Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
TIDO-505 Update base image (#3)
* Update Shib SP base image
* Update CentOS7 repos and test infrastructure
* Replace CentOS7 sample app image with official PHP image
* Replace ldap,shib idp with simplesamlphp idp
* Replace testing image and add selenium standalone image
* Test should run in headless mode
* Streamline test/release/clean
* Update Quickstart
  • Loading branch information
dmartinez committed Aug 27, 2024
1 parent 87bd640 commit c7212de
Show file tree
Hide file tree
Showing 121 changed files with 315 additions and 543,186 deletions.
8 changes: 4 additions & 4 deletions Dockerfile
@@ -1,9 +1,9 @@
FROM tier/shibboleth_sp
FROM i2incommon/shibboleth_sp:3.4.1_05152024_rocky9_multiarch

LABEL version="0.0.1"
LABEL version="${VERSION}"

RUN yum update -y && \
yum clean all
RUN dnf update -y && \
dnf clean all

COPY container_files/httpd/httpd.conf /etc/httpd/conf/httpd.conf
COPY container_files/httpd/proxy.conf /etc/httpd/conf.d/proxy.conf
Expand Down
55 changes: 55 additions & 0 deletions Makefile
@@ -0,0 +1,55 @@
# This is the main interface into the repository for building the image of the Shibboleth SP reverse proxy.
#
# All targets assume they're running on a Linux or macOS host with Bash and Docker installed.
# Any other dependencies should be satisfied by containers.
#

.DEFAULT_GOAL := help

DEBUG = [DEBUG]
INFO = [INFO]
SUCCESS = [INFO]

VERSION := $(shell cat VERSION.txt)

compose := docker compose

.PHONY: all
all: build

.PHONY: build
build: ## Build the Docker image
$(compose) build proxy
@echo "$(SUCCESS) Successfully built!"

.PHONY: clean
clean: ## Remove build artifacts
$(compose) down --rmi all
@echo "$(SUCCESS) All clean!"

.PHONY: help
help: ## Display this help (default)
@echo "Targets:"
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort \
| awk 'BEGIN {FS = ":.*?## "}; {printf " %-17s%s\n", $$1, $$2}'

.PHONY: release
release: ## Build the Docker image with the tagged version for release
VERSION=${VERSION} $(compose) build proxy
@docker images --format "{{.Repository}}:{{.Tag}}" | grep '^shib-proxy:' | \
while read -r line; do \
tag=$$(echo $$line | awk -F: '{print $$2}'); \
if [ "$$tag" != "$(VERSION)" ]; then \
echo "${INFO} Removing tag - $$tag"; \
docker rmi shib-proxy:$$tag; \
fi \
done
@echo "$(SUCCESS) Successfully built!"

.PHONY: test
test: ## Run the tests on the proxy Docker image
$(compose) up -d selenium-firefox
@echo "${INFO} Waiting for services to come up..."
@sleep 30
$(compose) up test
$(compose) down
66 changes: 32 additions & 34 deletions README.md
Expand Up @@ -5,15 +5,8 @@ A SAML-authenticating HTTPS reverse proxy using Shibboleth
## Introduction

This repository builds a Docker container image that acts as an HTTPS reverse
proxy in front of a web application. The proxy authenticates a visitor using
SAML, and passes the username and group memberships to the web application as
HTTP headers:

* `X-Forwarded-User`: Contains the `eppn` attribute value for the
user

* `X-Forwarded-Groups`: Contains the `isMemberOf` attribute values for the
user, separated by semicolons
proxy in front of a web application. The proxy can authenticate a visitor using
SAML.

IMPORTANT: To prevent visitors from spoofing the HTTP headers, you
MUST ensure that your web application *only* allows incoming requests
Expand All @@ -25,47 +18,52 @@ HTTP headers:

## Quick Start

To try the container in a test environment:

1. Change to the `tests` directory, and bring up the `proxy` service and its
dependencies from `docker-compose.yml`:
```
cd tests
docker-compose up -d proxy
```

2. Update `/etc/hosts` to add `idp.example.edu` and
To try the container in a test environment the first thing to do is update `/etc/hosts` to add `idp.example.edu` and
`sptest.example.edu` as aliases for `localhost`:
```
# /etc/hosts
127.0.0.1 localhost idp.example.edu sp.example.edu
```

3. In a web browser, visit https://sptest.example.edu:8443. You should be
Now, there are two ways to do testing:
- **Automated**

Run
```
make test
```

- **Manual**

1. Run
```
docker compose up -d proxy
```

2. In a web browser, visit https://sptest.example.edu. You should be
redirected to the test IdP at https://idp.example.edu.

4. In the IdP login form, use `banderson` for the username, and
`password` for the password.
3. In the IdP login form, use `user1` for the username, and
`user1pass` for the password.

5. After logging in, you should see a PHP information page. Under the
"HTTP Headers Information" heading, yous should see the following
headers set:
4. After logging in, you should see a PHP information page. Under the
"Headers" heading, yous should see the following, letting you know you successsfully authenticated using the proxy:

| Header | Value |
|--------------------|------------------------------------------------------------------------------------|
| X-Forwarded-User | banderson@example.edu |
| X-Forwarded-Groups | cn=developers,ou=Groups,dc=internet2,dc=edu;cn=users,ou=Groups,dc=internet2,dc=edu |
| Header | Value |
|--------------------|--------------------------------|
| Referer | "http://idp.example.edu:8080/" |
| X-Forwarded-Host | "sptest.example.edu" |

6. When finished, shut down the services from `docker-compose.yml`:
```
docker-compose down
```
5. When finished, shut down the services from `docker compose.yml`:
```
docker compose down
```


## Configuration

The container expects several environment variables at runtime. See
`tests/docker-compose.yml` for a working example. In a production environment,
`docker compose.yml` for a working example. In a production environment,
these variables would be set by your orchestration system (for example, AWS
Elastic Container Service or Kubernetes), and sensitive information (such as
private keys) would be stored securely (for example, using AWS Systems Manager
Expand Down
1 change: 1 addition & 0 deletions VERSION.txt
@@ -0,0 +1 @@
0.0.2
15 changes: 0 additions & 15 deletions ci/build.sh

This file was deleted.

74 changes: 0 additions & 74 deletions ci/deploy.sh

This file was deleted.

4 changes: 0 additions & 4 deletions ci/login.sh

This file was deleted.

49 changes: 0 additions & 49 deletions ci/test.sh

This file was deleted.

0 comments on commit c7212de

Please sign in to comment.