Deployment via Docker
The Docker image of the SAML MCM follows the TIER Docker packaging standards, utilizing CentOS7, the Zulu JDK, supervisor, and the TIER Beacon configuration.
Basic usage:
docker run -p 8080:8080 -v ./<your local application.properties>:/opt/shibui/application.properties i2incommon/shib-idp-ui
The current set of supported properties can be found here.
Note: If you did not set an explicit password in your local application.properties then you will have to look at the startup "console messages" and find the one generated at startup. Look for the line: Using generated security password:. The username is: user
Deployment via standalone war file
The SAML MCM war file includes an embedded Tomcat mode allowing you to run the application without any external dependencies beyond your configuration overrides and database.
This example assumes all the files are placed in the same directory that the war will be run from.
Download the war from https://github.internet2.edu/TIER/shib-idp-ui/releases/
Create a users.csv with:
root,{noop}changeme,first,last,ROLE_ADMIN,user1@example.org
Start the database:
docker run --rm --name postgres-db -p 5432:5432 -e POSTGRES_PASSWORD=shibui -e POSTGRES_USER=shibui -d postgres
Create a basic SAML MCM configuration with database settings:
spring:
profiles:
include:
datasource:
platform: postgres
driver-class-name: org.postgresql.Driver
url: jdbc:postgresql://localhost:5432/shibui
username: shibui
password: shibui
jpa:
show-sql: false
properties:
hibernate:
dialect: org.hibernate.dialect.PostgreSQLDialect
format_sql: true
shibui:
user-bootstrap-resource: file:users.csv
roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY
Run the war and tell it where to find your configuration file:
java -Xmx1g -jar shibui-2.0.6.war --spring.config.additional-location=file:application.yml
The SAML MCM will be accessible at http://localhost:8080/, the user is root and password is changeme
Enabling HTTPS
Generate the keystore:
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 4096 -storetype PKCS12 -keystore keystore.p12 -validity 3650
Add the following properties to your application.yml:
server:
ssl:
key-store: keystore.p12
key-store-password: password
key-store-type: pkcs12
key-alias: tomcat
key-password: password
port: 8443
Deployment via servlet container (Tomcat, Jetty et al)
The SAML MCM war file can be deployed via Tomcat or Jetty. The following examples show the minimum configuration needed to deploy under Tomcat 9.
Create a users.csv with:
root,{noop}changeme,first,last,ROLE_ADMIN,user1@example.org
Create a basic SAML MCM configuration with database settings:
spring:
profiles:
include:
datasource:
platform: postgres
driver-class-name: org.postgresql.Driver
url: jdbc:postgresql://localhost:5432/shibui
username: shibui
password: shibui
jpa:
show-sql: false
properties:
hibernate:
dialect: org.hibernate.dialect.PostgreSQLDialect
format_sql: true
shibui:
user-bootstrap-resource: file:users.csv
roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY
Assuming Tomcat is installed in /opt/tomcat then place the war file into the webapps directory:
curl -o /opt/tomcat/webapps/shibui.war -L https://github.internet2.edu/TIER/shib-idp-ui/releases/download/v$SHIBUI_VERSION/shibui-$SHIBUI_VERSION.war
Place your application.yml and/or application.properties in /opt/shibui and you can access the application at http://<your tomcat host>/shibui
Enabling HTTPS
Use the standard Tomcat or Jetty SSL connectors.