Skip to content
Jump to bottom

add IdP UI #67

Merged
merged 4 commits into from Dec 15, 2020
+406 −2
Merged

add IdP UI #67

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
956c2d4
test cert for shibui
Dec 15, 2020
5142669
add IdP UI
pcaskey Dec 15, 2020
73bb7fc
fix oversight
pcaskey Dec 15, 2020
ed88fc8
Merge branch 'main' into PC_IdP-UI
pcaskey Dec 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
37 changes: 37 additions & 0 deletions Workbench/docker-compose.yml
View file
@@ -268,7 +268,41 @@ services:
- net
ports:
- 13443:443
volumes:
- generated-metadata:/opt/shibboleth-idp/metadata/generated
- generated-config:/opt/shibboleth-idp/conf/generated

idp_ui:
build:
context: ./idp_ui/
args:
- CSPHOSTNAME
depends_on:
- idp
networks:
- net
ports:
- 8080:8080
volumes:
- generated-metadata:/generated-metadata
- generated-config:/generated-config

idp_ui_data:
image: tier/mariadb:latest
ports:
- 33366:3306
environment:
MYSQL_USER: shibui
MYSQL_PASSWORD: secret
MYSQL_DATABASE: shibui
MYSQL_RANDOM_ROOT_PASSWORD: "yes"
networks:
net:
aliases:
- idpui-data
volumes:
- mariadb-data:/var/lib/mysql

mq:
build: ./mq/
environment:
@@ -427,5 +461,8 @@ volumes:
mq:
wordpress_data:
wordpress_server:
generated-config:
generated-metadata:
mariadb-data:


2 changes: 2 additions & 0 deletions Workbench/idp/Dockerfile
View file
@@ -7,6 +7,8 @@ ENV CSPHOSTNAME=$CSPHOSTNAME

COPY shibboleth-idp/ /opt/shibboleth-idp/

RUN mkdir -p /opt/shibboleth-idp/metadata/generated && mkdir -p /opt/shibboleth-idp/conf/generated

COPY container_files/system/setservername.sh /usr/local/bin/
RUN chmod 755 /usr/local/bin/setservername.sh

2 changes: 1 addition & 1 deletion Workbench/idp/container_files/system/setservername.sh
View file
@@ -1,6 +1,6 @@
#!/bin/bash

files="/opt/shibboleth-idp/metadata/idp-metadata.xml /opt/shibboleth-idp/metadata/grouper-sp.xml /opt/shibboleth-idp/metadata/proxy-sp.xml /opt/shibboleth-idp/metadata/comanage-sp.xml /opt/shibboleth-idp/metadata/midpoint-sp.xml /opt/shibboleth-idp/metadata/wordpress-sp.xml"
files="/opt/shibboleth-idp/metadata/idp-metadata.xml /opt/shibboleth-idp/metadata/idpui-sp.xml /opt/shibboleth-idp/metadata/grouper-sp.xml /opt/shibboleth-idp/metadata/proxy-sp.xml /opt/shibboleth-idp/metadata/comanage-sp.xml /opt/shibboleth-idp/metadata/midpoint-sp.xml /opt/shibboleth-idp/metadata/wordpress-sp.xml"

for file in $files
do
7 changes: 7 additions & 0 deletions Workbench/idp/shibboleth-idp/conf/attribute-filter.xml
View file
@@ -30,4 +30,11 @@
<AttributeRule attributeID="uid" permitAny="true" />
<AttributeRule attributeID="mail" permitAny="true" />
</AttributeFilterPolicy>

<AttributeFilterPolicy id="shibui">
<PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org/shibui" />
<AttributeRule attributeID="uid" permitAny="true" />
<AttributeRule attributeID="mail" permitAny="true" />
</AttributeFilterPolicy>

</AttributeFilterPolicyGroup>
1 change: 1 addition & 0 deletions Workbench/idp/shibboleth-idp/conf/metadata-providers.xml
View file
@@ -30,6 +30,7 @@
<MetadataProvider id="ComanageSP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/comanage-sp.xml"/>
<MetadataProvider id="WordpressSP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/wordpress-sp.xml"/>
<MetadataProvider id="ProxySP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/proxy-sp.xml"/>
<MetadataProvider id="ShibUISP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/idpui-sp.xml"/>

<!-- Example HTTP metadata provider. Use this if you want to download
the metadata from a remote service.
71 changes: 71 additions & 0 deletions Workbench/idp/shibboleth-idp/metadata/idpui-sp.xml
View file
@@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_zij31efrehgvhxgib5fugrypnm9i5ru0olesbuo" entityID="https://sp.example.org/shibui" validUntil="2040-12-15T20:55:14.900Z">
<md:Extensions>
<alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
<alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
<alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
<alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
<alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
<alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
<alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
<alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
<alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
<alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"/>
</md:Extensions>
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:1.1:protocol">
<md:Extensions>
<init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://__CSPHOSTNAME__/idpui/callback?client_name=Saml2Client"/>
</md:Extensions>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIICpzCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxmYzRh
ZGZjYWU2YzEwHhcNMjAxMjE1MjE0MTEzWhcNMjExMjE1MjE0MTE0WjAXMRUwEwYD
VQQDDAxmYzRhZGZjYWU2YzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCA6b7o1/Nk7n1QGEnlmvG9xEY7F9adyx5KBvoLLDQDN6PIKxH5nFoJJEmh3xWG
BDWJV6+QG3qaCOLDgNzVPw8M9Ns+P9pVn+/y4Lpddel2QgoTNkUM7w1/1sm4LbbL
rcnMqYjhGwdm5ay+PvmhUOncmQN3m7x58JRRQcaDmFY3wKs61F5+dDa1AJydjrNW
2V1tJVOFEOozmxJDh0rllIzzlmacBNBK9i5pfhOt3dMoh4PdBsUqiqWFGPEYX+Vx
BmtcpHblNXfQSORVIuqx4qbti//QcFMT+DNe08TTCs9/UFwRZI/MDM1sdRge4Im3
a9u509zFJJBNh9UWwR3Bzlg5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFd1tj7E
joWPXpknmMzVGiJ3+3khvXnuIMOTHMcllxrjwcbAEfZ115tVlZHw3zza1qN3kq1L
Gcg9NYCikn+ogPr542X06AgUs3KYBzHOTyubcgCGcvltNaOR+Du1LMQgr6VS5RII
m8O7eQjL/Rpbm5GOkRROT8Sr+c8jcVFJoqw84pZyKdOaFTns2GfwLbHltLucLaON
066UxGVYjBKhqeEzuEm+vn7Igrls6djGNKgH5DdmVpTzCqVyAUDEcGgRN6NOhcss
4GamIudEFQczGqVgywv0nYIHZtSvYerO82ctt+osaOnmGU+Do4tdbBhIFHbguhzT
490d7NC/yWS99RU=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIICpzCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxmYzRh
ZGZjYWU2YzEwHhcNMjAxMjE1MjE0MTEzWhcNMjExMjE1MjE0MTE0WjAXMRUwEwYD
VQQDDAxmYzRhZGZjYWU2YzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCA6b7o1/Nk7n1QGEnlmvG9xEY7F9adyx5KBvoLLDQDN6PIKxH5nFoJJEmh3xWG
BDWJV6+QG3qaCOLDgNzVPw8M9Ns+P9pVn+/y4Lpddel2QgoTNkUM7w1/1sm4LbbL
rcnMqYjhGwdm5ay+PvmhUOncmQN3m7x58JRRQcaDmFY3wKs61F5+dDa1AJydjrNW
2V1tJVOFEOozmxJDh0rllIzzlmacBNBK9i5pfhOt3dMoh4PdBsUqiqWFGPEYX+Vx
BmtcpHblNXfQSORVIuqx4qbti//QcFMT+DNe08TTCs9/UFwRZI/MDM1sdRge4Im3
a9u509zFJJBNh9UWwR3Bzlg5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFd1tj7E
joWPXpknmMzVGiJ3+3khvXnuIMOTHMcllxrjwcbAEfZ115tVlZHw3zza1qN3kq1L
Gcg9NYCikn+ogPr542X06AgUs3KYBzHOTyubcgCGcvltNaOR+Du1LMQgr6VS5RII
m8O7eQjL/Rpbm5GOkRROT8Sr+c8jcVFJoqw84pZyKdOaFTns2GfwLbHltLucLaON
066UxGVYjBKhqeEzuEm+vn7Igrls6djGNKgH5DdmVpTzCqVyAUDEcGgRN6NOhcss
4GamIudEFQczGqVgywv0nYIHZtSvYerO82ctt+osaOnmGU+Do4tdbBhIFHbguhzT
490d7NC/yWS99RU=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://__CSPHOSTNAME__/idpui/callback?client_name=Saml2Client&amp;idplogoutrequest=true"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://__CSPHOSTNAME__/idpui/callback?client_name=Saml2Client" index="0"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
19 changes: 19 additions & 0 deletions Workbench/idp_ui/Dockerfile
View file
@@ -0,0 +1,19 @@
FROM tier/shib-idp-ui:1.7.0

ARG CSPHOSTNAME=localhost
ENV CSPHOSTNAME=$CSPHOSTNAME

COPY container_files/idp_ui/application.yml /opt/shibui/
COPY container_files/idp_ui/shibui-test.p12 /opt/shibui/
COPY container_files/idp_ui/users.txt /opt/shibui/

RUN mkdir -p /opt/shibui/saml/
COPY container_files/idp_ui/samlkeystore.jks /opt/shibui/saml/
COPY container_files/idp_ui/idp-metadata.xml /opt/shibui/saml/

COPY container_files/system/setservername.sh /usr/local/bin/
RUN chmod 755 /usr/local/bin/setservername.sh
RUN /usr/local/bin/setservername.sh


EXPOSE 8443
48 changes: 48 additions & 0 deletions Workbench/idp_ui/container_files/idp_ui/application.yml
View file
@@ -0,0 +1,48 @@
server:
context-path: /idpui
servlet:
context-path: /idpui
tomcat:
redirect-context-root: false
ssl:
enabled: true
key-store: /opt/shibui/shibui-test.p12
key-store-password: testing
key-store-type: pkcs12
key-password: testing
port: 8443
shibui:
default-password: "{noop}letmein7"
metadataProviders:
target: "file:/generated-conf/shibui-metadata-providers.xml"
metadata-dir: "/generated-metadata"
beacon-enabled: true
pac4j-enabled: false
pac4j:
keystorePath: "/opt/shibui/saml/samlkeystore.jks"
keystorePassword: "changeit"
privateKeyPassword: "changeit"
serviceProviderEntityId: "https://sp.example.org/shibui"
serviceProviderMetadataPath: "/opt/shibui/saml/sp-metadata.xml"
identityProviderMetadataPath: "/opt/shibui/saml/idp-metadata.xml"
forceServiceProviderMetadataGeneration: false
callbackUrl: "https://__CSPHOSTNAME__/idpui/callback"
maximumAuthenticationLifetime: 3600000
saml2ProfileMapping:
username: urn:oid:0.9.2342.19200300.100.1.1
firstname: urn:oid:2.5.4.42
lastname: urn:oid:2.5.4.4
email: urn:oid:0.9.2342.19200300.100.1.3
spring:
datasource:
username: shibui
password: secret
url: jdbc:mariadb://idpui-data:3306/shibui
driverClassName: org.mariadb.jdbc.Driver
platform: mariadb
jpa:
database-platform: org.hibernate.dialect.MariaDBDialect
hibernate:
ddl-auto: update