From 956c2d4c96e6201e39d8f6916aa42dc595cde994 Mon Sep 17 00:00:00 2001
From: root <root@ip-172-31-28-160.us-west-2.compute.internal>
Date: Tue, 15 Dec 2020 15:48:55 +0000
Subject: [PATCH 1/3] test cert for shibui
---
Workbench/tmp/shibui-test.p12 | Bin 0 -> 2533 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 Workbench/tmp/shibui-test.p12
diff --git a/Workbench/tmp/shibui-test.p12 b/Workbench/tmp/shibui-test.p12
new file mode 100644
index 0000000000000000000000000000000000000000..7efb561aa1d2574832b5e1f9dbfc78a3f91e6bc6
GIT binary patch
literal 2533
zcmY+^cQhM{9tZFwk`R})_Eu`v42`X>y*tbpm)bLJRn4LzloEAYY8NSjprv))sutJY
zJ1t@~Hr2-7O+5FU_uhT)kKg&7^ZlOl{quvs!sbCh1_TyX4u#1inkF8y0vUmLEG!3%
zg}peBpCPbdlYc5G9t&1KkB}fB;QYz|(*O~IQ09LxumGV5IGE{5Ofm$-MGpmmm;e|o
z7yz?2Ld9mA&~g<$>@J4Psg3yCdh22}gE(4$G-sT8jhDuWmEr5U)`{c4X<$g$*oiR#
zxz!DjKW@O@8Rr4S3lr}vE7^4}WlZ{%DsOrzCRtkgc9gSUp|p=~&Z#=0lm?HF^^3JN
z53vl-Jqnd%O-`zSjyxdVH^7@W=d8c49RWX0!w;84y%Yu}ycHa|Ghn8*GO~SqDo&-8
z@)w4gA2#n#u{yl))QyD{ddu9l_vBLZWM>)^_T^7yj5v-YnuxFTlu6lccyQy)8lF5S
zT{bT|l!D<pX$u{#W4GOc)A|$XpW${0FaHpAGn<;PBzQ4LX9h-G9C_l(w_5V*)1Y<P
z1pKTmk8Sfbd#9RPemp9FG5)7yn);nRdTxGlTamXOzt2|4l>4_6DV|YC`|h<19~UI-
zoZsIyn!eXfc`zQ(T&j)p?^U*FCkW<ONFblgS>@Lm8~BFw%=V>4Sw0Ti5XCr{q-mqH
z^i(AMS(#b^+6p3wa6w*Iztbb>m$0B#)Z}U_fyx}ih}F2oZcL7YlM0lZ@w}<pT<lx^
z@{h}|b}Mr%k?TS^C6lX<%nFDF!N__{a8EyV3Mnlx5UP%l#|g4&nn+6#?6pa8-Dp}-
z)-)se(olKYp9+bxo7z;t?69WwhTju4)+;|TtWzW8A{~Q)!U4Cbmq4o0vXkA0A(~9?
zG+Mj-=vU#(m36orq>VUsBm^*hA^N^u(=~yd7K|+J8&HkOc@s}xn$Cq@NDo}#H@Cis
z>i|6XrFAD-#rk2HCf!)HNj6mvLWUG5+!@~@JdD84qoN+xlnxPA>o*)<uSva=DUcCE
z?=@a~n23!ugUdfFMdwIyEa;GA6uc6z`30FbZwo%SKhi=+3TKs8M7(-N39~$=Zb6>*
zHg0SSaKF`h=cIgVAZpD){4!!=xK8Wj=Gyz&Mzu00P6I=ig?91KP?3$g8k~h@1XT;1
z&pWe|yjelym48%bl%Q&5Y^Qf|+05rJvfSspsV^(gx|LGm@~kfUzXg?=XAL7}!fs31
zdwJezn-S7Gru(xc-pi?0ULCK9(-amG-@G%sXvXm_j%SQy<TLHmA@?yREiy4WZHEIh
zN65BKZ*ujGuo6Blq)@zUHH?k(!xfV%vqfcnHD)nv5tStuvX59Iw`0%FGJ^(LUn=!T
z%o5<7s78O$q~!*hNY-iy7-~I`*76!mVQ3<=270YgYpu#_9}w>oO<Xy$c8m~EDAFM3
zud1!+l1Brrn56()q|i_maIz57#rxCTuyUVQu;h7EWjdvFG`d=N|1rjUkJ5RUBtLbS
zDp10b;Ag<iV!Y)I^b*sVF|OoV@O4sA+lr=jv)M*jAg~a<{{aJ!g(!ou5QXzt=KLg~
zzx;;}W+3R?8R|JO-~LY(hQC!YtX_zRu^XBHtqK?m?(tM!q*))FN<<$%0q7B@DI0LU
zQMs;|B~W_a%y(U!*f@GINw^6&p0m7$5{qP?2zrDT$QgyJ-#r#zudlllK2;z#(iUgg
zYzFJ>)EpwEvwSj7ZDv7}&SGl%aQwcV)v3e8`B$FAvttR@J0gNM1b{$sLv!*=xLjsk
z-qttWgK4NzNXovseRmT8uTyuTZjz8Ir?PWRX^D1Y*658#VBDMAih)He2_v=U-GU~A
z)iXnSoRSaa%A6(0E>%PO3nIG@j~)#k5w`+w2m_$eg}oM2FD{M#5fAHi7Xx2=`n6@F
zE!741(&+2i5@tV8Hm*4QfRDR*@yleOi)*Ix+(is@-Tz}TjkZ!#H=_;6yXVJi*QZ3)
zmNH`xhRoT&&$|qaj#z2Xsd-cJtV7Q<Qd&E;aBa}kR49At<GQTbTC#Jcj}h!>bLXL1
z`%+Mk4)eS;kDD|nU8-&Qktk=7OMkscHMQ8v2^CWZBYyin&Q`N$cZ<&^sIL}uaJ+&n
z)RZJPGJguG4?Fz)vW#Fm;t(5S6+1xk)tYw1kW6PNf9lR7eh`H8bi-C|uchPO4Hp_k
zx-crC)4e_EpPLAA6Gm~Mwh!}gc6w#db**-XE4fuHZo?=xOPY=Lw}lM9GptVw@p@IN
z)Jzc&5sX6H)qL4St0o*aO#J0mJaeLkwxhAT_7&u;Wu-IQqQ~F%cAVO6%!53MC6Dxf
zxA9YLQd6^>%`zBxaH8J(QT3UHBwj}Sb)fRlL_H+xOEK?_$?)f2&S)%0%B?1~hQxA>
z@Ad(LeY+xZ^%aSYLa{U4d>xcIQIvk_SY}(>4ajf4uX$B2fs7q>7!5>oPcCEvjjN&-
zBM}T`oCVicnid52L-V1<dFy45Tat|H({o7rdHh>J0?gUM6#Pnq;`?4vJp&cWM!<Y;
zifTRk1ZN12C!!`$XQd{p5R#e49AVGp=4nzh>TVXg8s>1!b4BOt_TJDBrnd|3J-?!K
zbqiKt=J!5mfLQhC6|OH6wqFd#s;JV!s-1@zc?>xweW&yqXQ<pGM6vjC&kPwmGxF)L
zo-LSl-;>pt%Ns07t3rrdiu}X?(28|+l%Y5lprjsrsBmkYO)j<%+z}pdYM%D2bS>d2
z${<XgxVO*RvMqF~w_W>&b`rlh?cTjBMy_Jkq1e~Q(vy5}R%Dy4aGwSij$ov-7fCmb
z42tLK@bF0avC`9c!OeNXqLKQZN{;M2{&2l(Z~kC!yS}-Fp0cVx<cF>*Trj?*w6LFY
zvHyg8Owb7ge5M!Mn!@5f82k~OdH-oJ;nme$@<}woIz`)5^3Mmo4%v=AX5R3Kx=0iu
zcYRq>ixV~0t*m+_Q6-Z$ES>N(u0%Jvy;#CN#XULz`83L9&$#QuMiN&S$19h6QVD+9
zQQ%$Z>*SnLx3{Py7Y)JqCmxfQUl{qg3(My=@t>Xpe(H%A7a`ZcR8EmVi<+mlC*!`q
z!<pNA`?u1zIhR+pdattX2|>hmeQGTG45@;<4(Uj#AM-3fxt>(%%!iIK8eEOuP`F2b
zQt1}l-D7c)A<GN3TffBcrRXNt-J5>p4xvsTd$6POA`&`-JXRjD(K?!xF}xO~T@iBA
zy}$baes<8OB!Lk7uZ}P-C2lZh7h~rDKNE?&ZHBQp(XEb7cnxnyC?P}<FepS8&H&<v
o0KlB)M(f{M4|9f8Lr1my(YRHs$3F>RrVx?$IDCeX{ohLd3q54Gr2qf`
literal 0
HcmV?d00001
From 5142669daaf998ea9a5527faef66c77eb2bb2d6c Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Tue, 15 Dec 2020 16:59:37 -0600
Subject: [PATCH 2/3] add IdP UI
---
Workbench/docker-compose.yml | 37 ++++
Workbench/idp/Dockerfile | 2 +
.../container_files/system/setservername.sh | 2 +-
.../shibboleth-idp/conf/attribute-filter.xml | 7 +
.../conf/metadata-providers.xml | 1 +
.../idp/shibboleth-idp/metadata/idpui-sp.xml | 71 +++++++
Workbench/idp_ui/Dockerfile | 19 ++
.../container_files/idp_ui/application.yml | 46 ++++
.../container_files/idp_ui/idp-metadata.xml | 201 ++++++++++++++++++
.../container_files/idp_ui/samlkeystore.jks | Bin 0 -> 2254 bytes
.../container_files/idp_ui}/shibui-test.p12 | Bin
.../idp_ui/container_files/idp_ui/users.txt | 2 +
.../container_files/system/setservername.sh | 8 +
Workbench/scripts/gethealth.py | 2 +-
.../webproxy/container_files/httpd/index.html | 1 +
.../webproxy/container_files/httpd/proxy.conf | 7 +
16 files changed, 404 insertions(+), 2 deletions(-)
create mode 100644 Workbench/idp/shibboleth-idp/metadata/idpui-sp.xml
create mode 100644 Workbench/idp_ui/Dockerfile
create mode 100644 Workbench/idp_ui/container_files/idp_ui/application.yml
create mode 100644 Workbench/idp_ui/container_files/idp_ui/idp-metadata.xml
create mode 100644 Workbench/idp_ui/container_files/idp_ui/samlkeystore.jks
rename Workbench/{tmp => idp_ui/container_files/idp_ui}/shibui-test.p12 (100%)
create mode 100644 Workbench/idp_ui/container_files/idp_ui/users.txt
create mode 100644 Workbench/idp_ui/container_files/system/setservername.sh
diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
index 42b7ee6..afc1a49 100644
--- a/Workbench/docker-compose.yml
+++ b/Workbench/docker-compose.yml
@@ -268,7 +268,41 @@ services:
- net
ports:
- 13443:443
+ volumes:
+ - generated-metadata:/opt/shibboleth-idp/metadata/generated
+ - generated-config:/opt/shibboleth-idp/conf/generated
+
+ idp_ui:
+ build:
+ context: ./idp_ui/
+ args:
+ - CSPHOSTNAME
+ depends_on:
+ - idp
+ networks:
+ - net
+ ports:
+ - 8080:8080
+ volumes:
+ - generated-metadata:/generated-metadata
+ - generated-config:/generated-config
+ idp_ui_data:
+ image: tier/mariadb:latest
+ ports:
+ - 33366:3306
+ environment:
+ MYSQL_USER: shibui
+ MYSQL_PASSWORD: secret
+ MYSQL_DATABASE: shibui
+ MYSQL_RANDOM_ROOT_PASSWORD: "yes"
+ networks:
+ net:
+ aliases:
+ - idpui-data
+ volumes:
+ - mariadb-data:/var/lib/mysql
+
mq:
build: ./mq/
environment:
@@ -422,5 +456,8 @@ volumes:
mq:
wordpress_data:
wordpress_server:
+ generated-config:
+ generated-metadata:
+ mariadb-data:
diff --git a/Workbench/idp/Dockerfile b/Workbench/idp/Dockerfile
index 095418f..119762f 100644
--- a/Workbench/idp/Dockerfile
+++ b/Workbench/idp/Dockerfile
@@ -7,6 +7,8 @@ ENV CSPHOSTNAME=$CSPHOSTNAME
COPY shibboleth-idp/ /opt/shibboleth-idp/
+RUN mkdir -p /opt/shibboleth-idp/metadata/generated && mkdir -p /opt/shibboleth-idp/conf/generated
+
COPY container_files/system/setservername.sh /usr/local/bin/
RUN chmod 755 /usr/local/bin/setservername.sh
diff --git a/Workbench/idp/container_files/system/setservername.sh b/Workbench/idp/container_files/system/setservername.sh
index 2c32d77..ea440ab 100644
--- a/Workbench/idp/container_files/system/setservername.sh
+++ b/Workbench/idp/container_files/system/setservername.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-files="/opt/shibboleth-idp/metadata/idp-metadata.xml /opt/shibboleth-idp/metadata/grouper-sp.xml /opt/shibboleth-idp/metadata/proxy-sp.xml /opt/shibboleth-idp/metadata/comanage-sp.xml /opt/shibboleth-idp/metadata/midpoint-sp.xml"
+files="/opt/shibboleth-idp/metadata/idp-metadata.xml /opt/shibboleth-idp/metadata/grouper-sp.xml /opt/shibboleth-idp/metadata/idpui-sp.xml /opt/shibboleth-idp/metadata/proxy-sp.xml /opt/shibboleth-idp/metadata/comanage-sp.xml /opt/shibboleth-idp/metadata/midpoint-sp.xml"
for file in $files
do
diff --git a/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml b/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml
index 393d7db..c956985 100644
--- a/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml
+++ b/Workbench/idp/shibboleth-idp/conf/attribute-filter.xml
@@ -30,4 +30,11 @@
<AttributeRule attributeID="uid" permitAny="true" />
<AttributeRule attributeID="mail" permitAny="true" />
</AttributeFilterPolicy>
+
+ <AttributeFilterPolicy id="shibui">
+ <PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org/shibui" />
+ <AttributeRule attributeID="uid" permitAny="true" />
+ <AttributeRule attributeID="mail" permitAny="true" />
+ </AttributeFilterPolicy>
+
</AttributeFilterPolicyGroup>
diff --git a/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml b/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml
index fed3387..2992635 100644
--- a/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml
+++ b/Workbench/idp/shibboleth-idp/conf/metadata-providers.xml
@@ -29,6 +29,7 @@
<MetadataProvider id="MidpointSP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/midpoint-sp.xml"/>
<MetadataProvider id="ComanageSP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/comanage-sp.xml"/>
<MetadataProvider id="ProxySP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/proxy-sp.xml"/>
+ <MetadataProvider id="ShibUISP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/idpui-sp.xml"/>
<!-- Example HTTP metadata provider. Use this if you want to download
the metadata from a remote service.
diff --git a/Workbench/idp/shibboleth-idp/metadata/idpui-sp.xml b/Workbench/idp/shibboleth-idp/metadata/idpui-sp.xml
new file mode 100644
index 0000000..56571da
--- /dev/null
+++ b/Workbench/idp/shibboleth-idp/metadata/idpui-sp.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_zij31efrehgvhxgib5fugrypnm9i5ru0olesbuo" entityID="https://sp.example.org/shibui" validUntil="2040-12-15T20:55:14.900Z">
+ <md:Extensions>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+ </md:Extensions>
+ <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:1.1:protocol">
+ <md:Extensions>
+ <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://__CSPHOSTNAME__/idpui/callback?client_name=Saml2Client"/>
+ </md:Extensions>
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIICpzCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxmYzRh
+ZGZjYWU2YzEwHhcNMjAxMjE1MjE0MTEzWhcNMjExMjE1MjE0MTE0WjAXMRUwEwYD
+VQQDDAxmYzRhZGZjYWU2YzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCA6b7o1/Nk7n1QGEnlmvG9xEY7F9adyx5KBvoLLDQDN6PIKxH5nFoJJEmh3xWG
+BDWJV6+QG3qaCOLDgNzVPw8M9Ns+P9pVn+/y4Lpddel2QgoTNkUM7w1/1sm4LbbL
+rcnMqYjhGwdm5ay+PvmhUOncmQN3m7x58JRRQcaDmFY3wKs61F5+dDa1AJydjrNW
+2V1tJVOFEOozmxJDh0rllIzzlmacBNBK9i5pfhOt3dMoh4PdBsUqiqWFGPEYX+Vx
+BmtcpHblNXfQSORVIuqx4qbti//QcFMT+DNe08TTCs9/UFwRZI/MDM1sdRge4Im3
+a9u509zFJJBNh9UWwR3Bzlg5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFd1tj7E
+joWPXpknmMzVGiJ3+3khvXnuIMOTHMcllxrjwcbAEfZ115tVlZHw3zza1qN3kq1L
+Gcg9NYCikn+ogPr542X06AgUs3KYBzHOTyubcgCGcvltNaOR+Du1LMQgr6VS5RII
+m8O7eQjL/Rpbm5GOkRROT8Sr+c8jcVFJoqw84pZyKdOaFTns2GfwLbHltLucLaON
+066UxGVYjBKhqeEzuEm+vn7Igrls6djGNKgH5DdmVpTzCqVyAUDEcGgRN6NOhcss
+4GamIudEFQczGqVgywv0nYIHZtSvYerO82ctt+osaOnmGU+Do4tdbBhIFHbguhzT
+490d7NC/yWS99RU=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:KeyDescriptor use="encryption">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIICpzCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxmYzRh
+ZGZjYWU2YzEwHhcNMjAxMjE1MjE0MTEzWhcNMjExMjE1MjE0MTE0WjAXMRUwEwYD
+VQQDDAxmYzRhZGZjYWU2YzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCA6b7o1/Nk7n1QGEnlmvG9xEY7F9adyx5KBvoLLDQDN6PIKxH5nFoJJEmh3xWG
+BDWJV6+QG3qaCOLDgNzVPw8M9Ns+P9pVn+/y4Lpddel2QgoTNkUM7w1/1sm4LbbL
+rcnMqYjhGwdm5ay+PvmhUOncmQN3m7x58JRRQcaDmFY3wKs61F5+dDa1AJydjrNW
+2V1tJVOFEOozmxJDh0rllIzzlmacBNBK9i5pfhOt3dMoh4PdBsUqiqWFGPEYX+Vx
+BmtcpHblNXfQSORVIuqx4qbti//QcFMT+DNe08TTCs9/UFwRZI/MDM1sdRge4Im3
+a9u509zFJJBNh9UWwR3Bzlg5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFd1tj7E
+joWPXpknmMzVGiJ3+3khvXnuIMOTHMcllxrjwcbAEfZ115tVlZHw3zza1qN3kq1L
+Gcg9NYCikn+ogPr542X06AgUs3KYBzHOTyubcgCGcvltNaOR+Du1LMQgr6VS5RII
+m8O7eQjL/Rpbm5GOkRROT8Sr+c8jcVFJoqw84pZyKdOaFTns2GfwLbHltLucLaON
+066UxGVYjBKhqeEzuEm+vn7Igrls6djGNKgH5DdmVpTzCqVyAUDEcGgRN6NOhcss
+4GamIudEFQczGqVgywv0nYIHZtSvYerO82ctt+osaOnmGU+Do4tdbBhIFHbguhzT
+490d7NC/yWS99RU=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://__CSPHOSTNAME__/idpui/callback?client_name=Saml2Client&idplogoutrequest=true"/>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://__CSPHOSTNAME__/idpui/callback?client_name=Saml2Client" index="0"/>
+ </md:SPSSODescriptor>
+</md:EntityDescriptor>
\ No newline at end of file
diff --git a/Workbench/idp_ui/Dockerfile b/Workbench/idp_ui/Dockerfile
new file mode 100644
index 0000000..8fddd63
--- /dev/null
+++ b/Workbench/idp_ui/Dockerfile
@@ -0,0 +1,19 @@
+FROM tier/shib-idp-ui:1.7.0
+
+ARG CSPHOSTNAME=localhost
+ENV CSPHOSTNAME=$CSPHOSTNAME
+
+COPY container_files/idp_ui/application.yml /opt/shibui/
+COPY container_files/idp_ui/shibui-test.p12 /opt/shibui/
+COPY container_files/idp_ui/users.txt /opt/shibui/
+
+RUN mkdir -p /opt/shibui/saml/
+COPY container_files/idp_ui/samlkeystore.jks /opt/shibui/saml/
+COPY container_files/idp_ui/idp-metadata.xml /opt/shibui/saml/
+
+COPY container_files/system/setservername.sh /usr/local/bin/
+RUN chmod 755 /usr/local/bin/setservername.sh
+RUN /usr/local/bin/setservername.sh
+
+
+EXPOSE 8443
diff --git a/Workbench/idp_ui/container_files/idp_ui/application.yml b/Workbench/idp_ui/container_files/idp_ui/application.yml
new file mode 100644
index 0000000..46e2cd3
--- /dev/null
+++ b/Workbench/idp_ui/container_files/idp_ui/application.yml
@@ -0,0 +1,46 @@
+server:
+ context-path: /idpui
+ servlet:
+ context-path: /idpui
+ tomcat:
+ redirect-context-root: false
+ ssl:
+ enabled: true
+ key-store: /opt/shibui/shibui-test.p12
+ key-store-password: testing
+ key-store-type: pkcs12
+ key-password: testing
+ port: 8443
+shibui:
+ default-password: "{noop}letmein7"
+ metadata-dir: "/generated-metadata"
+ beacon-enabled: true
+ pac4j-enabled: false
+ pac4j:
+ keystorePath: "/opt/shibui/saml/samlkeystore.jks"
+ keystorePassword: "changeit"
+ privateKeyPassword: "changeit"
+ serviceProviderEntityId: "https://sp.example.org/shibui"
+ serviceProviderMetadataPath: "/opt/shibui/saml/sp-metadata.xml"
+ identityProviderMetadataPath: "/opt/shibui/saml/idp-metadata.xml"
+ forceServiceProviderMetadataGeneration: false
+ callbackUrl: "https://__CSPHOSTNAME__/idpui/callback"
+ maximumAuthenticationLifetime: 3600000
+ saml2ProfileMapping:
+ username: urn:oid:0.9.2342.19200300.100.1.1
+ firstname: urn:oid:2.5.4.42
+ lastname: urn:oid:2.5.4.4
+ email: urn:oid:0.9.2342.19200300.100.1.3
+spring:
+ datasource:
+ username: shibui
+ password: secret
+ url: jdbc:mariadb://idpui-data:3306/shibui
+ driverClassName: org.mariadb.jdbc.Driver
+ platform: mariadb
+ jpa:
+ database-platform: org.hibernate.dialect.MariaDBDialect
+ hibernate:
+ ddl-auto: update
+
+
\ No newline at end of file
diff --git a/Workbench/idp_ui/container_files/idp_ui/idp-metadata.xml b/Workbench/idp_ui/container_files/idp_ui/idp-metadata.xml
new file mode 100644
index 0000000..8bf0814
--- /dev/null
+++ b/Workbench/idp_ui/container_files/idp_ui/idp-metadata.xml
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idptestbed/idp/shibboleth">
+
+ <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+
+ <Extensions>
+ <shibmd:Scope regexp="false">example.org</shibmd:Scope>
+<!--
+ Fill in the details for your IdP here
+
+ <mdui:UIInfo>
+ <mdui:DisplayName xml:lang="en">A Name for the IdP at idptestbed</mdui:DisplayName>
+ <mdui:Description xml:lang="en">Enter a description of your IdP at idptestbed</mdui:Description>
+ <mdui:Logo height="80" width="80">https://localhost/Path/To/Logo.png</mdui:Logo>
+ </mdui:UIInfo>
+-->
+ </Extensions>
+
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
+MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
+YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
+SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
+03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
+5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
+XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
+DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
+ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
+NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
+j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
+IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
+t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
+CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
+MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
+u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
+Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
+Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
+MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
+uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
+HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
+ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
+CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
+sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
+RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
+Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
+DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
+s00xrv14zLifcc8oj5DYzOhYRifRXgHX
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
+MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
+cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
+l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
+ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
+9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
+VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
+DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
+QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
+jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
+xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
++PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
+p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+
+ <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+
+ <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://__CSPHOSTNAME__/idp/profile/Shibboleth/SSO"/>
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/POST/SSO"/>
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/POST-SimpleSign/SSO"/>
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/Redirect/SSO"/>
+
+ </IDPSSODescriptor>
+
+
+ <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+
+ <Extensions>
+ <shibmd:Scope regexp="false">localhost</shibmd:Scope>
+ </Extensions>
+
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
+MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
+YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
+SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
+03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
+5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
+XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
+DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
+ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
+NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
+j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
+IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
+t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
+CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
+MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
+u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
+Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
+Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
+MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
+uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
+HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
+ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
+CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
+sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
+RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
+Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
+DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
+s00xrv14zLifcc8oj5DYzOhYRifRXgHX
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
+MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
+cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
+l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
+ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
+9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
+VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
+DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
+QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
+jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
+xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
++PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
+p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+ </KeyDescriptor>
+
+
+ <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://__CSPHOSTNAME__/idp/profile/SAML1/SOAP/AttributeQuery"/>
+ <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/SOAP/AttributeQuery"/>
+ <!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above -->
+
+ </AttributeAuthorityDescriptor>
+
+</EntityDescriptor>
diff --git a/Workbench/idp_ui/container_files/idp_ui/samlkeystore.jks b/Workbench/idp_ui/container_files/idp_ui/samlkeystore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..7c3135af10b005d5e4508c9c0563947d1ce8b59f
GIT binary patch
literal 2254
zcmc(g_ct317ss=#AZ^4*jY?zh#7K*(JrjLP(b_eO5J{A(K4_z8ZDLh5W?MCC7xAi~
zN{3Q2s<l^#79F;}yyKkbKX`w*_ngo7+#l}w-h1xdU)f&)005wa0RB5T$R1vr0S6T3
z7d37N0B`^?G{_zX#tBv81VVs{AUF`n0f5jTpZxlWY1;7>%+rC2&{oUm=3G`}R|KfQ
zv1YMXWVktJwvBS1AmG?2cCWi}>dfk*t?UO|K)Oqn)HzuRM~I)DDEBVcY`kf4k^APp
zu~r=$pE2+YU-)e4ICeDFP%Q5C>%xX{y?otn`7_~w8xfI<fi;&Z$Fv0Ha0B7*mhc+&
zu!!T%OwA8J_+pnkkp&`(X#7G$$w?{`hdY6CM9r^RObb9n_EAzWN?yU%%vtxg=({s-
zM0ZmXf=zpkPNaw7WX>h&K|Ycg>be29#bTppN~8K-Y<Y|>n#xKLwkIdQlZIqx!%p~`
zQ`GR#?On&qfe6UOT*s^D`RGKh>SeKr*`IvRuZW(ar!H=>E;&du%NygM3DK1{c|<kb
z$bJB8y}uR1Zq+GspVN2<&|DgyflAdjym&x3rmuYp$ml>+3(RenD<<PcF4So0fV?x2
z)3q);uu7@@{9Y%18#p_=e2Y*UgyLIS5qGllotV(q>v(buzDgSw=ST_}np)Qti%}z|
zgbynUXR-{CnR`UGVc=NmP96EP`-5>W;dtX%W8J0-{jYkZtrhi7oeDO974MC)&@tC0
zLcv2DQ>d(8VXk>L!4Q|Ic#NWgd>i>VGvTftryYFdLTE_%*pt<ValI)@HN-{sqzUh1
z6sj@(#>DKDEi7!nRnK=Al?Wma3!EW&R)Ni<UUs;z-fS}O&<X9%Q4!0n?J>$zjFB00
zk=&jyl)HbA;588P1AzYK2VBv6uYQpY;j1a=UmS+s<v%ULn)<e|HH9)yr`W46m2Upd
z`^534NVky@0bI7*OKPasU9j~g#=|L=!p+DXz4Q^u(d(MVl-&F1HFMTY1Lpg5t4Edk
zW?Vg+9i=^&OYMzfer^`QXH=4fP|_MEjsUu~GPFhR{iq5qBBToLdh)K1x*JC^C5pGJ
z$>r;nETo_`(~m9DlTPnV=NyrlDi+hSKNl%HpgyXg`|gxbt$2m6Mf=O_iav);lT@z;
z{D@NIoKyI%sa0`WG26x`>G_;c%<DDKthMqxC}Mx3-}e@i+Qrkluax!lcg6A#7{+Y!
z7q~7*aEzJk7qH5CgE{zYV?V%2Cnhb<e&|Rh9_bkP7vLh)#Kwv&!fD@2{d)Ad#2A*|
zgEclHN1~3ec}&|Vm*jd^mg3-4*aw%z$(l{$9_RploY9`VP7JIT+GV-*F<JT{O8Cyx
za|y0tBPJyo%_p2{Dz9(cr8<9q>&PHTv#$PHQVhltgq*AYqE<;c)Enq4pGK|96HUk^
zXNPba=(i;U*&A)OU4l*V^+vT$OtV4j{iK|G=TUtfJ^euCuc#Jjic^;)z_-nF0<TrF
z!Qnkxe6=h<T016DQsm5)GST^0=U4{%$mi=dI7Z7bQ*~T?+UgHj?A2|VnSvIT{Es2N
zh3@@lqZZU+GxUU?+8Cj^&4}K>qg-y3-5BXxm{&1M3*`ygE^lJ>C*5<runY~}2*UM*
zQy<k{kRdFEN3X=?Ce2Ek)7pRJ+^?QVJDaGj`B~vZs)H@po|js3sb{SY&TKU=MN_la
z3h!n5Nb<KCcHQi?6(M?Iu$<wv`%&aeH0w{$epz)=iJ|*9U+adh`SRI0`Tm>3Sss--
z>oosJaevvMv{Q2m7D5q&f2t!rB9gEDfNTbr=LXt#@BZg5UR2e>XafM?cnl33gQ0<l
zg<ud61cH#ai(X>*Ie8T0EaEo!fk0jk0EUX?#qe-~?ID~9ko|cq9CPFlxDnje{$76m
zmpw>W0nE`ui3`DFNFt#Osh+{q|7lPJk0t4f50&I|MIFnBfgaZJBEa50VOUWN@{qs?
zxW6|!)L+#n+#`q_=%X4;y^J|7!mp0Os$;d()en=C2*1W5YWx@fFFnzK=)YTY@HoIU
z;1K|Z284oWKp-GanyLlh8g|n^#*3NF-xhf~C98FBRGyL~O{U+;--+C8|D9EglskP1
zG_crRkW0;=NExpgFiH)wJmB@nqn{?CDla`09qzt4e?g|l-q{-c*L`56uv5bxtVT;h
z{PUX7P+4=;P8UN_7i~gDn+H#`6`rVWpHvhSd+?3pTy`(7hx`ZlN@j<QIFS@6vgFm!
z+-JmY%j&#?v9z$?#QzbXvt}#F2}&uQd|teyFJm4F-rFscH|<nI6No2Oe|kw^CH-Wi
zLhIC0zn%g2%fd_p`Q=2iVzM0h6rjxXxFPn=?bas?++0bSY;;_~wd>TM-La^0rBVWj
zn?4<L{3Qqs1OQ7;U?edT2XmExL4+ZKRW6n)Jz>S;y*^KO-tFDcJ`(1(`gao#_Uphz
zAiz^ct!U!c^rwWaN#elc4$JPTIsTI!MeX?bAQx!cO1qg)7^n4uuY54<v3s`-4_$o2
zp;Mq(%dLfU?dY5DZ#|W-A}=|In!H_9Q;QvRRx8MIB}^smchx<xHle0A;gK2Wah#pd
zi;;g6re#&<(dmeVwkg%@<$peiyIor!f(VQ1^{r!YSOA~O`~8`Rr;s+iZVa}~+}4>4
z8}?-9N$v5F$mp$^F}-}+v%-MoM%T48@Sbs5;GST-T=mM{t++98M4`jtj%5DTci$da
zz>Gr{r0p5KJI_cp%Gy5y42)GDkGnK6Lm}NX{-E%O#9L3`i3mumRC5&Xof2DTKs29%
WANQ9GUFp{y{l0JtCiJ?YJNRGHjndTs
literal 0
HcmV?d00001
diff --git a/Workbench/tmp/shibui-test.p12 b/Workbench/idp_ui/container_files/idp_ui/shibui-test.p12
similarity index 100%
rename from Workbench/tmp/shibui-test.p12
rename to Workbench/idp_ui/container_files/idp_ui/shibui-test.p12
diff --git a/Workbench/idp_ui/container_files/idp_ui/users.txt b/Workbench/idp_ui/container_files/idp_ui/users.txt
new file mode 100644
index 0000000..6198804
--- /dev/null
+++ b/Workbench/idp_ui/container_files/idp_ui/users.txt
@@ -0,0 +1,2 @@
+root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
+banderson,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
\ No newline at end of file
diff --git a/Workbench/idp_ui/container_files/system/setservername.sh b/Workbench/idp_ui/container_files/system/setservername.sh
new file mode 100644
index 0000000..10c2049
--- /dev/null
+++ b/Workbench/idp_ui/container_files/system/setservername.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+files="/opt/shibui/application.yml /opt/shibui/saml/idp-metadata.xml"
+
+for file in $files
+ do
+ sed -i "s|__CSPHOSTNAME__|$CSPHOSTNAME|g" $file
+ done
\ No newline at end of file
diff --git a/Workbench/scripts/gethealth.py b/Workbench/scripts/gethealth.py
index 715f8ef..5d0a7f4 100755
--- a/Workbench/scripts/gethealth.py
+++ b/Workbench/scripts/gethealth.py
@@ -1,6 +1,6 @@
#!/bin/python
-containers = ["idp", "grouper_ui", "grouper_ws", "grouper_daemon", "grouper_data", "comanage", "comanage-cron", "comanage_data", "midpoint_server", "midpoint_data", "webproxy", "wordpress_server", "wordpress_data", "mq", "directory", "sources"]
+containers = ["idp", "idp_ui", "idp_ui_data", "grouper_ui", "grouper_ws", "grouper_daemon", "grouper_data", "comanage", "comanage-cron", "comanage_data", "midpoint_server", "midpoint_data", "webproxy", "wordpress_server", "wordpress_data", "mq", "directory", "sources"]
print("<table><tr><th style='text-align:left;width:150px'>Container</th><th style='text-align:left'>Health Status</th></tr>")
for container in containers:
diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
index 7716b29..eb7a75f 100644
--- a/Workbench/webproxy/container_files/httpd/index.html
+++ b/Workbench/webproxy/container_files/httpd/index.html
@@ -9,6 +9,7 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
The system contains the following TAP components (click the links to access each component in its own tab):
<ul>
<li><a href="https://__CSPHOSTNAME__/idp/status" target="TAP-WB-IDP">Shibboleth IdP (4.0.1)</a></li>
+<li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.7.0)</a></li>
<li>Shibboleth SPs:</li>
<ul>
<li><a href="https://__CSPHOSTNAME__/grouperSSO/Shibboleth.sso/Status" target="TAP-WB-gSP">Grouper SP (3.1.0)</a></li>
diff --git a/Workbench/webproxy/container_files/httpd/proxy.conf b/Workbench/webproxy/container_files/httpd/proxy.conf
index 068f506..ff1785a 100644
--- a/Workbench/webproxy/container_files/httpd/proxy.conf
+++ b/Workbench/webproxy/container_files/httpd/proxy.conf
@@ -15,6 +15,10 @@ AllowEncodedSlashes On
RequestHeader unset Authorization
</Location>
+<Location /idpui>
+ RequestHeader unset Authorization
+</Location>
+
ProxyPass /midpoint https://midpoint-server/midpoint
ProxyPassReverse /midpoint https://midpoint-server/midpoint
ProxyPass /MPSSO https://midpoint-server/MPSSO
@@ -31,6 +35,9 @@ ProxyPassReverse /grouper-ws https://grouper-ws/grouper-ws
ProxyPass /idp https://idp/idp
ProxyPassReverse /idp https://idp/idp
+ProxyPass /idpui https://idp_ui:8443/idpui
+ProxyPassReverse /idpui https://idp_ui:8443/idpui
+
ProxyPass /rabbit http://mq:15672/ nocanon
ProxyPassReverse /rabbit http://mq:15672/
#ProxyPass /# http://mq:15672/#
From 73bb7fc9233cdc2e238c993aad14ad273cab0afe Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Tue, 15 Dec 2020 17:02:38 -0600
Subject: [PATCH 3/3] fix oversight
---
Workbench/idp_ui/container_files/idp_ui/application.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Workbench/idp_ui/container_files/idp_ui/application.yml b/Workbench/idp_ui/container_files/idp_ui/application.yml
index 46e2cd3..071d668 100644
--- a/Workbench/idp_ui/container_files/idp_ui/application.yml
+++ b/Workbench/idp_ui/container_files/idp_ui/application.yml
@@ -13,6 +13,8 @@ server:
port: 8443
shibui:
default-password: "{noop}letmein7"
+ metadataProviders:
+ target: "file:/generated-conf/shibui-metadata-providers.xml"
metadata-dir: "/generated-metadata"
beacon-enabled: true
pac4j-enabled: false