Versions Compared

Old Version 34

changes.mady.by.user Pavol Mederly (google.com)

Saved on

compared with

New Version 35

changes.mady.by.user Pavol Mederly (google.com)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

This is a work in progress. The description of a container and demo/simple It is synchronized with the master branch of TIER/midPoint_container GitHub project. The rest will follow soon.

Table of Contents

Introduction

...

Demonstration directoryDescription
demo/simpleThe simplest use of midPoint: just running it along with a dockerized MariaDB repository.
demo/shibbolethShows how to use midPoint with the Shibboleth authentication.
demo/postgresqlDemonstration of how to use an alternative repository (PostgreSQL running in a Docker container) instead of MariaDB-based one.
demo/extrepoDemonstration of how to use externally hosted repository instead of MariaDB-based one.
demo/complexThis is a more complex demonstration of the use of midPoint image in a wider environment consisting of Grouper, Shibboleth, LDAP directory, RabbitMQ messaging, and sample source and target systems.

...

Note that in order to connect to the database you have to provide the password. For security reasons, we use the indirect way through file access. So, typically you provide the following Docker secret:

SecretMeaningTypical location in demonstration scenarios
mp_database_password.txtA password used to access the repository (relates to REPO_USER).configs-and-secrets/midpoint/application/database_password.txt

Of course, you can provide the password file in any other way, assuming you correctly set REPO_PASSWORD_FILE environment variable.

...

Logging is configured by setting the following environment variables:

Environment variableMeaningDefault value
ENVenvironment (e.g. prod, dev, test)demo
USERTOKENarbitrary user-supplied token

According to the specification, semicolons and spaces in these fields are eliminated. We decided to replace them by underscores.

...

Note that besides these variables you have to provide the following files. They are necessary for the Shibboleth service provider module.

FileDescriptionTypical location in demonstration scenarios
/etc/shibboleth/idp-metadata.xmlMetadata related to Shibboleth identity providerconfigs-and-secrets/midpoint/shibboleth/idp-metadata.xml
/etc/shibboleth/shibboleth2.xmlService provider configurationconfigs-and-secrets/midpoint/shibboleth/shibboleth2.xml
/etc/shibboleth/sp-cert.pemService provider certificates fileconfigs-and-secrets/midpoint/shibboleth/sp-cert.pem

And the following Docker secrets are to be provided:

SecretDescriptionTypical location in demonstration scenarios
mp_sp-key.pemService provider private keyconfigs-and-secrets/midpoint/shibboleth/sp-key.pem

Other

Other aspects can be configured using the following variables and Docker secrets or configs.

...

Other files that are necessary are:

ItemMeaningLocation
/etc/pki/tls/certs/host-cert.pemHost certificate for Apache httpdconfigs-and-secrets/midpoint/httpd/host-cert.pem
/etc/pki/tls/certs/cachain.pemCertificate chain for Apache httpdconfigs-and-secrets/midpoint/httpd/host-cert.pem

And the following Docker secrets are to be provided:

...

Note that the PostgreSQL database will be different from the database created in the first case. The first one resides in midpoint_postgresql_data volume, this one in postgresql_data volume.

Using an externally provided repository

Here we show how to use externally provided repository. We have chosen Oracle as an example; mainly because it requires adding custom drivers to midPoint.

The custom drivers reside in lib subdirectory of midPoint home directory. The home directory is available as a Docker volume with a default name of midpoint_midpoint_home (assuming midPoint was started at least once - so please if you have not started it, do it at least once with a standard configuration before trying this). After downloading the Oracle driver you can copy it into the appropriate place using e.g. for following command:

Code Block
languagebash
$ sudo cp ~/Downloads/ojdbc7.jar /var/lib/docker/volumes/midpoint_midpoint_home/_data/lib

Let us assume that our server is available on host 192.168.56.101. We can then tell midPoint to connect to the Oracle database using the following command. (Do not forget to set the correct password in configs-and-secrets/midpoint/application/database_password.txt as shown below.)

Code Block
languagebash
$ cd midpoint
$ echo oracle > configs-and-secrets/midpoint/application/database_password.txt
$ env REPO_DATABASE_TYPE=oracle REPO_HOST=192.168.56.101 REPO_USER=system docker-compose up midpoint-server

After successful start of midPoint you can login and check that the database is really an Oracle one.

Image Removed