update midPoint to 4.8.4 and fix MP logout

internet2 · Aug 20, 2024 · 17eb161 · 17eb161
1 parent 4703e02
commit 17eb161
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 6 deletions.
diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
@@ -259,13 +259,14 @@ services:
      - comanage_midpoint_data:/var/lib/postgresql/data
 
   data_init:
-    image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+    image: evolveum/midpoint:${MP_VER:-4.8.4}-rockylinux
     depends_on:
       midpoint_data:
         condition: service_healthy
     command: >
       bash -c "
       cd /opt/midpoint ;
+      if [ ! -z "${CSPHOSTNAME}" ]; then sed -i 's|__SERVERNAME__|${CSPHOSTNAME}|g' /opt/midpoint/mp-home-in/post-initial-objects/securityPolicy/000-security-policy.xml ; else echo 'var not set' ; fi ;
       bin/midpoint.sh init-native ;
       echo ' - - - - - - ' ;
       bin/ninja.sh -B info >/dev/null 2>/tmp/ninja.log ;
@@ -284,6 +285,7 @@ services:
       cp /opt/midpoint/csv_in/faculty-portal.csv /opt/midpoint/var/ ;
       cp /opt/midpoint/csv_in/mailing-lists.csv /opt/midpoint/var/ ;
       cp -R /opt/midpoint/mp-home-in/* /opt/midpoint/var/ ;
+      echo "env var is:** $CSPHOSTNAME **"
       "
     environment:
      - MP_SET_midpoint_repository_jdbcUsername=midpoint
@@ -293,6 +295,7 @@ services:
      - MP_INIT_CFG=/opt/midpoint/var
      - MP_PW_DEF=/run/secrets/m_keystore_password.txt
      - MP_KEYSTORE=/opt/midpoint/var/keystore.jceks
+     - CSPHOSTNAME
     networks:
      - net
     secrets:
@@ -327,7 +330,7 @@ services:
      - midpoint_data:/var/lib/postgresql/data
 
   midpoint_server:
-    image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux
+    image: evolveum/midpoint:${MP_VER:-4.8.4}-rockylinux
     container_name: midpoint_server
     hostname: midpoint-container
     depends_on:

diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile
@@ -1,3 +1,4 @@
+#This file is no longer used.  As of midPoint version 4.8.3, we are using the native midpoint container from Evolveum.  See the docker-compose.yml file for additional clarity.
 FROM i2incommon/midpoint:4.8.2
 
 ARG CSPHOSTNAME=localhost

diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/SecurityPolicy.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/SecurityPolicy.xml
@@ -11,7 +11,7 @@
             <httpHeader>
                 <identifier>httpHeader</identifier>
                 <usernameHeader>REMOTE_USER</usernameHeader>
-                <logoutUrl>/Shibboleth.sso/Logout</logoutUrl>
+		<logoutUrl>https://__SERVERNAME__/mppSSO/Shibboleth.sso/Logout</logoutUrl>
             </httpHeader>
         </modules>
         <sequence>

diff --git a/...erver/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/...erver/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
@@ -11,7 +11,7 @@
             <httpHeader>
                 <identifier>httpHeader</identifier>
                 <usernameHeader>REMOTE_USER</usernameHeader>
-                <logoutUrl>https://localhost:8443/Shibboleth.sso/Logout</logoutUrl>
+		<logoutUrl>https://test.workbench.incommon.org/mppSSO/Shibboleth.sso/Logout</logoutUrl>
             </httpHeader>
         </modules>
         <sequence>

diff --git a/Workbench/mpproxy/container_files/httpd/midpoint.conf b/Workbench/mpproxy/container_files/httpd/midpoint.conf
@@ -33,5 +33,6 @@ ProxyBadHeader Ignore
 </Location>
 
 RequestHeader unset Authorization
+ProxyPass /midpoint/mppSSO !
 ProxyPass /midpoint ajp://midpoint_server:9090/midpoint secret=s3cr3t timeout=2400 retry=0
 
diff --git a/Workbench/mpproxy/container_files/httpd/shib.conf b/Workbench/mpproxy/container_files/httpd/shib.conf
@@ -22,7 +22,7 @@ ShibCompatValidUser On
 #
 # Ensures handler will be accessible.
 #
-<Location /Shibboleth.sso>
+<Location /mppSSO/Shibboleth.sso>
   AuthType None
   Require all granted
   SetHandler shib

diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
@@ -10,7 +10,7 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 
 <ul>
 <li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (4.14.2)</a></li>
-<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.8.3)</a></li>
+<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.8.4)</a></li>
 <ul><li><a href="https://__CSPHOSTNAME__/midPoint-doc.html" target="TAP-WB-MIDPOINT-CONFIG">Technical doc on midPoint's configuration</a></li></ul>
 <li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage Registry (4.3.4)</a></li>
 <li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.18.0)</a></li>