-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Paul Caskey
authored and
Paul Caskey
committed
Oct 28, 2020
1 parent
8269a6f
commit d232829
Showing
4 changed files
with
89 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <beans xmlns="http://www.springframework.org/schema/beans" | ||
| xmlns:context="http://www.springframework.org/schema/context" | ||
| xmlns:util="http://www.springframework.org/schema/util" | ||
| xmlns:p="http://www.springframework.org/schema/p" | ||
| xmlns:c="http://www.springframework.org/schema/c" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd | ||
| http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd | ||
| http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" | ||
|
|
||
| default-init-method="initialize" | ||
| default-destroy-method="destroy"> | ||
|
|
||
| <!-- | ||
| Map of access control policies used to limit access to administrative functions. | ||
| The purpose of the map is to label policies with a key/name so they can be reused. | ||
| --> | ||
|
|
||
| <!-- | ||
| Use the "shibboleth.IPRangeAccessControl" parent bean for IP-based access control. | ||
| The ranges provided MUST be CIDR network expressions. To specify a single address, | ||
| add "/32" or "/128" for IPv4 or IPv6 respectively. | ||
| The additional examples below demonstrate how to control access by username | ||
| and by attribute(s), in the case of authenticated access to admin functions. | ||
| --> | ||
|
|
||
| <util:map id="shibboleth.AccessControlPolicies"> | ||
|
|
||
| <entry key="AccessByIPAddress"> | ||
| <bean id="AccessByIPAddress" parent="shibboleth.IPRangeAccessControl" | ||
| p:allowedRanges="#{ {'127.0.0.1/32', '::1/128', '172.16.0.0/12'} }" /> | ||
| </entry> | ||
|
|
||
| <!-- | ||
| <entry key="AccessByUser"> | ||
| <bean parent="shibboleth.PredicateAccessControl"> | ||
| <constructor-arg> | ||
| <bean parent="shibboleth.Conditions.SubjectName" c:collection="#{'jdoe'}" /> | ||
| </constructor-arg> | ||
| </bean> | ||
| </entry> | ||
| --> | ||
|
|
||
| <!-- | ||
| <entry key="AccessByAttribute"> | ||
| <bean parent="shibboleth.PredicateAccessControl"> | ||
| <constructor-arg> | ||
| <bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate"> | ||
| <property name="attributeValueMap"> | ||
| <map> | ||
| <entry key="eduPersonEntitlement"> | ||
| <list> | ||
| <value>https://example.org/entitlement/idpadmin</value> | ||
| </list> | ||
| </entry> | ||
| </map> | ||
| </property> | ||
| </bean> | ||
| </constructor-arg> | ||
| </bean> | ||
| </entry> | ||
| --> | ||
|
|
||
| </util:map> | ||
|
|
||
| </beans> | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,5 @@ | ||
| FROM tier/shibboleth_sp:latest | ||
|
|
||
| COPY container_files/httpd/proxy.conf /etc/httpd/conf.d/ | ||
| COPY container_files/httpd/index.html /var/www/html/ | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| <br /> | ||
| <h3>Welcome to the InCommon TAP Workbench!</h3> | ||
| <br /> | ||
| This is your own personal instance of the InCommon <i>Trusted Access Platform</i> Workbench. | ||
| <br /><br /> | ||
| It is running on your local machine. | ||
| <br /><br /> | ||
| For more information, see <a href="https://spaces.at.internet2.edu/display/MID/Grouper+integration+demo#Grouperintegrationdemo-CheckingthemidPointstate(optional)" target="_blank">this page</a>. | ||
| <br /><br /> | ||
| The system contains the following TAP components (click the links to access each component in its own tab): | ||
| <ul> | ||
| <li><a href="https://localhost/idp/status" target="TAP-WB-IDP">Shibboleth IdP</a></li> | ||
| <li><a href="https://localhost/grouperSSO/Shibboleth.sso/Status" target="TAP-WB-SP">Shibboleth SP</a></li> | ||
| <li><a href="https://localhost/grouper" target="TAP-WB-GROUPER">Grouper</a></li> | ||
| <li><a href="https://localhost/midpoint" target="TAP-WB-MIDPOINT">midPoint</a></li> | ||
| <li>COmanage (coming soon)</li> | ||
| </ul> | ||
|
|