From 221ce8d2e414c95d6277baf4d1e6ebc644ee0b7c Mon Sep 17 00:00:00 2001 From: Markus Krogh Date: Wed, 27 Sep 2017 15:52:06 +0200 Subject: Remove conf-from-container, update git ignore --- .gitignore | 2 + README.md | 35 +-- conf-from-container/conf/README.md | 5 - conf-from-container/conf/access-control.xml | 68 ----- conf-from-container/conf/admin/general-admin.xml | 53 ---- conf-from-container/conf/admin/metrics.xml | 129 --------- conf-from-container/conf/attribute-filter.xml | 45 ---- .../conf/attribute-resolver-full.xml | 292 --------------------- .../conf/attribute-resolver-ldap.xml | 94 ------- conf-from-container/conf/attribute-resolver.xml | 108 -------- conf-from-container/conf/audit.xml | 32 --- .../conf/authn/authn-comparison.xml | 77 ------ .../conf/authn/authn-events-flow.xml | 18 -- .../conf/authn/duo-authn-config.xml | 25 -- conf-from-container/conf/authn/duo.properties | 9 - .../conf/authn/external-authn-config.xml | 70 ----- conf-from-container/conf/authn/general-authn.xml | 156 ----------- .../conf/authn/ipaddress-authn-config.xml | 37 --- .../conf/authn/jaas-authn-config.xml | 27 -- conf-from-container/conf/authn/jaas.config | 11 - .../conf/authn/krb5-authn-config.xml | 31 --- .../conf/authn/ldap-authn-config.xml | 135 ---------- .../conf/authn/mfa-authn-config.xml | 94 ------- .../conf/authn/password-authn-config.xml | 121 --------- .../conf/authn/remoteuser-authn-config.xml | 75 ------ .../authn/remoteuser-internal-authn-config.xml | 63 ----- .../conf/authn/spnego-authn-config.xml | 74 ------ .../conf/authn/x509-authn-config.xml | 44 ---- .../conf/authn/x509-internal-authn-config.xml | 21 -- .../c14n/attribute-sourced-subject-c14n-config.xml | 44 ---- .../conf/c14n/simple-subject-c14n-config.xml | 27 -- .../conf/c14n/subject-c14n-events-flow.xml | 18 -- conf-from-container/conf/c14n/subject-c14n.xml | 109 -------- .../conf/c14n/x500-subject-c14n-config.xml | 37 --- conf-from-container/conf/cas-protocol.xml | 84 ------ conf-from-container/conf/credentials.xml | 65 ----- conf-from-container/conf/errors.xml | 120 --------- conf-from-container/conf/global.xml | 53 ---- conf-from-container/conf/idp.properties | 195 -------------- .../conf/intercept/consent-intercept-config.xml | 136 ---------- .../intercept/context-check-intercept-config.xml | 42 --- .../expiring-password-intercept-config.xml | 37 --- .../conf/intercept/intercept-events-flow.xml | 18 -- .../conf/intercept/profile-intercept.xml | 38 --- conf-from-container/conf/ldap.properties | 74 ------ conf-from-container/conf/logback.xml | 186 ------------- conf-from-container/conf/metadata-providers.xml | 67 ----- conf-from-container/conf/mvc-beans.xml | 23 -- conf-from-container/conf/relying-party.xml | 70 ----- conf-from-container/conf/saml-nameid.properties | 35 --- conf-from-container/conf/saml-nameid.xml | 62 ----- conf-from-container/conf/services.properties | 65 ----- conf-from-container/conf/services.xml | 144 ---------- conf-from-container/conf/session-manager.xml | 45 ---- conf-from-container/run.sh | 1 - conf-from-container/shell.sh | 1 - idp/Dockerfile | 1 - 57 files changed, 14 insertions(+), 3734 deletions(-) delete mode 100644 conf-from-container/conf/README.md delete mode 100644 conf-from-container/conf/access-control.xml delete mode 100644 conf-from-container/conf/admin/general-admin.xml delete mode 100644 conf-from-container/conf/admin/metrics.xml delete mode 100644 conf-from-container/conf/attribute-filter.xml delete mode 100644 conf-from-container/conf/attribute-resolver-full.xml delete mode 100644 conf-from-container/conf/attribute-resolver-ldap.xml delete mode 100644 conf-from-container/conf/attribute-resolver.xml delete mode 100644 conf-from-container/conf/audit.xml delete mode 100644 conf-from-container/conf/authn/authn-comparison.xml delete mode 100644 conf-from-container/conf/authn/authn-events-flow.xml delete mode 100644 conf-from-container/conf/authn/duo-authn-config.xml delete mode 100644 conf-from-container/conf/authn/duo.properties delete mode 100644 conf-from-container/conf/authn/external-authn-config.xml delete mode 100644 conf-from-container/conf/authn/general-authn.xml delete mode 100644 conf-from-container/conf/authn/ipaddress-authn-config.xml delete mode 100644 conf-from-container/conf/authn/jaas-authn-config.xml delete mode 100644 conf-from-container/conf/authn/jaas.config delete mode 100644 conf-from-container/conf/authn/krb5-authn-config.xml delete mode 100644 conf-from-container/conf/authn/ldap-authn-config.xml delete mode 100644 conf-from-container/conf/authn/mfa-authn-config.xml delete mode 100644 conf-from-container/conf/authn/password-authn-config.xml delete mode 100644 conf-from-container/conf/authn/remoteuser-authn-config.xml delete mode 100644 conf-from-container/conf/authn/remoteuser-internal-authn-config.xml delete mode 100644 conf-from-container/conf/authn/spnego-authn-config.xml delete mode 100644 conf-from-container/conf/authn/x509-authn-config.xml delete mode 100644 conf-from-container/conf/authn/x509-internal-authn-config.xml delete mode 100644 conf-from-container/conf/c14n/attribute-sourced-subject-c14n-config.xml delete mode 100644 conf-from-container/conf/c14n/simple-subject-c14n-config.xml delete mode 100644 conf-from-container/conf/c14n/subject-c14n-events-flow.xml delete mode 100644 conf-from-container/conf/c14n/subject-c14n.xml delete mode 100644 conf-from-container/conf/c14n/x500-subject-c14n-config.xml delete mode 100644 conf-from-container/conf/cas-protocol.xml delete mode 100644 conf-from-container/conf/credentials.xml delete mode 100644 conf-from-container/conf/errors.xml delete mode 100644 conf-from-container/conf/global.xml delete mode 100644 conf-from-container/conf/idp.properties delete mode 100644 conf-from-container/conf/intercept/consent-intercept-config.xml delete mode 100644 conf-from-container/conf/intercept/context-check-intercept-config.xml delete mode 100644 conf-from-container/conf/intercept/expiring-password-intercept-config.xml delete mode 100644 conf-from-container/conf/intercept/intercept-events-flow.xml delete mode 100644 conf-from-container/conf/intercept/profile-intercept.xml delete mode 100644 conf-from-container/conf/ldap.properties delete mode 100644 conf-from-container/conf/logback.xml delete mode 100644 conf-from-container/conf/metadata-providers.xml delete mode 100644 conf-from-container/conf/mvc-beans.xml delete mode 100644 conf-from-container/conf/relying-party.xml delete mode 100644 conf-from-container/conf/saml-nameid.properties delete mode 100644 conf-from-container/conf/saml-nameid.xml delete mode 100644 conf-from-container/conf/services.properties delete mode 100644 conf-from-container/conf/services.xml delete mode 100644 conf-from-container/conf/session-manager.xml delete mode 100644 conf-from-container/run.sh delete mode 100644 conf-from-container/shell.sh diff --git a/.gitignore b/.gitignore index b57164e..a0058d1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ .DS_Store metadata/ +data/ shibboleth-identity-provider-3.3.0/ +*.swp diff --git a/README.md b/README.md index fab1c2b..89aea33 100755 --- a/README.md +++ b/README.md @@ -35,41 +35,30 @@ the 2.x version. # Testing -run.sh +The NORDUnet configuration requires that you can reach `ldap.nordu.net`, so make sure you can reach that. E.g. I need to be on VPN to access it. -``` -#docker build -t $(basename $(pwd)) . && docker run -p80:80 -p 443:443 --rm -ti $(basename $(pwd)) -# shibboleth-docker -docker build -t $(basename $(pwd)) . && docker run --rm -ti --name shibboleth-docker $(basename $(pwd)) -``` +Add the following to your `/etc/hosts` file: ``` -# Apache SP -docker build -t $(basename $(pwd)) . && docker run --rm -ti -p80:80 -p 443:443 -e SP_HOSTNAME=sp.nordu.dev --link shibboleth-docker $(basename $(pwd)) +127.0.0.1 idp.nordu.dev sp.nordu.dev ``` -``` -hlk@bujin:hlk$ cat /etc/hosts -## -# Host Database -# -# localhost is used to configure the loopback interface -# when the system is booting. Do not change this entry. -## -127.0.0.1 localhost -255.255.255.255 broadcasthost -::1 localhost +Then you can use docker compose to build and start the containers. -127.0.0.1 idp.nordu.dev sp.nordu.dev +``` +docker-compose -f compose-dev.yml up --build ``` -Then you should be able to go to: https://sp.nordu.dev/secure/ +When everything has started you need to add the SP metadata to the IdP, this can be done by running: -Getting metadata out from the Apache SP ``` - curl -k https://sp.nordu.dev/Shibboleth.sso/Metadata > sp-metadata.xml +curl -k https://sp.nordu.dev/Shibboleth.sso/Metadata -o data/idp/metadata/sp-metadata.xml +dokcer-compose -f compose-dev.yml restart shibboleth-docker ``` +Now you should be able to navigate to `https://sp.nordu.dev/secure/` where you should be prompted to log in. + + # Resources Links from Jesper Rosenkilde diff --git a/conf-from-container/conf/README.md b/conf-from-container/conf/README.md deleted file mode 100644 index 6002238..0000000 --- a/conf-from-container/conf/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# IDP config templates - -This directory contains the files which are being replaced after running install. - -Dockerfile should install these after running install. diff --git a/conf-from-container/conf/access-control.xml b/conf-from-container/conf/access-control.xml deleted file mode 100644 index a9184e6..0000000 --- a/conf-from-container/conf/access-control.xml +++ /dev/null @@ -1,68 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/admin/general-admin.xml b/conf-from-container/conf/admin/general-admin.xml deleted file mode 100644 index 6e9fc19..0000000 --- a/conf-from-container/conf/admin/general-admin.xml +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/admin/metrics.xml b/conf-from-container/conf/admin/metrics.xml deleted file mode 100644 index f9b5c16..0000000 --- a/conf-from-container/conf/admin/metrics.xml +++ /dev/null @@ -1,129 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/attribute-filter.xml b/conf-from-container/conf/attribute-filter.xml deleted file mode 100644 index f8c41ba..0000000 --- a/conf-from-container/conf/attribute-filter.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/attribute-resolver-full.xml b/conf-from-container/conf/attribute-resolver-full.xml deleted file mode 100644 index 4681b64..0000000 --- a/conf-from-container/conf/attribute-resolver-full.xml +++ /dev/null @@ -1,292 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/attribute-resolver-ldap.xml b/conf-from-container/conf/attribute-resolver-ldap.xml deleted file mode 100644 index ec79de9..0000000 --- a/conf-from-container/conf/attribute-resolver-ldap.xml +++ /dev/null @@ -1,94 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/attribute-resolver.xml b/conf-from-container/conf/attribute-resolver.xml deleted file mode 100644 index 35f3b35..0000000 --- a/conf-from-container/conf/attribute-resolver.xml +++ /dev/null @@ -1,108 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/audit.xml b/conf-from-container/conf/audit.xml deleted file mode 100644 index 22949fd..0000000 --- a/conf-from-container/conf/audit.xml +++ /dev/null @@ -1,32 +0,0 @@ - - - - - - - - - - - - - - http://shibboleth.net/ns/profiles/status - - - diff --git a/conf-from-container/conf/authn/authn-comparison.xml b/conf-from-container/conf/authn/authn-comparison.xml deleted file mode 100644 index f167b7a..0000000 --- a/conf-from-container/conf/authn/authn-comparison.xml +++ /dev/null @@ -1,77 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified - - - diff --git a/conf-from-container/conf/authn/authn-events-flow.xml b/conf-from-container/conf/authn/authn-events-flow.xml deleted file mode 100644 index 244e1db..0000000 --- a/conf-from-container/conf/authn/authn-events-flow.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - diff --git a/conf-from-container/conf/authn/duo-authn-config.xml b/conf-from-container/conf/authn/duo-authn-config.xml deleted file mode 100644 index 0a48152..0000000 --- a/conf-from-container/conf/authn/duo-authn-config.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - diff --git a/conf-from-container/conf/authn/duo.properties b/conf-from-container/conf/authn/duo.properties deleted file mode 100644 index 2ca71ee..0000000 --- a/conf-from-container/conf/authn/duo.properties +++ /dev/null @@ -1,9 +0,0 @@ -# Duo integration settings - -# Note: If upgrading from pre-3.3 IdP versions, you will need to manually add a pointer -# to this property file to idp.properties. - -idp.duo.apiHost = hostname -idp.duo.applicationKey = key -idp.duo.integrationKey = key -idp.duo.secretKey = key diff --git a/conf-from-container/conf/authn/external-authn-config.xml b/conf-from-container/conf/authn/external-authn-config.xml deleted file mode 100644 index 8b3a159..0000000 --- a/conf-from-container/conf/authn/external-authn-config.xml +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - - - - - - - - - - - - - UnknownUsername - - - - - InvalidPassword - - - - - ExpiredPassword - - - - - ExpiringPassword - - - - - diff --git a/conf-from-container/conf/authn/general-authn.xml b/conf-from-container/conf/authn/general-authn.xml deleted file mode 100644 index ac55bbb..0000000 --- a/conf-from-container/conf/authn/general-authn.xml +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 - - - - diff --git a/conf-from-container/conf/authn/ipaddress-authn-config.xml b/conf-from-container/conf/authn/ipaddress-authn-config.xml deleted file mode 100644 index a3ee096..0000000 --- a/conf-from-container/conf/authn/ipaddress-authn-config.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/authn/jaas-authn-config.xml b/conf-from-container/conf/authn/jaas-authn-config.xml deleted file mode 100644 index daef4d2..0000000 --- a/conf-from-container/conf/authn/jaas-authn-config.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - - - - - ShibUserPassAuth - - - - - diff --git a/conf-from-container/conf/authn/jaas.config b/conf-from-container/conf/authn/jaas.config deleted file mode 100644 index 232e93d..0000000 --- a/conf-from-container/conf/authn/jaas.config +++ /dev/null @@ -1,11 +0,0 @@ -ShibUserPassAuth { - /* - com.sun.security.auth.module.Krb5LoginModule required; - */ - - org.ldaptive.jaas.LdapLoginModule required - ldapUrl="ldap://localhost:10389" - baseDn="ou=people,dc=example,dc=org" - userFilter="uid={user}"; - -}; \ No newline at end of file diff --git a/conf-from-container/conf/authn/krb5-authn-config.xml b/conf-from-container/conf/authn/krb5-authn-config.xml deleted file mode 100644 index d3590a2..0000000 --- a/conf-from-container/conf/authn/krb5-authn-config.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - - - diff --git a/conf-from-container/conf/authn/ldap-authn-config.xml b/conf-from-container/conf/authn/ldap-authn-config.xml deleted file mode 100644 index 56d1bc7..0000000 --- a/conf-from-container/conf/authn/ldap-authn-config.xml +++ /dev/null @@ -1,135 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/authn/mfa-authn-config.xml b/conf-from-container/conf/authn/mfa-authn-config.xml deleted file mode 100644 index c47c901..0000000 --- a/conf-from-container/conf/authn/mfa-authn-config.xml +++ /dev/null @@ -1,94 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/authn/password-authn-config.xml b/conf-from-container/conf/authn/password-authn-config.xml deleted file mode 100644 index f27051b..0000000 --- a/conf-from-container/conf/authn/password-authn-config.xml +++ /dev/null @@ -1,121 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NoCredentials - CLIENT_NOT_FOUND - Client not found - DN_RESOLUTION_FAILURE - - - - - InvalidCredentials - PREAUTH_FAILED - INVALID_CREDENTIALS - Checksum failed - - - - - AccountLocked - Clients credentials have been revoked - - - - - PASSWORD_EXPIRED - - - - - ACCOUNT_WARNING - - - - - - - - diff --git a/conf-from-container/conf/authn/remoteuser-authn-config.xml b/conf-from-container/conf/authn/remoteuser-authn-config.xml deleted file mode 100644 index 4b7e722..0000000 --- a/conf-from-container/conf/authn/remoteuser-authn-config.xml +++ /dev/null @@ -1,75 +0,0 @@ - - - - - - - - - - - - - - - - - - NoCredentials - - - - - UnknownUsername - - - - - InvalidPassword - - - - - ExpiredPassword - - - - - ExpiringPassword - - - - - diff --git a/conf-from-container/conf/authn/remoteuser-internal-authn-config.xml b/conf-from-container/conf/authn/remoteuser-internal-authn-config.xml deleted file mode 100644 index 9e68c85..0000000 --- a/conf-from-container/conf/authn/remoteuser-internal-authn-config.xml +++ /dev/null @@ -1,63 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/authn/spnego-authn-config.xml b/conf-from-container/conf/authn/spnego-authn-config.xml deleted file mode 100644 index 07563b9..0000000 --- a/conf-from-container/conf/authn/spnego-authn-config.xml +++ /dev/null @@ -1,74 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SPNEGONotAvailable - - - - - NTLMUnsupported - - - - - diff --git a/conf-from-container/conf/authn/x509-authn-config.xml b/conf-from-container/conf/authn/x509-authn-config.xml deleted file mode 100644 index 18b015a..0000000 --- a/conf-from-container/conf/authn/x509-authn-config.xml +++ /dev/null @@ -1,44 +0,0 @@ - - - - - - - - - - - - - NoCredentials - InvalidCredentials - - - - - diff --git a/conf-from-container/conf/authn/x509-internal-authn-config.xml b/conf-from-container/conf/authn/x509-internal-authn-config.xml deleted file mode 100644 index bad3029..0000000 --- a/conf-from-container/conf/authn/x509-internal-authn-config.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - diff --git a/conf-from-container/conf/c14n/attribute-sourced-subject-c14n-config.xml b/conf-from-container/conf/c14n/attribute-sourced-subject-c14n-config.xml deleted file mode 100644 index 938b30f..0000000 --- a/conf-from-container/conf/c14n/attribute-sourced-subject-c14n-config.xml +++ /dev/null @@ -1,44 +0,0 @@ - - - - - - altuid - - - - - altuid - - - - - - - - - - - - - diff --git a/conf-from-container/conf/c14n/simple-subject-c14n-config.xml b/conf-from-container/conf/c14n/simple-subject-c14n-config.xml deleted file mode 100644 index 3cddfa6..0000000 --- a/conf-from-container/conf/c14n/simple-subject-c14n-config.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/c14n/subject-c14n-events-flow.xml b/conf-from-container/conf/c14n/subject-c14n-events-flow.xml deleted file mode 100644 index d7458cd..0000000 --- a/conf-from-container/conf/c14n/subject-c14n-events-flow.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - diff --git a/conf-from-container/conf/c14n/subject-c14n.xml b/conf-from-container/conf/c14n/subject-c14n.xml deleted file mode 100644 index 16fc6f1..0000000 --- a/conf-from-container/conf/c14n/subject-c14n.xml +++ /dev/null @@ -1,109 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/c14n/x500-subject-c14n-config.xml b/conf-from-container/conf/c14n/x500-subject-c14n-config.xml deleted file mode 100644 index 1ae25e4..0000000 --- a/conf-from-container/conf/c14n/x500-subject-c14n-config.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - - - 2.5.4.3 - - - - - - - - - - - - - diff --git a/conf-from-container/conf/cas-protocol.xml b/conf-from-container/conf/cas-protocol.xml deleted file mode 100644 index d0b3d55..0000000 --- a/conf-from-container/conf/cas-protocol.xml +++ /dev/null @@ -1,84 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/conf-from-container/conf/credentials.xml b/conf-from-container/conf/credentials.xml deleted file mode 100644 index 7462879..0000000 --- a/conf-from-container/conf/credentials.xml +++ /dev/null @@ -1,65 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/errors.xml b/conf-from-container/conf/errors.xml deleted file mode 100644 index 5de522f..0000000 --- a/conf-from-container/conf/errors.xml +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/global.xml b/conf-from-container/conf/global.xml deleted file mode 100644 index 60562e3..0000000 --- a/conf-from-container/conf/global.xml +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/idp.properties b/conf-from-container/conf/idp.properties deleted file mode 100644 index 80f23b8..0000000 --- a/conf-from-container/conf/idp.properties +++ /dev/null @@ -1,195 +0,0 @@ -# Load any additional property resources from a comma-delimited list -idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties - -# Set the entityID of the IdP -idp.entityID= https://idp.nordu.dev/idp/shibboleth - -# Set the scope used in the attribute resolver for scoped attributes -idp.scope= nordu.dev - -# General cookie properties (maxAge only applies to persistent cookies) -#idp.cookie.secure = false -#idp.cookie.httpOnly = true -#idp.cookie.domain = -#idp.cookie.path = -#idp.cookie.maxAge = 31536000 - -# Set the location of user-supplied web flow definitions -#idp.webflows = %{idp.home}/flows - -# Set the location of Velocity view templates -#idp.views = %{idp.home}/views - -# Settings for internal AES encryption key -#idp.sealer.storeType = JCEKS -#idp.sealer.updateInterval = PT15M -#idp.sealer.aliasBase = secret -idp.sealer.storeResource= %{idp.home}/credentials/sealer.jks -idp.sealer.versionResource= %{idp.home}/credentials/sealer.kver -idp.sealer.storePassword= password -idp.sealer.keyPassword= password - -# Settings for public/private signing and encryption key(s) -# During decryption key rollover, point the ".2" properties at a second -# keypair, uncomment in credentials.xml, then publish it in your metadata. -idp.signing.key= %{idp.home}/credentials/idp-signing.key -idp.signing.cert= %{idp.home}/credentials/idp-signing.crt -idp.encryption.key= %{idp.home}/credentials/idp-encryption.key -idp.encryption.cert= %{idp.home}/credentials/idp-encryption.crt -#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key -#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt - -# Sets the bean ID to use as a default security configuration set -#idp.security.config = shibboleth.DefaultSecurityConfiguration - -# To default to SHA-1, set to shibboleth.SigningConfiguration.SHA1 -#idp.signing.config = shibboleth.SigningConfiguration.SHA256 - -# Configures trust evaluation of keys used by services at runtime -# Defaults to supporting both explicit key and PKIX using SAML metadata. -#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine -# To pick only one set to one of: -# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine -#idp.trust.certificates = shibboleth.ChainingX509TrustEngine -# To pick only one set to one of: -# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine - -# If true, encryption will happen whenever a key to use can be located, but -# failure to encrypt won't result in request failure. -#idp.encryption.optional = false - -# Configuration of client- and server-side storage plugins -#idp.storage.cleanupInterval = PT10M -#idp.storage.htmlLocalStorage = false - -# Set to true to expose more detailed errors in responses to SPs -#idp.errors.detailed = false -# Set to false to skip signing of SAML response messages that signal errors -#idp.errors.signed = true -# Name of bean containing a list of Java exception classes to ignore -#idp.errors.excludedExceptions = ExceptionClassListBean -# Name of bean containing a property set mapping exception names to views -#idp.errors.exceptionMappings = ExceptionToViewPropertyBean -# Set if a different default view name for events and exceptions is needed -#idp.errors.defaultView = error - -# Set to false to disable the IdP session layer -#idp.session.enabled = true - -# Set to "shibboleth.StorageService" for server-side storage of user sessions -#idp.session.StorageService = shibboleth.ClientSessionStorageService - -# Size of session IDs -#idp.session.idSize = 32 -# Bind sessions to IP addresses -#idp.session.consistentAddress = true -# Inactivity timeout -#idp.session.timeout = PT60M -# Extra time to store sessions for logout -#idp.session.slop = PT0S -# Tolerate storage-related errors -#idp.session.maskStorageFailure = false -# Track information about SPs logged into -#idp.session.trackSPSessions = false -# Support lookup by SP for SAML logout -#idp.session.secondaryServiceIndex = false -# Length of time to track SP sessions -#idp.session.defaultSPlifetime = PT2H - -# Regular expression matching login flows to enable, e.g. IPAddress|Password -idp.authn.flows= Password - -# Regular expression of forced "initial" methods when no session exists, -# usually in conjunction with the idp.authn.resolveAttribute property below. -#idp.authn.flows.initial = Password - -# Set to an attribute ID to resolve prior to selecting authentication flows; -# its values are used to filter the flows to allow. -#idp.authn.resolveAttribute = eduPersonAssurance - -# Default lifetime and timeout of various authentication methods -#idp.authn.defaultLifetime = PT60M -#idp.authn.defaultTimeout = PT30M - -# Whether to populate relying party user interface information for display -# during authentication, consent, terms-of-use. -#idp.authn.rpui = true - -# Whether to prioritize "active" results when an SP requests more than -# one possible matching login method (V2 behavior was to favor them) -#idp.authn.favorSSO = false - -# Whether to fail requests when a user identity after authentication -# doesn't match the identity in a pre-existing session. -#idp.authn.identitySwitchIsError = false - -# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent -#idp.consent.StorageService = shibboleth.ClientPersistentStorageService - -# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute -# to key user consent storage records (and set the attribute name) -#idp.consent.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey -#idp.consent.userStorageKeyAttribute = uid - -# Flags controlling how built-in attribute consent feature operates -#idp.consent.allowDoNotRemember = true -#idp.consent.allowGlobal = true -#idp.consent.allowPerAttribute = false - -# Whether attribute values and terms of use text are compared -#idp.consent.compareValues = false -# Maximum number of consent records for space-limited storage (e.g. cookies) -#idp.consent.maxStoredRecords = 10 -# Maximum number of consent records for larger/server-side storage (0 = no limit) -#idp.consent.expandedMaxStoredRecords = 0 - -# Time in milliseconds to expire consent storage records. -#idp.consent.storageRecordLifetime = P1Y - -# Whether to lookup metadata, etc. for every SP involved in a logout -# for use by user interface logic; adds overhead so off by default. -#idp.logout.elaboration = false - -# Whether to require logout requests/responses be signed/authenticated. -#idp.logout.authenticated = true - -# Message freshness and replay cache tuning -#idp.policy.messageLifetime = PT3M -#idp.policy.clockSkew = PT3M - -# Set to custom bean for alternate storage of replay cache -#idp.replayCache.StorageService = shibboleth.StorageService - -# Toggles whether to allow outbound messages via SAML artifact -#idp.artifact.enabled = true -# Suppresses typical signing/encryption when artifact binding used -#idp.artifact.secureChannel = true -# May differ to direct SAML 2 artifact lookups to specific server nodes -#idp.artifact.endpointIndex = 2 -# Set to custom bean for alternate storage of artifact map state -#idp.artifact.StorageService = shibboleth.StorageService - -# Comma-delimited languages to use if not match can be found with the -# browser-supported languages, defaults to an empty list. -idp.ui.fallbackLanguages= en,fr,de - -# Storage service used by CAS protocol -# Defaults to shibboleth.StorageService (in-memory) -# MUST be server-side storage (e.g. in-memory, memcached, database) -# NOTE that idp.session.StorageService requires server-side storage -# when CAS protocol is enabled -#idp.cas.StorageService=shibboleth.StorageService - -# CAS service registry implementation class -#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry - -# Profile flows in which the ProfileRequestContext should be exposed -# in servlet request under the key "opensamlProfileRequestContext" -#idp.profile.exposeProfileRequestContextInServletRequest = SAML2/POST/SSO,SAML2/Redirect/SSO - -# F-TICKS auditing - set a salt to include hashed username -#idp.fticks.federation=MyFederation -#idp.fticks.algorithm=SHA-256 -#idp.fticks.salt=somethingsecret -#idp.fticks.loghost=localhost -#idp.fticks.logport=514 diff --git a/conf-from-container/conf/intercept/consent-intercept-config.xml b/conf-from-container/conf/intercept/consent-intercept-config.xml deleted file mode 100644 index ca183a7..0000000 --- a/conf-from-container/conf/intercept/consent-intercept-config.xml +++ /dev/null @@ -1,136 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - transientId - persistentId - eduPersonTargetedID - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/conf-from-container/conf/intercept/context-check-intercept-config.xml b/conf-from-container/conf/intercept/context-check-intercept-config.xml deleted file mode 100644 index 809f1d4..0000000 --- a/conf-from-container/conf/intercept/context-check-intercept-config.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - - - - - - - - - - - * - - - - - - - - - - \ No newline at end of file diff --git a/conf-from-container/conf/intercept/expiring-password-intercept-config.xml b/conf-from-container/conf/intercept/expiring-password-intercept-config.xml deleted file mode 100644 index 5447b16..0000000 --- a/conf-from-container/conf/intercept/expiring-password-intercept-config.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/intercept/intercept-events-flow.xml b/conf-from-container/conf/intercept/intercept-events-flow.xml deleted file mode 100644 index 5cb30d5..0000000 --- a/conf-from-container/conf/intercept/intercept-events-flow.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - diff --git a/conf-from-container/conf/intercept/profile-intercept.xml b/conf-from-container/conf/intercept/profile-intercept.xml deleted file mode 100644 index 4040a10..0000000 --- a/conf-from-container/conf/intercept/profile-intercept.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/ldap.properties b/conf-from-container/conf/ldap.properties deleted file mode 100644 index e9d9ffb..0000000 --- a/conf-from-container/conf/ldap.properties +++ /dev/null @@ -1,74 +0,0 @@ -# LDAP authentication configuration, see authn/ldap-authn-config.xml -# Note, this doesn't apply to the use of JAAS - -## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator -idp.authn.LDAP.authenticator= bindSearchAuthenticator - -## Connection properties ## -idp.authn.LDAP.ldapURL= ldaps://ldap.nordu.net -idp.authn.LDAP.useStartTLS= false -idp.authn.LDAP.useSSL= false -# Time in milliseconds that connects will block -#idp.authn.LDAP.connectTimeout = PT3S -# Time in milliseconds to wait for responses -#idp.authn.LDAP.responseTimeout = PT3S - -## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust -idp.authn.LDAP.sslConfig= certificateTrust -## If using certificateTrust above, set to the trusted certificate's path -idp.authn.LDAP.trustCertificates= %{idp.home}/credentials/ldap-server.crt -## If using keyStoreTrust above, set to the truststore path -idp.authn.LDAP.trustStore= %{idp.home}/credentials/ldap-server.truststore - -## Return attributes during authentication -idp.authn.LDAP.returnAttributes= passwordExpirationTime,loginGraceRemaining - -## DN resolution properties ## - -# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator -# for AD: CN=Users,DC=example,DC=org -idp.authn.LDAP.baseDN= dc=nordu,dc=net -#idp.authn.LDAP.subtreeSearch = false -idp.authn.LDAP.userFilter= (uid={user}) -# bind search configuration -# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com -idp.authn.LDAP.bindDN= dc=nordu,dc=net -idp.authn.LDAP.bindDNCredential= blahblah - -# Format DN resolution, used by directAuthenticator, adAuthenticator -# for AD use idp.authn.LDAP.dnFormat=%s@domain.com -idp.authn.LDAP.dnFormat= uid=%s,ou=people,dc=example,dc=org - -# LDAP attribute configuration, see attribute-resolver.xml -# Note, this likely won't apply to the use of legacy V2 resolver configurations -idp.attribute.resolver.LDAP.ldapURL= %{idp.authn.LDAP.ldapURL} -idp.attribute.resolver.LDAP.connectTimeout= %{idp.authn.LDAP.connectTimeout:PT3S} -idp.attribute.resolver.LDAP.responseTimeout= %{idp.authn.LDAP.responseTimeout:PT3S} -idp.attribute.resolver.LDAP.baseDN= %{idp.authn.LDAP.baseDN:undefined} -idp.attribute.resolver.LDAP.bindDN= %{idp.authn.LDAP.bindDN:undefined} -idp.attribute.resolver.LDAP.bindDNCredential= %{idp.authn.LDAP.bindDNCredential:undefined} -idp.attribute.resolver.LDAP.useStartTLS= %{idp.authn.LDAP.useStartTLS:true} -idp.attribute.resolver.LDAP.trustCertificates= %{idp.authn.LDAP.trustCertificates:undefined} -idp.attribute.resolver.LDAP.searchFilter= (uid=$resolutionContext.principal) - -# LDAP pool configuration, used for both authn and DN resolution -#idp.pool.LDAP.minSize = 3 -#idp.pool.LDAP.maxSize = 10 -#idp.pool.LDAP.validateOnCheckout = false -#idp.pool.LDAP.validatePeriodically = true -#idp.pool.LDAP.validatePeriod = PT5M -#idp.pool.LDAP.prunePeriod = PT5M -#idp.pool.LDAP.idleTime = PT10M -#idp.pool.LDAP.blockWaitTime = PT3S -#idp.pool.LDAP.failFastInitialize = false -%{idp.attribute.resolver.LDAP.searchFilter}= -principalCredential= "%{idp.attribute.resolver.LDAP.bindDNCredential}" -baseDN= "%{idp.attribute.resolver.LDAP.baseDN}" -useStartTLS= "%{idp.attribute.resolver.LDAP.useStartTLS:true}" -trustFile= "%{idp.attribute.resolver.LDAP.trustCertificates}" -responseTimeout= "%{idp.attribute.resolver.LDAP.responseTimeout}"> -ldapURL= "%{idp.attribute.resolver.LDAP.ldapURL}" -connectTimeout= "%{idp.attribute.resolver.LDAP.connectTimeout}" -= diff --git a/conf-from-container/conf/logback.xml b/conf-from-container/conf/logback.xml deleted file mode 100644 index 861ac26..0000000 --- a/conf-from-container/conf/logback.xml +++ /dev/null @@ -1,186 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ${idp.logfiles}/idp-process.log - - - ${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory:-180} - - - - UTF-8 - %date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short} - - - - - - - VelocityStatusMatcher - ResourceManager : unable to find resource 'status.vm' in any resource loader. - - VelocityStatusMatcher.matches(formattedMessage) - - DENY - - - - - - 0 - - - - - - WARN - - - ${idp.logfiles}/idp-warn.log - - - ${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory:-180} - - - - UTF-8 - %date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short} - - - - - - - VelocityStatusMatcher - ResourceManager : unable to find resource 'status.vm' in any resource loader. - - VelocityStatusMatcher.matches(formattedMessage) - - DENY - - - - - - ${idp.logfiles}/idp-audit.log - - - ${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory:-180} - - - - UTF-8 - %msg%n - - - - - - ${idp.logfiles}/idp-consent-audit.log - - - ${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz - ${idp.loghistory:-180} - - - - UTF-8 - %msg%n - - - - - - ${idp.fticks.loghost:-localhost} - ${idp.fticks.logport:-514} - AUTH - [%thread] %logger %msg - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/metadata-providers.xml b/conf-from-container/conf/metadata-providers.xml deleted file mode 100644 index facc296..0000000 --- a/conf-from-container/conf/metadata-providers.xml +++ /dev/null @@ -1,67 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/mvc-beans.xml b/conf-from-container/conf/mvc-beans.xml deleted file mode 100644 index 98d9bcd..0000000 --- a/conf-from-container/conf/mvc-beans.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - diff --git a/conf-from-container/conf/relying-party.xml b/conf-from-container/conf/relying-party.xml deleted file mode 100644 index 28c9193..0000000 --- a/conf-from-container/conf/relying-party.xml +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/saml-nameid.properties b/conf-from-container/conf/saml-nameid.properties deleted file mode 100644 index 8530c4f..0000000 --- a/conf-from-container/conf/saml-nameid.properties +++ /dev/null @@ -1,35 +0,0 @@ -# Properties involving SAML NameIdentifier/NameID generation/consumption - -# For the most part these settings only deal with "transient" and "persistent" -# identifiers. See saml-nameid.xml and c14n/subject-c14n.xml for advanced -# settings - -# Comment out to disable legacy NameID generation via Attribute Resolver -#idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator -#idp.nameid.saml1.legacyGenerator = shibboleth.LegacySAML1NameIdentifierGenerator - -# Default NameID Formats to use when nothing else is called for. -# Don't change these just to change the Format used for a single SP! -#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient -#idp.nameid.saml1.default = urn:mace:shibboleth:1.0:nameIdentifier - -# Set to shibboleth.StoredTransientIdGenerator for server-side transient ID storage -#idp.transientId.generator = shibboleth.CryptoTransientIdGenerator - -# Persistent IDs can be computed on the fly with a hash, or managed in a database - -# For computed IDs, set a source attribute and a secret salt: -#idp.persistentId.sourceAttribute = changethistosomethingreal -#idp.persistentId.useUnfilteredAttributes = true -# Do *NOT* share the salt with other people, it's like divulging your private key. -#idp.persistentId.algorithm = SHA -#idp.persistentId.salt = changethistosomethingrandom - -# To use a database, use shibboleth.StoredPersistentIdGenerator -#idp.persistentId.generator = shibboleth.ComputedPersistentIdGenerator -# For basic use, set this to a JDBC DataSource bean name: -#idp.persistentId.dataSource = PersistentIdDataSource -# For advanced use, set to a bean inherited from shibboleth.JDBCPersistentIdStore -#idp.persistentId.store = MyPersistentIdStore -# Set to an empty property to skip hash-based generation of first stored ID -#idp.persistentId.computed = shibboleth.ComputedPersistentIdGenerator diff --git a/conf-from-container/conf/saml-nameid.xml b/conf-from-container/conf/saml-nameid.xml deleted file mode 100644 index ea97448..0000000 --- a/conf-from-container/conf/saml-nameid.xml +++ /dev/null @@ -1,62 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/conf/services.properties b/conf-from-container/conf/services.properties deleted file mode 100644 index eee86ee..0000000 --- a/conf-from-container/conf/services.properties +++ /dev/null @@ -1,65 +0,0 @@ -# Configure the resources to load for various services, -# and the settings for failure handling and auto-reload. - -# failFast=true prevents IdP startup if a configuration is bad -# checkInterval = PT0S means never reload (this is the default) - -# Global default for fail-fast behavior of most subsystems -# with individual override possible below. -#idp.service.failFast = false - -#idp.service.logging.resource = %{idp.home}/conf/logback.xml -#idp.service.logging.failFast = true -idp.service.logging.checkInterval = PT5M - -# Set to shibboleth.LegacyRelyingPartyResolverResources with legacy V2 relying-party.xml -#idp.service.relyingparty.resources = shibboleth.RelyingPartyResolverResources -#idp.service.relyingparty.failFast = false -idp.service.relyingparty.checkInterval = PT15M - -#idp.service.metadata.resources = shibboleth.MetadataResolverResources -#idp.service.metadata.failFast = false -#idp.service.metadata.checkInterval = PT0S - -#idp.service.attribute.resolver.resources = shibboleth.AttributeResolverResources -#idp.service.attribute.resolver.failFast = false -idp.service.attribute.resolver.checkInterval = PT15M -#idp.service.attribute.resolver.maskFailures = true - -#idp.service.attribute.filter.resources = shibboleth.AttributeFilterResources -# NOTE: Failing the filter fast leaves no filters enabled. -#idp.service.attribute.filter.failFast = false -idp.service.attribute.filter.checkInterval = PT15M -#idp.service.attribute.filter.maskFailures = true - -#idp.service.nameidGeneration.resources = shibboleth.NameIdentifierGenerationResources -#idp.service.nameidGeneration.failFast = false -idp.service.nameidGeneration.checkInterval = PT15M - -#idp.service.access.resources = shibboleth.AccessControlResources -#idp.service.access.failFast = true -idp.service.access.checkInterval = PT5M - -#idp.service.cas.registry.resources = shibboleth.CASServiceRegistryResources -#idp.service.cas.registry.failFast = false -idp.service.cas.registry.checkInterval = PT15M - -#idp.message.resources = shibboleth.MessageSourceResources -#idp.message.cacheSeconds = 300 - -# Parameters for pre-defined HttpClient instances which perform in-memory and filesystem caching. -# These are used with components such as remote configuration resources that are explicitly wired -# with these client instances, *not* by default with HTTP metadata resolvers. -#idp.httpclient.useTrustEngineTLSSocketFactory = false -#idp.httpclient.useSecurityEnhancedTLSSocketFactory = false -#idp.httpclient.connectionDisregardTLSCertificate = false -#idp.httpclient.connectionRequestTimeout = 60000 -#idp.httpclient.connectionTimeout = 60000 -#idp.httpclient.socketTimeout = 60000 -#idp.httpclient.maxConnectionsTotal = 100 -#idp.httpclient.maxConnectionsPerRoute = 100 -#idp.httpclient.memorycaching.maxCacheEntries = 50 -#idp.httpclient.memorycaching.maxCacheEntrySize = 1048576 -#idp.httpclient.filecaching.maxCacheEntries = 100 -#idp.httpclient.filecaching.maxCacheEntrySize = 10485760 -idp.httpclient.filecaching.cacheDirectory = %{idp.home}/tmp/httpClientCache \ No newline at end of file diff --git a/conf-from-container/conf/services.xml b/conf-from-container/conf/services.xml deleted file mode 100644 index 313b636..0000000 --- a/conf-from-container/conf/services.xml +++ /dev/null @@ -1,144 +0,0 @@ - - - - - - - - - - - %{idp.home}/conf/relying-party.xml - %{idp.home}/conf/credentials.xml - %{idp.home}/system/conf/relying-party-system.xml - - - - - %{idp.home}/conf/relying-party.xml - %{idp.home}/system/conf/legacy-relying-party-defaults.xml - - - - %{idp.home}/conf/metadata-providers.xml - %{idp.home}/system/conf/metadata-providers-system.xml - - - - %{idp.home}/conf/attribute-resolver.xml - - - - %{idp.home}/conf/attribute-filter.xml - - - - %{idp.home}/conf/saml-nameid.xml - %{idp.home}/system/conf/saml-nameid-system.xml - - - - %{idp.home}/conf/access-control.xml - %{idp.home}/system/conf/access-control-system.xml - - - - %{idp.home}/conf/cas-protocol.xml - - - - - %{idp.home}/messages/messages - %{idp.home}/system/messages/messages - - - diff --git a/conf-from-container/conf/session-manager.xml b/conf-from-container/conf/session-manager.xml deleted file mode 100644 index f195014..0000000 --- a/conf-from-container/conf/session-manager.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/conf-from-container/run.sh b/conf-from-container/run.sh deleted file mode 100644 index ce896e5..0000000 --- a/conf-from-container/run.sh +++ /dev/null @@ -1 +0,0 @@ -docker cp `docker ps | cut -f 1 -d ' ' | grep -v "CONTAINER"`:/opt/shibboleth-idp/conf /Users/hlk/projects/shibboleth-docker/conf-from-container diff --git a/conf-from-container/shell.sh b/conf-from-container/shell.sh deleted file mode 100644 index e6f21d8..0000000 --- a/conf-from-container/shell.sh +++ /dev/null @@ -1 +0,0 @@ -docker exec -ti `docker ps | grep shibboleth-docker | cut -f 1 -d ' ' ` bash diff --git a/idp/Dockerfile b/idp/Dockerfile index a411674..3dd2d6c 100644 --- a/idp/Dockerfile +++ b/idp/Dockerfile @@ -9,7 +9,6 @@ COPY shibboleth-identity-provider-${IDP_VERSION}.tar.gz.sha256 /opt/ COPY shibboleth-identity-provider-${IDP_VERSION}.tar.gz /opt/ COPY template-config/ /opt/template-config COPY shibboleth.db.ddl /tmp/ -COPY apache-sp/nordunet.png /tmp/ WORKDIR /opt RUN apk --no-cache add bash apache-ant sqlite curl && \ #curl -O https://shibboleth.net/downloads/identity-provider/${IDP_VERSION}/shibboleth-identity-provider-${IDP_VERSION}.tar.gz && \ -- cgit v1.1