From 8b7e794b3e46433b3046b0fd99eda82b05332677 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Sat, 12 Dec 2020 08:08:08 -0600 Subject: [PATCH 1/4] fixes for midpoint --- Workbench/docker-compose.yml | 1 + Workbench/midpoint_server/Dockerfile | 8 ++- .../container_files/httpd/00-shib.conf | 4 ++ .../container_files/httpd/midpoint-shib.conf | 17 ++++++ .../container_files/httpd/shib.conf | 58 ------------------- .../container_files/httpd/vhosts.conf | 3 + .../securityPolicy/000-security-policy.xml | 2 +- .../supervisor/supervisord.conf | 32 ---------- .../webproxy/container_files/httpd/proxy.conf | 2 +- 9 files changed, 32 insertions(+), 95 deletions(-) create mode 100644 Workbench/midpoint_server/container_files/httpd/00-shib.conf create mode 100644 Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf delete mode 100644 Workbench/midpoint_server/container_files/httpd/shib.conf create mode 100644 Workbench/midpoint_server/container_files/httpd/vhosts.conf delete mode 100644 Workbench/midpoint_server/container_files/supervisor/supervisord.conf diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml index 66be446..65d1d5c 100644 --- a/Workbench/docker-compose.yml +++ b/Workbench/docker-compose.yml @@ -205,6 +205,7 @@ services: midpoint_server: build: ./midpoint_server/ + command: /usr/local/bin/startup.sh depends_on: - midpoint_data ports: diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile index cd162ee..c24ac99 100644 --- a/Workbench/midpoint_server/Dockerfile +++ b/Workbench/midpoint_server/Dockerfile @@ -11,7 +11,9 @@ COPY container_files/mp-home/ ${MP_DIR}/var/ #Shibb SP COPY container_files/shibboleth/ /etc/shibboleth/ -COPY container_files/httpd/shib.conf /etc/httpd/conf.d +COPY container_files/httpd/00-shib.conf /etc/httpd/conf.modules.d/ +COPY container_files/httpd/midpoint-shib.conf /etc/httpd/conf.d/ +COPY container_files/httpd/vhosts.conf /etc/httpd/conf.d/vhosts/ #set dynamic hostname COPY container_files/system/setservername.sh /usr/local/bin/ @@ -19,7 +21,7 @@ RUN chmod 755 /usr/local/bin/setservername.sh #set hostname RUN /usr/local/bin/setservername.sh -COPY container_files/supervisor/supervisord.conf /etc/supervisor/ +#COPY container_files/supervisor/supervisord.conf /etc/supervisor/ #set shib auth in apache -RUN mv /etc/httpd/conf.d/midpoint.conf /etc/httpd/conf.d/midpoint.conf.default && mv /etc/httpd/conf.d/midpoint.conf.auth.shibboleth /etc/httpd/conf.d/midpoint.conf +#RUN mv /etc/httpd/conf.d/midpoint.conf /etc/httpd/conf.d/midpoint.conf.default && mv /etc/httpd/conf.d/midpoint.conf.auth.shibboleth /etc/httpd/conf.d/midpoint.conf diff --git a/Workbench/midpoint_server/container_files/httpd/00-shib.conf b/Workbench/midpoint_server/container_files/httpd/00-shib.conf new file mode 100644 index 0000000..04b785c --- /dev/null +++ b/Workbench/midpoint_server/container_files/httpd/00-shib.conf @@ -0,0 +1,4 @@ +# +# Load the Shibboleth module. +# +LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so diff --git a/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf b/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf new file mode 100644 index 0000000..a93663b --- /dev/null +++ b/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf @@ -0,0 +1,17 @@ +RequestHeader unset Authorization + + + AuthType shibboleth + ShibRequestSetting requireSession 1 + ShibRequireSession on + ShibUseHeaders On + require shibboleth + + + + AuthType shibboleth + ShibRequestSetting requireSession false + ShibUseHeaders On + require shibboleth + + diff --git a/Workbench/midpoint_server/container_files/httpd/shib.conf b/Workbench/midpoint_server/container_files/httpd/shib.conf deleted file mode 100644 index e7bc2e1..0000000 --- a/Workbench/midpoint_server/container_files/httpd/shib.conf +++ /dev/null @@ -1,58 +0,0 @@ -# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig - -# RPM installations on platforms with a conf.d directory will -# result in this file being copied into that directory for you -# and preserved across upgrades. - -# For non-RPM installs, you should copy the relevant contents of -# this file to a configuration location you control. - -# -# Load the Shibboleth module. -# -LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so - -# -# Turn this on to support "require valid-user" rules from other -# mod_authn_* modules, and use "require shib-session" for anonymous -# session-based authorization in mod_shib. -# -ShibCompatValidUser Off - -# -# Ensures handler will be accessible. -# - - AuthType None - Require all granted - SetHandler shib - - -# -# Used for example style sheet in error templates. -# - - - AuthType None - Require all granted - - Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css - - -# -# Configure the module for content. -# -# You MUST enable AuthType shibboleth for the module to process -# any requests, and there MUST be a require command as well. To -# enable Shibboleth but not specify any session/access requirements -# use "require shibboleth". -# - - AuthType shibboleth - ShibRequestSetting requireSession 1 - require shibboleth - - -#for midpoint -RewriteRule "^/midpoint/$" "/midpoint/auth/shib" [R] - diff --git a/Workbench/midpoint_server/container_files/httpd/vhosts.conf b/Workbench/midpoint_server/container_files/httpd/vhosts.conf new file mode 100644 index 0000000..7b9ffdd --- /dev/null +++ b/Workbench/midpoint_server/container_files/httpd/vhosts.conf @@ -0,0 +1,3 @@ +#for midpoint +RewriteRule "^/midpoint/$" "/midpoint/auth/shib" [R] + diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml index 83e7c3c..890d165 100644 --- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml +++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml @@ -66,7 +66,7 @@ httpHeader https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Logout - uid + REMOTE_USER diff --git a/Workbench/midpoint_server/container_files/supervisor/supervisord.conf b/Workbench/midpoint_server/container_files/supervisor/supervisord.conf deleted file mode 100644 index 4a6b5fa..0000000 --- a/Workbench/midpoint_server/container_files/supervisor/supervisord.conf +++ /dev/null @@ -1,32 +0,0 @@ -[supervisord] -logfile=/tmp/logsuperd -logfile_maxbytes=0 -loglevel=error -nodaemon=true -user=root - -[program:httpd] -command=/bin/bash -c "/usr/local/bin/start-httpd.sh" -stdout_logfile=/tmp/loghttpd -stdout_logfile_maxbytes=0 -redirect_stderr=true - -[program:midpoint] -command=/bin/bash -c "/usr/local/bin/start-midpoint.sh" -stdout_logfile=/dev/fd/2 -stdout_logfile_maxbytes=0 -redirect_stderr=true -autorestart=false - -[program:shibboleth] -command=/usr/sbin/shibd -f -stdout_logfile=/dev/fd/2 -stdout_logfile_maxbytes=0 -redirect_stderr=true -autorestart=false - -[program:crond] -command=/usr/sbin/crond -n -i -m off -stdout_logfile=/tmp/logcrond -stdout_logfile_maxbytes=0 -redirect_stderr=true \ No newline at end of file diff --git a/Workbench/webproxy/container_files/httpd/proxy.conf b/Workbench/webproxy/container_files/httpd/proxy.conf index 84c63d7..e7fb9f6 100644 --- a/Workbench/webproxy/container_files/httpd/proxy.conf +++ b/Workbench/webproxy/container_files/httpd/proxy.conf @@ -46,7 +46,7 @@ ProxyPass /registry https://comanage/registry ProxyPass /registrySSO https://comanage/registrySSO #ProxyPassReverse /comanage https://comanage/ -ProxyPass /wordpress http://wordpress_server/ +ProxyPass /wordpress http://wordpress_server/ nocanon ProxyPassReverse /wordpress http://wordpress_server/ ProxyPass /wp-includes http://wordpress_server/wp-includes ProxyPassReverse /wp-includes http://wordpress_server/wp-includes From 4ea41afe0a17855e4811b588f61a8350fd915401 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Sun, 13 Dec 2020 08:34:26 -0600 Subject: [PATCH 2/4] fix proxy for unsetting authz header --- .../container_files/httpd/midpoint-shib.conf | 2 -- Workbench/webproxy/container_files/httpd/proxy.conf | 10 +++++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf b/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf index a93663b..ce72d1e 100644 --- a/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf +++ b/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf @@ -1,5 +1,3 @@ -RequestHeader unset Authorization - AuthType shibboleth ShibRequestSetting requireSession 1 diff --git a/Workbench/webproxy/container_files/httpd/proxy.conf b/Workbench/webproxy/container_files/httpd/proxy.conf index e7fb9f6..068f506 100644 --- a/Workbench/webproxy/container_files/httpd/proxy.conf +++ b/Workbench/webproxy/container_files/httpd/proxy.conf @@ -7,6 +7,14 @@ SSLProxyCheckPeerExpire off ProxyPreserveHost On AllowEncodedSlashes On + + RequestHeader unset Authorization + + + + RequestHeader unset Authorization + + ProxyPass /midpoint https://midpoint-server/midpoint ProxyPassReverse /midpoint https://midpoint-server/midpoint ProxyPass /MPSSO https://midpoint-server/MPSSO @@ -51,4 +59,4 @@ ProxyPassReverse /wordpress http://wordpress_server/ ProxyPass /wp-includes http://wordpress_server/wp-includes ProxyPassReverse /wp-includes http://wordpress_server/wp-includes ProxyPass /wp-content http://wordpress_server/wp-content -ProxyPassReverse /wp-content http://wordpress_server/wp-content \ No newline at end of file +ProxyPassReverse /wp-content http://wordpress_server/wp-content From e5585bed7ab607e9371fec2223c82e960ecc5a7c Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Sun, 13 Dec 2020 10:22:48 -0600 Subject: [PATCH 3/4] fixes for midpoint shibb --- Workbench/docker-compose.yml | 8 +- Workbench/midpoint_server/Dockerfile | 3 + .../shibboleth/idp-metadata.xml | 201 ++++++++++++++++++ .../container_files/system/setservername.sh | 2 +- 4 files changed, 209 insertions(+), 5 deletions(-) create mode 100644 Workbench/midpoint_server/container_files/shibboleth/idp-metadata.xml diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml index 65d1d5c..ad63daa 100644 --- a/Workbench/docker-compose.yml +++ b/Workbench/docker-compose.yml @@ -204,7 +204,10 @@ services: - CREATE_NEW_DATABASE=if_needed midpoint_server: - build: ./midpoint_server/ + build: + context: ./midpoint_server/ + args: + - CSPHOSTNAME command: /usr/local/bin/startup.sh depends_on: - midpoint_data @@ -240,9 +243,6 @@ services: - mp_shibboleth_sp_keys.jks volumes: - midpoint_home:/opt/midpoint/var - - type: bind - source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml - target: /etc/shibboleth/idp-metadata.xml - type: bind source: ./configs-and-secrets/midpoint/httpd/host-cert.pem target: /etc/pki/tls/certs/host-cert.pem diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile index c24ac99..a9464b9 100644 --- a/Workbench/midpoint_server/Dockerfile +++ b/Workbench/midpoint_server/Dockerfile @@ -2,6 +2,9 @@ FROM tier/midpoint:latest MAINTAINER info@evolveum.com +ARG CSPHOSTNAME=localhost +ENV CSPHOSTNAME=$CSPHOSTNAME + ENV MP_DIR /opt/midpoint ENV MP_MEM_MAX 2048m RUN mkdir ${MP_DIR}/csv diff --git a/Workbench/midpoint_server/container_files/shibboleth/idp-metadata.xml b/Workbench/midpoint_server/container_files/shibboleth/idp-metadata.xml new file mode 100644 index 0000000..8bf0814 --- /dev/null +++ b/Workbench/midpoint_server/container_files/shibboleth/idp-metadata.xml @@ -0,0 +1,201 @@ + + + + + + + example.org + + + + + + + +MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy +MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH +YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M +SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2 +03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No +5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+ +XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud +DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk +hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL +BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac +ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98 +NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl +j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP +IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E +t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM= + + + + + + + + + +MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB +CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx +MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g +u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2 +Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ +Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+ +MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs +uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV +HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl +ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB +CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X +sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s +RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ +Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B +DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i +s00xrv14zLifcc8oj5DYzOhYRifRXgHX + + + + + + + + + +MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy +MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD +cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ +l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG +ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8 +9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX +VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud +DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk +hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL +BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni +QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN +jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r +xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8 ++PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H +p+tGUbGS2l873J5PrsbpeKEVR/IIoKo= + + + + + + + urn:mace:shibboleth:1.0:nameIdentifier + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + + + + + + localhost + + + + + + +MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy +MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH +YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M +SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2 +03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No +5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+ +XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud +DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk +hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL +BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac +ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98 +NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl +j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP +IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E +t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM= + + + + + + + + + +MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB +CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx +MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g +u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2 +Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ +Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+ +MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs +uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV +HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl +ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB +CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X +sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s +RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ +Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B +DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i +s00xrv14zLifcc8oj5DYzOhYRifRXgHX + + + + + + + + + +MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy +MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD +cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ +l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG +ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8 +9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX +VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud +DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk +hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL +BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni +QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN +jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r +xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8 ++PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H +p+tGUbGS2l873J5PrsbpeKEVR/IIoKo= + + + + + + + + + + + + + + diff --git a/Workbench/midpoint_server/container_files/system/setservername.sh b/Workbench/midpoint_server/container_files/system/setservername.sh index 9f091a0..c699ea9 100644 --- a/Workbench/midpoint_server/container_files/system/setservername.sh +++ b/Workbench/midpoint_server/container_files/system/setservername.sh @@ -1,6 +1,6 @@ #!/bin/bash -files="/opt/midpoint/var/post-initial-objects/securityPolicy/000-security-policy.xml" +files="/opt/midpoint/var/post-initial-objects/securityPolicy/000-security-policy.xml /etc/shibboleth/idp-metadata.xml" for file in $files do From eff4ca565fe0a314c506c83f070c639e4eade5a1 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Sun, 13 Dec 2020 18:31:56 -0600 Subject: [PATCH 4/4] fix healthcheck on webproxy --- Workbench/webproxy/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Workbench/webproxy/Dockerfile b/Workbench/webproxy/Dockerfile index 1db8713..46ec76f 100644 --- a/Workbench/webproxy/Dockerfile +++ b/Workbench/webproxy/Dockerfile @@ -25,3 +25,6 @@ RUN sed -i 's/TransferLog logs\/ssl_access_log/TransferLog \/tmp\/logpipe/g' /et #set hostname RUN /usr/local/bin/setservername.sh + +HEALTHCHECK --interval=1m --timeout=30s \ + CMD curl -k -f -u csp:workbench https://127.0.0.1/Shibboleth.sso/Status || exit 1