From 17eb16135f7dca79b65a395cad36bfde62398264 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 20 Aug 2024 21:38:31 +0000 Subject: [PATCH] update midPoint to 4.8.4 and fix MP logout --- Workbench/docker-compose.yml | 7 +++++-- Workbench/midpoint_server/Dockerfile | 1 + .../mp-home/post-initial-objects/SecurityPolicy.xml | 2 +- .../securityPolicy/000-security-policy.xml | 2 +- Workbench/mpproxy/container_files/httpd/midpoint.conf | 1 + Workbench/mpproxy/container_files/httpd/shib.conf | 2 +- Workbench/webproxy/container_files/httpd/index.html | 2 +- 7 files changed, 11 insertions(+), 6 deletions(-) diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml index 8519cb1..434b373 100644 --- a/Workbench/docker-compose.yml +++ b/Workbench/docker-compose.yml @@ -259,13 +259,14 @@ services: - comanage_midpoint_data:/var/lib/postgresql/data data_init: - image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux + image: evolveum/midpoint:${MP_VER:-4.8.4}-rockylinux depends_on: midpoint_data: condition: service_healthy command: > bash -c " cd /opt/midpoint ; + if [ ! -z "${CSPHOSTNAME}" ]; then sed -i 's|__SERVERNAME__|${CSPHOSTNAME}|g' /opt/midpoint/mp-home-in/post-initial-objects/securityPolicy/000-security-policy.xml ; else echo 'var not set' ; fi ; bin/midpoint.sh init-native ; echo ' - - - - - - ' ; bin/ninja.sh -B info >/dev/null 2>/tmp/ninja.log ; @@ -284,6 +285,7 @@ services: cp /opt/midpoint/csv_in/faculty-portal.csv /opt/midpoint/var/ ; cp /opt/midpoint/csv_in/mailing-lists.csv /opt/midpoint/var/ ; cp -R /opt/midpoint/mp-home-in/* /opt/midpoint/var/ ; + echo "env var is:** $CSPHOSTNAME **" " environment: - MP_SET_midpoint_repository_jdbcUsername=midpoint @@ -293,6 +295,7 @@ services: - MP_INIT_CFG=/opt/midpoint/var - MP_PW_DEF=/run/secrets/m_keystore_password.txt - MP_KEYSTORE=/opt/midpoint/var/keystore.jceks + - CSPHOSTNAME networks: - net secrets: @@ -327,7 +330,7 @@ services: - midpoint_data:/var/lib/postgresql/data midpoint_server: - image: evolveum/midpoint:${MP_VER:-4.8.3}-rockylinux + image: evolveum/midpoint:${MP_VER:-4.8.4}-rockylinux container_name: midpoint_server hostname: midpoint-container depends_on: diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile index 15744fa..383d525 100644 --- a/Workbench/midpoint_server/Dockerfile +++ b/Workbench/midpoint_server/Dockerfile @@ -1,3 +1,4 @@ +#This file is no longer used. As of midPoint version 4.8.3, we are using the native midpoint container from Evolveum. See the docker-compose.yml file for additional clarity. FROM i2incommon/midpoint:4.8.2 ARG CSPHOSTNAME=localhost diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/SecurityPolicy.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/SecurityPolicy.xml index b03856a..8b65998 100644 --- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/SecurityPolicy.xml +++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/SecurityPolicy.xml @@ -11,7 +11,7 @@ httpHeader REMOTE_USER - /Shibboleth.sso/Logout + https://__SERVERNAME__/mppSSO/Shibboleth.sso/Logout diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml index e70f49f..f25a8bc 100644 --- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml +++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml @@ -11,7 +11,7 @@ httpHeader REMOTE_USER - https://localhost:8443/Shibboleth.sso/Logout + https://test.workbench.incommon.org/mppSSO/Shibboleth.sso/Logout diff --git a/Workbench/mpproxy/container_files/httpd/midpoint.conf b/Workbench/mpproxy/container_files/httpd/midpoint.conf index 37e27f5..83ad5e7 100644 --- a/Workbench/mpproxy/container_files/httpd/midpoint.conf +++ b/Workbench/mpproxy/container_files/httpd/midpoint.conf @@ -33,5 +33,6 @@ ProxyBadHeader Ignore RequestHeader unset Authorization +ProxyPass /midpoint/mppSSO ! ProxyPass /midpoint ajp://midpoint_server:9090/midpoint secret=s3cr3t timeout=2400 retry=0 diff --git a/Workbench/mpproxy/container_files/httpd/shib.conf b/Workbench/mpproxy/container_files/httpd/shib.conf index 2314d87..155930a 100644 --- a/Workbench/mpproxy/container_files/httpd/shib.conf +++ b/Workbench/mpproxy/container_files/httpd/shib.conf @@ -22,7 +22,7 @@ ShibCompatValidUser On # # Ensures handler will be accessible. # - + AuthType None Require all granted SetHandler shib diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html index 5aa2fee..4e4c6fc 100644 --- a/Workbench/webproxy/container_files/httpd/index.html +++ b/Workbench/webproxy/container_files/httpd/index.html @@ -10,7 +10,7 @@

Welcome to the InCommon TAP Workbench!