Merge branch 'master' of https://github.internet2.edu/internet2/InCom…

…monTAP-Examples Pulling before updating Targets/Wordpress
khazelton · May 9, 2019 · bbc8237 · bbc8237
2 parents bade9e0 + 29a437c
commit bbc8237
Showing 123 changed files with 528,329 additions and 5 deletions.
diff --git a/Components/COmanage/000-comanage.conf b/Components/COmanage/000-comanage.conf
@@ -0,0 +1,82 @@
+# COmanage Registry Apache HTTP Server configuration
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ServerName https://%%SERVER_NAME%%
+UseCanonicalName On
+
+<VirtualHost *:80>
+ServerName https://%%SERVER_NAME%%
+UseCanonicalName On
+
+RewriteEngine On
+RewriteCond %{X-Forwarded-Proto}i http
+RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA]
+
+DocumentRoot /var/www/html
+
+RedirectMatch ^/$ /registry/
+
+RemoteIPHeader X-Forwarded-For
+
+PassEnv ENV
+PassEnv USERTOKEN
+
+
+# log the X-Forwarded-For (the real client IP) header if present
+LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+CustomLog "/tmp/logpipe" combined env=!forwarded
+CustomLog "/tmp/logpipe" proxy env=forwarded
+
+ErrorLogFormat "httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
+
+<Directory /var/www/html/registry>
+Options Indexes FollowSymLinks
+DirectoryIndex index.php
+AllowOverride All
+Require all granted
+</Directory>
+
+<Location "/Shibboleth.sso">
+SetHandler shib
+</Location>
+
+<Directory /var/www/html/registry/auth/login>
+AuthType shibboleth
+ShibRequestSetting requireSession 1
+Require valid-user
+</Directory>
+
+<Location /registry/pages/public/ssocheck>
+AuthType shibboleth
+Require shibboleth
+ShibRequestSetting requireSession 1
+</Location>
+
+<Location />
+AuthType shibboleth
+Require shibboleth
+</Location>
+
+RewriteEngine On
+RewriteCond %{QUERY_STRING} !after_redirect
+RewriteRule ^/registry/auth/logout.* https://%%SERVER_NAME%%/Shibboleth.sso/Logout?return=https://%%SERVER_NAME%%/registry/auth/logout/?after_redirect [L,R]
+
+</VirtualHost>
+
diff --git a/Components/COmanage/Dockerfile b/Components/COmanage/Dockerfile
@@ -1 +1,55 @@
-#to-do
+FROM tier/comanage:3.2.2-20190503-rc1
+
+
+ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Lastname
+ENV COMANAGE_REGISTRY_ADMIN_USERNAME=somebody@example.org
+ENV COMANAGE_REGISTRY_DATASOURCE=Database/Mysql
+ENV COMANAGE_REGISTRY_DATABASE=registry
+ENV COMANAGE_REGISTRY_DATABASE_HOST=mysql.example.org
+ENV COMANAGE_REGISTRY_DATABASE_USER=registry_user
+ENV COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=SomeSecretPassword
+ENV COMANAGE_REGISTRY_EMAIL_FROM=comanage@example.org
+ENV COMANAGE_REGISTRY_EMAIL_TRANSPORT=Smtp
+ENV COMANAGE_REGISTRY_EMAIL_PORT=25
+ENV COMANAGE_REGISTRY_EMAIL_HOST=smtp.example.org
+# COMANAGE_REGISTRY_SECURITY_SALT - autogenerated if not specified
+# COMANAGE_REGISTRY_SECURITY_SEED - autogenerated if not specified
+ENV HTTPS_CERT_FILE=/etc/pki/tls/certs/localhost.crt
+ENV HTTPS_KEY_FILE=/etc/pki/tls/private/localhost.key
+ENV SERVER_NAME=comanage.example.org
+ENV MYSQL_ROOT_PASSWORD=SomeReallySuperSecretPassword
+ENV MYSQL_DATABASE=registry
+ENV MYSQL_USER=registry_user
+ENV MYSQL_PASSWORD_FILE=SuperSecretPassword
+#ENV SHIBBOLETH_SP_CERT=/etc/shibboleth/sp-cert.pem
+#ENV SHIBBOLETH_SP_PRIVKEY=/etc/shibboleth/sp-key.pem
+ENV SHIBBOLETH_SP_ENTITY_ID=comanage.example.org
+#ENV SHIBBOLETH_SP_METADATA_PROVIDER_XML=<something>
+#ENV SHIBBOLETH_SP_SAMLDS_URL=https://someds
+
+
+RUN yum -y update && yum -y install --setopt=tsflags=nodocs epel-release python-pip && pip install --upgrade pip
+
+ARG maintainer=my
+ARG imagename=comanage
+ARG version=3.2.2
+
+LABEL Version=$version
+ENV VERSION=$version
+
+COPY 000-comanage.conf /etc/httpd/conf.d/
+
+COPY container_files/shibboleth/sp-cert.pem /etc/shibboleth
+COPY container_files/shibboleth/sp-key.pem /etc/shibboleth
+RUN chown shibd:shibd /etc/shibboleth/sp-key.pem && \
+    chown shibd:shibd /etc/shibboleth/sp-cert.pem 
+
+COPY container_files/shibboleth2.xml /etc/shibboleth/shibboleth2.xml
+COPY container_files/attribute-map.xml /etc/shibboleth/attribute-map.xml
+
+ADD container_files/some-metadata_signing_cert.crt /etc/pki/tls/certs/
+
+VOLUME /etc/httpd/logs
+ENV LD_LIBRARY_PATH=/opt/shibboleth/lib64
+
+
diff --git a/Components/COmanage/container_files/attribute-map.xml b/Components/COmanage/container_files/attribute-map.xml
@@ -0,0 +1,148 @@
+<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+    <!--
+    The mappings are a mix of SAML 1.1 and SAML 2.0 attribute names agreed to within the Shibboleth
+    community. The non-OID URNs are SAML 1.1 names and most of the OIDs are SAML 2.0 names, with a
+    few exceptions for newer attributes where the name is the same for both versions. You will
+    usually want to uncomment or map the names for both SAML versions as a unit.
+    -->
+
+    <!-- First some useful eduPerson attributes that many sites might use. -->
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
+        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
+    </Attribute>
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn">
+        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
+    </Attribute>
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
+        <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
+    </Attribute>
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" id="affiliation">
+        <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
+    </Attribute>
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
+        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
+    </Attribute>
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation" id="unscoped-affiliation">
+        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
+    </Attribute>
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/>
+
+    <!-- A persistent id attribute that supports personalized anonymous access. -->
+
+    <!-- First, the deprecated/incorrect version, decoded as a scoped string: -->
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id">
+        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
+        <!-- <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/> -->
+    </Attribute>
+
+    <!-- Second, an alternate decoder that will decode the incorrect form into the newer form. -->
+    <!--
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="persistent-id">
+        <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
+    </Attribute>
+    -->
+
+    <!-- Third, the new version (note the OID-style name): -->
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" id="persistent-id">
+        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
+    </Attribute>
+
+    <!-- Fourth, the SAML 2.0 NameID Format: -->
+    <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
+        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
+    </Attribute>
+
+    <!-- Some more eduPerson attributes -->
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" id="assurance"/>
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="member"/>
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.1" id="eduCourseOffering"/>
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2" id="eduCourseMember"/>
+
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
+        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
+    </Attribute>
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" id="nickname"/>
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" id="primary-orgunit-dn"/>
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/>
+    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/>
+
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation">
+        <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
+    </Attribute>
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonNickname" id="nickname"/>
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" id="primary-orgunit-dn"/>
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" id="orgunit-dn"/>
+    <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN" id="org-dn"/>
+
+    <!-- SCHAC attributes, uncomment to use... -->
+    <!--
+    <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.9" id="schacHomeOrganization"/>
+    -->
+
+    <!-- Examples of LDAP-based attributes -->
+    <Attribute name="urn:oid:2.5.4.3" id="cn"/>
+    <Attribute name="urn:oid:2.5.4.4" id="sn"/>
+    <Attribute name="urn:oid:2.5.4.42" id="givenName"/>
+    <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
+    <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
+    <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
+    <Attribute name="urn:oid:2.5.4.20" id="telephoneNumber"/>
+    <Attribute name="urn:oid:2.5.4.12" id="title"/>
+    <Attribute name="urn:oid:2.5.4.43" id="initials"/>
+    <Attribute name="urn:oid:2.5.4.13" id="description"/>
+    <Attribute name="urn:oid:2.16.840.1.113730.3.1.1" id="carLicense"/>
+    <Attribute name="urn:oid:2.16.840.1.113730.3.1.2" id="departmentNumber"/>
+    <Attribute name="urn:oid:2.16.840.1.113730.3.1.3" id="employeeNumber"/>
+    <Attribute name="urn:oid:2.16.840.1.113730.3.1.4" id="employeeType"/>
+    <Attribute name="urn:oid:2.16.840.1.113730.3.1.39" id="preferredLanguage"/>
+    <Attribute name="urn:oid:0.9.2342.19200300.100.1.10" id="manager"/>
+    <Attribute name="urn:oid:2.5.4.34" id="seeAlso"/>
+    <Attribute name="urn:oid:2.5.4.23" id="facsimileTelephoneNumber"/>
+    <Attribute name="urn:oid:2.5.4.9" id="street"/>
+    <Attribute name="urn:oid:2.5.4.18" id="postOfficeBox"/>
+    <Attribute name="urn:oid:2.5.4.17" id="postalCode"/>
+    <Attribute name="urn:oid:2.5.4.8" id="st"/>
+    <Attribute name="urn:oid:2.5.4.7" id="l"/>
+    <Attribute name="urn:oid:2.5.4.10" id="o"/>
+    <Attribute name="urn:oid:2.5.4.11" id="ou"/>
+    <Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
+    <Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
+
+    <Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/>
+    <Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/>
+    <Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/>
+    <Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/>
+    <Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/>
+    <Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
+    <Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/>
+    <Attribute name="urn:mace:dir:attribute-def:title" id="title"/>
+    <Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/>
+    <Attribute name="urn:mace:dir:attribute-def:description" id="description"/>
+    <Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/>
+    <Attribute name="urn:mace:dir:attribute-def:departmentNumber" id="departmentNumber"/>
+    <Attribute name="urn:mace:dir:attribute-def:employeeNumber" id="employeeNumber"/>
+    <Attribute name="urn:mace:dir:attribute-def:employeeType" id="employeeType"/>
+    <Attribute name="urn:mace:dir:attribute-def:preferredLanguage" id="preferredLanguage"/>
+    <Attribute name="urn:mace:dir:attribute-def:manager" id="manager"/>
+    <Attribute name="urn:mace:dir:attribute-def:seeAlso" id="seeAlso"/>
+    <Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" id="facsimileTelephoneNumber"/>
+    <Attribute name="urn:mace:dir:attribute-def:street" id="street"/>
+    <Attribute name="urn:mace:dir:attribute-def:postOfficeBox" id="postOfficeBox"/>
+    <Attribute name="urn:mace:dir:attribute-def:postalCode" id="postalCode"/>
+    <Attribute name="urn:mace:dir:attribute-def:st" id="st"/>
+    <Attribute name="urn:mace:dir:attribute-def:l" id="l"/>
+    <Attribute name="urn:mace:dir:attribute-def:o" id="o"/>
+    <Attribute name="urn:mace:dir:attribute-def:ou" id="ou"/>
+    <Attribute name="urn:mace:dir:attribute-def:businessCategory" id="businessCategory"/>
+    <Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" id="physicalDeliveryOfficeName"/>
+
+</Attributes>
+