jtgasper3 / docker-shibboleth-idp Goto Github PK
View Code? Open in Web Editor NEWA CentOS-based Docker image of a basic Shibboleth IdP implementation.
A CentOS-based Docker image of a basic Shibboleth IdP implementation.
I ran idp-reset.sh during my initial setup.
I'm getting the following message idp-process.log. I Googled for it, and it seems to happen to other Shibboleth idP users. I haven't found any information regarding which keystore this pertains to, or how to make it go away.
I thought I would mention this here and I will post a question to the shib-users mail group.
[net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategy:327]
Please check out https://hub.docker.com/r/unicon/shibboleth-idp/ and https://github.com/Unicon/shibboleth-idp-dockerized.
This is where the work on my shibboleth-idp image will continue.
In the README, need "-t" option, so password can be read from STDIN
docker exec -it idp-test reset-idp.sh
It doesn't make sense to have port 80 port... Shib is never directly accessed by a user and users should be directed to port 443 when linked to.
Fixes for keystore type can be removed
Hello,
Thanks for a wonderful tool!
I am having a little trouble. When I run this:
docker build --tag="org_id/shibboleth-idp" github.com/jtgasper3/docker-shibboleth-idp
I get the following error.
((Was keystore renamed to keystore.pkf by the Jetty team? - see http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc - It looks like the URL needs to be changed to http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/jetty-server/src/main/config/etc/keystore?h=jetty-9.2.x))
DOWNLOAD: http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/keystore to etc/keystore
WARNING: ERROR: processing DownloadArg [uri=http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/keystore, location=etc/keystore]
java.io.FileNotFoundException: http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/keystore
java.io.FileNotFoundException: http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/keystore
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.URL.openStream(Unknown Source)
at org.eclipse.jetty.start.Main.initFile(Main.java:203)
at org.eclipse.jetty.start.Main.buildIni(Main.java:517)
at org.eclipse.jetty.start.Main.buildIni(Main.java:550)
at org.eclipse.jetty.start.Main.start(Main.java:707)
at org.eclipse.jetty.start.Main.main(Main.java:112)
Usage: java -jar start.jar [options] [properties] [configs]
java -jar start.jar --help # for more information
INFO[0073] The command [/bin/sh -c set -x; jetty_version=9.2.10.v20150310; ... returned a non-zero code: 1
If you follow the build instructions, the image name starts with org_id, not jtgasper3. This is just a small documentation bug. Here's how I started it:
docker run -dP --name="idp-test" -v ~/docker/shib-config:/external-mount org_id/shibboleth-idp
I am using Kitematic (OSX). In order to determine the IP address, I had to get the container to expose at least port 80 (so the 'view' button would work). The docker run command using -P didn't do this. So I deleted the container and started a new one.
docker run -d -p 80:80 -p 443:443 --name="idp-test" -v ~/docker/shib-config:/external-mount org_id/shibboleth-idp
If you're using boot2docker, run "boot2docker ip" to get the IP address.
Using localhost doesn't work. Must use ip address, at least on OSX.
You'll get something like:
Our Identity Provider
No services are available at this location.
docker exec -it idp-test reset-idp.sh
That's when things started going south.
No response (timed out)
In a log file under /opt/iam-jetty-base/logs, I see
Exception in thread "main" java.io.FileNotFoundException: /opt/shibboleth-idp/credentials/idp-backchannel.jks (No such file or directory)
The file is actually named idp-backchannel.p12
I can modify the files on my own but I thought others might run into this.
I am working on upgrading both Shibboleth idP (to 3.1.2) and Jetty versions (to 9.3). There has been a lot of activity recently for Shibboleth idP running on Jetty 9.3:
https://wiki.shibboleth.net/confluence/display/IDP30/Jetty93
If I discover anything specific to this git repository, I'll post it here.
How to build, run and customize.
The IdP project does not have a welcome file so Jetty displays the directory contents.
I get the following error while starting the docker image with the latest tag:
I'm interested in using this Docker image for my production Shib IdP system and was just going through the Dockerfile and comparing it against the IdP installation instructions located at https://wiki.shibboleth.net/confluence/display/IDP30/Jetty93.
Just curious why you chose not to include the jetty-ssl-context.xml
file? Is it simply to provide a workaround when using a PKCS12 keystore type?
Thanks!
Hitting the root (/) of the server list the known contexts. It looks tacky. Something else should happen.
/opt/shibboleth-idp/logs is empty yet conf/logback.xml "out of the box" specifies INFO for the logs I'm interested in.
Of course, I see files in /opt/iam-jetty-base/logs but they are for Jetty instead of Shibboleth idP.
Has anyone been able to get files to appear in /opt/shibboleth-idp/logs ?
Thank you
Wonderful beginning! I guess a v3 image would be a worthwhile investment!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.