diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
index 830385a..2c79241 100644
--- a/Workbench/docker-compose.yml
+++ b/Workbench/docker-compose.yml
@@ -268,7 +268,41 @@ services:
- net
ports:
- 13443:443
+ volumes:
+ - generated-metadata:/opt/shibboleth-idp/metadata/generated
+ - generated-config:/opt/shibboleth-idp/conf/generated
+
+ idp_ui:
+ build:
+ context: ./idp_ui/
+ args:
+ - CSPHOSTNAME
+ depends_on:
+ - idp
+ networks:
+ - net
+ ports:
+ - 8080:8080
+ volumes:
+ - generated-metadata:/generated-metadata
+ - generated-config:/generated-config
+ idp_ui_data:
+ image: tier/mariadb:latest
+ ports:
+ - 33366:3306
+ environment:
+ MYSQL_USER: shibui
+ MYSQL_PASSWORD: secret
+ MYSQL_DATABASE: shibui
+ MYSQL_RANDOM_ROOT_PASSWORD: "yes"
+ networks:
+ net:
+ aliases:
+ - idpui-data
+ volumes:
+ - mariadb-data:/var/lib/mysql
+
mq:
build: ./mq/
environment:
@@ -427,5 +461,8 @@ volumes:
mq:
wordpress_data:
wordpress_server:
+ generated-config:
+ generated-metadata:
+ mariadb-data:
diff --git a/Workbench/idp/Dockerfile b/Workbench/idp/Dockerfile
index 095418f..119762f 100644
--- a/Workbench/idp/Dockerfile
+++ b/Workbench/idp/Dockerfile
@@ -7,6 +7,8 @@ ENV CSPHOSTNAME=$CSPHOSTNAME
COPY shibboleth-idp/ /opt/shibboleth-idp/
+RUN mkdir -p /opt/shibboleth-idp/metadata/generated && mkdir -p /opt/shibboleth-idp/conf/generated
+
COPY container_files/system/setservername.sh /usr/local/bin/
RUN chmod 755 /usr/local/bin/setservername.sh
diff --git a/Workbench/idp/container_files/system/setservername.sh b/Workbench/idp/container_files/system/setservername.sh
index 8ad2d0e..f25a82f 100644
--- a/Workbench/idp/container_files/system/setservername.sh
+++ b/Workbench/idp/container_files/system/setservername.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-files="/opt/shibboleth-idp/metadata/idp-metadata.xml /opt/shibboleth-idp/metadata/grouper-sp.xml /opt/shibboleth-idp/metadata/proxy-sp.xml /opt/shibboleth-idp/metadata/comanage-sp.xml /opt/shibboleth-idp/metadata/midpoint-sp.xml /opt/shibboleth-idp/metadata/wordpress-sp.xml"
+files="/opt/shibboleth-idp/metadata/idp-metadata.xml /opt/shibboleth-idp/metadata/idpui-sp.xml /opt/shibboleth-idp/metadata/grouper-sp.xml /opt/shibboleth-idp/metadata/proxy-sp.xml /opt/shibboleth-idp/metadata/comanage-sp.xml /opt/shibboleth-idp/metadata/midpoint-sp.xml /opt/shibboleth-idp/metadata/wordpress-sp.xml"
for file in $files
do
diff --git a/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml b/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml
index 393d7db..c956985 100644
--- a/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml
+++ b/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml
@@ -30,4 +30,11 @@
<AttributeRule attributeID="uid" permitAny="true" />
<AttributeRule attributeID="mail" permitAny="true" />
</AttributeFilterPolicy>
+
+ <AttributeFilterPolicy id="shibui">
+ <PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org/shibui" />
+ <AttributeRule attributeID="uid" permitAny="true" />
+ <AttributeRule attributeID="mail" permitAny="true" />
+ </AttributeFilterPolicy>
+
</AttributeFilterPolicyGroup>
diff --git a/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml b/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml
index 57701fe..28620f3 100644
--- a/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml
+++ b/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml
@@ -30,6 +30,7 @@
<MetadataProvider id="ComanageSP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/comanage-sp.xml"/>
<MetadataProvider id="WordpressSP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/wordpress-sp.xml"/>
<MetadataProvider id="ProxySP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/proxy-sp.xml"/>
+ <MetadataProvider id="ShibUISP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/idpui-sp.xml"/>
<!-- Example HTTP metadata provider. Use this if you want to download
the metadata from a remote service.
diff --git a/Workbench/idp/shibboleth-idp/metadata/idpui-sp.xml b/Workbench/idp/shibboleth-idp/metadata/idpui-sp.xml
new file mode 100644
index 0000000..56571da
--- /dev/null
+++ b/Workbench/idp/shibboleth-idp/metadata/idpui-sp.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_zij31efrehgvhxgib5fugrypnm9i5ru0olesbuo" entityID="https://sp.example.org/shibui" validUntil="2040-12-15T20:55:14.900Z">
+ <md:Extensions>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ </md:Extensions>
+ <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:1.1:protocol">
+ <md:Extensions>
+ <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://__CSPHOSTNAME__/idpui/callback?client_name=Saml2Client"/>
+ </md:Extensions>
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIICpzCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxmYzRh
+ZGZjYWU2YzEwHhcNMjAxMjE1MjE0MTEzWhcNMjExMjE1MjE0MTE0WjAXMRUwEwYD
+VQQDDAxmYzRhZGZjYWU2YzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCA6b7o1/Nk7n1QGEnlmvG9xEY7F9adyx5KBvoLLDQDN6PIKxH5nFoJJEmh3xWG
+BDWJV6+QG3qaCOLDgNzVPw8M9Ns+P9pVn+/y4Lpddel2QgoTNkUM7w1/1sm4LbbL
+rcnMqYjhGwdm5ay+PvmhUOncmQN3m7x58JRRQcaDmFY3wKs61F5+dDa1AJydjrNW
+2V1tJVOFEOozmxJDh0rllIzzlmacBNBK9i5pfhOt3dMoh4PdBsUqiqWFGPEYX+Vx
+BmtcpHblNXfQSORVIuqx4qbti//QcFMT+DNe08TTCs9/UFwRZI/MDM1sdRge4Im3
+a9u509zFJJBNh9UWwR3Bzlg5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFd1tj7E
+joWPXpknmMzVGiJ3+3khvXnuIMOTHMcllxrjwcbAEfZ115tVlZHw3zza1qN3kq1L
+Gcg9NYCikn+ogPr542X06AgUs3KYBzHOTyubcgCGcvltNaOR+Du1LMQgr6VS5RII
+m8O7eQjL/Rpbm5GOkRROT8Sr+c8jcVFJoqw84pZyKdOaFTns2GfwLbHltLucLaON
+066UxGVYjBKhqeEzuEm+vn7Igrls6djGNKgH5DdmVpTzCqVyAUDEcGgRN6NOhcss
+4GamIudEFQczGqVgywv0nYIHZtSvYerO82ctt+osaOnmGU+Do4tdbBhIFHbguhzT
+490d7NC/yWS99RU=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:KeyDescriptor use="encryption">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIICpzCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxmYzRh
+ZGZjYWU2YzEwHhcNMjAxMjE1MjE0MTEzWhcNMjExMjE1MjE0MTE0WjAXMRUwEwYD
+VQQDDAxmYzRhZGZjYWU2YzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCA6b7o1/Nk7n1QGEnlmvG9xEY7F9adyx5KBvoLLDQDN6PIKxH5nFoJJEmh3xWG
+BDWJV6+QG3qaCOLDgNzVPw8M9Ns+P9pVn+/y4Lpddel2QgoTNkUM7w1/1sm4LbbL
+rcnMqYjhGwdm5ay+PvmhUOncmQN3m7x58JRRQcaDmFY3wKs61F5+dDa1AJydjrNW
+2V1tJVOFEOozmxJDh0rllIzzlmacBNBK9i5pfhOt3dMoh4PdBsUqiqWFGPEYX+Vx
+BmtcpHblNXfQSORVIuqx4qbti//QcFMT+DNe08TTCs9/UFwRZI/MDM1sdRge4Im3
+a9u509zFJJBNh9UWwR3Bzlg5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFd1tj7E
+joWPXpknmMzVGiJ3+3khvXnuIMOTHMcllxrjwcbAEfZ115tVlZHw3zza1qN3kq1L
+Gcg9NYCikn+ogPr542X06AgUs3KYBzHOTyubcgCGcvltNaOR+Du1LMQgr6VS5RII
+m8O7eQjL/Rpbm5GOkRROT8Sr+c8jcVFJoqw84pZyKdOaFTns2GfwLbHltLucLaON
+066UxGVYjBKhqeEzuEm+vn7Igrls6djGNKgH5DdmVpTzCqVyAUDEcGgRN6NOhcss
+4GamIudEFQczGqVgywv0nYIHZtSvYerO82ctt+osaOnmGU+Do4tdbBhIFHbguhzT
+490d7NC/yWS99RU=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://__CSPHOSTNAME__/idpui/callback?client_name=Saml2Client&idplogoutrequest=true"/>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://__CSPHOSTNAME__/idpui/callback?client_name=Saml2Client" index="0"/>
+ </md:SPSSODescriptor>
+</md:EntityDescriptor>
\ No newline at end of file
diff --git a/Workbench/idp_ui/Dockerfile b/Workbench/idp_ui/Dockerfile
new file mode 100644
index 0000000..8fddd63
--- /dev/null
+++ b/Workbench/idp_ui/Dockerfile
@@ -0,0 +1,19 @@
+FROM tier/shib-idp-ui:1.7.0
+
+ARG CSPHOSTNAME=localhost
+ENV CSPHOSTNAME=$CSPHOSTNAME
+
+COPY container_files/idp_ui/application.yml /opt/shibui/
+COPY container_files/idp_ui/shibui-test.p12 /opt/shibui/
+COPY container_files/idp_ui/users.txt /opt/shibui/
+
+RUN mkdir -p /opt/shibui/saml/
+COPY container_files/idp_ui/samlkeystore.jks /opt/shibui/saml/
+COPY container_files/idp_ui/idp-metadata.xml /opt/shibui/saml/
+
+COPY container_files/system/setservername.sh /usr/local/bin/
+RUN chmod 755 /usr/local/bin/setservername.sh
+RUN /usr/local/bin/setservername.sh
+
+
+EXPOSE 8443
diff --git a/Workbench/idp_ui/container_files/idp_ui/application.yml b/Workbench/idp_ui/container_files/idp_ui/application.yml
new file mode 100644
index 0000000..071d668
--- /dev/null
+++ b/Workbench/idp_ui/container_files/idp_ui/application.yml
@@ -0,0 +1,48 @@
+server:
+ context-path: /idpui
+ servlet:
+ context-path: /idpui
+ tomcat:
+ redirect-context-root: false
+ ssl:
+ enabled: true
+ key-store: /opt/shibui/shibui-test.p12
+ key-store-password: testing
+ key-store-type: pkcs12
+ key-password: testing
+ port: 8443
+shibui:
+ default-password: "{noop}letmein7"
+ metadataProviders:
+ target: "file:/generated-conf/shibui-metadata-providers.xml"
+ metadata-dir: "/generated-metadata"
+ beacon-enabled: true
+ pac4j-enabled: false
+ pac4j:
+ keystorePath: "/opt/shibui/saml/samlkeystore.jks"
+ keystorePassword: "changeit"
+ privateKeyPassword: "changeit"
+ serviceProviderEntityId: "https://sp.example.org/shibui"
+ serviceProviderMetadataPath: "/opt/shibui/saml/sp-metadata.xml"
+ identityProviderMetadataPath: "/opt/shibui/saml/idp-metadata.xml"
+ forceServiceProviderMetadataGeneration: false
+ callbackUrl: "https://__CSPHOSTNAME__/idpui/callback"
+ maximumAuthenticationLifetime: 3600000
+ saml2ProfileMapping:
+ username: urn:oid:0.9.2342.19200300.100.1.1
+ firstname: urn:oid:2.5.4.42
+ lastname: urn:oid:2.5.4.4
+ email: urn:oid:0.9.2342.19200300.100.1.3
+spring:
+ datasource:
+ username: shibui
+ password: secret
+ url: jdbc:mariadb://idpui-data:3306/shibui
+ driverClassName: org.mariadb.jdbc.Driver
+ platform: mariadb
+ jpa:
+ database-platform: org.hibernate.dialect.MariaDBDialect
+ hibernate:
+ ddl-auto: update
+
+
\ No newline at end of file
diff --git a/Workbench/idp_ui/container_files/idp_ui/idp-metadata.xml b/Workbench/idp_ui/container_files/idp_ui/idp-metadata.xml
new file mode 100644
index 0000000..8bf0814
--- /dev/null
+++ b/Workbench/idp_ui/container_files/idp_ui/idp-metadata.xml
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idptestbed/idp/shibboleth">
+
+ <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+
+ <Extensions>
+ <shibmd:Scope regexp="false">example.org</shibmd:Scope>
+<!--
+ Fill in the details for your IdP here
+
+ <mdui:UIInfo>
+ <mdui:DisplayName xml:lang="en">A Name for the IdP at idptestbed</mdui:DisplayName>
+ <mdui:Description xml:lang="en">Enter a description of your IdP at idptestbed</mdui:Description>
+ <mdui:Logo height="80" width="80">https://localhost/Path/To/Logo.png</mdui:Logo>
+ </mdui:UIInfo>
+-->
+ </Extensions>
+
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
+MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
+YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
+SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
+03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
+5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
+XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
+DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
+ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
+NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
+j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
+IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
+t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
+CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
+MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
+u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
+Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
+Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
+MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
+uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
+HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
+ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
+CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
+sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
+RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
+Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
+DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
+s00xrv14zLifcc8oj5DYzOhYRifRXgHX
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
+MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
+cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
+l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
+ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
+9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
+VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
+DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
+QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
+jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
+xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
++PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
+p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+
+ <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://__CSPHOSTNAME__/idp/profile/Shibboleth/SSO"/>
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/POST/SSO"/>
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/POST-SimpleSign/SSO"/>
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/Redirect/SSO"/>
+
+ </IDPSSODescriptor>
+
+
+ <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+
+ <Extensions>
+ <shibmd:Scope regexp="false">localhost</shibmd:Scope>
+ </Extensions>
+
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
+MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
+YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
+SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
+03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
+5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
+XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
+DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
+ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
+NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
+j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
+IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
+t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
+CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
+MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
+u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
+Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
+Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
+MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
+uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
+HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
+ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
+CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
+sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
+RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
+Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
+DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
+s00xrv14zLifcc8oj5DYzOhYRifRXgHX
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
+MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
+cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
+l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
+ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
+9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
+VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
+DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
+QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
+jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
+xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
++PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
+p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+
+
+ <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://__CSPHOSTNAME__/idp/profile/SAML1/SOAP/AttributeQuery"/>
+ <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/SOAP/AttributeQuery"/>
+ <!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above -->
+
+ </AttributeAuthorityDescriptor>
+
+</EntityDescriptor>
diff --git a/Workbench/idp_ui/container_files/idp_ui/samlkeystore.jks b/Workbench/idp_ui/container_files/idp_ui/samlkeystore.jks
new file mode 100644
index 0000000..7c3135a
Binary files /dev/null and b/Workbench/idp_ui/container_files/idp_ui/samlkeystore.jks differ
diff --git a/Workbench/idp_ui/container_files/idp_ui/shibui-test.p12 b/Workbench/idp_ui/container_files/idp_ui/shibui-test.p12
new file mode 100644
index 0000000..7efb561
Binary files /dev/null and b/Workbench/idp_ui/container_files/idp_ui/shibui-test.p12 differ
diff --git a/Workbench/idp_ui/container_files/idp_ui/users.txt b/Workbench/idp_ui/container_files/idp_ui/users.txt
new file mode 100644
index 0000000..6198804
--- /dev/null
+++ b/Workbench/idp_ui/container_files/idp_ui/users.txt
@@ -0,0 +1,2 @@
+root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
+banderson,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
\ No newline at end of file
diff --git a/Workbench/idp_ui/container_files/system/setservername.sh b/Workbench/idp_ui/container_files/system/setservername.sh
new file mode 100644
index 0000000..10c2049
--- /dev/null
+++ b/Workbench/idp_ui/container_files/system/setservername.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+files="/opt/shibui/application.yml /opt/shibui/saml/idp-metadata.xml"
+
+for file in $files
+ do
+ sed -i "s|__CSPHOSTNAME__|$CSPHOSTNAME|g" $file
+ done
\ No newline at end of file
diff --git a/Workbench/scripts/gethealth.py b/Workbench/scripts/gethealth.py
index 715f8ef..5d0a7f4 100755
--- a/Workbench/scripts/gethealth.py
+++ b/Workbench/scripts/gethealth.py
@@ -1,6 +1,6 @@
#!/bin/python
-containers = ["idp", "grouper_ui", "grouper_ws", "grouper_daemon", "grouper_data", "comanage", "comanage-cron", "comanage_data", "midpoint_server", "midpoint_data", "webproxy", "wordpress_server", "wordpress_data", "mq", "directory", "sources"]
+containers = ["idp", "idp_ui", "idp_ui_data", "grouper_ui", "grouper_ws", "grouper_daemon", "grouper_data", "comanage", "comanage-cron", "comanage_data", "midpoint_server", "midpoint_data", "webproxy", "wordpress_server", "wordpress_data", "mq", "directory", "sources"]
print("<table><tr><th style='text-align:left;width:150px'>Container</th><th style='text-align:left'>Health Status</th></tr>")
for container in containers:
diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
index 7716b29..eb7a75f 100644
--- a/Workbench/webproxy/container_files/httpd/index.html
+++ b/Workbench/webproxy/container_files/httpd/index.html
@@ -9,6 +9,7 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
The system contains the following TAP components (click the links to access each component in its own tab):
<ul>
<li><a href="https://__CSPHOSTNAME__/idp/status" target="TAP-WB-IDP">Shibboleth IdP (4.0.1)</a></li>
+<li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.7.0)</a></li>
<li>Shibboleth SPs:</li>
<ul>
<li><a href="https://__CSPHOSTNAME__/grouperSSO/Shibboleth.sso/Status" target="TAP-WB-gSP">Grouper SP (3.1.0)</a></li>
diff --git a/Workbench/webproxy/container_files/httpd/proxy.conf b/Workbench/webproxy/container_files/httpd/proxy.conf
index 068f506..ff1785a 100644
--- a/Workbench/webproxy/container_files/httpd/proxy.conf
+++ b/Workbench/webproxy/container_files/httpd/proxy.conf
@@ -15,6 +15,10 @@ AllowEncodedSlashes On
RequestHeader unset Authorization
</Location>
+<Location /idpui>
+ RequestHeader unset Authorization
+</Location>
+
ProxyPass /midpoint https://midpoint-server/midpoint
ProxyPassReverse /midpoint https://midpoint-server/midpoint
ProxyPass /MPSSO https://midpoint-server/MPSSO
@@ -31,6 +35,9 @@ ProxyPassReverse /grouper-ws https://grouper-ws/grouper-ws
ProxyPass /idp https://idp/idp
ProxyPassReverse /idp https://idp/idp
+ProxyPass /idpui https://idp_ui:8443/idpui
+ProxyPassReverse /idpui https://idp_ui:8443/idpui
+
ProxyPass /rabbit http://mq:15672/ nocanon
ProxyPassReverse /rabbit http://mq:15672/
#ProxyPass /# http://mq:15672/#