diff options
author | Henrik Lund Kramshoej <hlk@kramse.org> | 2017-07-11 10:18:10 +0200 |
---|---|---|
committer | Henrik Lund Kramshoej <hlk@kramse.org> | 2017-07-11 10:18:10 +0200 |
commit | 8a0093d179926808400ebd025431331b3df77c81 (patch) | |
tree | a356da6019741f8321eec5dae9bdd4402d46d390 | |
parent | 1470cec3a1c8a99b91ef192e4e8fc11c36c21659 (diff) |
Adding keys to persistent volume
-rw-r--r-- | .gitignore | 1 | ||||
-rwxr-xr-x | README.md | 10 | ||||
-rw-r--r-- | apache-sp/entrypoint.sh | 12 |
3 files changed, 19 insertions, 4 deletions
@@ -1 +1,2 @@ .DS_Store +metadata/ @@ -65,6 +65,10 @@ hlk@bujin:hlk$ cat /etc/hosts Then you should be able to go to: https://sp.nordu.dev/secure/ +Getting metadata out from the Apache SP +``` + curl -k https://sp.nordu.dev/Shibboleth.sso/Metadata > sp-metadata.xml +``` # Resources Links from Jesper Rosenkilde @@ -156,6 +160,12 @@ StaticPKIXX509Credential # Other Links +http://www.jeesty.com/shibboleth +Description of how Shibd works with Apache + + +https://github.com/nginx-shib/nginx-http-shibboleth +Maybe a working Nginx with Shibb? https://shibboleth.net/products/metadata-aggregator.html Metadata Aggregator provides a command line tool and REST-based web service to support publishers and consumers of metadata. diff --git a/apache-sp/entrypoint.sh b/apache-sp/entrypoint.sh index a552c6c..c61f369 100644 --- a/apache-sp/entrypoint.sh +++ b/apache-sp/entrypoint.sh @@ -5,12 +5,16 @@ echo "Starting $0" # Setup ssl keys +METADATADIR=/metadata KEYDIR=/etc/ssl -export KEYDIR +export KEYDIR METADATA +if [ ! -f "$METADATADIR/apache-sp/sp-key.pem" -o ! -f "$KEYDIR/certs/shibsp.crt" ]; then + mkdir $METADATADIR/apache-sp > /dev/null 2>&1 + shib-keygen -o $METADATADIR/apache-sp -h $SP_HOSTNAME #2>/dev/null +fi if [ ! -f "$KEYDIR/private/shibsp.key" -o ! -f "$KEYDIR/certs/shibsp.crt" ]; then - shib-keygen -o /tmp -h $SP_HOSTNAME #2>/dev/null - mv /tmp/sp-key.pem "$KEYDIR/private/shibsp.key" - mv /tmp/sp-cert.pem "$KEYDIR/certs/shibsp.crt" + cp $METADATADIR/apache-sp/sp-key.pem "$KEYDIR/private/shibsp.key" + cp $METADATADIR/apache-sp/sp-cert.pem "$KEYDIR/certs/shibsp.crt" fi if [ ! -f "$KEYDIR/private/${SP_HOSTNAME}.key" -o ! -f "$KEYDIR/certs/${SP_HOSTNAME}.crt" ]; then |