summaryrefslogtreecommitdiff
path: root/src/installer/resources
diff options
context:
space:
mode:
Diffstat (limited to 'src/installer/resources')
-rwxr-xr-x[-rw-r--r--]src/installer/resources/build.xml70
-rwxr-xr-x[-rw-r--r--]src/installer/resources/install.properties2
-rwxr-xr-x[-rw-r--r--]src/installer/resources/logging.xml25
-rwxr-xr-x[-rw-r--r--]src/installer/resources/wayfconfig.xml90
4 files changed, 103 insertions, 84 deletions
diff --git a/src/installer/resources/build.xml b/src/installer/resources/build.xml
index ae85dfa..32bfbd7 100644..100755
--- a/src/installer/resources/build.xml
+++ b/src/installer/resources/build.xml
@@ -1,46 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
<project name="Shibboleth Discovery Service" basedir="../../.." default="install">
- <property name="installer.dir" value="${basedir}/src/installer" />
- <property name="resources.dir" value="${installer.dir}/resources" />
- <property name="webapp.dir" value="${basedir}/src/main/webapp" />
- <property name="war.name" value="discovery" />
+ <property name="installer.dir" value="${basedir}/src/installer"/>
+ <property name="resources.dir" value="${installer.dir}/resources"/>
+ <property name="webapp.dir" value="${basedir}/src/main/webapp"/>
+ <property name="war.name" value="discovery"/>
<!-- Installation specific property file -->
- <property file="${resources.dir}/install.properties" />
+ <property file="${resources.dir}/install.properties"/>
<!-- Load ant-contrib tasks -->
- <taskdef resource="net/sf/antcontrib/antlib.xml" />
+ <taskdef resource="net/sf/antcontrib/antlib.xml"/>
+
+ <!-- Load Internet2 ant extensions -->
+ <taskdef resource="edu/internet2/middleware/ant/antlib.xml"/>
<!-- install - for deployment -->
<target name="install" description="Creates the discovery service home directory, install configuration files, and create the service's WAR.">
- <input message="Is this a new installation? Answering 'yes' will overwrite your current configuration."
- addproperty="new.install"
- validargs="yes,no"
- defaultvalue="no" />
-
+ <input message="Where should the Shibboleth Discovery Service software be installed?" addproperty="ds.home.input" defaultvalue="${ds.home}"/>
+ <var name="ds.home" value="${ds.home.input}"/>
+
+ <pathToAbsolutePath path="${ds.home}" addproperty="ds.home.path"/>
+ <pathToUrl path="${ds.home}" addproperty="ds.home.url"/>
+
<if>
- <equals arg1="${new.install}" arg2="yes" />
+ <available file="${ds.home.path}" property="ds.home.exists"/>
<then>
- <input message="Where should the Shibboleth Discovert Service software be installed?"
- addproperty="ds.home.input"
- defaultvalue="${ds.home}" />
- <var name="ds.home" value="${ds.home.input}" />
+ <input message="The directory '${ds.home.path}' already exists. Would you like to overwrite your existing configuration?" addproperty="install.config" validargs="yes,no" defaultvalue="no"/>
+ </then>
+ <else>
+ <var name="install.config" value="yes"/>
+ </else>
+ </if>
+ <if>
+ <equals arg1="${install.config}" arg2="yes"/>
+ <then>
<propertyfile file="${resources.dir}/install.properties">
- <entry key="ds.home" value="${ds.home}" />
+ <entry key="ds.home" value="${ds.home}"/>
</propertyfile>
- <mkdir dir="${ds.home}" />
- <mkdir dir="${ds.home}/conf" />
- <mkdir dir="${ds.home}/logs" />
- <mkdir dir="${ds.home}/metadata" />
- <mkdir dir="${ds.home}/war" />
+ <mkdir dir="${ds.home}"/>
+ <mkdir dir="${ds.home}/conf"/>
+ <mkdir dir="${ds.home}/logs"/>
+ <mkdir dir="${ds.home}/metadata"/>
+ <mkdir dir="${ds.home}/war"/>
<copy todir="${ds.home}/conf" preservelastmodified="true" overwrite="true">
- <fileset dir="${resources.dir}" includes="wayfconfig.xml,logging.xml" />
+ <fileset dir="${resources.dir}" includes="wayfconfig.xml,logging.xml"/>
<filterset begintoken="$" endtoken="$">
- <filter token="DS_HOME" value="${ds.home}" />
+ <filter token="DS_HOME" value="${ds.home}"/>
</filterset>
</copy>
</then>
@@ -49,20 +59,20 @@
<!-- create - always - the web.xml -->
<copy file="${webapp.dir}/WEB-INF/web.xml" todir="${installer.dir}" preservelastmodified="true" overwrite="true">
<filterset begintoken="$" endtoken="$">
- <filter token="DS_HOME" value="${ds.home}" />
+ <filter token="DS_HOME" value="${ds.home}"/>
</filterset>
</copy>
<!-- build the war file -->
<war warfile="${ds.home}/war/${war.name}.war" webxml="${installer.dir}/web.xml">
- <lib dir="${basedir}/lib" />
- <webinf dir="${webapp.dir}/WEB-INF" excludes="web.xml" />
- <fileset dir="${webapp.dir}" excludes="WEB-INF/**" />
+ <lib dir="${basedir}/lib"/>
+ <webinf dir="${webapp.dir}/WEB-INF" excludes="web.xml"/>
+ <fileset dir="${webapp.dir}" excludes="WEB-INF/**"/>
</war>
<!-- Remove generated web.xml -->
- <delete file="${installer.dir}/web.xml" />
+ <delete file="${installer.dir}/web.xml"/>
</target>
-</project> \ No newline at end of file
+</project>
diff --git a/src/installer/resources/install.properties b/src/installer/resources/install.properties
index c37d1c1..4b9d0de 100644..100755
--- a/src/installer/resources/install.properties
+++ b/src/installer/resources/install.properties
@@ -1 +1 @@
-ds.home = /etc/DiscoveryService \ No newline at end of file
+ds.home = /opt/shibboleth-ds \ No newline at end of file
diff --git a/src/installer/resources/logging.xml b/src/installer/resources/logging.xml
index 77fefd6..eff4799 100644..100755
--- a/src/installer/resources/logging.xml
+++ b/src/installer/resources/logging.xml
@@ -1,5 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
-
<configuration>
<!--
@@ -7,22 +6,22 @@
-->
<appender name="DS_LOG" class="ch.qos.logback.core.rolling.RollingFileAppender">
<File>$DS_HOME$/logs/discoveryService.log</File>
- <ImmediateFlush>true</ImmediateFlush>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<FileNamePattern>$DS_HOME$/logs/discovery-%d{yyyy-MM-dd}.log</FileNamePattern>
</rollingPolicy>
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>%date{HH:mm:ss.SSS} %level [%logger] %msg%n%ex{full}%n</Pattern>
- </layout>
+ <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <charset>UTF-8</charset>
+ <Pattern>%date{HH:mm:ss.SSS} - %level [%logger:%line] - %msg%n%ex{full}%n</Pattern>
+ </encoder>
</appender>
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
- <ImmediateFlush>true</ImmediateFlush>
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>%date{HH:mm:ss.SSS} %level [%logger] %msg%n%ex{full}%n</Pattern>
- </layout>
+ <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <charset>UTF-8</charset>
+ <Pattern>%date{HH:mm:ss.SSS} - %level [%logger:%line] - %msg%n%ex{full}%n</Pattern>
+ </encoder>
</appender>
<!--
@@ -32,19 +31,19 @@
<!-- Logs DS, but not OpenSAML, messages -->
<logger name="edu.internet2.middleware.shibboleth">
- <level value="WARN" />
+ <level value="WARN"/>
<!-- Appender, DS_LOG, is inherited from the root logger -->
</logger>
<!-- Logs OpenSAML, but not DS, messages -->
<logger name="org.opensaml">
- <level value="INFO" />
+ <level value="INFO"/>
<!-- Appender, DS_LOG, is inherited from the root logger -->
</logger>
<root>
- <level value="WARN" />
- <appender-ref ref="DS_LOG" />
+ <level value="WARN"/>
+ <appender-ref ref="DS_LOG"/>
</root>
</configuration>
diff --git a/src/installer/resources/wayfconfig.xml b/src/installer/resources/wayfconfig.xml
index 1cd22d7..664cd0d 100644..100755
--- a/src/installer/resources/wayfconfig.xml
+++ b/src/installer/resources/wayfconfig.xml
@@ -1,7 +1,5 @@
-<?xml version="1.0"?>
-<WayfConfig
- xmlns="urn:mace:shibboleth:wayf:config:1.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
+<?xml version="1.0" encoding="UTF-8"?>
+<WayfConfig xmlns="urn:mace:shibboleth:wayf:config:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- The default behaviour of Service is controlled via the elements
and attributes below. Non default behaviour is achieved by
@@ -18,11 +16,12 @@
The jspFile & errorJspFile attributes control the display
The provideList attribute controls whether a single list of all
- possible IdPs is presented. The default wayf.jsp works best
- if this is true when provideListofList is true.
+ possible IdPs is presented. This also controls whether the
+ Quick search dialog is presented.
The provideListOfList attribute controls whether multiple lists
- are presented (one for each MetadataProvider).
+ are presented (one for each MetadataProvider). Rather than all
+ the entities as one.
The showUsableIdPs attribute controls the contents of the above
lists. The single list (provideList=true) is trimmed by
@@ -32,21 +31,20 @@
The SearchIgnore element contains a list of words to be ignored while
performing a search.
-
+
+ warnOnNoSAML2 causes the DS to issue a warning when it receives a
+ DS protocol message from an SP which is declared to not support
+ SAML2 in its metadata. The JIRA case
+ https://issues.shibboleth.net/jira/browse/SDSJ-91 has more details.
+
warnOnBadBinding describes what to do iof the metadata has a badly
formed <DiscoveryResponse> false (or not present) means that the bad
SP is removed from the metadata and an error written to the log file.
- True means that we just noter this in the log file.
+ True means that we just note this in the log file.
THIS SETTING IS SYSTEM WIDE ONLY.
-->
- <Default
- jspFile="wayf.jsp"
- errorJspFile="wayferror.jsp"
- provideList="false"
- provideListOfList="true"
- warnOnBadBinding="false"
- showUnusableIdPs="false">
+ <Default jspFile="wayf.jsp" errorJspFile="wayferror.jsp" provideList="true" provideListOfList="false" warnOnBadBinding="false" warnOnNoSAML2="false" showUnusableIdPs="false">
<SearchIgnore>
<IgnoreText>Institution</IgnoreText>
<IgnoreText>University</IgnoreText>
@@ -69,14 +67,11 @@
NOTE - for windows installation with an explicit DOS device ("C:\etc\discoveryservice")
The url below should be "file://C:\program files/metadata/sites.xml
- -->
+-->
- <MetadataProvider
- displayName="Federation Name"
- identifier="FirstSite"
- url="file://$DS_HOME$/metadata/sites.xml"/>
+ <MetadataProvider displayName="Federation Name" identifier="FirstSite" url="file://$DS_HOME$/metadata/sites.xml"/>
-<!-- If the WAYF is to handle data from more than one metadata source
+<!-- If the DS is to handle data from more than one metadata source
then more metadataproviders can be provided, as below
<MetadataProvider
@@ -84,27 +79,45 @@
identifier="SecondSite"
backingFile="$DS_HOME$/metadata/ukfed_store.xml"
url="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"/>
+
+ White and black list providers are defined as filters inside a provider:
+
+ <MetadataProvider
+
+ displayName="WhiteListed Metadata"
+ identifier="White"
+ type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+ backingFile="$DS_HOME$/metadata/whitelist_store.xml"
+ url="http://metadata.ukfederation.org.uk/ukfederation-test.xml">
+
+ <Filter identifier="false"
+ type="edu.internet2.middleware.shibboleth.wayf.plugins.provider.ListFilter"
+ excludeEntries="true">
+ <EntityId>https://idp.edina.ac.uk/shibboleth</EntityId>
+ <EntityId>https://dlib-adidp.ucs.ed.ac.uk/shibboleth</EntityId>
+ <EntityId>https://idp.edina.ac.uk/shibboleth-devel</EntityId>
+ <EntityId>https://idp.edina.ac.uk/shibboleth-devel-13</EntityId>
+ </Filter>
+ </MetadataProvider>
+
+ NOTE that the resulting metadata has to include any SP which may need service from
+ this DS.
+
+ For a black list, set excludeEntries="true" (the listed Entities will be excluded), for
+ a while list, set it to "false" (the listed entries will be included).
+
-->
+
<!-- Plugins are extensible, the identifier is required, as is the
type, the rest is for the plugin to define -->
<!-- The Cookie Plugin is part of the standard distribution it interrogates and sets the _saml_idp
cookie. According to parameterization it can just delete the cookie -->
- <Plugin
- identifier="CookiePlugin"
- type="edu.internet2.middleware.shibboleth.wayf.plugins.provider.SamlCookiePlugin"
- alwaysFollow = "FALSE"
- deleteCookie = "FALSE"
- cacheExpiration = "604800"/>
+ <Plugin identifier="CookiePlugin" type="edu.internet2.middleware.shibboleth.wayf.plugins.provider.SamlCookiePlugin" alwaysFollow="FALSE" deleteCookie="FALSE" cacheExpiration="604800"/>
- <Plugin
- identifier="DeleteCookiePlugin"
- type="edu.internet2.middleware.shibboleth.wayf.plugins.provider.SamlCookiePlugin"
- alwaysFollow = "FALSE"
- deleteCookie = "TRUE"
- cacheExpiration = "604800"/>
+ <Plugin identifier="DeleteCookiePlugin" type="edu.internet2.middleware.shibboleth.wayf.plugins.provider.SamlCookiePlugin" alwaysFollow="FALSE" deleteCookie="TRUE" cacheExpiration="604800"/>
<!-- Other plugins are declared similarly
<Plugin
@@ -129,19 +142,16 @@
-->
- <DiscoveryServiceHandler
- location=".+/WAYF"
- default="true">
+ <DiscoveryServiceHandler location=".+/WAYF" default="true">
<PluginInstance identifier="CookiePlugin"/>
<!--
<PluginInstance identifier="AddressHint"/> -->
</DiscoveryServiceHandler>
<!-- The ClearCache handler causes the cookie to be deleted. The jsp shipped
- with the WAYF refers to this handler -->
+ with the DS refers to this handler -->
- <DiscoveryServiceHandler
- location=".+/ClearCache.wayf">
+ <DiscoveryServiceHandler location=".+/ClearCache.wayf">
<PluginInstance identifier="DeleteCookiePlugin"/>
</DiscoveryServiceHandler>