...
Warning |
---|
This is a work in progress. The description of a container and demo/simple It is synchronized with the |
Table of Contents |
---|
Introduction
...
Demonstration directory | Description |
---|---|
demo/simple | The simplest use of midPoint: just running it along with a dockerized MariaDB repository. |
demo/shibboleth | Shows how to use midPoint with the Shibboleth authentication. |
demo/postgresql | Demonstration of how to use an alternative repository (PostgreSQL running in a Docker container) instead of MariaDB-based one. |
demo/extrepo | Demonstration of how to use externally hosted repository instead of MariaDB-based one. |
demo/complex | This is a more complex demonstration of the use of midPoint image in a wider environment consisting of Grouper, Shibboleth, LDAP directory, RabbitMQ messaging, and sample source and target systems. |
...
Note that in order to connect to the database you have to provide the password. For security reasons, we use the indirect way through file access. So, typically you provide the following Docker secret:
Secret | Meaning | Typical location in demonstration scenarios |
---|---|---|
mp_database_password.txt | A password used to access the repository (relates to REPO_USER ). | configs-and-secrets/midpoint/application/database_password.txt |
Of course, you can provide the password file in any other way, assuming you correctly set REPO_PASSWORD_FILE
environment variable.
...
Logging is configured by setting the following environment variables:
Environment variable | Meaning | Default value |
---|---|---|
ENV | environment (e.g. prod, dev, test) | demo |
USERTOKEN | arbitrary user-supplied token |
According to the specification, semicolons and spaces in these fields are eliminated. We decided to replace them by underscores.
...
Note that besides these variables you have to provide the following files. They are necessary for the Shibboleth service provider module.
File | Description | Typical location in demonstration scenarios |
---|---|---|
/etc/shibboleth/idp-metadata.xml | Metadata related to Shibboleth identity provider | configs-and-secrets/midpoint/shibboleth/idp-metadata.xml |
/etc/shibboleth/shibboleth2.xml | Service provider configuration | configs-and-secrets/midpoint/shibboleth/shibboleth2.xml |
/etc/shibboleth/sp-cert.pem | Service provider certificates file | configs-and-secrets/midpoint/shibboleth/sp-cert.pem |
And the following Docker secrets are to be provided:
Secret | Description | Typical location in demonstration scenarios |
---|---|---|
mp_sp-key.pem | Service provider private key | configs-and-secrets/midpoint/shibboleth/sp-key.pem |
Other
Other aspects can be configured using the following variables and Docker secrets or configs.
...
Other files that are necessary are:
Item | Meaning | Location |
---|---|---|
/etc/pki/tls/certs/host-cert.pem | Host certificate for Apache httpd | configs-and-secrets/midpoint/httpd/host-cert.pem |
/etc/pki/tls/certs/cachain.pem | Certificate chain for Apache httpd | configs-and-secrets/midpoint/httpd/host-cert.pem |
And the following Docker secrets are to be provided:
...
Note that the PostgreSQL database will be different from the database created in the first case. The first one resides in midpoint_postgresql_data
volume, this one in postgresql_data
volume.
Using an externally provided repository
Here we show how to use externally provided repository. We have chosen Oracle as an example; mainly because it requires adding custom drivers to midPoint.
The custom drivers reside in lib
subdirectory of midPoint home directory. The home directory is available as a Docker volume with a default name of midpoint_midpoint_home
(assuming midPoint was started at least once - so please if you have not started it, do it at least once with a standard configuration before trying this). After downloading the Oracle driver you can copy it into the appropriate place using e.g. for following command:
Code Block | ||
---|---|---|
| ||
$ sudo cp ~/Downloads/ojdbc7.jar /var/lib/docker/volumes/midpoint_midpoint_home/_data/lib |
Let us assume that our server is available on host 192.168.56.101
. We can then tell midPoint to connect to the Oracle database using the following command. (Do not forget to set the correct password in configs-and-secrets/midpoint/application/database_password.txt
as shown below.)
Code Block | ||
---|---|---|
| ||
$ cd midpoint
$ echo oracle > configs-and-secrets/midpoint/application/database_password.txt
$ env REPO_DATABASE_TYPE=oracle REPO_HOST=192.168.56.101 REPO_USER=system docker-compose up midpoint-server |
After successful start of midPoint you can login and check that the database is really an Oracle one.