From 5cd22f79a898f32512a519fdb481d961b0b10a60 Mon Sep 17 00:00:00 2001
From: Chris Hubing <chubing@internet2.edu>
Date: Fri, 4 Dec 2020 03:22:55 +0000
Subject: [PATCH] shib and proxy config for comanage

---
 .../configs-and-secrets/comanage/shibboleth/shibboleth2.xml  | 2 +-
 Workbench/docker-compose.yml                                 | 5 +++++
 Workbench/webproxy/container_files/httpd/proxy.conf          | 1 +
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Workbench/configs-and-secrets/comanage/shibboleth/shibboleth2.xml b/Workbench/configs-and-secrets/comanage/shibboleth/shibboleth2.xml
index 7ea21f0..6b6fe06 100644
--- a/Workbench/configs-and-secrets/comanage/shibboleth/shibboleth2.xml
+++ b/Workbench/configs-and-secrets/comanage/shibboleth/shibboleth2.xml
@@ -24,7 +24,7 @@
         cookieProps to "https" for SSL-only sites. Note that while we default checkAddress to
         "false", this makes an assertion stolen in transit easier for attackers to misuse.
         -->
-        <Sessions lifetime="28800" timeout="3600" relayState="ss:mem" handlerURL="/grouperSSO/Shibboleth.sso"
+        <Sessions lifetime="28800" timeout="3600" relayState="ss:mem" handlerURL="/registrySSO/Shibboleth.sso"
                   checkAddress="false" handlerSSL="true" cookieProps="https"
                   redirectLimit="exact">
 
diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
index 080b8f5..888e0de 100644
--- a/Workbench/docker-compose.yml
+++ b/Workbench/docker-compose.yml
@@ -313,6 +313,7 @@ services:
       - wordpress_data:/var/lib/mysql
     ports:
       - 3306
+
   comanage:
     build: 
       context: ./comanage/
@@ -325,6 +326,10 @@ services:
      - net
     ports:
      - 11443:443
+    volumes:
+     - type: bind
+       source: ./configs-and-secrets/comanage/shibboleth/shibboleth2.xml
+       target: /etc/shibboleth/shibboleth2.xml
 
 networks:
   net:    
diff --git a/Workbench/webproxy/container_files/httpd/proxy.conf b/Workbench/webproxy/container_files/httpd/proxy.conf
index bb6ec23..1fd5e7e 100644
--- a/Workbench/webproxy/container_files/httpd/proxy.conf
+++ b/Workbench/webproxy/container_files/httpd/proxy.conf
@@ -39,4 +39,5 @@ ProxyPass /phpmyadmin https://directory/phpmyadmin
 ProxyPassReverse /phpmyadmin https://directory/phpmyadmin
 
 ProxyPass /registry https://comanage/registry
+ProxyPass /registrySSO https://comanage/registrySSO
 #ProxyPassReverse /comanage https://comanage/