diff options
| author | Markus Krogh <markus@nordu.net> | 2017-10-03 21:26:01 +0200 |
|---|---|---|
| committer | Markus Krogh <markus@nordu.net> | 2017-10-03 21:26:01 +0200 |
| commit | 31def545e41fd4d3ca7754ff33460f15b50fe789 (patch) | |
| tree | 058cac29536dfdb8e03d4d3f60e557d2358fea3c | |
| parent | 08c5c6b74eae21ccbb35d3286b45d60a1bbab449 (diff) | |
SP add, and cleanup
| -rw-r--r-- | compose-prod.yml | 2 | ||||
| -rw-r--r-- | idp/Dockerfile | 2 | ||||
| -rwxr-xr-x | idp/shib-entrypoint.sh | 31 | ||||
| -rw-r--r-- | idp/templates/config/attribute-filter.xml | 5 | ||||
| -rw-r--r-- | idp/templates/config/metadata-providers.xml | 1 | ||||
| -rw-r--r-- | idp/templates/config/sp.xml.add | 1 |
6 files changed, 35 insertions, 7 deletions
diff --git a/compose-prod.yml b/compose-prod.yml index b3094d2..7396245 100644 --- a/compose-prod.yml +++ b/compose-prod.yml @@ -3,7 +3,7 @@ services: shibboleth-docker: build: ./idp environment: - - JAVA_OPTIONS=-Xmx1G + - JAVA_OPTIONS=-Xmx1500m - IDP_HOSTNAME=idp.nordu.net - IDP_SCOPE=nordu.net - IDP_DEBUG=true diff --git a/idp/Dockerfile b/idp/Dockerfile index 0e1efc5..d812493 100644 --- a/idp/Dockerfile +++ b/idp/Dockerfile @@ -26,8 +26,6 @@ ADD https://mds.swamid.se/md/md-signer2.crt /opt/shibboleth-idp/credentials/ RUN chown -R jetty:jetty /opt -#RUN mkdir -p persistent-id && sqlite3 persistent-id/shibboleth.db < /tmp/shibboleth.db.ddl && rm -f /tmp/shibboleth.db.ddl - COPY jetty_base $JETTY_BASE COPY shib-entrypoint.sh /shib-entrypoint.sh USER jetty diff --git a/idp/shib-entrypoint.sh b/idp/shib-entrypoint.sh index 56ce16c..a1dc327 100755 --- a/idp/shib-entrypoint.sh +++ b/idp/shib-entrypoint.sh @@ -65,13 +65,37 @@ if [ -f ${DATADIR}/credentials/idp-signing.key -a -f ${DATADIR}/credentials/idp- cp ${DATADIR}/credentials/idp-signing.key /opt/shibboleth-idp/credentials/idp-signing.key cp ${DATADIR}/credentials/idp-signing.crt /opt/shibboleth-idp/credentials/idp-signing.crt fi +# overwrite encryption keys if present +if [ -f ${DATADIR}/credentials/idp-encryption.key -a -f ${DATADIR}/credentials/idp-encryption.crt ]; then + cp ${DATADIR}/credentials/idp-encryption.key /opt/shibboleth-idp/credentials/idp-encryption.key + cp ${DATADIR}/credentials/idp-encryption.crt /opt/shibboleth-idp/credentials/idp-encryption.crt +fi + +# overwrite idp-metadata if present +if [ -f ${DATADIR}/idp-metadata.xml.xml ]; then + cp ${DATADIR}/idp-metadata.xml /opt/shibboleth-idp/metadata/ +fi if [ -e ${DATADIR}/messages ]; then cp $DATADIR/messages/* /opt/shibboleth-idp/messages/ fi -if [ $IDP_DEBUG ]; then - sed -i -e '/idp.loglevel.messages/ s/INFO/DEBUG/' -e '/idp.loglevel.encryption/ s/INFO/DEBUG/' /opt/shibboleth-idp/conf/logback.xml +# SP add +if [ -e ${DATADIR}/sp-metadata ]; then + cp ${DATADIR}/sp-metadata/*.xml /opt/shibboleth-idp/metadata/ + for sp_file in ${DATADIR}/sp-metadata/*.xml; do + SP_XML=$(basename "$sp_file") + SP_NAME=${SP_XML%.*} + ENTITY_ID=$(grep -o 'entityID=".*"' "$sp_file" | sed -e 's/entityID="//' -e 's/".*$//') + + if ! grep "$SP_XML" /opt/shibboleth-idp/conf/metadata-providers.xml ; then + sed -i '/<!-- local SPs -->/r /opt/templates/config/sp.xml.add' /opt/shibboleth-idp/conf/metadata-providers.xml + sed -i -e "s/SP_NAME/$SP_NAME/" -e "s/SP_XML/$SP_XML/" /opt/shibboleth-idp/conf/metadata-providers.xml + + # Release attributes + sed -i "/<!-- local SPs -->/a <Rule xsi:type=\"Requester\" value=\"$ENTITY_ID\" />" /opt/shibboleth-idp/conf/attribute-filter.xml + fi + done fi # Styling/view properties @@ -82,4 +106,5 @@ if [ -n "$IDP_FOOTER" ]; then fi fi -/docker-entrypoint.sh java -jar /usr/local/jetty/start.jar $JAVA_OPTIONS +# Start jetty +/docker-entrypoint.sh java -jar /usr/local/jetty/start.jar diff --git a/idp/templates/config/attribute-filter.xml b/idp/templates/config/attribute-filter.xml index 3514282..8d61071 100644 --- a/idp/templates/config/attribute-filter.xml +++ b/idp/templates/config/attribute-filter.xml @@ -226,7 +226,10 @@ <!-- ukfederation + incommon --> <AttributeFilterPolicy id="everyoneInSwamidFeed"> - <PolicyRequirementRule xsi:type="InEntityGroup" groupID="http://mds.swamid.se/md/swamid-2.0.xml" /> + <PolicyRequirementRule xsi:type="OR"> + <Rule xsi:type="InEntityGroup" groupID="http://mds.swamid.se/md/swamid-2.0.xml" /> + <!-- local SPs --> + </PolicyRequirementRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> diff --git a/idp/templates/config/metadata-providers.xml b/idp/templates/config/metadata-providers.xml index d813c06..a580688 100644 --- a/idp/templates/config/metadata-providers.xml +++ b/idp/templates/config/metadata-providers.xml @@ -54,4 +54,5 @@ <!--<MetadataProvider id="sp.nordu.dev" xsi:type="FilesystemMetadataProvider" metadataFile="/metadata/sp-metadata.xml" /> --> + <!-- local SPs --> </MetadataProvider> diff --git a/idp/templates/config/sp.xml.add b/idp/templates/config/sp.xml.add new file mode 100644 index 0000000..7c7eac4 --- /dev/null +++ b/idp/templates/config/sp.xml.add @@ -0,0 +1 @@ + <MetadataProvider id="SP_NAME" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/SP_XML" /> |