From a77621f3bc45828834ef4697e983c603735c56ee Mon Sep 17 00:00:00 2001
From: Henrik Lund Kramshoej <hlk@kramse.org>
Date: Mon, 10 Jul 2017 15:28:27 +0200
Subject: sync with syntax working, but not auth

---
 README.md                            | 49 ++++++++++++++++++++++++++++++++++++
 apache-sp/entrypoint.sh              |  5 ++++
 apache-sp/run.sh                     |  2 ++
 apache-sp/shibd/shibboleth2.xml      |  5 ++--
 conf-from-container/conf/logback.xml | 40 ++++++++++++++---------------
 install.properties                   |  8 ++++++
 nordu-ldap.properties                |  2 +-
 run.sh                               |  3 +++
 8 files changed, 90 insertions(+), 24 deletions(-)
 create mode 100644 apache-sp/run.sh
 create mode 100644 run.sh

diff --git a/README.md b/README.md
index 7f0ea74..5b05ebc 100755
--- a/README.md
+++ b/README.md
@@ -21,7 +21,49 @@ and more
 File installer.properties
 Properties written out by the installer and used during upgrades. Scripts may create this ahead of time and feed it in to the installer in order to have a silent install. Deployers are not expected to modify this directly.
 
+# planning
+https://shibboleth.net/pipermail/users/2016-July/030260.html
+http://shibboleth.1660669.n2.nabble.com/SAML-message-intended-destination-endpoint-did-not-match-the-recipient-endpoint-td7626468.html
 
+We setup a new IdP on the 3.x branch. New hostname, new certificates, new
+URL bindings, etc; but responding as the same entityID as the old IdP on
+the 2.x version.
+...
+
+
+
+
+# Testing
+
+run.sh
+
+```
+#docker build -t $(basename $(pwd)) . && docker run -p80:80 -p 443:443 --rm -ti $(basename $(pwd))
+# shibboleth-docker
+docker build -t $(basename $(pwd)) . && docker run --rm -ti --name shibboleth-docker $(basename $(pwd))
+```
+
+```
+# Apache SP
+docker build -t $(basename $(pwd)) . && docker run --rm -ti -p80:80 -p 443:443 -e SP_HOSTNAME=sp.nordu.dev --link shibboleth-docker $(basename $(pwd))
+```
+
+```
+hlk@bujin:hlk$ cat /etc/hosts
+##
+# Host Database
+#
+# localhost is used to configure the loopback interface
+# when the system is booting.  Do not change this entry.
+##
+127.0.0.1	localhost
+255.255.255.255	broadcasthost
+::1             localhost
+
+127.0.0.1 idp.nordu.dev sp.nordu.dev
+```
+
+Then you should be able to go to: https://sp.nordu.dev/secure/
 
 
 # Resources
@@ -114,6 +156,13 @@ StaticPKIXX509Credential
 
 # Other Links
 
+
+https://shibboleth.net/products/metadata-aggregator.html
+Metadata Aggregator provides a command line tool and REST-based web service to support publishers and consumers of metadata.
+- kan måske lette noget arbejde med at vedligeholde filer?
+
+
+
 https://wiki.shibboleth.net/confluence/display/IDP30/Installation+Directory+and+Configuration+Files
 describes the Installation Directory and Configuration Files
 
diff --git a/apache-sp/entrypoint.sh b/apache-sp/entrypoint.sh
index dc16803..a552c6c 100644
--- a/apache-sp/entrypoint.sh
+++ b/apache-sp/entrypoint.sh
@@ -1,4 +1,9 @@
 #!/bin/sh
+
+# NORDUnet 2017
+
+echo "Starting $0"
+
 # Setup ssl keys
 KEYDIR=/etc/ssl
 export KEYDIR
diff --git a/apache-sp/run.sh b/apache-sp/run.sh
new file mode 100644
index 0000000..9d227b1
--- /dev/null
+++ b/apache-sp/run.sh
@@ -0,0 +1,2 @@
+# Apache SP
+docker build -t $(basename $(pwd)) . && docker run --rm -ti -p80:80 -p 443:443 -e SP_HOSTNAME=sp.nordu.dev --link shibboleth-docker $(basename $(pwd)) 
diff --git a/apache-sp/shibd/shibboleth2.xml b/apache-sp/shibd/shibboleth2.xml
index 2bc8b7a..c6a759f 100644
--- a/apache-sp/shibd/shibboleth2.xml
+++ b/apache-sp/shibd/shibboleth2.xml
@@ -1,7 +1,7 @@
 <SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
     xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"    
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
     xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
     clockSkew="180">
     <ApplicationDefaults entityID="https://__SP_HOSTNAME__/shibboleth"
@@ -20,7 +20,7 @@
             <!-- <SessionInitiator type="Chaining" Location="/Login/https" id="sidp.norud.dev" relayState="cookie" entityID="https://idp.nordu.dev/idp/shibboleth"> -->
             <!--           <SessionInitiator type="SAML2" defaultACSIndex="1" acsByIndex="false" template="bindingTemplate.html"/> -->
             <!-- </SessionInitiator> -->
-            <SessionInitiator type="Chaining" Location="/Login/http" id="idp.norud.dev" relayState="cookie" entityID="https://idp.nordu.dev/idp/shibboleth">
+            <SessionInitiator type="Chaining" Location="/Login/http" id="idp.nordu.dev" relayState="cookie" entityID="https://idp.nordu.dev/idp/shibboleth">
                       <SessionInitiator type="SAML2" defaultACSIndex="1" acsByIndex="false" template="bindingTemplate.html"/>
             </SessionInitiator>
         </Sessions>
@@ -35,4 +35,3 @@
     <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
     <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
 </SPConfig>
-
diff --git a/conf-from-container/conf/logback.xml b/conf-from-container/conf/logback.xml
index 104ec4c..861ac26 100644
--- a/conf-from-container/conf/logback.xml
+++ b/conf-from-container/conf/logback.xml
@@ -5,21 +5,21 @@
     Variables for simplifying logging configuration.
     http://logback.qos.ch/manual/configuration.html#variableSubstitution
     -->
-    
+
     <variable name="idp.logfiles" value="${idp.home}/logs" />
     <variable name="idp.loghistory" value="180" />
-    
+
     <!-- Much higher performance if you operate on DEBUG. -->
     <!-- <variable name="idp.process.appender" value="ASYNC_PROCESS" /> -->
-    
+
     <!-- Logging level shortcuts. -->
     <variable name="idp.loglevel.idp" value="INFO" />
-    <variable name="idp.loglevel.ldap" value="WARN" />
-    <variable name="idp.loglevel.messages" value="INFO" />
+    <variable name="idp.loglevel.ldap" value="DEBUG" />
+    <variable name="idp.loglevel.messages" value="DEBUG" />
     <variable name="idp.loglevel.encryption" value="INFO" />
-    <variable name="idp.loglevel.opensaml" value="INFO" />
+    <variable name="idp.loglevel.opensaml" value="DEBUG" />
     <variable name="idp.loglevel.props" value="INFO" />
-    
+
     <!-- Don't turn these up unless you want a *lot* of noise. -->
     <variable name="idp.loglevel.spring" value="ERROR" />
     <variable name="idp.loglevel.container" value="ERROR" />
@@ -30,7 +30,7 @@
     we load the main property file for you.
     -->
     <variable file="${idp.home}/conf/idp.properties" />
-    
+
     <!-- =========================================================== -->
     <!-- ============== Logging Categories and Levels ============== -->
     <!-- =========================================================== -->
@@ -40,10 +40,10 @@
 
     <!-- Logs OpenSAML, but not IdP, messages -->
     <logger name="org.opensaml.saml" level="${idp.loglevel.opensaml:-INFO}"/>
-    
+
     <!-- Logs LDAP related messages -->
     <logger name="org.ldaptive" level="${idp.loglevel.ldap:-WARN}"/>
-    
+
     <!-- Logs inbound and outbound protocols messages at DEBUG level -->
     <logger name="PROTOCOL_MESSAGE" level="${idp.loglevel.messages:-INFO}" />
 
@@ -64,11 +64,11 @@
     <!-- =========================================================== -->
     <!-- ============== Low Level Details or Changes =============== -->
     <!-- =========================================================== -->
-    
+
     <!-- Process log. -->
     <appender name="IDP_PROCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">
         <File>${idp.logfiles}/idp-process.log</File>
-        
+
         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
             <fileNamePattern>${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
             <maxHistory>${idp.loghistory:-180}</maxHistory>
@@ -102,19 +102,19 @@
         <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
             <level>WARN</level>
         </filter>
-        
+
         <File>${idp.logfiles}/idp-warn.log</File>
-        
+
         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
             <fileNamePattern>${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
             <maxHistory>${idp.loghistory:-180}</maxHistory>
         </rollingPolicy>
-        
+
         <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
             <charset>UTF-8</charset>
             <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
         </encoder>
-        
+
         <!-- Ignore Velocity status page error. -->
         <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
             <evaluator>
@@ -127,7 +127,7 @@
             <OnMatch>DENY</OnMatch>
         </filter>
     </appender>
-    
+
     <!-- Audit log. -->
     <appender name="IDP_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
         <File>${idp.logfiles}/idp-audit.log</File>
@@ -142,7 +142,7 @@
             <Pattern>%msg%n</Pattern>
         </encoder>
     </appender>
-    
+
     <!-- Consent audit log. -->
     <appender name="IDP_CONSENT_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
         <File>${idp.logfiles}/idp-consent-audit.log</File>
@@ -177,10 +177,10 @@
     <logger name="Shibboleth-Consent-Audit" level="ALL">
         <appender-ref ref="${idp.consent.appender:-IDP_CONSENT_AUDIT}"/>
     </logger>
-    
+
     <root level="${idp.loglevel.root:-INFO}">
         <appender-ref ref="${idp.process.appender:-IDP_PROCESS}"/>
         <appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
     </root>
 
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/install.properties b/install.properties
index 3eec93d..a052dcb 100644
--- a/install.properties
+++ b/install.properties
@@ -9,6 +9,14 @@ idp.keystore.password=password
 # Found via build.xml
 ldap.merge.properties=/opt/nordu-ldap.properties
 
+# Skinning it
+idp.title = IDP Dev Web Login Service
+idp.title.suffix = Error
+idp.logo = /images/dummylogo.png
+idp.logo.alt-text = Replace or remove this logo
+idp.message = An unidentified error occurred.
+idp.footer = IDP dev footer text.
+
 #PROPERTIES:
 #The following properties are used.  If they are not specified on the command line then
 #they will be prompted for if needed.
diff --git a/nordu-ldap.properties b/nordu-ldap.properties
index 71e1301..dd43f21 100644
--- a/nordu-ldap.properties
+++ b/nordu-ldap.properties
@@ -1,6 +1,6 @@
 idp.authn.LDAP.ldapURL=ldaps://ldap.nordu.net
 idp.authn.LDAP.authenticator = bindSearchAuthenticator
-idp.authn.LDAP.useStartTLS = false
+idp.authn.LDAP.useStartTLS = true
 idp.authn.LDAP.useSSL = false
 idp.authn.LDAP.sslConfig = certificateTrust
 #idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
diff --git a/run.sh b/run.sh
new file mode 100644
index 0000000..a39e8c6
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,3 @@
+#docker build -t $(basename $(pwd)) . && docker run -p80:80 -p 443:443 --rm -ti $(basename $(pwd))
+# shibboleth-docker
+docker build -t $(basename $(pwd)) . && docker run --rm -ti --name shibboleth-docker $(basename $(pwd))
-- 
cgit v1.1