From 31def545e41fd4d3ca7754ff33460f15b50fe789 Mon Sep 17 00:00:00 2001 From: Markus Krogh Date: Tue, 3 Oct 2017 21:26:01 +0200 Subject: SP add, and cleanup --- compose-prod.yml | 2 +- idp/Dockerfile | 2 -- idp/shib-entrypoint.sh | 31 ++++++++++++++++++++++++++--- idp/templates/config/attribute-filter.xml | 5 ++++- idp/templates/config/metadata-providers.xml | 1 + idp/templates/config/sp.xml.add | 1 + 6 files changed, 35 insertions(+), 7 deletions(-) create mode 100644 idp/templates/config/sp.xml.add diff --git a/compose-prod.yml b/compose-prod.yml index b3094d2..7396245 100644 --- a/compose-prod.yml +++ b/compose-prod.yml @@ -3,7 +3,7 @@ services: shibboleth-docker: build: ./idp environment: - - JAVA_OPTIONS=-Xmx1G + - JAVA_OPTIONS=-Xmx1500m - IDP_HOSTNAME=idp.nordu.net - IDP_SCOPE=nordu.net - IDP_DEBUG=true diff --git a/idp/Dockerfile b/idp/Dockerfile index 0e1efc5..d812493 100644 --- a/idp/Dockerfile +++ b/idp/Dockerfile @@ -26,8 +26,6 @@ ADD https://mds.swamid.se/md/md-signer2.crt /opt/shibboleth-idp/credentials/ RUN chown -R jetty:jetty /opt -#RUN mkdir -p persistent-id && sqlite3 persistent-id/shibboleth.db < /tmp/shibboleth.db.ddl && rm -f /tmp/shibboleth.db.ddl - COPY jetty_base $JETTY_BASE COPY shib-entrypoint.sh /shib-entrypoint.sh USER jetty diff --git a/idp/shib-entrypoint.sh b/idp/shib-entrypoint.sh index 56ce16c..a1dc327 100755 --- a/idp/shib-entrypoint.sh +++ b/idp/shib-entrypoint.sh @@ -65,13 +65,37 @@ if [ -f ${DATADIR}/credentials/idp-signing.key -a -f ${DATADIR}/credentials/idp- cp ${DATADIR}/credentials/idp-signing.key /opt/shibboleth-idp/credentials/idp-signing.key cp ${DATADIR}/credentials/idp-signing.crt /opt/shibboleth-idp/credentials/idp-signing.crt fi +# overwrite encryption keys if present +if [ -f ${DATADIR}/credentials/idp-encryption.key -a -f ${DATADIR}/credentials/idp-encryption.crt ]; then + cp ${DATADIR}/credentials/idp-encryption.key /opt/shibboleth-idp/credentials/idp-encryption.key + cp ${DATADIR}/credentials/idp-encryption.crt /opt/shibboleth-idp/credentials/idp-encryption.crt +fi + +# overwrite idp-metadata if present +if [ -f ${DATADIR}/idp-metadata.xml.xml ]; then + cp ${DATADIR}/idp-metadata.xml /opt/shibboleth-idp/metadata/ +fi if [ -e ${DATADIR}/messages ]; then cp $DATADIR/messages/* /opt/shibboleth-idp/messages/ fi -if [ $IDP_DEBUG ]; then - sed -i -e '/idp.loglevel.messages/ s/INFO/DEBUG/' -e '/idp.loglevel.encryption/ s/INFO/DEBUG/' /opt/shibboleth-idp/conf/logback.xml +# SP add +if [ -e ${DATADIR}/sp-metadata ]; then + cp ${DATADIR}/sp-metadata/*.xml /opt/shibboleth-idp/metadata/ + for sp_file in ${DATADIR}/sp-metadata/*.xml; do + SP_XML=$(basename "$sp_file") + SP_NAME=${SP_XML%.*} + ENTITY_ID=$(grep -o 'entityID=".*"' "$sp_file" | sed -e 's/entityID="//' -e 's/".*$//') + + if ! grep "$SP_XML" /opt/shibboleth-idp/conf/metadata-providers.xml ; then + sed -i '//r /opt/templates/config/sp.xml.add' /opt/shibboleth-idp/conf/metadata-providers.xml + sed -i -e "s/SP_NAME/$SP_NAME/" -e "s/SP_XML/$SP_XML/" /opt/shibboleth-idp/conf/metadata-providers.xml + + # Release attributes + sed -i "//a " /opt/shibboleth-idp/conf/attribute-filter.xml + fi + done fi # Styling/view properties @@ -82,4 +106,5 @@ if [ -n "$IDP_FOOTER" ]; then fi fi -/docker-entrypoint.sh java -jar /usr/local/jetty/start.jar $JAVA_OPTIONS +# Start jetty +/docker-entrypoint.sh java -jar /usr/local/jetty/start.jar diff --git a/idp/templates/config/attribute-filter.xml b/idp/templates/config/attribute-filter.xml index 3514282..8d61071 100644 --- a/idp/templates/config/attribute-filter.xml +++ b/idp/templates/config/attribute-filter.xml @@ -226,7 +226,10 @@ - + + + + diff --git a/idp/templates/config/metadata-providers.xml b/idp/templates/config/metadata-providers.xml index d813c06..a580688 100644 --- a/idp/templates/config/metadata-providers.xml +++ b/idp/templates/config/metadata-providers.xml @@ -54,4 +54,5 @@ + diff --git a/idp/templates/config/sp.xml.add b/idp/templates/config/sp.xml.add new file mode 100644 index 0000000..7c7eac4 --- /dev/null +++ b/idp/templates/config/sp.xml.add @@ -0,0 +1 @@ + -- cgit v1.1