From ae35351ae0bd1c647e5f2d6990a3b0ef1a75ab5d Mon Sep 17 00:00:00 2001
From: root <root@ip-172-31-20-207.us-west-2.compute.internal>
Date: Wed, 21 Sep 2022 18:37:46 +0000
Subject: [PATCH] update midpoint to 4.5

---
 Workbench/docker-compose.yml                  |  4 +-
 Workbench/midpoint_server/Dockerfile          |  2 +-
 .../securityPolicy/000-security-policy.xml    | 62 +++++++------------
 .../webproxy/container_files/httpd/index.html |  4 +-
 .../container_files/system/startWithMDLoad.sh |  2 +-
 5 files changed, 26 insertions(+), 48 deletions(-)

diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
index f60b4b8..4be075c 100644
--- a/Workbench/docker-compose.yml
+++ b/Workbench/docker-compose.yml
@@ -224,10 +224,8 @@ services:
     environment:
      - CREATE_NEW_DATABASE=if_needed
 
-
-
   data_init:
-    image: i2incommon/midpoint:4.4
+    image: i2incommon/midpoint:4.5
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile
index dadd9da..e482e0a 100644
--- a/Workbench/midpoint_server/Dockerfile
+++ b/Workbench/midpoint_server/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/midpoint:4.4
+FROM i2incommon/midpoint:4.5
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
index 372d41c..3570a5b 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">
-	<securityPolicy xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" oid="00000000-0000-0000-0000-000000000120" version="2">
+  xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+  xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">
+  <securityPolicy xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" oid="00000000-0000-0000-0000-000000000120" version="2">
     <name>Default Security Policy</name>
     <authentication>
         <modules>
@@ -17,55 +17,35 @@
             <saml2>
                 <name>mySamlSso</name>
                 <description>My internal enterprise SAML-based SSO system.</description>
-                <network>
-                    <readTimeout>10000</readTimeout>
-                    <connectTimeout>5000</connectTimeout>
-                </network>
                 <serviceProvider>
                     <entityId>midpointdemo-shibboleth</entityId>
                     <signRequests>true</signRequests>
-                    <wantAssertionsSigned>true</wantAssertionsSigned>
-                    <singleLogoutEnabled>true</singleLogoutEnabled>
-                    <nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId>
                     <keys>
-			<activeKeyStoreKey>
-    				<keyStorePath>/etc/pki/mp/sp-shibboleth-keys.jks</keyStorePath>
-    				<keyStorePassword>
-        				<t:clearValue>changeit</t:clearValue>
-    				</keyStorePassword>
-    				<keyAlias>signing-key</keyAlias>
-    				<keyPassword>
-        				<t:clearValue>password</t:clearValue>
-    				</keyPassword>
-			</activeKeyStoreKey>
-                        <standByKeyStoreKey>
-    				<keyStorePath>/etc/pki/mp/sp-shibboleth-keys.jks</keyStorePath>
-    				<keyStorePassword>
-        				<t:clearValue>changeit</t:clearValue>
-    				</keyStorePassword>
-    				<keyAlias>encrypt-key</keyAlias>
-    				<keyPassword>
-        				<t:clearValue>password</t:clearValue>
-    				</keyPassword>
-				<type>encryption</type>
-			</standByKeyStoreKey>
+                      <activeKeyStoreKey>
+                        <keyStorePath>/etc/pki/mp/sp-shibboleth-keys.jks</keyStorePath>
+                        <keyStorePassword>
+                          <t:clearValue>changeit</t:clearValue>
+                        </keyStorePassword>
+                        <keyAlias>signing-key</keyAlias>
+                        <keyPassword>
+                          <t:clearValue>password</t:clearValue>
+                        </keyPassword>
+                      </activeKeyStoreKey>
                     </keys>
-                    <provider>
-                        <entityId>https://idptestbed/idp/shibboleth</entityId>
-                        <alias>idp-shibboleth</alias>
+                    <identityProvider>
+                      <entityId>https://idptestbed/idp/shibboleth</entityId>
                         <metadata>
                             <pathToFile>/etc/shibboleth/idp-metadata.xml</pathToFile>
                         </metadata>
-                        <skipSslValidation>true</skipSslValidation>
                         <linkText>Shibboleth</linkText>
                         <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
                         <nameOfUsernameAttribute>uid</nameOfUsernameAttribute>
-                    </provider>
+                    </identityProvider>
                 </serviceProvider>
             </saml2>
             <httpHeader>
               <name>httpHeader</name>
-              <logoutUrl>https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Logout</logoutUrl>
+	      <logoutUrl>https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Logout</logoutUrl>
               <usernameHeader>REMOTE_USER</usernameHeader>
             </httpHeader>
         </modules>
@@ -99,7 +79,7 @@
             </requireAssignmentTarget>
             <module>
                 <name>internalLoginForm</name>
-                <order>40</order>
+                <order>30</order>
                 <necessity>sufficient</necessity>
             </module>
         </sequence>
@@ -151,8 +131,8 @@
                 <necessity>sufficient</necessity>
             </module>
         </sequence>
-	<ignoredLocalPath>/actuator</ignoredLocalPath>
-    	<ignoredLocalPath>/actuator/health</ignoredLocalPath>
+        <ignoredLocalPath>/actuator</ignoredLocalPath>
+        <ignoredLocalPath>/actuator/health</ignoredLocalPath>
     </authentication>
     <credentials>
         <password>
@@ -166,4 +146,4 @@
     </credentials>
 </securityPolicy>
 
-</objects>
\ No newline at end of file
+</objects>
diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
index 23c24f0..affdfe9 100644
--- a/Workbench/webproxy/container_files/httpd/index.html
+++ b/Workbench/webproxy/container_files/httpd/index.html
@@ -10,7 +10,7 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 
 <ul>
 <li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (2.6.0)</a></li>
-<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.4)</a></li>
+<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.5)</a></li>
 <li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage Registry (3.3.4)</a></li>
 <li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.13.2)</a></li>
 </ul>
@@ -35,7 +35,7 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 <li>Shibboleth SPs:</li>
 <ul>
   <li><a href="https://__CSPHOSTNAME__/grouperSSO/Shibboleth.sso/Status" target="TAP-WB-gSP">Grouper SP (3.2.0) status</a></li>
-  <li><a href="https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Status" target="TAP-WB-mSP">midPoint SP (3.2.3) status</a></li>
+  <li><a href="https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Status" target="TAP-WB-mSP">midPoint SP (3.3.0) status</a></li>
   <li><a href="https://__CSPHOSTNAME__/registrySSO/Shibboleth.sso/Status" target="TAP-WB-cSP">COmanage SP (3.2.0) status</a></li>
   <li><a href="https://__CSPHOSTNAME__/wordpressSSO/Shibboleth.sso/Status" target="TAP-WB-wSP">Wordpress SP (3.2.0) status</a></li>
 </ul>
diff --git a/Workbench/webproxy/container_files/system/startWithMDLoad.sh b/Workbench/webproxy/container_files/system/startWithMDLoad.sh
index 1300403..0e158da 100755
--- a/Workbench/webproxy/container_files/system/startWithMDLoad.sh
+++ b/Workbench/webproxy/container_files/system/startWithMDLoad.sh
@@ -3,7 +3,7 @@
 
 #wait for IdPUI's API, then load metadata into it
 pushd /mdload
-./wait-for-it.sh -t 0 idp_ui_api:8443 -- ./loadMD.sh GrouperSP /mdload/grouper-sp.xml 60 && \
+./wait-for-it.sh -t 0 idp_ui_api:8443 -- ./loadMD.sh GrouperSP /mdload/grouper-sp.xml 90 && \
                                          ./loadMD.sh midPointSP /mdload/midpoint-sp.xml 0 && \
                                          ./loadMD.sh ProxySP /mdload/proxy-sp.xml 0 && \
                                          ./loadMD.sh WordPressSP /mdload/wordpress-sp.xml 0 && \