Merge pull request #133 from internet2/pc_Sept2022

merge pc_sept2022
internet2 · Sep 22, 2022 · 3dd9009 · 3dd9009
2 parents 76a1ef0 + b1b768e
commit 3dd9009
Show file tree

Hide file tree

Showing 15 changed files with 64 additions and 94 deletions.
diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
@@ -224,10 +224,8 @@ services:
     environment:
      - CREATE_NEW_DATABASE=if_needed
 
-
-
   data_init:
-    image: i2incommon/midpoint:4.4
+    image: i2incommon/midpoint:4.5
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
@@ -390,28 +388,27 @@ services:
     volumes:
      - generated-metadata:/generated-metadata
      - generated-config:/generated-config
-
+ 
   idp_ui_data:
-    image: tier/mariadb:mariadb10.2
-    ports:
-     - 33366:3306
+    image: postgres
     environment:
-      MYSQL_USER: shibui
-      MYSQL_PASSWORD: secret
-      MYSQL_DATABASE: shibui
-      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
+      POSTGRES_USER: shibui
+      POSTGRES_PASSWORD: secret
+      POSTGRES_DB: shibui
     networks:
       net:
         aliases:
          - idpui-data
+    ports:
+      - 15432:5432
     healthcheck:
-      test: curl -s 127.0.0.1:3306
+      test: /usr/bin/pg_isready
       interval: 30s
       timeout: 30s
       retries: 3
     volumes:
-    - mariadb-data:/var/lib/mysql
-    
+     - idpui_data:/var/lib/postgresql/data
+
   mq:
     build: ./mq/
     environment:
@@ -437,8 +434,6 @@ services:
         - CSPHOSTNAME
     networks:
      - net
-    depends_on:
-      - idp_ui_api
     ports:
      - 443:443
 
@@ -584,3 +579,4 @@ volumes:
   generated-config:
   generated-metadata:
   mariadb-data:
+  idpui_data:
diff --git a/Workbench/grouper_daemon/Dockerfile b/Workbench/grouper_daemon/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:2.6.0
+FROM i2incommon/grouper:2.6.16
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
diff --git a/Workbench/grouper_data/Dockerfile b/Workbench/grouper_data/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:2.6.0
+FROM i2incommon/grouper:2.6.16
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 

diff --git a/Workbench/grouper_ui/Dockerfile b/Workbench/grouper_ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:2.6.0
+FROM i2incommon/grouper:2.6.16
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 

diff --git a/Workbench/grouper_ws/Dockerfile b/Workbench/grouper_ws/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:2.6.0
+FROM i2incommon/grouper:2.6.16
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 

diff --git a/Workbench/idp_ui/Dockerfile b/Workbench/idp_ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/shib-idp-ui:1.9.2
+FROM i2incommon/shib-idp-ui:1.13.2
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME

diff --git a/Workbench/idp_ui/container_files/idp_ui/application.yml b/Workbench/idp_ui/container_files/idp_ui/application.yml
@@ -35,14 +35,15 @@ shibui:
       email: urn:oid:0.9.2342.19200300.100.1.3
 spring:
   datasource:
+    platform: postgres
+    driver-class-name: org.postgresql.Driver
+    url: jdbc:postgresql://idpui-data:5432/shibui
     username: shibui
     password: secret
-    url: jdbc:mariadb://idpui-data:3306/shibui
-    driverClassName: org.mariadb.jdbc.Driver
-    platform: mariadb
   jpa:
-    database-platform: org.hibernate.dialect.MariaDBDialect
-    hibernate:
-      ddl-auto: update
+    show-sql: false
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.PostgreSQL95Dialect
+        format_sql: true
 
-
diff --git a/Workbench/idp_ui_api/Dockerfile b/Workbench/idp_ui_api/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/shib-idp-ui:1.9.2
+FROM i2incommon/shib-idp-ui:1.13.2
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME
@@ -7,12 +7,4 @@ COPY container_files/idp_ui/application.yml /opt/shibui/
 COPY container_files/idp_ui/shibui-test.p12 /opt/shibui/
 COPY container_files/idp_ui/users.txt /opt/shibui/
 
-#RUN mkdir -p /opt/shibui/saml/
-##COPY container_files/idp_ui/samlkeystore.jks /opt/shibui/saml/
-#COPY container_files/idp_ui/idp-metadata.xml /opt/shibui/saml/
-
-#COPY container_files/system/setservername.sh /usr/local/bin/
-#RUN chmod 755 /usr/local/bin/setservername.sh
-#RUN /usr/local/bin/setservername.sh
-
 EXPOSE 8443
diff --git a/Workbench/idp_ui_api/container_files/idp_ui/application.yml b/Workbench/idp_ui_api/container_files/idp_ui/application.yml
@@ -23,14 +23,15 @@ shibui:
     authentication-header: IDPUI_API_KEY
 spring:
   datasource:
+    platform: postgres
+    driver-class-name: org.postgresql.Driver
+    url: jdbc:postgresql://idpui-data:5432/shibui
     username: shibui
     password: secret
-    url: jdbc:mariadb://idpui-data:3306/shibui
-    driverClassName: org.mariadb.jdbc.Driver
-    platform: mariadb
   jpa:
-    database-platform: org.hibernate.dialect.MariaDBDialect
-    hibernate:
-      ddl-auto: update
+    show-sql: false
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.PostgreSQL95Dialect
+        format_sql: true
 
-
diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/midpoint:4.4
+FROM i2incommon/midpoint:4.5
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME

diff --git a/Workbench/midpoint_server/container_files/mp-home/lib/mariadb-java-client-3.0.6.jar b/Workbench/midpoint_server/container_files/mp-home/lib/mariadb-java-client-3.0.6.jar
diff --git a/Workbench/midpoint_server/container_files/mp-home/lib/mysql-connector-java-8.0.30.jar b/Workbench/midpoint_server/container_files/mp-home/lib/mysql-connector-java-8.0.30.jar
diff --git a/...erver/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/...erver/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">
-	<securityPolicy xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" oid="00000000-0000-0000-0000-000000000120" version="2">
+  xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+  xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">
+  <securityPolicy xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" oid="00000000-0000-0000-0000-000000000120" version="2">
     <name>Default Security Policy</name>
     <authentication>
         <modules>
@@ -17,55 +17,35 @@
             <saml2>
                 <name>mySamlSso</name>
                 <description>My internal enterprise SAML-based SSO system.</description>
-                <network>
-                    <readTimeout>10000</readTimeout>
-                    <connectTimeout>5000</connectTimeout>
-                </network>
                 <serviceProvider>
                     <entityId>midpointdemo-shibboleth</entityId>
                     <signRequests>true</signRequests>
-                    <wantAssertionsSigned>true</wantAssertionsSigned>
-                    <singleLogoutEnabled>true</singleLogoutEnabled>
-                    <nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId>
                     <keys>
-			<activeKeyStoreKey>
-    				<keyStorePath>/etc/pki/mp/sp-shibboleth-keys.jks</keyStorePath>
-    				<keyStorePassword>
-        				<t:clearValue>changeit</t:clearValue>
-    				</keyStorePassword>
-    				<keyAlias>signing-key</keyAlias>
-    				<keyPassword>
-        				<t:clearValue>password</t:clearValue>
-    				</keyPassword>
-			</activeKeyStoreKey>
-                        <standByKeyStoreKey>
-    				<keyStorePath>/etc/pki/mp/sp-shibboleth-keys.jks</keyStorePath>
-    				<keyStorePassword>
-        				<t:clearValue>changeit</t:clearValue>
-    				</keyStorePassword>
-    				<keyAlias>encrypt-key</keyAlias>
-    				<keyPassword>
-        				<t:clearValue>password</t:clearValue>
-    				</keyPassword>
-				<type>encryption</type>
-			</standByKeyStoreKey>
+                      <activeKeyStoreKey>
+                        <keyStorePath>/etc/pki/mp/sp-shibboleth-keys.jks</keyStorePath>
+                        <keyStorePassword>
+                          <t:clearValue>changeit</t:clearValue>
+                        </keyStorePassword>
+                        <keyAlias>signing-key</keyAlias>
+                        <keyPassword>
+                          <t:clearValue>password</t:clearValue>
+                        </keyPassword>
+                      </activeKeyStoreKey>
                     </keys>
-                    <provider>
-                        <entityId>https://idptestbed/idp/shibboleth</entityId>
-                        <alias>idp-shibboleth</alias>
+                    <identityProvider>
+                      <entityId>https://idptestbed/idp/shibboleth</entityId>
                         <metadata>
                             <pathToFile>/etc/shibboleth/idp-metadata.xml</pathToFile>
                         </metadata>
-                        <skipSslValidation>true</skipSslValidation>
                         <linkText>Shibboleth</linkText>
                         <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
                         <nameOfUsernameAttribute>uid</nameOfUsernameAttribute>
-                    </provider>
+                    </identityProvider>
                 </serviceProvider>
             </saml2>
             <httpHeader>
               <name>httpHeader</name>
-              <logoutUrl>https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Logout</logoutUrl>
+	      <logoutUrl>https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Logout</logoutUrl>
               <usernameHeader>REMOTE_USER</usernameHeader>
             </httpHeader>
         </modules>
@@ -99,7 +79,7 @@
             </requireAssignmentTarget>
             <module>
                 <name>internalLoginForm</name>
-                <order>40</order>
+                <order>30</order>
                 <necessity>sufficient</necessity>
             </module>
         </sequence>
@@ -151,8 +131,8 @@
                 <necessity>sufficient</necessity>
             </module>
         </sequence>
-	<ignoredLocalPath>/actuator</ignoredLocalPath>
-    	<ignoredLocalPath>/actuator/health</ignoredLocalPath>
+        <ignoredLocalPath>/actuator</ignoredLocalPath>
+        <ignoredLocalPath>/actuator/health</ignoredLocalPath>
     </authentication>
     <credentials>
         <password>
@@ -166,4 +146,4 @@
     </credentials>
 </securityPolicy>
 
-</objects>
+</objects>
diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
@@ -9,10 +9,10 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 The system contains the following TAP components (click the links to access each component in its own tab):
 
 <ul>
-<li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (2.6.0)</a></li>
-<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.4)</a></li>
+<li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (2.6.16)</a></li>
+<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.5)</a></li>
 <li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage Registry (3.3.4)</a></li>
-<li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.9.2)</a></li>
+<li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.13.2)</a></li>
 </ul>
 
 <br />
@@ -34,10 +34,10 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 <li><a href="https://__CSPHOSTNAME__/idp/status" target="TAP-WB-IDP">Shibboleth IdP (4.2.1) status</a></li>
 <li>Shibboleth SPs:</li>
 <ul>
-  <li><a href="https://__CSPHOSTNAME__/grouperSSO/Shibboleth.sso/Status" target="TAP-WB-gSP">Grouper SP (3.2.0) status</a></li>
-  <li><a href="https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Status" target="TAP-WB-mSP">midPoint SP (3.2.3) status</a></li>
-  <li><a href="https://__CSPHOSTNAME__/registrySSO/Shibboleth.sso/Status" target="TAP-WB-cSP">COmanage SP (3.2.0) status</a></li>
-  <li><a href="https://__CSPHOSTNAME__/wordpressSSO/Shibboleth.sso/Status" target="TAP-WB-wSP">Wordpress SP (3.2.0) status</a></li>
+  <li><a href="https://__CSPHOSTNAME__/grouperSSO/Shibboleth.sso/Status" target="TAP-WB-gSP">Grouper SP (3.2.3) status</a></li>
+  <li><a href="https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Status" target="TAP-WB-mSP">midPoint SP (3.3.0) status</a></li>
+  <li><a href="https://__CSPHOSTNAME__/registrySSO/Shibboleth.sso/Status" target="TAP-WB-cSP">COmanage SP (3.3.0) status</a></li>
+  <li><a href="https://__CSPHOSTNAME__/wordpressSSO/Shibboleth.sso/Status" target="TAP-WB-wSP">Wordpress SP (3.3.0) status</a></li>
 </ul>
 </ul>
 <br /><br /><br />

diff --git a/Workbench/webproxy/container_files/system/startWithMDLoad.sh b/Workbench/webproxy/container_files/system/startWithMDLoad.sh
@@ -3,7 +3,7 @@
 
 #wait for IdPUI's API, then load metadata into it
 pushd /mdload
-./wait-for-it.sh -t 0 idp_ui_api:8443 -- ./loadMD.sh GrouperSP /mdload/grouper-sp.xml 60 && \
+./wait-for-it.sh -t 0 idp_ui_api:8443 -- ./loadMD.sh GrouperSP /mdload/grouper-sp.xml 90 && \
                                          ./loadMD.sh midPointSP /mdload/midpoint-sp.xml 0 && \
                                          ./loadMD.sh ProxySP /mdload/proxy-sp.xml 0 && \
                                          ./loadMD.sh WordPressSP /mdload/wordpress-sp.xml 0 && \