[NOTASK]

update shibboleth idp
internet2 · Nov 8, 2023 · d12167e · d12167e
1 parent 767262d
commit d12167e
Show file tree

Hide file tree

Showing 314 changed files with 11,279 additions and 6,038 deletions.
diff --git a/src/test/docker/README.adoc b/src/test/docker/README.adoc
@@ -0,0 +1,5 @@
+= Integration example
+
+This directory contains sample configuration for integrating Grouper external authentication. Integration is provided primarily through the Shibboleth IdP.
+
+*!!!WARNING!!!* This is a full integration example that should be able to be run with minimal effort. As such, there are private keys included that should be replaced if used in any way outside of testing.
diff --git a/src/test/docker/docker-compose.yml b/src/test/docker/docker-compose.yml
@@ -85,7 +85,7 @@ services:
       - ../../../target/grouper-authentication-plugin-0.0.1-SNAPSHOT.jar:/opt/grouper/plugins/grouper-authentication-plugin.jar
       - ./grouper/config/grouper.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper.properties
       - ./grouper/config/grouper-ui.properties:/opt/grouper/grouperWebapp/WEB-INF/classes/grouper-ui.properties
-      - ./shibboleth-idp/config/shib-idp/metadata/idp-metadata.xml:/opt/grouper/idp-metadata.xml
+      - ./shibboleth-idp/opt-shibboleth-idp/metadata/idp-metadata.xml:/opt/grouper/idp-metadata.xml
       - ./grouper/cacerts:/usr/lib/jvm/java-17-amazon-corretto/lib/security/cacerts
     environment:
       GROUPER_DATABASE_URL: "jdbc:postgresql://database/grouper"

diff --git a/src/test/docker/shibboleth-idp/Dockerfile b/src/test/docker/shibboleth-idp/Dockerfile
@@ -1,25 +1,33 @@
-FROM tier/shib-idp:4.0.0_20200518
-
-# The build args below can be used at build-time to tell the build process where to find your config files.  This is for a completely burned-in config.
-ARG TOMCFG=config/tomcat
-ARG TOMCERT=credentials/tomcat
-ARG TOMWWWROOT=wwwroot
-ARG SHBCFG=config/shib-idp/conf
-ARG SHBCREDS=credentials/shib-idp
-ARG SHBVIEWS=config/shib-idp/views
-ARG SHBEDWAPP=config/shib-idp/edit-webapp
-ARG SHBMSGS=config/shib-idp/messages
-ARG SHBMD=config/shib-idp/metadata
-
-# copy in the needed config files
-ADD ${TOMCFG} /usr/local/tomcat/conf
-ADD ${TOMCERT} /opt/certs
-ADD ${TOMWWWROOT} /usr/local/tomcat/webapps/ROOT
-ADD ${SHBCFG} /opt/shibboleth-idp/conf
-ADD ${SHBCREDS} /opt/shibboleth-idp/credentials
-#ADD ${SHBVIEWS} /opt/shibboleth-idp/views
-#ADD ${SHBEDWAPP} /opt/shibboleth-idp/edit-webapp
-#ADD ${SHBMSGS} /opt/shibboleth-idp/messages
-ADD ${SHBMD} /opt/shibboleth-idp/metadata
-
-EXPOSE 8080
+FROM amazoncorretto:17 as install
+
+ARG TOMCAT_VERSION=10.1.15
+
+COPY keys/* /tmp/keys/
+
+RUN yum install -y tar gzip
+
+RUN gpg --import /tmp/keys/TOMCAT_PGP_KEYS
+
+RUN curl -L https://archive.apache.org/dist/tomcat/tomcat-10/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz -o apache-tomcat-$TOMCAT_VERSION.tar.gz \
+    && curl https://archive.apache.org/dist/tomcat/tomcat-10/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc -o apache-tomcat-$TOMCAT_VERSION.tar.gz.asc \
+    && gpg --verify apache-tomcat-$TOMCAT_VERSION.tar.gz.asc apache-tomcat-$TOMCAT_VERSION.tar.gz \
+    && tar -zxvf apache-tomcat-$TOMCAT_VERSION.tar.gz -C /opt \
+    && rm apache-tomcat-$TOMCAT_VERSION.tar.gz \
+    && mv /opt/apache-tomcat-$TOMCAT_VERSION/ /opt/tomcat \
+    && rm -rf /opt/tomcat/webapps/*
+
+FROM amazoncorretto:17 as prod
+
+COPY --from=install /opt/tomcat /opt/tomcat/
+
+COPY opt-shibboleth-idp /opt/shibboleth-idp/
+
+COPY tomcat/idp.xml /opt/tomcat/conf/Catalina/localhost/
+COPY tomcat/server.xml /opt/tomcat/conf/
+COPY tomcat/setenv.sh /opt/tomcat/bin/
+
+ENTRYPOINT /opt/shibboleth-idp/bin/build.sh && /opt/tomcat/bin/catalina.sh run
+
+FROM prod as dev
+
+FROM prod
diff --git a/src/test/docker/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml b/src/test/docker/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml