diff options
Diffstat (limited to 'src/installer/resources')
-rwxr-xr-x | src/installer/resources/build.xml | 70 | ||||
-rwxr-xr-x[-rw-r--r--] | src/installer/resources/install.properties | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | src/installer/resources/logging.xml | 25 | ||||
-rwxr-xr-x[-rw-r--r--] | src/installer/resources/wayfconfig.xml | 96 |
4 files changed, 106 insertions, 85 deletions
diff --git a/src/installer/resources/build.xml b/src/installer/resources/build.xml index ae85dfa..32bfbd7 100755 --- a/src/installer/resources/build.xml +++ b/src/installer/resources/build.xml @@ -1,46 +1,56 @@ +<?xml version="1.0" encoding="UTF-8"?> <project name="Shibboleth Discovery Service" basedir="../../.." default="install"> - <property name="installer.dir" value="${basedir}/src/installer" /> - <property name="resources.dir" value="${installer.dir}/resources" /> - <property name="webapp.dir" value="${basedir}/src/main/webapp" /> - <property name="war.name" value="discovery" /> + <property name="installer.dir" value="${basedir}/src/installer"/> + <property name="resources.dir" value="${installer.dir}/resources"/> + <property name="webapp.dir" value="${basedir}/src/main/webapp"/> + <property name="war.name" value="discovery"/> <!-- Installation specific property file --> - <property file="${resources.dir}/install.properties" /> + <property file="${resources.dir}/install.properties"/> <!-- Load ant-contrib tasks --> - <taskdef resource="net/sf/antcontrib/antlib.xml" /> + <taskdef resource="net/sf/antcontrib/antlib.xml"/> + + <!-- Load Internet2 ant extensions --> + <taskdef resource="edu/internet2/middleware/ant/antlib.xml"/> <!-- install - for deployment --> <target name="install" description="Creates the discovery service home directory, install configuration files, and create the service's WAR."> - <input message="Is this a new installation? Answering 'yes' will overwrite your current configuration." - addproperty="new.install" - validargs="yes,no" - defaultvalue="no" /> - + <input message="Where should the Shibboleth Discovery Service software be installed?" addproperty="ds.home.input" defaultvalue="${ds.home}"/> + <var name="ds.home" value="${ds.home.input}"/> + + <pathToAbsolutePath path="${ds.home}" addproperty="ds.home.path"/> + <pathToUrl path="${ds.home}" addproperty="ds.home.url"/> + <if> - <equals arg1="${new.install}" arg2="yes" /> + <available file="${ds.home.path}" property="ds.home.exists"/> <then> - <input message="Where should the Shibboleth Discovert Service software be installed?" - addproperty="ds.home.input" - defaultvalue="${ds.home}" /> - <var name="ds.home" value="${ds.home.input}" /> + <input message="The directory '${ds.home.path}' already exists. Would you like to overwrite your existing configuration?" addproperty="install.config" validargs="yes,no" defaultvalue="no"/> + </then> + <else> + <var name="install.config" value="yes"/> + </else> + </if> + <if> + <equals arg1="${install.config}" arg2="yes"/> + <then> <propertyfile file="${resources.dir}/install.properties"> - <entry key="ds.home" value="${ds.home}" /> + <entry key="ds.home" value="${ds.home}"/> </propertyfile> - <mkdir dir="${ds.home}" /> - <mkdir dir="${ds.home}/conf" /> - <mkdir dir="${ds.home}/logs" /> - <mkdir dir="${ds.home}/metadata" /> - <mkdir dir="${ds.home}/war" /> + <mkdir dir="${ds.home}"/> + <mkdir dir="${ds.home}/conf"/> + <mkdir dir="${ds.home}/logs"/> + <mkdir dir="${ds.home}/metadata"/> + <mkdir dir="${ds.home}/war"/> <copy todir="${ds.home}/conf" preservelastmodified="true" overwrite="true"> - <fileset dir="${resources.dir}" includes="wayfconfig.xml,logging.xml" /> + <fileset dir="${resources.dir}" includes="wayfconfig.xml,logging.xml"/> <filterset begintoken="$" endtoken="$"> - <filter token="DS_HOME" value="${ds.home}" /> + <filter token="DS_HOME" value="${ds.home}"/> </filterset> </copy> </then> @@ -49,20 +59,20 @@ <!-- create - always - the web.xml --> <copy file="${webapp.dir}/WEB-INF/web.xml" todir="${installer.dir}" preservelastmodified="true" overwrite="true"> <filterset begintoken="$" endtoken="$"> - <filter token="DS_HOME" value="${ds.home}" /> + <filter token="DS_HOME" value="${ds.home}"/> </filterset> </copy> <!-- build the war file --> <war warfile="${ds.home}/war/${war.name}.war" webxml="${installer.dir}/web.xml"> - <lib dir="${basedir}/lib" /> - <webinf dir="${webapp.dir}/WEB-INF" excludes="web.xml" /> - <fileset dir="${webapp.dir}" excludes="WEB-INF/**" /> + <lib dir="${basedir}/lib"/> + <webinf dir="${webapp.dir}/WEB-INF" excludes="web.xml"/> + <fileset dir="${webapp.dir}" excludes="WEB-INF/**"/> </war> <!-- Remove generated web.xml --> - <delete file="${installer.dir}/web.xml" /> + <delete file="${installer.dir}/web.xml"/> </target> -</project>
\ No newline at end of file +</project> diff --git a/src/installer/resources/install.properties b/src/installer/resources/install.properties index 28cbcf0..28cbcf0 100644..100755 --- a/src/installer/resources/install.properties +++ b/src/installer/resources/install.properties diff --git a/src/installer/resources/logging.xml b/src/installer/resources/logging.xml index 5a6fc6e..0a5c91f 100644..100755 --- a/src/installer/resources/logging.xml +++ b/src/installer/resources/logging.xml @@ -1,5 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> - <configuration> <!-- @@ -7,22 +6,22 @@ --> <appender name="DS_LOG" class="ch.qos.logback.core.rolling.RollingFileAppender"> <File>$DS_HOME$/logs/discoveryService.log</File> - <ImmediateFlush>true</ImmediateFlush> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <FileNamePattern>$DS_HOME$/etc/DiscoveryService/logs/discovery-%d{yyyy-MM-dd}.log</FileNamePattern> </rollingPolicy> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern>%date{HH:mm:ss.SSS} %level [%logger] %msg%n%ex{full}%n</Pattern> - </layout> + <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <charset>UTF-8</charset> + <Pattern>%date{HH:mm:ss.SSS} - %level [%logger:%line] - %msg%n%ex{full}%n</Pattern> + </encoder> </appender> <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender"> - <ImmediateFlush>true</ImmediateFlush> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern>%date{HH:mm:ss.SSS} %level [%logger] %msg%n%ex{full}%n</Pattern> - </layout> + <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <charset>UTF-8</charset> + <Pattern>%date{HH:mm:ss.SSS} - %level [%logger:%line] - %msg%n%ex{full}%n</Pattern> + </encoder> </appender> <!-- @@ -32,19 +31,19 @@ <!-- Logs IdP, but not OpenSAML, messages --> <logger name="edu.internet2.middleware.shibboleth"> - <level value="WARN" /> + <level value="WARN"/> <!-- Appender, DS_LOG, is inherited from the root logger --> </logger> <!-- Logs OpenSAML, but not IdP, messages --> <logger name="org.opensaml"> - <level value="INFO" /> + <level value="INFO"/> <!-- Appender, DS_LOG, is inherited from the root logger --> </logger> <root> - <level value="WARN" /> - <appender-ref ref="DS_LOG" /> + <level value="WARN"/> + <appender-ref ref="DS_LOG"/> </root> </configuration> diff --git a/src/installer/resources/wayfconfig.xml b/src/installer/resources/wayfconfig.xml index 02d7270..e0d8b36 100644..100755 --- a/src/installer/resources/wayfconfig.xml +++ b/src/installer/resources/wayfconfig.xml @@ -1,7 +1,5 @@ -<?xml version="1.0"?> -<WayfConfig - xmlns="urn:mace:shibboleth:wayf:config:1.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > +<?xml version="1.0" encoding="UTF-8"?> +<WayfConfig xmlns="urn:mace:shibboleth:wayf:config:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <!-- The default behaviour of Service is controlled via the elements and attributes below. Non default behaviour is achieved by @@ -18,11 +16,12 @@ The jspFile & errorJspFile attributes control the display The provideList attribute controls whether a single list of all - possible IdPs is presented. The default wayf.jsp works best - if this is true when provideListofList is true. + possible IdPs is presented. This also controls whether the + Quick search dialog is presented. The provideListOfList attribute controls whether multiple lists - are presented (one for each MetadataProvider). + are presented (one for each MetadataProvider). Rather than all + the entities as one. The showUsableIdPs attribute controls the contents of the above lists. The single list (provideList=true) is trimmed by @@ -38,8 +37,24 @@ jspFile="wayf.jsp" errorJspFile="wayferror.jsp" provideList="false" + warnOnBadBinding="false" + warnOnNoSAML2="false" provideListOfList="true" showUnusableIdPs="true"> + +<!-- + warnOnNoSAML2 causes the DS to issue a warning when it receives a + DS protocol message from an SP which is declared to not support + SAML2 in its metadata. The JIRA case + https://issues.shibboleth.net/jira/browse/SDSJ-91 has more details. + + warnOnBadBinding describes what to do iof the metadata has a badly + formed <DiscoveryResponse> false (or not present) means that the bad + SP is removed from the metadata and an error written to the log file. + True means that we just note this in the log file. + THIS SETTING IS SYSTEM WIDE ONLY. +--> + <SearchIgnore> <IgnoreText>Institution</IgnoreText> <IgnoreText>University</IgnoreText> @@ -62,7 +77,7 @@ NOTE - for windows installation with an explicit DOS device ("C:\etc\discoveryservice") The url below should be "file:///$DS_HOME$/metadata/sites.xml - --> +--> <MetadataProvider displayName="SWAMID" identifier="SWAMID" url="http://md.swamid.se/md/swamid-no-interfederation-combined.xml" @@ -76,7 +91,7 @@ backingFile="/opt/shibboleth-ds/metadata/kalmarcentral2.xml" url="http://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml2&exclude=sweden&mimetype=application/xml"/> -<!-- If the WAYF is to handle data from more than one metadata source +<!-- If the DS is to handle data from more than one metadata source then more metadataproviders can be provided, as below <MetadataProvider @@ -84,27 +99,45 @@ identifier="SecondSite" backingFile="$DS_HOME$/metadata/ukfed_store.xml" url="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"/> + + White and black list providers are defined as filters inside a provider: + + <MetadataProvider + + displayName="WhiteListed Metadata" + identifier="White" + type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata" + backingFile="$DS_HOME$/metadata/whitelist_store.xml" + url="http://metadata.ukfederation.org.uk/ukfederation-test.xml"> + + <Filter identifier="false" + type="edu.internet2.middleware.shibboleth.wayf.plugins.provider.ListFilter" + excludeEntries="true"> + <EntityId>https://idp.edina.ac.uk/shibboleth</EntityId> + <EntityId>https://dlib-adidp.ucs.ed.ac.uk/shibboleth</EntityId> + <EntityId>https://idp.edina.ac.uk/shibboleth-devel</EntityId> + <EntityId>https://idp.edina.ac.uk/shibboleth-devel-13</EntityId> + </Filter> + </MetadataProvider> + + NOTE that the resulting metadata has to include any SP which may need service from + this DS. + + For a black list, set excludeEntries="true" (the listed Entities will be excluded), for + a while list, set it to "false" (the listed entries will be included). + --> + <!-- Plugins are extensible, the identifier is required, as is the type, the rest is for the plugin to define --> <!-- The Cookie Plugin is part of the standard distribution it interrogates and sets the _saml_idp cookie. According to parameterization it can just delete the cookie --> - <Plugin - identifier="CookiePlugin" - type="edu.internet2.middleware.shibboleth.wayf.plugins.provider.SamlCookiePlugin" - alwaysFollow = "FALSE" - deleteCookie = "FALSE" - cacheExpiration = "604800"/> + <Plugin identifier="CookiePlugin" type="edu.internet2.middleware.shibboleth.wayf.plugins.provider.SamlCookiePlugin" alwaysFollow="FALSE" deleteCookie="FALSE" cacheExpiration="604800"/> - <Plugin - identifier="DeleteCookiePlugin" - type="edu.internet2.middleware.shibboleth.wayf.plugins.provider.SamlCookiePlugin" - alwaysFollow = "FALSE" - deleteCookie = "TRUE" - cacheExpiration = "604800"/> + <Plugin identifier="DeleteCookiePlugin" type="edu.internet2.middleware.shibboleth.wayf.plugins.provider.SamlCookiePlugin" alwaysFollow="FALSE" deleteCookie="TRUE" cacheExpiration="604800"/> <!-- Other plugins are declared similarly <Plugin @@ -129,27 +162,6 @@ --> - <!-- The ClearCache handler causes the cookie to be deleted. The jsp shipped - with the WAYF refers to this handler --> - -<!-- - <DiscoveryServiceHandler - location=".+/ClearCache.wayf"> - <PluginInstance identifier="DeleteCookiePlugin"/> - </DiscoveryServiceHandler> ---> - -<!-- Example of how to constrain a DiscoveryService to one (or more) - explicit metadata sources. (The default is to use all metadata - sources) - - <DiscoveryServiceHandler location=".+/SecondOnly.wayf" > - - <Federation identifier="SecondSite"/> - <PluginInstance identifier="CookiePlugin"/> - </DiscoveryServiceHandler> ---> - <!-- The Javascript handler downloads javascript arrays with the IdPs and the cookies --> <DiscoveryServiceHandler location=".+/js.wayf" |