOsr91nj/NFLOced4MVDV1RyAup4H7o/XC
-0a0D3CJAIpXkiei6Tys5+v2ogQXqkTYAXHLd0KZTJuNpPP/ZGHP6ZhKckV5ymKI3
-P4N8UgEdpfHUBOpOnesYEwKBgFP6jy5kkBYsRaXinzbMBMIENS4xKqVv5oxE0v1Z
-4dpXmVvdgjgMZzS+PyPM/xWjk93a9QedAlLzsOfMOkFveL/73IfR9eVS+Hf0DU0z
-zSwWdQhcvNKY4hXTFMWWYmCqsb4tR61o+qOktgThf1A4H5jmS52Eue/f5+tolqVr
-LFZdAoGBAMCWngFyEu4/P5kfyI9V7Auidt764XA+lRP8m+e4RSMxp3OLr57UUL1F
-kdIRpkMNF205fsXwx1BERfTAMg6b0gU0a9TU4o//YpaM/IuqduMoU+Zko7SOCfqx
-ngtfxppjxXg95bs1CdMUq6ZLSUkuHSwkq3xVuLefS1qvnY6HV2Wk
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQChn2JFObwqeaGN
+h3FmCPWKROoVwwTaeLaMjYSvBVDiC4Vu6i8C8IAvXLVvJ4PLHPKowyRlUvzcWKmB
+Z/ix1vzbIJbbpO8QmdfGB/24FLJanvcu/VcKZldFM2cGYilZzP8zSfpsOcwWpWf1
+dBjt6cxXkNtKwFuYT+pevy+O1KVTXYyeJb86esJYujYR/S1iI8kxNejzbuMFdSP3
+fwbS7EbvrERI+b3249/T+EEX3SOxDpZOmCxIybd8Npl3ot3H+agPoo0HcxI+QDWE
++nQP2s62DLsewTsSX6bcpCC2EOgvfxdPr1JlckJbeXrq7pFCYiWMACIznV1bkA62
+dim+dIH1AgMBAAECggEAbI3SwVA/8/9x5M9d+Px3fwE+gJNWBS8i3VCIF83oP4sh
+ehfMr5q9XhJUwm219Yxh57v6DBwrPgxG/WXKAhi2CK/g43HqKCpMZPQlE6jDCl7P
+Az6hYZjPcOlPf1gbEffASMCddGd1jphWNORfghyQZRgkUhbU7n5ummirFrH4wP54
+2xJYQlUoB1olDaqtTn4slWswmcRsJXQeKsQvYyARl1KOWWB0w3JNLzqcnj00vBeT
+Jt2rE2Hl7wDYwJRncT+Shkvsw+k/+Jz6u1qwbsQXsAWpx4+Xl6gRSNsrdhVxyHON
+3lSNrobFjUSxIbzhs2rH03pDGOJLAM/quML2KFAFGQKBgQDUm7s5oMG8mJ8l69l5
+omf8iSfokUcTyGkns7Q/DkVlvxncpPtcpkFoDRKqw2btt0H/ghoRMc+wD+ZDjWQl
+IcGPYHSzq1iXRBzo9d4AllX38rp9O0msAflDm5q+wj5FfVU1GIwPlGKqukyaq5rV
+bBCh8BbJlrWwbFsFu/9OGzwoiwKBgQDCm8WW8HOOcSwxrxpqGjsCDz1vYNXOpV6A
+kbXOw0VYL0G06OUFvWs5yIDP1+BszLOe0nF2bTgoSe0ekz7ZXvs0z25RHqdRCMnG
+PzeNz9KGFeLb0LtvJrwPhj33nuIwESymbfpyFMoC9z9tEZdu1Y8/V3WA7tpqiObf
+ltRtyvzPfwKBgD7BzU0gb6+M2YVnDeXCk7FOhxI2N+XWBXwrpmvqeX+kHi0sIepi
+RPJC0ZzIWwyWSIv0Sl+C9YxB1TVhegsf4LPCxA/45wiXmXUGhkZkGfI7muK2anO0
+jXBwcQgX7Cu06D7pBQbgRROiNFR/jQ+se2hhp0hQDUeLZH7X1G+oyGQrAoGBAJwc
+07PSrhBdTyOIITtuUVnEmfboCnwcAqRGvz7fPJiSSDZ1AYvKOOMAqfyRY5JD3++P
+R7/Fu9/t9c6qNiev3vqtUAS4/2WtFBf5jHoxdeNkWTkWx9VRkFkvyjQC+9WtYVEd
+NmQfszIP34yCKSWbIa+hXDyS3xnJOtOwLjbpOEbHAoGAIWgJre44izkobZcJgtbz
+kBqGEuuFbcKfeW/pa7l5/R12CYZs+YDZ3wgqN6YXKtS7IXpQCt3Dgpu0OXHdwllk
+t34cyPxDDt/m7NUIeEH+K4KTtEsM/mCDI3FfJxV1NflQvhJfxrMGkhSuX/+vRx31
+EEqc18J4E4frlpX6zFcbS/4=
+-----END PRIVATE KEY-----
diff --git a/Workbench/webproxy/container_files/httpd/ssl.conf b/Workbench/webproxy/container_files/httpd/ssl.conf
@@ -146,6 +146,12 @@ SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
 #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
 #</Location>
 
+<Location "/midpoint/ws/">
+    Order deny,allow
+    Allow from all
+    Satisfy any
+</Location>
+
 <Location />
   AuthType Basic
   AuthName "Restricted CSP content"