diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml index 75f0300..09623d0 100644 --- a/Workbench/docker-compose.yml +++ b/Workbench/docker-compose.yml @@ -301,7 +301,6 @@ services: - CSPHOSTNAME depends_on: - directory - - idp_ui environment: - JETTY_MAX_HEAP=64m - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password @@ -334,6 +333,25 @@ services: - generated-metadata:/generated-metadata - generated-config:/generated-config + idp_ui_api: + build: + context: ./idp_ui_api/ + args: + - CSPHOSTNAME + depends_on: + - idp_ui_data + - idp_ui + networks: + - net + healthcheck: + test: curl -k -s https://127.0.0.1:8443/idpui-api + interval: 30s + timeout: 30s + retries: 3 + volumes: + - generated-metadata:/generated-metadata + - generated-config:/generated-config + idp_ui_data: image: tier/mariadb:mariadb10.2 ports: @@ -380,6 +398,8 @@ services: - CSPHOSTNAME networks: - net + depends_on: + - idp_ui_api ports: - 443:443 diff --git a/Workbench/idp/Dockerfile b/Workbench/idp/Dockerfile index 4309126..fa3fac4 100644 --- a/Workbench/idp/Dockerfile +++ b/Workbench/idp/Dockerfile @@ -6,9 +6,6 @@ ARG CSPHOSTNAME=localhost ENV CSPHOSTNAME=$CSPHOSTNAME COPY shibboleth-idp/ /opt/shibboleth-idp/ -#rather than copying metadata files included in above folder and including in config, instead upload these files to the IdP UI -# API info here: https://documenter.getpostman.com/view/446764/TzzHmCkn - RUN mkdir -p /opt/shibboleth-idp/metadata/generated && mkdir -p /opt/shibboleth-idp/conf/generated @@ -19,3 +16,5 @@ RUN chmod 755 /usr/local/bin/setservername.sh #set hostname RUN /usr/local/bin/setservername.sh + + diff --git a/Workbench/idp/container_files/system/setservername.sh b/Workbench/idp/container_files/system/setservername.sh index f25a82f..b3d3e0f 100644 --- a/Workbench/idp/container_files/system/setservername.sh +++ b/Workbench/idp/container_files/system/setservername.sh @@ -1,6 +1,6 @@ #!/bin/bash -files="/opt/shibboleth-idp/metadata/idp-metadata.xml /opt/shibboleth-idp/metadata/idpui-sp.xml /opt/shibboleth-idp/metadata/grouper-sp.xml /opt/shibboleth-idp/metadata/proxy-sp.xml /opt/shibboleth-idp/metadata/comanage-sp.xml /opt/shibboleth-idp/metadata/midpoint-sp.xml /opt/shibboleth-idp/metadata/wordpress-sp.xml" +files="/opt/shibboleth-idp/metadata/idp-metadata.xml /opt/shibboleth-idp/metadata/idpui-sp.xml" for file in $files do diff --git a/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml b/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml index d3a9b34..77f7052 100644 --- a/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml +++ b/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml @@ -95,7 +95,7 @@ - + diff --git a/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml b/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml index 4126c67..852fc0d 100644 --- a/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml +++ b/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml @@ -33,11 +33,11 @@ --> - + diff --git a/Workbench/idp_ui_api/Dockerfile b/Workbench/idp_ui_api/Dockerfile new file mode 100644 index 0000000..83f88d3 --- /dev/null +++ b/Workbench/idp_ui_api/Dockerfile @@ -0,0 +1,18 @@ +FROM i2incommon/shib-idp-ui:1.9.2 + +ARG CSPHOSTNAME=localhost +ENV CSPHOSTNAME=$CSPHOSTNAME + +COPY container_files/idp_ui/application.yml /opt/shibui/ +COPY container_files/idp_ui/shibui-test.p12 /opt/shibui/ +COPY container_files/idp_ui/users.txt /opt/shibui/ + +#RUN mkdir -p /opt/shibui/saml/ +##COPY container_files/idp_ui/samlkeystore.jks /opt/shibui/saml/ +#COPY container_files/idp_ui/idp-metadata.xml /opt/shibui/saml/ + +#COPY container_files/system/setservername.sh /usr/local/bin/ +#RUN chmod 755 /usr/local/bin/setservername.sh +#RUN /usr/local/bin/setservername.sh + +EXPOSE 8443 diff --git a/Workbench/idp_ui_api/container_files/idp_ui/application.yml b/Workbench/idp_ui_api/container_files/idp_ui/application.yml new file mode 100644 index 0000000..de6eb0b --- /dev/null +++ b/Workbench/idp_ui_api/container_files/idp_ui/application.yml @@ -0,0 +1,36 @@ +server: + context-path: /idpui-api + servlet: + context-path: /idpui-api + tomcat: + redirect-context-root: false + ssl: + enabled: true + key-store: /opt/shibui/shibui-test.p12 + key-store-password: testing + key-store-type: pkcs12 + key-password: testing + port: 8443 +shibui: + default-password: "{noop}letmein7" + metadataProviders: + target: "file:/generated-config/shibui-metadata-providers.xml" + metadata-dir: "/generated-metadata" + beacon-enabled: true + pac4j-enabled: true + pac4j: + type-of-auth: HEADER + authentication-header: IDPUI_API_KEY +spring: + datasource: + username: shibui + password: secret + url: jdbc:mariadb://idpui-data:3306/shibui + driverClassName: org.mariadb.jdbc.Driver + platform: mariadb + jpa: + database-platform: org.hibernate.dialect.MariaDBDialect + hibernate: + ddl-auto: update + + diff --git a/Workbench/idp_ui_api/container_files/idp_ui/shibui-test.p12 b/Workbench/idp_ui_api/container_files/idp_ui/shibui-test.p12 new file mode 100644 index 0000000..7efb561 Binary files /dev/null and b/Workbench/idp_ui_api/container_files/idp_ui/shibui-test.p12 differ diff --git a/Workbench/idp_ui_api/container_files/idp_ui/users.txt b/Workbench/idp_ui_api/container_files/idp_ui/users.txt new file mode 100644 index 0000000..5487297 --- /dev/null +++ b/Workbench/idp_ui_api/container_files/idp_ui/users.txt @@ -0,0 +1 @@ +00c34830-9028-418c-976c-624a61578c8f,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org diff --git a/Workbench/idp_ui_api/container_files/system/setservername.sh b/Workbench/idp_ui_api/container_files/system/setservername.sh new file mode 100644 index 0000000..5804e25 --- /dev/null +++ b/Workbench/idp_ui_api/container_files/system/setservername.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +files="/opt/shibui/application.yml" + +for file in $files + do + sed -i "s|__CSPHOSTNAME__|$CSPHOSTNAME|g" $file + done diff --git a/Workbench/scripts/gethealth.py b/Workbench/scripts/gethealth.py index 5aa5301..2a9970c 100755 --- a/Workbench/scripts/gethealth.py +++ b/Workbench/scripts/gethealth.py @@ -1,6 +1,6 @@ #!/bin/python -containers = ["idp", "idp_ui", "idp_ui_data", "grouper_ui", "grouper_ws", "grouper_daemon", "grouper_data", "comanage", "comanage-cron", "comanage_data", "midpoint_server", "midpoint_data", "webproxy", "wordpress_server", "wordpress_data", "mq", "directory", "sources"] +containers = ["idp", "idp_ui", "idp_ui_data", "idp_ui_api", "grouper_ui", "grouper_ws", "grouper_daemon", "grouper_data", "comanage", "comanage-cron", "comanage_data", "midpoint_server", "midpoint_data", "webproxy", "wordpress_server", "wordpress_data", "mq", "directory", "sources"] print("") for container in containers: diff --git a/Workbench/webproxy/Dockerfile b/Workbench/webproxy/Dockerfile index be0e425..7e94499 100644 --- a/Workbench/webproxy/Dockerfile +++ b/Workbench/webproxy/Dockerfile @@ -3,7 +3,7 @@ FROM tier/shibboleth_sp:latest ARG CSPHOSTNAME=localhost ENV CSPHOSTNAME=$CSPHOSTNAME -RUN yum -y install cronie php composer php-bcmath +RUN yum -y install cronie php composer php-bcmath jq RUN composer require php-amqplib/php-amqplib RUN composer install RUN mkdir -p /var/www/html/refresh @@ -28,6 +28,17 @@ RUN chmod 755 /usr/local/bin/setservername.sh RUN mkdir -p /signalreload +RUN mkdir -p /mdload +COPY container_files/system/startWithMDLoad.sh /usr/local/bin/ +COPY container_files/mdload/ /mdload/ +RUN chmod 755 /usr/local/bin/startWithMDLoad.sh && chmod 755 /mdload/*.sh + +#install updated curl (for --data-raw) +RUN rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-2-1.rhel7.noarch.rpm +RUN yum-config-manager --enable city-fan.org +RUN yum update curl -y + + # fix httpd logging for ssl logs RUN sed -i 's/TransferLog logs\/ssl_access_log/TransferLog \/tmp\/logpipe/g' /etc/httpd/conf.d/ssl.conf \ && sed -i 's/ErrorLog logs\/ssl_error_log/ErrorLog \/tmp\/logpipe/g' /etc/httpd/conf.d/ssl.conf @@ -37,3 +48,6 @@ RUN /usr/local/bin/setservername.sh HEALTHCHECK --interval=1m --timeout=30s \ CMD curl -k -f -u csp:workbench https://127.0.0.1/Shibboleth.sso/Status || exit 1 + +CMD ["/usr/local/bin/startWithMDLoad.sh"] + diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html index 3ae1c56..988074a 100644 --- a/Workbench/webproxy/container_files/httpd/index.html +++ b/Workbench/webproxy/container_files/httpd/index.html @@ -8,9 +8,9 @@

Welcome to the InCommon TAP Workbench!



The system contains the following TAP components (click the links to access each component in its own tab):
diff --git a/Workbench/webproxy/container_files/httpd/proxy.conf b/Workbench/webproxy/container_files/httpd/proxy.conf index a1bc99b..f42b717 100644 --- a/Workbench/webproxy/container_files/httpd/proxy.conf +++ b/Workbench/webproxy/container_files/httpd/proxy.conf @@ -21,6 +21,10 @@ AllowEncodedSlashes NoDecode RequestHeader unset Authorization + + RequestHeader unset Authorization + + ProxyPass /midpoint https://midpoint-server/midpoint ProxyPassReverse /midpoint https://midpoint-server/midpoint ProxyPass /MPSSO https://midpoint-server/MPSSO @@ -40,6 +44,9 @@ ProxyPassReverse /idp https://idp/idp ProxyPass /idpui https://idp_ui:8443/idpui ProxyPassReverse /idpui https://idp_ui:8443/idpui +ProxyPass /idpui-api https://idp_ui_api:8443/idpui-api +ProxyPassReverse /idpui-api https://idp_ui_api:8443/idpui-api + ProxyPass /rabbit http://mq:15672/ nocanon ProxyPassReverse /rabbit http://mq:15672/ ProxyPass /js http://mq:15672/js diff --git a/Workbench/webproxy/container_files/httpd/ssl.conf b/Workbench/webproxy/container_files/httpd/ssl.conf index a5b9877..9283ea5 100644 --- a/Workbench/webproxy/container_files/httpd/ssl.conf +++ b/Workbench/webproxy/container_files/httpd/ssl.conf @@ -164,6 +164,13 @@ SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt Satisfy any + + Order deny,allow + Allow from all + Satisfy any + + + AuthType Basic AuthName "Restricted CSP content" diff --git a/Workbench/webproxy/container_files/mdload/addAttrRel.sh b/Workbench/webproxy/container_files/mdload/addAttrRel.sh new file mode 100755 index 0000000..5b6f7d7 --- /dev/null +++ b/Workbench/webproxy/container_files/mdload/addAttrRel.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +HEADER_NAME="IDPUI_API_KEY" +HEADER_VALUE="00c34830-9028-418c-976c-624a61578c8f" + +#first param is internal ID + +#get the current object and add attribute release info +echo "mdload-attr:Fetching current data for object $1" +curl -k -s --location --request GET "https://localhost/idpui-api/api/EntityDescriptor/$1" \ +--header "${HEADER_NAME}: ${HEADER_VALUE}" | jq '.attributeRelease += ["eduPersonPrincipalName","mail","givenName","surname","uid"]' > json.out + +#update the existing object with the added attribute release data +echo "mdload-attr:Adding attribute release info for object $1" +curl -k -s --location --request PUT "https://localhost/idpui-api/api/EntityDescriptor/$1" \ +--header 'Content-Type: application/json' \ +--header "${HEADER_NAME}: ${HEADER_VALUE}" \ +--data-raw "$(cat json.out)" + +rm json.out + diff --git a/Workbench/idp/shibboleth-idp/metadata/comanage-sp.xml b/Workbench/webproxy/container_files/mdload/comanage-sp.xml similarity index 100% rename from Workbench/idp/shibboleth-idp/metadata/comanage-sp.xml rename to Workbench/webproxy/container_files/mdload/comanage-sp.xml diff --git a/Workbench/idp/shibboleth-idp/metadata/grouper-sp.xml b/Workbench/webproxy/container_files/mdload/grouper-sp.xml similarity index 100% rename from Workbench/idp/shibboleth-idp/metadata/grouper-sp.xml rename to Workbench/webproxy/container_files/mdload/grouper-sp.xml diff --git a/Workbench/webproxy/container_files/mdload/loadMD.sh b/Workbench/webproxy/container_files/mdload/loadMD.sh new file mode 100755 index 0000000..75c7db6 --- /dev/null +++ b/Workbench/webproxy/container_files/mdload/loadMD.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +HEADER_NAME="IDPUI_API_KEY" +HEADER_VALUE="00c34830-9028-418c-976c-624a61578c8f" +DIR=/mdload + +#first param is name of SP +#second param is filename of raw metadata +#third param is sleep time + + +pushd $DIR + +#make sure its up +echo "mdload:Sleeping for $3 seconds to ensure availability" +sleep $3 + +#import raw XML +echo "mdload:Importing metadata for $1..." +curl -k -s --location --request POST "https://localhost/idpui-api/api/EntityDescriptor?spName=$1" \ +--header 'Content-Type: application/xml' \ +--header "${HEADER_NAME}: ${HEADER_VALUE}" \ +--data-raw "$(cat $2)" > $DIR/output.txt + +#get ID, set as enabled +ID=$(cat $DIR/output.txt | jq -r '.id') +echo "mdload:Fetched ID for object: $ID" +sleep 5 + +#ensure ID isn't empty +echo "Setting $1 as enabled..." +if [[ -z "$ID" ]]; then + echo "mdload:\$ID : is EMPTY, terminating" + cat $DIR/output.txt + exit 1 +fi + +#validate ID +if [[ $ID =~ ^\{?[A-F0-9a-f]{8}-[A-F0-9a-f]{4}-[A-F0-9a-f]{4}-[A-F0-9a-f]{4}-[A-F0-9a-f]{12}\}?$ ]]; then + echo "mdload: object ID validated" + curl -k -s --location --request PATCH "https://localhost/idpui-api/api/activate/entityDescriptor/$ID/enable" \ + --header "${HEADER_NAME}: ${HEADER_VALUE}" +else + echo "mdload:Bad response from service, terminating:" + cat $DIR/output.txt + exit 1 +fi + +#add attribute release +$DIR/addAttrRel.sh $ID + +rm $DIR/output.txt + +popd diff --git a/Workbench/idp/shibboleth-idp/metadata/midpoint-sp.xml b/Workbench/webproxy/container_files/mdload/midpoint-sp.xml similarity index 100% rename from Workbench/idp/shibboleth-idp/metadata/midpoint-sp.xml rename to Workbench/webproxy/container_files/mdload/midpoint-sp.xml diff --git a/Workbench/idp/shibboleth-idp/metadata/proxy-sp.xml b/Workbench/webproxy/container_files/mdload/proxy-sp.xml similarity index 100% rename from Workbench/idp/shibboleth-idp/metadata/proxy-sp.xml rename to Workbench/webproxy/container_files/mdload/proxy-sp.xml diff --git a/Workbench/webproxy/container_files/mdload/wait-for-it.sh b/Workbench/webproxy/container_files/mdload/wait-for-it.sh new file mode 100755 index 0000000..d990e0d --- /dev/null +++ b/Workbench/webproxy/container_files/mdload/wait-for-it.sh @@ -0,0 +1,182 @@ +#!/usr/bin/env bash +# Use this script to test if a given TCP host/port are available + +WAITFORIT_cmdname=${0##*/} + +echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi } + +usage() +{ + cat << USAGE >&2 +Usage: + $WAITFORIT_cmdname host:port [-s] [-t timeout] [-- command args] + -h HOST | --host=HOST Host or IP under test + -p PORT | --port=PORT TCP port under test + Alternatively, you specify the host and port as host:port + -s | --strict Only execute subcommand if the test succeeds + -q | --quiet Don't output any status messages + -t TIMEOUT | --timeout=TIMEOUT + Timeout in seconds, zero for no timeout + -- COMMAND ARGS Execute command with args after the test finishes +USAGE + exit 1 +} + +wait_for() +{ + if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then + echoerr "$WAITFORIT_cmdname: waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT" + else + echoerr "$WAITFORIT_cmdname: waiting for $WAITFORIT_HOST:$WAITFORIT_PORT without a timeout" + fi + WAITFORIT_start_ts=$(date +%s) + while : + do + if [[ $WAITFORIT_ISBUSY -eq 1 ]]; then + nc -z $WAITFORIT_HOST $WAITFORIT_PORT + WAITFORIT_result=$? + else + (echo -n > /dev/tcp/$WAITFORIT_HOST/$WAITFORIT_PORT) >/dev/null 2>&1 + WAITFORIT_result=$? + fi + if [[ $WAITFORIT_result -eq 0 ]]; then + WAITFORIT_end_ts=$(date +%s) + echoerr "$WAITFORIT_cmdname: $WAITFORIT_HOST:$WAITFORIT_PORT is available after $((WAITFORIT_end_ts - WAITFORIT_start_ts)) seconds" + break + fi + sleep 1 + done + return $WAITFORIT_result +} + +wait_for_wrapper() +{ + # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692 + if [[ $WAITFORIT_QUIET -eq 1 ]]; then + timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --quiet --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT & + else + timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT & + fi + WAITFORIT_PID=$! + trap "kill -INT -$WAITFORIT_PID" INT + wait $WAITFORIT_PID + WAITFORIT_RESULT=$? + if [[ $WAITFORIT_RESULT -ne 0 ]]; then + echoerr "$WAITFORIT_cmdname: timeout occurred after waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT" + fi + return $WAITFORIT_RESULT +} + +# process arguments +while [[ $# -gt 0 ]] +do + case "$1" in + *:* ) + WAITFORIT_hostport=(${1//:/ }) + WAITFORIT_HOST=${WAITFORIT_hostport[0]} + WAITFORIT_PORT=${WAITFORIT_hostport[1]} + shift 1 + ;; + --child) + WAITFORIT_CHILD=1 + shift 1 + ;; + -q | --quiet) + WAITFORIT_QUIET=1 + shift 1 + ;; + -s | --strict) + WAITFORIT_STRICT=1 + shift 1 + ;; + -h) + WAITFORIT_HOST="$2" + if [[ $WAITFORIT_HOST == "" ]]; then break; fi + shift 2 + ;; + --host=*) + WAITFORIT_HOST="${1#*=}" + shift 1 + ;; + -p) + WAITFORIT_PORT="$2" + if [[ $WAITFORIT_PORT == "" ]]; then break; fi + shift 2 + ;; + --port=*) + WAITFORIT_PORT="${1#*=}" + shift 1 + ;; + -t) + WAITFORIT_TIMEOUT="$2" + if [[ $WAITFORIT_TIMEOUT == "" ]]; then break; fi + shift 2 + ;; + --timeout=*) + WAITFORIT_TIMEOUT="${1#*=}" + shift 1 + ;; + --) + shift + WAITFORIT_CLI=("$@") + break + ;; + --help) + usage + ;; + *) + echoerr "Unknown argument: $1" + usage + ;; + esac +done + +if [[ "$WAITFORIT_HOST" == "" || "$WAITFORIT_PORT" == "" ]]; then + echoerr "Error: you need to provide a host and port to test." + usage +fi + +WAITFORIT_TIMEOUT=${WAITFORIT_TIMEOUT:-15} +WAITFORIT_STRICT=${WAITFORIT_STRICT:-0} +WAITFORIT_CHILD=${WAITFORIT_CHILD:-0} +WAITFORIT_QUIET=${WAITFORIT_QUIET:-0} + +# Check to see if timeout is from busybox? +WAITFORIT_TIMEOUT_PATH=$(type -p timeout) +WAITFORIT_TIMEOUT_PATH=$(realpath $WAITFORIT_TIMEOUT_PATH 2>/dev/null || readlink -f $WAITFORIT_TIMEOUT_PATH) + +WAITFORIT_BUSYTIMEFLAG="" +if [[ $WAITFORIT_TIMEOUT_PATH =~ "busybox" ]]; then + WAITFORIT_ISBUSY=1 + # Check if busybox timeout uses -t flag + # (recent Alpine versions don't support -t anymore) + if timeout &>/dev/stdout | grep -q -e '-t '; then + WAITFORIT_BUSYTIMEFLAG="-t" + fi +else + WAITFORIT_ISBUSY=0 +fi + +if [[ $WAITFORIT_CHILD -gt 0 ]]; then + wait_for + WAITFORIT_RESULT=$? + exit $WAITFORIT_RESULT +else + if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then + wait_for_wrapper + WAITFORIT_RESULT=$? + else + wait_for + WAITFORIT_RESULT=$? + fi +fi + +if [[ $WAITFORIT_CLI != "" ]]; then + if [[ $WAITFORIT_RESULT -ne 0 && $WAITFORIT_STRICT -eq 1 ]]; then + echoerr "$WAITFORIT_cmdname: strict mode, refusing to execute subprocess" + exit $WAITFORIT_RESULT + fi + exec "${WAITFORIT_CLI[@]}" +else + exit $WAITFORIT_RESULT +fi diff --git a/Workbench/idp/shibboleth-idp/metadata/wordpress-sp.xml b/Workbench/webproxy/container_files/mdload/wordpress-sp.xml similarity index 100% rename from Workbench/idp/shibboleth-idp/metadata/wordpress-sp.xml rename to Workbench/webproxy/container_files/mdload/wordpress-sp.xml diff --git a/Workbench/webproxy/container_files/system/setservername.sh b/Workbench/webproxy/container_files/system/setservername.sh index 00294cd..8d6e049 100644 --- a/Workbench/webproxy/container_files/system/setservername.sh +++ b/Workbench/webproxy/container_files/system/setservername.sh @@ -1,8 +1,8 @@ #!/bin/bash -files="/etc/shibboleth/idp-metadata.xml /var/www/html/index.html" +files="/etc/shibboleth/idp-metadata.xml /var/www/html/index.html /mdload/grouper-sp.xml /mdload/midpoint-sp.xml /mdload/comanage-sp.xml /mdload/proxy-sp.xml /mdload/wordpress-sp.xml" for file in $files do sed -i "s|__CSPHOSTNAME__|$CSPHOSTNAME|g" $file - done \ No newline at end of file + done diff --git a/Workbench/webproxy/container_files/system/startWithMDLoad.sh b/Workbench/webproxy/container_files/system/startWithMDLoad.sh new file mode 100755 index 0000000..e08d294 --- /dev/null +++ b/Workbench/webproxy/container_files/system/startWithMDLoad.sh @@ -0,0 +1,12 @@ +#!/bin/sh +/usr/local/bin/startup.sh & + +#wait for IdPUI's API, then load metadata into it +pushd /mdload +./wait-for-it.sh -t 0 idp_ui_api:8443 -- ./loadMD.sh GrouperSP /mdload/grouper-sp.xml 40 && \ + ./loadMD.sh midPointSP /mdload/midpoint-sp.xml 0 && \ + ./loadMD.sh ProxySP /mdload/proxy-sp.xml 0 && \ + ./loadMD.sh WordPressSP /mdload/wordpress-sp.xml 0 && \ + ./loadMD.sh COmanageSP /mdload/comanage-sp.xml 0 +popd +wait
ContainerHealth Status