Merge pull request #52 from internet2/PC_MoreUpdates

fixes for midpoint
internet2 · Dec 12, 2020 · 2734cfc · 2734cfc
2 parents b6d8d95 + 8b7e794
commit 2734cfc
Show file tree

Hide file tree

Showing 9 changed files with 32 additions and 95 deletions.
diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
@@ -205,6 +205,7 @@ services:
 
   midpoint_server:
     build: ./midpoint_server/
+    command: /usr/local/bin/startup.sh
     depends_on:
      - midpoint_data
     ports:

diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile
@@ -11,15 +11,17 @@ COPY container_files/mp-home/ ${MP_DIR}/var/
 
 #Shibb SP
 COPY container_files/shibboleth/ /etc/shibboleth/
-COPY container_files/httpd/shib.conf /etc/httpd/conf.d
+COPY container_files/httpd/00-shib.conf /etc/httpd/conf.modules.d/
+COPY container_files/httpd/midpoint-shib.conf /etc/httpd/conf.d/
+COPY container_files/httpd/vhosts.conf /etc/httpd/conf.d/vhosts/
 
 #set dynamic hostname
 COPY container_files/system/setservername.sh /usr/local/bin/
 RUN chmod 755 /usr/local/bin/setservername.sh
 #set hostname
 RUN /usr/local/bin/setservername.sh
 
-COPY container_files/supervisor/supervisord.conf /etc/supervisor/
+#COPY container_files/supervisor/supervisord.conf /etc/supervisor/
 
 #set shib auth in apache
-RUN mv /etc/httpd/conf.d/midpoint.conf /etc/httpd/conf.d/midpoint.conf.default && mv /etc/httpd/conf.d/midpoint.conf.auth.shibboleth /etc/httpd/conf.d/midpoint.conf
+#RUN mv /etc/httpd/conf.d/midpoint.conf /etc/httpd/conf.d/midpoint.conf.default && mv /etc/httpd/conf.d/midpoint.conf.auth.shibboleth /etc/httpd/conf.d/midpoint.conf
diff --git a/Workbench/midpoint_server/container_files/httpd/00-shib.conf b/Workbench/midpoint_server/container_files/httpd/00-shib.conf
@@ -0,0 +1,4 @@
+#
+# Load the Shibboleth module.
+#
+LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
diff --git a/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf b/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf
@@ -0,0 +1,17 @@
+RequestHeader unset Authorization
+
+<Location /midpoint/auth/shib>
+  AuthType shibboleth
+  ShibRequestSetting requireSession 1
+  ShibRequireSession on
+  ShibUseHeaders On
+  require shibboleth
+</Location>
+
+<Location />
+  AuthType shibboleth
+  ShibRequestSetting requireSession false
+  ShibUseHeaders On
+  require shibboleth
+</Location>
+
diff --git a/Workbench/midpoint_server/container_files/httpd/shib.conf b/Workbench/midpoint_server/container_files/httpd/shib.conf
diff --git a/Workbench/midpoint_server/container_files/httpd/vhosts.conf b/Workbench/midpoint_server/container_files/httpd/vhosts.conf
@@ -0,0 +1,3 @@
+#for midpoint
+RewriteRule   "^/midpoint/$"  "/midpoint/auth/shib"  [R]
+
diff --git a/...erver/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/...erver/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
@@ -66,7 +66,7 @@
             <httpHeader>
               <name>httpHeader</name>
               <logoutUrl>https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Logout</logoutUrl>
-              <usernameHeader>uid</usernameHeader>
+              <usernameHeader>REMOTE_USER</usernameHeader>
             </httpHeader>
         </modules>
         <sequence>

diff --git a/Workbench/midpoint_server/container_files/supervisor/supervisord.conf b/Workbench/midpoint_server/container_files/supervisor/supervisord.conf
diff --git a/Workbench/webproxy/container_files/httpd/proxy.conf b/Workbench/webproxy/container_files/httpd/proxy.conf
@@ -46,7 +46,7 @@ ProxyPass /registry https://comanage/registry
 ProxyPass /registrySSO https://comanage/registrySSO
 #ProxyPassReverse /comanage https://comanage/
 
-ProxyPass /wordpress http://wordpress_server/
+ProxyPass /wordpress http://wordpress_server/ nocanon
 ProxyPassReverse /wordpress http://wordpress_server/
 ProxyPass /wp-includes http://wordpress_server/wp-includes
 ProxyPassReverse /wp-includes http://wordpress_server/wp-includes