diff options
| author | Henrik Lund Kramshoej <hlk@kramse.org> | 2017-07-11 08:41:01 +0200 |
|---|---|---|
| committer | Henrik Lund Kramshoej <hlk@kramse.org> | 2017-07-11 08:41:01 +0200 |
| commit | 1470cec3a1c8a99b91ef192e4e8fc11c36c21659 (patch) | |
| tree | 46500ed7aaac144bb9681ccd7e130b9e55877bf7 | |
| parent | 42318b4b584bf117e2a82ba183cfd40a4d7386e0 (diff) | |
Added /metadata on each docker
| -rw-r--r-- | apache-sp/run.sh | 5 | ||||
| -rw-r--r-- | metadata/test-rw.txt | 0 | ||||
| -rw-r--r-- | run.sh | 10 | ||||
| -rw-r--r-- | template-config/relying-party.xml | 78 |
4 files changed, 91 insertions, 2 deletions
diff --git a/apache-sp/run.sh b/apache-sp/run.sh index 9d227b1..a52fb1b 100644 --- a/apache-sp/run.sh +++ b/apache-sp/run.sh @@ -1,2 +1,5 @@ # Apache SP -docker build -t $(basename $(pwd)) . && docker run --rm -ti -p80:80 -p 443:443 -e SP_HOSTNAME=sp.nordu.dev --link shibboleth-docker $(basename $(pwd)) +docker build -t $(basename $(pwd)) . && docker run --rm -ti -p80:80 -p 443:443 \ + -e SP_HOSTNAME=sp.nordu.dev --link shibboleth-docker \ + --volumes-from metadata \ + --name apache-sp $(basename $(pwd)) diff --git a/metadata/test-rw.txt b/metadata/test-rw.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/metadata/test-rw.txt @@ -1,3 +1,11 @@ #docker build -t $(basename $(pwd)) . && docker run -p80:80 -p 443:443 --rm -ti $(basename $(pwd)) # shibboleth-docker -docker build -t $(basename $(pwd)) . && docker run --rm -ti --name shibboleth-docker $(basename $(pwd)) +docker build -t $(basename $(pwd)) . && docker run --rm -ti --name shibboleth-docker \ + --volumes-from metadata \ + $(basename $(pwd)) + +# Volume was created using: +# hlk@bujin:shibboleth-docker$ docker create -v $(pwd)/metadata:/metadata --name metadata $(basename $(pwd)) +# a0fdfb0fadfffe2492c6da793ef2081b94a949da4e89193c44f9f02d9cf63073 +# Remove with: +# docker rm -v /metadata diff --git a/template-config/relying-party.xml b/template-config/relying-party.xml new file mode 100644 index 0000000..327c8e2 --- /dev/null +++ b/template-config/relying-party.xml @@ -0,0 +1,78 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:util="http://www.springframework.org/schema/util" + xmlns:p="http://www.springframework.org/schema/p" + xmlns:c="http://www.springframework.org/schema/c" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" + + default-init-method="initialize" + default-destroy-method="destroy"> + + <!-- + Unverified RP configuration, defaults to no support for any profiles. Add <ref> elements to the list + to enable specific default profile settings (as below), or create new beans inline to override defaults. + + "Unverified" typically means the IdP has no metadata, or equivalent way of assuring the identity and + legitimacy of a requesting system. To run an "open" IdP, you can enable profiles here. + --> + <bean id="shibboleth.UnverifiedRelyingParty" parent="RelyingParty"> + <property name="profileConfigurations"> + <list> + <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" /> + <ref bean="SAML1.AttributeQuery" /> + <ref bean="SAML1.ArtifactResolution" /> + <bean parent="SAML2.SSO" p:postAuthenticationFlows="attribute-release" /> + <ref bean="SAML2.ECP" /> + <ref bean="SAML2.Logout" /> + <ref bean="SAML2.AttributeQuery" /> + <ref bean="SAML2.ArtifactResolution" /> + <ref bean="Liberty.SSOS" /> + </list> + </property> + </bean> + + <!-- + Default configuration, with default settings applied for all profiles, and enables + the attribute-release consent flow. + --> + <bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty"> + <property name="profileConfigurations"> + <list> + <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" /> + <ref bean="SAML1.AttributeQuery" /> + <ref bean="SAML1.ArtifactResolution" /> + <bean parent="SAML2.SSO" p:postAuthenticationFlows="attribute-release" /> + <ref bean="SAML2.ECP" /> + <ref bean="SAML2.Logout" /> + <ref bean="SAML2.AttributeQuery" /> + <ref bean="SAML2.ArtifactResolution" /> + <ref bean="Liberty.SSOS" /> + </list> + </property> + </bean> + + <!-- Container for any overrides you want to add. --> + + <util:list id="shibboleth.RelyingPartyOverrides"> + + <!-- + Override example that identifies a single RP by name and configures it + for SAML 2 SSO without encryption. This is a common "vendor" scenario. + --> + <!-- + <bean parent="RelyingPartyByName" c:relyingPartyIds="https://sp.example.org"> + <property name="profileConfigurations"> + <list> + <bean parent="SAML2.SSO" p:encryptAssertions="false" /> + </list> + </property> + </bean> + --> + + </util:list> + +</beans> |