diff options
| author | Markus Krogh <markus@nordu.net> | 2017-11-09 13:40:40 +0100 |
|---|---|---|
| committer | Markus Krogh <markus@nordu.net> | 2017-11-09 13:40:40 +0100 |
| commit | 0f7e42d386adbae00e635be2e4968207241bbcab (patch) | |
| tree | 3eb949d4209001c432f0214955c30149131ea4e7 | |
| parent | 8e320ad17e620575dd383402f83492c6edd358aa (diff) | |
Bump to 3.3.2 and use secure only cookies
| -rw-r--r-- | idp/Dockerfile | 3 | ||||
| -rwxr-xr-x | idp/shib-entrypoint.sh | 4 | ||||
| -rw-r--r-- | idp/shibboleth-identity-provider-3.3.1.tar.gz.sha256 | 1 | ||||
| -rw-r--r-- | idp/shibboleth-identity-provider-3.3.2.tar.gz.sha256 | 1 |
4 files changed, 6 insertions, 3 deletions
diff --git a/idp/Dockerfile b/idp/Dockerfile index 0b0b807..ce3b448 100644 --- a/idp/Dockerfile +++ b/idp/Dockerfile @@ -2,7 +2,7 @@ FROM jetty:9-alpine LABEL authors="Markus Krogh <markus@nordu.net>,Jesper B. Rosenkilde <jbr@nordu.net>" USER root -ENV IDP_VERSION 3.3.1 +ENV IDP_VERSION 3.3.2 COPY install.properties /opt/ COPY nordu-ldap.properties /opt/ COPY shibboleth-identity-provider-${IDP_VERSION}.tar.gz.sha256 /opt/ @@ -23,7 +23,6 @@ RUN echo $(id) && apk --no-cache add bash apache-ant curl && \ sed -i '/p:postAuthenticationFlows=/ s/p:postAuthenticationFlows="attribute-release" //' /opt/shibboleth-idp/conf/relying-party.xml && \ rm -rf shibboleth-identity-provider* install.properties nordu-ldap.properties ADD https://mds.swamid.se/md/md-signer2.crt /opt/shibboleth-idp/credentials/ - RUN chown -R jetty:jetty /opt COPY jetty_base $JETTY_BASE diff --git a/idp/shib-entrypoint.sh b/idp/shib-entrypoint.sh index 0304fea..9b3ece0 100755 --- a/idp/shib-entrypoint.sh +++ b/idp/shib-entrypoint.sh @@ -21,6 +21,10 @@ if [ -e /opt/data ]; then fi fi +# Default property changes +# Use secure cookies (https only) +sed -i -e "/idp.cookie.secure/ s/^#//" -e "/idp.cookie.secure/ s/false/true/" $IDP_PROPERTIES + # Make encrytping optional (some SPs don't have encryption) if [ $IDP_ENCRYPTION_OPTIONAL ]; then sed -i -e '/idp.encryption.optional/ s/^#//' -e '/idp.encryption.optional/ s/false/true/' $IDP_PROPERTIES diff --git a/idp/shibboleth-identity-provider-3.3.1.tar.gz.sha256 b/idp/shibboleth-identity-provider-3.3.1.tar.gz.sha256 deleted file mode 100644 index 91e7087..0000000 --- a/idp/shibboleth-identity-provider-3.3.1.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -8bd852dcdc7e6729ee645c0374a3c476b152fa24506fb86ffec33dfd190e607c shibboleth-identity-provider-3.3.1.tar.gz diff --git a/idp/shibboleth-identity-provider-3.3.2.tar.gz.sha256 b/idp/shibboleth-identity-provider-3.3.2.tar.gz.sha256 new file mode 100644 index 0000000..df673fc --- /dev/null +++ b/idp/shibboleth-identity-provider-3.3.2.tar.gz.sha256 @@ -0,0 +1 @@ +ed9fbefd273199d2841d4045b2661671c53825ed3c7d52d38bfe516b39d5fc64 shibboleth-identity-provider-3.3.2.tar.gz |