diff options
author | Ryan Steinmetz <zi@FreeBSD.org> | 2022-11-15 15:55:34 +0000 |
---|---|---|
committer | Ryan Steinmetz <zi@FreeBSD.org> | 2022-11-15 15:57:59 +0000 |
commit | 287db69a8e7299e0984890e416fed4e30e406556 (patch) | |
tree | 36247c4ecc245abb1336eb2283db15df6d9adb39 | |
parent | 04424a08f7c29de08ebdf327aeb938f747583a1c (diff) | |
download | ports-287db69a8e7299e0984890e416fed4e30e406556.tar.gz ports-287db69a8e7299e0984890e416fed4e30e406556.zip |
security/shibboleth-idp: new port:
A simple Single Sign-On solution for any organisation with complex
identity management requirements. With excellent scaling capabilities
and customisable user-related data, the Identity Provider equips
workforces with a personalised user experience.
* Widely adaptable to support custom scenarios
* Built-in support for a range of authentication systems
* Handles millions of authentication requests per day
WWW: https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631498/Home
20 files changed, 1371 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index dfcf1c84c852..276b83d3a083 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1179,6 +1179,7 @@ SUBDIR += setaudit SUBDIR += sha1collisiondetection SUBDIR += sha2wordlist + SUBDIR += shibboleth-idp SUBDIR += shibboleth-sp SUBDIR += sig2dot SUBDIR += signify diff --git a/security/shibboleth-idp/Makefile b/security/shibboleth-idp/Makefile new file mode 100644 index 000000000000..2c9a0034823f --- /dev/null +++ b/security/shibboleth-idp/Makefile @@ -0,0 +1,65 @@ +PORTNAME= shibboleth +PORTVERSION= 4.2.1 +CATEGORIES= security www +MASTER_SITES= http://shibboleth.net/downloads/identity-provider/${PORTVERSION}/ \ + http://shibboleth.net/downloads/identity-provider/latest4/${PORTVERSION}/ \ + http://shibboleth.net/downloads/identity-provider/archive/${PORTVERSION}/ \ + https://repo1.maven.org/maven2/ch/qos/logback/logback-core/${LOGBACKVER}/:logback_core \ + https://repo1.maven.org/maven2/ch/qos/logback/logback-classic/${LOGBACKVER}/:logback_classic +PKGNAMESUFFIX= -idp +DISTFILES= shibboleth-identity-provider-${PORTVERSION}.tar.gz \ + logback-classic-${LOGBACKVER}.jar:logback_classic \ + logback-core-${LOGBACKVER}.jar:logback_core +EXTRACT_ONLY= shibboleth-identity-provider-${PORTVERSION}.tar.gz + +MAINTAINER= zi@FreeBSD.org +COMMENT= Shibboleth Identity Provider (Internet2) +WWW= http://shibboleth.internet2.edu/ + +LICENSE= APACHE20 + +BUILD_DEPENDS= jetty10>=0:www/jetty10 +RUN_DEPENDS= bash:shells/bash \ + jetty10>=0:www/jetty10 + +USE_RC_SUBR= shibboleth-idp +CPE_VENDOR= shibboleth +WRKSRC= ${WRKDIR}/shibboleth-identity-provider-${PORTVERSION} + +NO_ARCH= yes +NO_BUILD= yes + +LOGBACKVER= 1.4.0 +SHIBUSER= shibd +SHIBGROUP= shibd +LOGDIR= /var/log/${PORTNAME} +RUNDIR= /var/run/${PORTNAME} +USERS= ${SHIBUSER} +GROUPS= ${SHIBGROUP} + +SUB_FILES= shibboleth + +SUB_LIST+= SHIBUSER=${SHIBUSER} SHIBGROUP=${SHIBGROUP} \ + RUNDIR=${RUNDIR} LOGDIR=${LOGDIR} +PLIST_SUB+= SHIBUSER=${SHIBUSER} SHIBGROUP=${SHIBGROUP} \ + RUNDIR=${RUNDIR} LOGDIR=${LOGDIR} LOGBACKVER=${LOGBACKVER} + +do-install: + @${MKDIR} ${STAGEDIR}${DATADIR} ${STAGEDIR}${ETCDIR} + @${MKDIR} ${STAGEDIR}${LOGDIR} ${STAGEDIR}${RUNDIR} + @${MKDIR} ${STAGEDIR}${WWWDIR}/lib/logging + @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} +.for dir in conf credentials etc modules resources start.d webapps/ROOT + @${MKDIR} ${STAGEDIR}${WWWDIR}/${dir} +.endfor + (cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}${DATADIR}) + (cd ${FILESDIR}/jetty-base && ${COPYTREE_SHARE} . ${STAGEDIR}${EXAMPLESDIR}) + @${FIND} ${STAGEDIR}${DATADIR} -type f -name '*.sh' -exec ${CHMOD} +x {} \; +.for jar in logback-classic-${LOGBACKVER}.jar logback-core-${LOGBACKVER}.jar + ${INSTALL_DATA} ${DISTDIR}/${jar} ${STAGEDIR}${WWWDIR}/lib/logging +.endfor + ${INSTALL_DATA} ${WRKDIR}/shibboleth ${STAGEDIR}${ETCDIR}/shibboleth-idp + ${INSTALL_DATA} ${FILESDIR}/index.html ${STAGEDIR}${EXAMPLESDIR}/index.html + ${INSTALL_SCRIPT} ${FILESDIR}/shibboleth-idp.sh ${STAGEDIR}${PREFIX}/sbin + +.include <bsd.port.mk> diff --git a/security/shibboleth-idp/distinfo b/security/shibboleth-idp/distinfo new file mode 100644 index 000000000000..2d19c4209bac --- /dev/null +++ b/security/shibboleth-idp/distinfo @@ -0,0 +1,7 @@ +TIMESTAMP = 1666726432 +SHA256 (shibboleth-identity-provider-4.2.1.tar.gz) = fa5e46d160f6b1bc50326c1a31627a05b5d0847b8f620d7f4c0251999b806474 +SIZE (shibboleth-identity-provider-4.2.1.tar.gz) = 55960112 +SHA256 (logback-classic-1.4.0.jar) = 9ce4cfee4834195753b5be5016ded641e8456d9e82995821838dc662e866e212 +SIZE (logback-classic-1.4.0.jar) = 262118 +SHA256 (logback-core-1.4.0.jar) = 14e09a7896bee6ef2e005b48fc5560fe2299a57a826bc4c1f1c6d43002f0512c +SIZE (logback-core-1.4.0.jar) = 559203 diff --git a/security/shibboleth-idp/files/index.html b/security/shibboleth-idp/files/index.html new file mode 100644 index 000000000000..7f517dede1eb --- /dev/null +++ b/security/shibboleth-idp/files/index.html @@ -0,0 +1,8 @@ +<HTML> + <HEAD> + <TITLE>Shibboleth</TITLE> + </HEAD> + <BODY> + <H1>Shibboleth</H1> + </BODY> +</HTML> diff --git a/security/shibboleth-idp/files/jetty-base/etc/jetty-requestlog.xml b/security/shibboleth-idp/files/jetty-base/etc/jetty-requestlog.xml new file mode 100644 index 000000000000..660f7b368199 --- /dev/null +++ b/security/shibboleth-idp/files/jetty-base/etc/jetty-requestlog.xml @@ -0,0 +1,30 @@ +<?xml version="1.0"?> +<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd"> + +<!-- =============================================================== --> +<!-- Configure the Jetty Request Log --> +<!-- =============================================================== --> +<Configure id="Server" class="org.eclipse.jetty.server.Server"> + + <!-- =========================================================== --> + <!-- Configure Request Log for Server --> + <!-- Use RequestLogHandler for a context specific RequestLog --> + <!-- =========================================================== --> + <Set name="RequestLog"> + <New id="RequestLog" class="org.eclipse.jetty.server.CustomRequestLog"> + <!-- Writer --> + <Arg> + <New class="org.eclipse.jetty.server.Slf4jRequestLogWriter" /> + </Arg> + + <!-- Format String --> + <Arg> + <Property name="jetty.requestlog.formatString" deprecated="jetty.customrequestlog.formatString"> + <Default> + <Get class="org.eclipse.jetty.server.CustomRequestLog" name="EXTENDED_NCSA_FORMAT"/> + </Default> + </Property> + </Arg> + </New> + </Set> +</Configure> diff --git a/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod b/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod new file mode 100644 index 000000000000..dccc34ae12b7 --- /dev/null +++ b/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod @@ -0,0 +1,9 @@ +[description] +Shibboleth IdP Logging + +[depend] +console-capture +logback-access + +[files] +/var/log/shibboleth/ diff --git a/security/shibboleth-idp/files/jetty-base/modules/idp.mod b/security/shibboleth-idp/files/jetty-base/modules/idp.mod new file mode 100644 index 000000000000..57a601105222 --- /dev/null +++ b/security/shibboleth-idp/files/jetty-base/modules/idp.mod @@ -0,0 +1,18 @@ +[description] +Shibboleth IdP + +[depend] +annotations +deploy +ext +#https +jsp +jstl +plus +resources +server +servlets +#ssl + +[files] +tmp/ diff --git a/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml b/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml new file mode 100644 index 000000000000..cec9236337fa --- /dev/null +++ b/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml @@ -0,0 +1,13 @@ +<configuration> + <statusListener class="ch.qos.logback.core.status.OnConsoleStatusListener" /> + <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/shibboleth/access.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>/var/log/shibboleth/access-%d{yyyy-MM-dd}.log.gz</fileNamePattern> + </rollingPolicy> + <encoder> + <pattern>combined</pattern> + </encoder> + </appender> + <appender-ref ref="FILE" /> +</configuration> diff --git a/security/shibboleth-idp/files/jetty-base/resources/logback.xml b/security/shibboleth-idp/files/jetty-base/resources/logback.xml new file mode 100644 index 000000000000..9a530677c4a9 --- /dev/null +++ b/security/shibboleth-idp/files/jetty-base/resources/logback.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration scan="true"> + <appender name="jetty" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <File>/var/log/shibboleth/jetty.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <FileNamePattern>/var/log/shibboleth/jetty-%d{yyyy-MM-dd}.log.gz</FileNamePattern> + </rollingPolicy> + <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <charset>UTF-8</charset> + <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n</Pattern> + </encoder> + </appender> + <root level="INFO"> + <appender-ref ref="jetty" /> + </root> + <logger name="org.springframework" level="OFF" /> + <logger name="ch.qos.logback" level="WARN" /> +</configuration> diff --git a/security/shibboleth-idp/files/jetty-base/start.d/http.ini b/security/shibboleth-idp/files/jetty-base/start.d/http.ini new file mode 100644 index 000000000000..fd91753eb783 --- /dev/null +++ b/security/shibboleth-idp/files/jetty-base/start.d/http.ini @@ -0,0 +1,14 @@ +# --------------------------------------- +# Module: http +# Shibboleth IdP +# --------------------------------------- + +--module=http +--module=http-forwarded + +# Allows use of default IdP command line tools. +jetty.http.host=127.0.0.1 +jetty.http.port=8080 + +# Hide server version +jetty.httpConfig.sendServerVersion=false diff --git a/security/shibboleth-idp/files/jetty-base/start.d/idp.ini b/security/shibboleth-idp/files/jetty-base/start.d/idp.ini new file mode 100644 index 000000000000..e87aa186019d --- /dev/null +++ b/security/shibboleth-idp/files/jetty-base/start.d/idp.ini @@ -0,0 +1,35 @@ +# --------------------------------------- +# Module: idp +# Shibboleth IdP +# --------------------------------------- +--module=logging-logback +--module=idp + +## Keystore file path (relative to $jetty.base) +jetty.sslContext.keyStorePath=credentials/idp-userfacing.p12 +## Truststore file path (relative to $jetty.base) +jetty.sslContext.trustStorePath=credentials/idp-userfacing.p12 + +## Keystore type +jetty.sslContext.keyStoreType=PKCS12 +## Truststore type and provider +jetty.sslContext.trustStoreType=PKCS12 + +## Keystore password +jetty.sslContext.keyStorePassword=%%KEYSTORE%% +## Truststore password +jetty.sslContext.trustStorePassword=%%KEYSTORE%% +## KeyManager password +jetty.sslContext.keyManagerPassword=%%KEYSTORE%% + +## Deny SSL renegotiation +jetty.sslContext.renegotiationAllowed=false + +## Connector host/address to bind to +jetty.ssl.host=127.0.0.1 + +## Connector port to listen on +jetty.ssl.port=443 + +# logging +etc/jetty-requestlog.xml diff --git a/security/shibboleth-idp/files/jetty-base/start.d/start.ini b/security/shibboleth-idp/files/jetty-base/start.d/start.ini new file mode 100644 index 000000000000..f83bcf36389e --- /dev/null +++ b/security/shibboleth-idp/files/jetty-base/start.d/start.ini @@ -0,0 +1,24 @@ +# Any other required Jetty modules... + +# Allows setting Java system properties (-Dname=value) +# and JVM flags (-X, -XX) in this file +# NOTE: spawns child Java process +--exec + +# Uncomment if IdP is installed somewhere other than /opt/shibboleth-idp +-Didp.home=/usr/local/www/shibboleth + +# Maximum amount of memory that Jetty may use, at least 1.5G is recommended +# for handling larger (> 25M) metadata files but you will need to test on +# your particular metadata configuration. If MDQ metadata on demand is used, +# requirements may be much lower. +-Xmx1500m + +# Prevent blocking for entropy. +-Djava.security.egd=file:/dev/urandom + +# Set Java tmp location +-Djava.io.tmpdir=/tmp + +# Where to put logs +-Didp.logfiles=/var/log/shibboleth diff --git a/security/shibboleth-idp/files/jetty-base/webapps/idp.xml b/security/shibboleth-idp/files/jetty-base/webapps/idp.xml new file mode 100644 index 000000000000..f5ba928e0b73 --- /dev/null +++ b/security/shibboleth-idp/files/jetty-base/webapps/idp.xml @@ -0,0 +1,12 @@ +<?xml version="1.0"?> +<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd"> +<!-- =============================================================== --> +<!-- Configure the Shibboleth IdP webapp --> +<!-- =============================================================== --> +<Configure class="org.eclipse.jetty.webapp.WebAppContext"> + <Set name="war"><SystemProperty name="idp.war.path" default="war/idp.war" /></Set> + <Set name="contextPath"><SystemProperty name="idp.context.path" default="/idp" /></Set> + <Set name="extractWAR">false</Set> + <Set name="copyWebDir">false</Set> + <Set name="copyWebInf">true</Set> +</Configure> diff --git a/security/shibboleth-idp/files/jetty-base/webapps/static.xml b/security/shibboleth-idp/files/jetty-base/webapps/static.xml new file mode 100644 index 000000000000..3c53036abb35 --- /dev/null +++ b/security/shibboleth-idp/files/jetty-base/webapps/static.xml @@ -0,0 +1,16 @@ +<?xml version="1.0"?> +<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd"> +<!-- =============================================================== --> +<!-- Configure static content delivery --> +<!-- =============================================================== --> +<Configure class="org.eclipse.jetty.server.handler.ContextHandler"> + <Set name="contextPath">/</Set> + <Set name="handler"> + <New class="org.eclipse.jetty.server.handler.ResourceHandler"> + <Set name="resourceBase"> + <Property name="jetty.base"/>/<Property name="jetty.static.data.path" default="../static"/> + </Set> + <Set name="directoriesListed">false</Set> + </New> + </Set> +</Configure> diff --git a/security/shibboleth-idp/files/pkg-message.in b/security/shibboleth-idp/files/pkg-message.in new file mode 100644 index 000000000000..156826d76bcf --- /dev/null +++ b/security/shibboleth-idp/files/pkg-message.in @@ -0,0 +1,42 @@ +[ +{ type: install + message: <<EOM +This package makes the following assumptions: +- The idP listens on 127.0.0.1 +- Another webserver (such as nginx or apache) will handle TLS termination +- This is the only jetty-based application on this host +- idP backchannel communication is not required + +To get started: + # sysrc shibboleth_idp_scope="example.com" + # sysrc shibboleth_idp_hostname="shibboleth.example.com" + # sysrc shibboleth_idp_entityid="shibboleth.example.com/idp/shibboleth" + # sysrc shibboleth-idp_enable="YES" + +Upgrade/create the deployment by running: + # service shibboleth-idp initupgrade + +Review the configuration files in %%WWWDIR%%: +- start.d/idp.ini +- start.d/http.ini + +Start Shibboleth: + # service shibboleth-idp start +EOM +} +{ type: upgrade + message: <<EOM +You must run the following to complete the upgrade: + # service shibboleth-idp initupgrade + # service shibboleth-idp restart +EOM +} +{ type: remove + message: <<EOM +If Shibboleth is removed, and no longer needed, you can +safely delete this directory: + + %%WWWDIR%% +EOM +} +] diff --git a/security/shibboleth-idp/files/shibboleth-idp.in b/security/shibboleth-idp/files/shibboleth-idp.in new file mode 100644 index 000000000000..c8904167e00c --- /dev/null +++ b/security/shibboleth-idp/files/shibboleth-idp.in @@ -0,0 +1,87 @@ +#!/bin/sh + +# PROVIDE: shibboleth-idp +# REQUIRE: NETWORKING SERVERS +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable shibboleth_idp: +# +# shibboleth_idp_enable="YES" +# + +. /etc/rc.subr + +name=shibboleth_idp +rcvar=shibboleth_idp_enable + +command="%%PREFIX%%/sbin/shibboleth-idp.sh" +command_args="start" +extra_commands="idpstatus initupgrade" +start_precmd="shibboleth_idp_start_precmd" +initupgrade_cmd="shibboleth_idp_initupgrade" + +# set defaults +shibboleth_idp_enable=${shibboleth_idp_enable:-"NO"} +shibboleth_idp_entityid=${shibboleth_idp_entityid:-""} +shibboleth_idp_hostname=${shibboleth_idp_hostname:-""} +shibboleth_idp_keysize=${shibboleth_idp_keysize:-"3072"} +shibboleth_idp_scope=${shibboleth_idp_scope:-""} +shibboleth_idp_user=${shibboleth_idp_user:-"%%SHIBUSER%%"} +shibboleth_idp_group=${shibboleth_idp_group:-"%%SHIBGROUP%%"} + +load_rc_config ${name} + +if test -n "${shibboleth_idp_java_version}" ; then + JAVA_HOME=$(JAVA_VERSION="${shibboleth_idp_java_version}" JAVAVM_DRYRUN=1 %%LOCALBASE%%/bin/java | grep JAVA_HOME | cut -d= -f2) + procname=$(JAVA_VERSION="${shibboleth_idp_java_version}" JAVAVM_DRYRUN=1 %%LOCALBASE%%/bin/java | grep JAVAVM_PROG | cut -d= -f2) +else + JAVA_HOME=$(JAVAVM_DRYRUN=1 %%LOCALBASE%%/bin/java | grep JAVA_HOME | cut -d= -f2) + procname=$(JAVAVM_DRYRUN=1 %%LOCALBASE%%/bin/java | grep JAVAVM_PROG | cut -d= -f2) +fi + +export JAVA_HOME + +shibboleth_idp_precmd() { + if [ -z ${shibboleth_idp_scope} ]; then + echo "$0: WARNING: shibboleth_idp_scope is not defined in rc.conf." + echo "$0: Example: sysrc shibboleth_idp_scope=\"example.com\"" + exit 1 + fi + if [ -z ${shibboleth_idp_entityid} ]; then + echo "$0: WARNING: shibboleth_idp_entityid is not defined in rc.conf." + echo "$0: Example: sysrc shibboleth_idp_entityid=\"https://shib.example.com/idp/shibboleth\"" + exit 1 + fi + if [ -z ${shibboleth_idp_hostname} ]; then + echo "$0: WARNING: shibboleth_idp_hostname is not defined in rc.conf." + echo "$0: Example: sysrc shibboleth_idp_hostname=\"shibboleth.example.com\"" + exit 1 + fi +} + +shibboleth_idp_start_precmd() { + shibboleth_idp_precmd + + if [ ! -r "%%WWWDIR%%/war/idp.war" ]; then + echo "$0: WARNING: /usr/local/www/shibboleth/war/idp.war is not readable." + echo "$0: You must run: service $(basename $0) initupgrade first" + exit 1 + fi +} + +shibboleth_idp_initupgrade() { + shibboleth_idp_precmd + + KEYSTORE=`/usr/bin/openssl rand -base64 32` + COOKIE=`/usr/bin/openssl rand -base64 32` + + /usr/bin/sed -i'.bak' -e "s|%%KEYSTORE%%|${KEYSTORE}|g" -e "s|%%KEYMANAGER%%|${KEYMANAGER}|g" %%WWWDIR%%/start.d/idp.ini + /bin/rm -f %%WWWDIR%%/idp.ini.bak + + PATH="${PATH}:%%LOCALBASE%%/bin" + %%DATADIR%%/bin/install.sh -Didp.keysize=${shibboleth_idp_keysize} -Didp.target.dir=%%WWWDIR%% -Didp.src.dir=%%DATADIR%% -Didp.conf.credentials.group=%%SHIBUSER%% -Didp.conf.credentials.filemode=640 -Didp.keystore.password=${KEYSTORE} -Didp.sealer.password=${COOKIE} -Didp.host.name=${shibboleth_idp_hostname} -Didp.scope=${shibboleth_idp_scope} -Didp.entityID=${shibboleth_idp_entityid} -Didp.noprompt + /usr/bin/sed -i'.bak' -e "s|:8443||g" %%WWWDIR%%/metadata/idp-metadata.xml +} + +run_rc_command "$1" diff --git a/security/shibboleth-idp/files/shibboleth-idp.sh b/security/shibboleth-idp/files/shibboleth-idp.sh new file mode 100755 index 000000000000..70a9ef3276a6 --- /dev/null +++ b/security/shibboleth-idp/files/shibboleth-idp.sh @@ -0,0 +1,628 @@ +#!/usr/bin/env bash + +# LSB Tags +### BEGIN INIT INFO +# Provides: jetty +# Required-Start: $local_fs $network +# Required-Stop: $local_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Jetty start script. +# Description: Start Jetty web server. +### END INIT INFO + +# Startup script for jetty under *nix systems (it works under NT/cygwin too). + +################################################## +# Set the name which is used by other variables. +# Defaults to the file name without extension. +################################################## +NAME=$(echo $(basename $0) | sed -e 's/^[SK][0-9]*//' -e 's/\.sh$//') + +# To get the service to restart correctly on reboot, uncomment below (3 lines): +# ======================== +# chkconfig: 3 99 99 +# description: Jetty 9 webserver +# processname: jetty +# ======================== + +# Configuration files +# +# /etc/default/$NAME +# If it exists, this is read at the start of script. It may perform any +# sequence of shell commands, like setting relevant environment variables. +# +# $HOME/.$NAMErc (e.g. $HOME/.jettyrc) +# If it exists, this is read at the start of script. It may perform any +# sequence of shell commands, like setting relevant environment variables. +# +# /etc/$NAME.conf +# If found, and no configurations were given on the command line, +# the file will be used as this script's configuration. +# Each line in the file may contain: +# - A comment denoted by the pound (#) sign as first non-blank character. +# - The path to a regular file, which will be passed to jetty as a +# config.xml file. +# - The path to a directory. Each *.xml file in the directory will be +# passed to jetty as a config.xml file. +# - All other lines will be passed, as-is to the start.jar +# +# The files will be checked for existence before being passed to jetty. +# +# Configuration variables +# +# JAVA +# Command to invoke Java. If not set, java (from the PATH) will be used. +# +# JAVA_OPTIONS +# Extra options to pass to the JVM +# +# JETTY_HOME +# Where Jetty is installed. If not set, the script will try go +# guess it by looking at the invocation path for the script +# The java system property "jetty.home" will be +# set to this value for use by configure.xml files, f.e.: +# +# <Arg><Property name="jetty.home" default="."/>/webapps/jetty.war</Arg> +# +# JETTY_BASE +# Where your Jetty base directory is. If not set, then the currently +# directory is checked, otherwise the value from +# $JETTY_HOME will be used. +# +# JETTY_RUN +# Where the $NAME.pid file should be stored. It defaults to the +# first available of /var/run, /usr/var/run, JETTY_BASE and /tmp +# if not set. +# +# JETTY_PID +# The Jetty PID file, defaults to $JETTY_RUN/$NAME.pid +# +# JETTY_ARGS +# The default arguments to pass to jetty. +# For example +# JETTY_ARGS=jetty.http.port=8080 jetty.ssl.port=8443 +# +# JETTY_USER +# if set, then used as a username to run the server as +# +# JETTY_SHELL +# If set, then used as the shell by su when starting the server. Will have +# no effect if start-stop-daemon exists. Useful when JETTY_USER does not +# have shell access, e.g. /bin/false +# +# JETTY_START_TIMEOUT +# Time spent waiting to see if startup was successful/failed. Defaults to 60 seconds +# + +usage() +{ + echo "Usage: ${0##*/} [-d] {start|stop|run|restart|check|supervise} [ CONFIGS ... ] " + exit 1 +} + +[ $# -gt 0 ] || usage + + +################################################## +# Some utility functions +################################################## +findDirectory() +{ + local L OP=$1 + shift + for L in "$@"; do + [ "$OP" "$L" ] || continue + printf %s "$L" + break + done +} + +running() +{ + if [ -f "$1" ] + then + local PID=$(cat "$1" 2>/dev/null) || return 1 + kill -0 "$PID" 2>/dev/null + return + fi + rm -f "$1" + return 1 +} + +started() +{ + # wait for 60s to see "STARTED" in PID file, needs jetty-started.xml as argument + for ((T = 0; T < $(($3 / 4)); T++)) + do + sleep 4 + [ -z "$(tail -1 $1 | grep STARTED 2>/dev/null)" ] || return 0 + [ -z "$(tail -1 $1 | grep STOPPED 2>/dev/null)" ] || return 1 + [ -z "$(tail -1 $1 | grep FAILED 2>/dev/null)" ] || return 1 + local PID=$(cat "$2" 2>/dev/null) || return 1 + kill -0 "$PID" 2>/dev/null || return 1 + echo -n ". " + done + + return 1; +} + + +readConfig() +{ + (( DEBUG )) && echo "Reading $1.." + source "$1" +} + +dumpEnv() +{ + echo "JAVA = $JAVA" + echo "JAVA_OPTIONS = ${JAVA_OPTIONS[*]}" + echo "JETTY_HOME = $JETTY_HOME" + echo "JETTY_BASE = $JETTY_BASE" + echo "START_D = $START_D" + echo "START_INI = $START_INI" + echo "JETTY_START = $JETTY_START" + echo "JETTY_CONF = $JETTY_CONF" + echo "JETTY_ARGS = ${JETTY_ARGS[*]}" + echo "JETTY_RUN = $JETTY_RUN" + echo "JETTY_PID = $JETTY_PID" + echo "JETTY_START_LOG = $JETTY_START_LOG" + echo "JETTY_STATE = $JETTY_STATE" + echo "JETTY_START_TIMEOUT = $JETTY_START_TIMEOUT" + echo "RUN_CMD = ${RUN_CMD[*]}" +} + + + +################################################## +# Get the action & configs +################################################## +CONFIGS=() +NO_START=0 +DEBUG=0 + +while [[ $1 = -* ]]; do + case $1 in + -d) DEBUG=1 ;; + esac + shift +done +ACTION=$1 +shift + +################################################## +# Read any configuration files +################################################## +ETC=/etc +if [ $UID != 0 ] +then + ETC=$HOME/etc +fi + +for CONFIG in {/etc,~/etc}/default/${NAME}{,9} $HOME/.${NAME}rc /usr/local/etc/shibboleth/${NAME}{,9}; do + if [ -f "$CONFIG" ] ; then + readConfig "$CONFIG" + fi +done + + +################################################## +# Set tmp if not already set. +################################################## +TMPDIR=${TMPDIR:-/tmp} + +################################################## +# Jetty's hallmark +################################################## +JETTY_INSTALL_TRACE_FILE="start.jar" + + +################################################## +# Try to determine JETTY_HOME if not set +################################################## +if [ -z "$JETTY_HOME" ] +then + JETTY_SH=$0 + case "$JETTY_SH" in + /*) JETTY_HOME=${JETTY_SH%/*/*} ;; + ./*/*) JETTY_HOME=${JETTY_SH%/*/*} ;; + ./*) JETTY_HOME=.. ;; + */*/*) JETTY_HOME=./${JETTY_SH%/*/*} ;; + */*) JETTY_HOME=. ;; + *) JETTY_HOME=.. ;; + esac + + if [ ! -f "$JETTY_HOME/$JETTY_INSTALL_TRACE_FILE" ] + then + JETTY_HOME= + fi +fi + +################################################## +# No JETTY_HOME yet? We're out of luck! +################################################## +if [ -z "$JETTY_HOME" ]; then + echo "** ERROR: JETTY_HOME not set, you need to set it or install in a standard location" + exit 1 +fi + +RUN_DIR=$(pwd) +cd "$JETTY_HOME" +JETTY_HOME=$(pwd) + +################################################## +# Set JETTY_BASE +################################################## +export JETTY_BASE +if [ -z "$JETTY_BASE" ]; then + if [ -d "$RUN_DIR/start.d" -o -f "$RUN_DIR/start.ini" ]; then + JETTY_BASE=$RUN_DIR + else + JETTY_BASE=$JETTY_HOME + fi +fi +cd "$JETTY_BASE" +JETTY_BASE=$(pwd) + +##################################################### +# Check that jetty is where we think it is +##################################################### +if [ ! -r "$JETTY_HOME/$JETTY_INSTALL_TRACE_FILE" ] +then + echo "** ERROR: Oops! Jetty doesn't appear to be installed in $JETTY_HOME" + echo "** ERROR: $JETTY_HOME/$JETTY_INSTALL_TRACE_FILE is not readable!" + exit 1 +fi + +################################################## +# Try to find this script's configuration file, +# but only if no configurations were given on the +# command line. +################################################## +if [ -z "$JETTY_CONF" ] +then + if [ -f $ETC/${NAME}.conf ] + then + JETTY_CONF=$ETC/${NAME}.conf + elif [ -f "$JETTY_BASE/etc/jetty.conf" ] + then + JETTY_CONF=$JETTY_BASE/etc/jetty.conf + elif [ -f "$JETTY_HOME/etc/jetty.conf" ] + then + JETTY_CONF=$JETTY_HOME/etc/jetty.conf + fi +fi + +##################################################### +# Find a location for the pid file +##################################################### +if [ -z "$JETTY_RUN" ] +then + JETTY_RUN=$(findDirectory -w /var/run /usr/var/run $JETTY_BASE /tmp)/jetty + [ -d "$JETTY_RUN" ] || mkdir $JETTY_RUN +fi + +##################################################### +# define start log location +##################################################### +if [ -z "$JETTY_START_LOG" ] +then + JETTY_START_LOG="$JETTY_RUN/$NAME-start.log" +fi + +##################################################### +# Find a pid and state file +##################################################### +if [ -z "$JETTY_PID" ] +then + JETTY_PID="$JETTY_RUN/${NAME}.pid" +fi + +if [ -z "$JETTY_STATE" ] +then + JETTY_STATE=$JETTY_BASE/${NAME}.state +fi + +case "`uname`" in +CYGWIN*) JETTY_STATE="`cygpath -w $JETTY_STATE`";; +esac + + +JETTY_ARGS=(${JETTY_ARGS[*]} "jetty.state=$JETTY_STATE") + +################################################## +# Get the list of config.xml files from jetty.conf +################################################## +if [ -f "$JETTY_CONF" ] && [ -r "$JETTY_CONF" ] +then + while read -r CONF + do + if expr "$CONF" : '#' >/dev/null ; then + continue + fi + + if [ -d "$CONF" ] + then + # assume it's a directory with configure.xml files + # for example: /etc/jetty.d/ + # sort the files before adding them to the list of JETTY_ARGS + for XMLFILE in "$CONF/"*.xml + do + if [ -r "$XMLFILE" ] && [ -f "$XMLFILE" ] + then + JETTY_ARGS=(${JETTY_ARGS[*]} "$XMLFILE") + else + echo "** WARNING: Cannot read '$XMLFILE' specified in '$JETTY_CONF'" + fi + done + else + # assume it's a command line parameter (let start.jar deal with its validity) + JETTY_ARGS=(${JETTY_ARGS[*]} "$CONF") + fi + done < "$JETTY_CONF" +fi + +################################################## +# Setup JAVA if unset +################################################## +if [ -z "$JAVA" ] +then + JAVA=$(which java) +fi + +if [ -z "$JAVA" ] +then + echo "Cannot find a Java JDK. Please set either set JAVA or put java (>=1.5) in your PATH." >&2 + exit 1 +fi + +##################################################### +# See if Deprecated JETTY_LOGS is defined +##################################################### +if [ "$JETTY_LOGS" ] +then + echo "** WARNING: JETTY_LOGS is Deprecated. Please configure logging within the jetty base." >&2 +fi + +##################################################### +# Set STARTED timeout +##################################################### +if [ -z "$JETTY_START_TIMEOUT" ] +then + JETTY_START_TIMEOUT=60 +fi + +##################################################### +# Are we running on Windows? Could be, with Cygwin/NT. +##################################################### +case "`uname`" in +CYGWIN*) PATH_SEPARATOR=";";; +*) PATH_SEPARATOR=":";; +esac + + +##################################################### +# Add jetty properties to Java VM options. +##################################################### + +case "`uname`" in +CYGWIN*) +JETTY_HOME="`cygpath -w $JETTY_HOME`" +JETTY_BASE="`cygpath -w $JETTY_BASE`" +TMPDIR="`cygpath -w $TMPDIR`" +;; +esac + +BASE_JETTY_SYS_PROPS=$(echo -ne "-Djetty.home=$JETTY_HOME" "-Djetty.base=$JETTY_BASE" "-Djava.io.tmpdir=$TMPDIR") +JETTY_SYS_PROPS=(${JETTY_SYS_PROPS[*]} $BASE_JETTY_SYS_PROPS) + +##################################################### +# This is how the Jetty server will be started +##################################################### + +JETTY_START=$JETTY_HOME/start.jar +START_INI=$JETTY_BASE/start.ini +START_D=$JETTY_BASE/start.d +if [ ! -f "$START_INI" -a ! -d "$START_D" ] +then + echo "Cannot find a start.ini file or a start.d directory in your JETTY_BASE directory: $JETTY_BASE" >&2 + exit 1 +fi + +case "`uname`" in +CYGWIN*) JETTY_START="`cygpath -w $JETTY_START`";; +esac + +RUN_ARGS=$("$JAVA" -jar "$JETTY_START" --dry-run=opts,path,main,args ${JETTY_ARGS[*]} ${JAVA_OPTIONS[*]}) +RUN_CMD=("$JAVA" $JETTY_SYS_PROPS ${RUN_ARGS[@]}) + +##################################################### +# Comment these out after you're happy with what +# the script is doing. +##################################################### +if (( DEBUG )) +then + dumpEnv +fi + +################################################## +# Do the action +################################################## +case "$ACTION" in + start) + echo -n "Starting Jetty: " + + if (( NO_START )); then + echo "Not starting ${NAME} - NO_START=1"; + exit + fi + + if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1 + then + unset CH_USER + if [ -n "$JETTY_USER" ] + then + CH_USER="--chuid $JETTY_USER" + fi + + start-stop-daemon --start $CH_USER \ + --pidfile "$JETTY_PID" \ + --chdir "$JETTY_BASE" \ + --background \ + --make-pidfile \ + --startas "$JAVA" \ + -- ${RUN_ARGS[@]} start-log-file="$JETTY_START_LOG" + + else + + if running $JETTY_PID + then + echo "Already Running $(cat $JETTY_PID)!" + exit 1 + fi + + if [ -n "$JETTY_USER" ] && [ `whoami` != "$JETTY_USER" ] + then + unset SU_SHELL + if [ "$JETTY_SHELL" ] + then + SU_SHELL="-s $JETTY_SHELL" + fi + + touch "$JETTY_PID" + chown "$JETTY_USER" "$JETTY_PID" + # FIXME: Broken solution: wordsplitting, pathname expansion, arbitrary command execution, etc. + su - "$JETTY_USER" $SU_SHELL -c " + cd \"$JETTY_BASE\" + exec ${RUN_CMD[*]} start-log-file=\"$JETTY_START_LOG\" > /dev/null & + disown \$! + echo \$! > \"$JETTY_PID\"" + else + "${RUN_CMD[@]}" > /dev/null & + disown $! + echo $! > "$JETTY_PID" + fi + + fi + + if expr "${JETTY_ARGS[*]}" : '.*jetty-started.xml.*' >/dev/null + then + if started "$JETTY_STATE" "$JETTY_PID" "$JETTY_START_TIMEOUT" + then + echo "OK `date`" + else + echo "FAILED `date`" + exit 1 + fi + else + echo "ok `date`" + fi + + ;; + + stop) + echo -n "Stopping Jetty: " + if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1; then + start-stop-daemon -K -p"$JETTY_PID" -d"$JETTY_HOME" -a "$JAVA" -s HUP + + TIMEOUT=30 + while running "$JETTY_PID"; do + if (( TIMEOUT-- == 0 )); then + start-stop-daemon -K -p"$JETTY_PID" -d"$JETTY_HOME" -a "$JAVA" -s KILL + fi + + sleep 1 + done + else + if [ ! -f "$JETTY_PID" ] ; then + echo "ERROR: no pid found at $JETTY_PID" + exit 1 + fi + + PID=$(cat "$JETTY_PID" 2>/dev/null) + if [ -z "$PID" ] ; then + echo "ERROR: no pid id found in $JETTY_PID" + exit 1 + fi + kill "$PID" 2>/dev/null + + TIMEOUT=30 + while running $JETTY_PID; do + if (( TIMEOUT-- == 0 )); then + kill -KILL "$PID" 2>/dev/null + fi + + sleep 1 + done + fi + + rm -f "$JETTY_PID" + rm -f "$JETTY_STATE" + echo OK + + ;; + + restart) + JETTY_SH=$0 + > "$JETTY_STATE" + if [ ! -f $JETTY_SH ]; then + if [ ! -f $JETTY_HOME/bin/jetty.sh ]; then + echo "$JETTY_HOME/bin/jetty.sh does not exist." + exit 1 + fi + JETTY_SH=$JETTY_HOME/bin/jetty.sh + fi + + "$JETTY_SH" stop "$@" + "$JETTY_SH" start "$@" + + ;; + + supervise) + # + # Under control of daemontools supervise monitor which + # handles restarts and shutdowns via the svc program. + # + exec "${RUN_CMD[@]}" + + ;; + + run|demo) + echo "Running Jetty: " + + if running "$JETTY_PID" + then + echo Already Running $(cat "$JETTY_PID")! + exit 1 + fi + + exec "${RUN_CMD[@]}" + ;; + + check|status) + if running "$JETTY_PID" + then + echo "Jetty running pid=$(< "$JETTY_PID")" + else + echo "Jetty NOT running" + fi + echo + dumpEnv + echo + + if running "$JETTY_PID" + then + exit 0 + fi + exit 1 + + ;; + + *) + usage + + ;; +esac + +exit 0 diff --git a/security/shibboleth-idp/files/shibboleth.in b/security/shibboleth-idp/files/shibboleth.in new file mode 100644 index 000000000000..e63c0b1c1b98 --- /dev/null +++ b/security/shibboleth-idp/files/shibboleth.in @@ -0,0 +1,64 @@ +# +# Sample Configuration File +# +# JAVA +# Command to invoke Java. If not set, java (from the PATH) will be used. +# + +# JAVA_OPTIONS +# Extra options to pass to the JVM +# + +# JETTY_HOME +# Where Jetty is installed. If not set, the script will try go +# guess it by looking at the invocation path for the script +# The java system property "jetty.home" will be +# set to this value for use by configure.xml files, f.e.: +# +# <Arg><Property name="jetty.home" default="."/>/webapps/jetty.war</Arg> +# +JETTY_HOME=/usr/local/jetty + +# +# JETTY_BASE +# Where your Jetty base directory is. If not set, the value from +# $JETTY_HOME will be used. +# +# IT IS STRONGLY RECOMMENDED THAT YOU MODIFY THIS VARIABLE TO POINT +# TO THE INSTALLATION OF YOUR WEB APPLICATION, KEEPING YOUR WEB +# APPLICATION SEPARATE FROM THE JETTY HOME LOCATION. +# +# MORE INFORMATION HERE: +# +# http://www.eclipse.org/jetty/documentation/current/startup-base-and-home.html +# +JETTY_BASE=%%WWWDIR%% + +# JETTY_RUN +# Where the $NAME.pid file should be stored. It defaults to the +# first available of /var/run, /usr/var/run, JETTY_BASE and /tmp +# if not set. +# + +# JETTY_PID +# The Jetty PID file, defaults to $JETTY_RUN/$NAME.pid +# +JETTY_PID=%%RUNDIR%%/shibboleth.pid + +# JETTY_ARGS +# The default arguments to pass to jetty. +# For example +# JETTY_ARGS=jetty.http.port=8080 jetty.ssl.port=8443 +# +JETTY_ARGS=jetty.logging.dir=%%LOGDIR%% + +# JETTY_USER +# if set, then used as a username to run the server as +# + +JETTY_STATE=%%RUNDIR%%/shibboleth.state + +# JETTY_SHELL +# If set, then used as the shell by su when starting the server. Will have +# no effect if start-stop-daemon exists. Useful when JETTY_USER does not +# diff --git a/security/shibboleth-idp/pkg-descr b/security/shibboleth-idp/pkg-descr new file mode 100644 index 000000000000..64a7f015c1eb --- /dev/null +++ b/security/shibboleth-idp/pkg-descr @@ -0,0 +1,8 @@ +A simple Single Sign-On solution for any organisation with complex +identity management requirements. With excellent scaling capabilities +and customisable user-related data, the Identity Provider equips +workforces with a personalised user experience. + +* Widely adaptable to support custom scenarios +* Built-in support for a range of authentication systems +* Handles millions of authentication requests per day diff --git a/security/shibboleth-idp/pkg-plist b/security/shibboleth-idp/pkg-plist new file mode 100644 index 000000000000..bd54acfe3b41 --- /dev/null +++ b/security/shibboleth-idp/pkg-plist @@ -0,0 +1,272 @@ +%%DATADIR%%/LICENSE.txt +%%DATADIR%%/bin/aacli.bat +%%DATADIR%%/bin/aacli.sh +%%DATADIR%%/bin/ant-jetty.xml +%%DATADIR%%/bin/ant.bat +%%DATADIR%%/bin/ant.sh +%%DATADIR%%/bin/build.bat +%%DATADIR%%/bin/build.sh +%%DATADIR%%/bin/build.xml +%%DATADIR%%/bin/install-log.xml +%%DATADIR%%/bin/install.bat +%%DATADIR%%/bin/install.sh +%%DATADIR%%/bin/keygen.bat +%%DATADIR%%/bin/keygen.sh +%%DATADIR%%/bin/lib/.gitkeep +%%DATADIR%%/bin/lib/ant-1.10.12.jar +%%DATADIR%%/bin/lib/ant-launcher-1.10.12.jar +%%DATADIR%%/bin/lib/bcpg-jdk15on-1.70.jar +%%DATADIR%%/bin/lib/commons-compress-1.21.jar +%%DATADIR%%/bin/lib/idp-installer-4.2.1.jar +%%DATADIR%%/bin/lib/jcommander-1.81.jar +%%DATADIR%%/bin/mdquery.bat +%%DATADIR%%/bin/mdquery.sh +%%DATADIR%%/bin/module.bat +%%DATADIR%%/bin/module.sh +%%DATADIR%%/bin/plugin.bat +%%DATADIR%%/bin/plugin.sh +%%DATADIR%%/bin/reload-metadata.bat +%%DATADIR%%/bin/reload-metadata.sh +%%DATADIR%%/bin/reload-service.bat +%%DATADIR%%/bin/reload-service.sh +%%DATADIR%%/bin/runclass.bat +%%DATADIR%%/bin/runclass.sh +%%DATADIR%%/bin/sealer.bat +%%DATADIR%%/bin/sealer.sh +%%DATADIR%%/bin/seckeygen.bat +%%DATADIR%%/bin/seckeygen.sh +%%DATADIR%%/bin/status.bat +%%DATADIR%%/bin/status.sh +%%DATADIR%%/bin/version.bat +%%DATADIR%%/bin/version.sh +%%DATADIR%%/conf/access-control.xml +%%DATADIR%%/conf/admin/admin.properties +%%DATADIR%%/conf/admin/metrics.xml +%%DATADIR%%/conf/attribute-filter.xml +%%DATADIR%%/conf/attribute-registry.xml +%%DATADIR%%/conf/attribute-resolver.xml +%%DATADIR%%/conf/attributes/custom/README +%%DATADIR%%/conf/attributes/default-rules.xml +%%DATADIR%%/conf/attributes/eduCourse.xml +%%DATADIR%%/conf/attributes/eduPerson.xml +%%DATADIR%%/conf/attributes/inetOrgPerson.xml +%%DATADIR%%/conf/attributes/samlSubject.xml +%%DATADIR%%/conf/attributes/schac.xml +%%DATADIR%%/conf/audit.xml +%%DATADIR%%/conf/authn/authn-comparison.xml +%%DATADIR%%/conf/authn/authn-events-flow.xml +%%DATADIR%%/conf/authn/authn.properties +%%DATADIR%%/conf/c14n/subject-c14n-events-flow.xml +%%DATADIR%%/conf/c14n/subject-c14n.properties +%%DATADIR%%/conf/c14n/subject-c14n.xml +%%DATADIR%%/conf/credentials.xml +%%DATADIR%%/conf/errors.xml +%%DATADIR%%/conf/examples/attribute-resolver-ldap.xml +%%DATADIR%%/conf/global.xml +%%DATADIR%%/conf/idp.properties +%%DATADIR%%/conf/intercept/intercept-events-flow.xml +%%DATADIR%%/conf/ldap.properties +%%DATADIR%%/conf/logback.xml +%%DATADIR%%/conf/metadata-providers.xml +%%DATADIR%%/conf/relying-party.xml +%%DATADIR%%/conf/saml-nameid.properties +%%DATADIR%%/conf/saml-nameid.xml +%%DATADIR%%/conf/services.properties +%%DATADIR%%/conf/services.xml +%%DATADIR%%/credentials/.gitkeep +%%DATADIR%%/doc/BC-LICENSE.txt +%%DATADIR%%/doc/CREDITS.txt +%%DATADIR%%/doc/DUO-LICENSE.txt +%%DATADIR%%/doc/JQUERY-LICENSE.txt +%%DATADIR%%/doc/README.txt +%%DATADIR%%/doc/RELEASE-NOTES.txt +%%DATADIR%%/doc/SPYMEMCACHED-LICENSE.txt +%%DATADIR%%/flows/authn/conditions/account-locked/account-locked-flow.xml +%%DATADIR%%/flows/authn/conditions/conditions-flow.xml +%%DATADIR%%/flows/authn/conditions/expired-password/expired-password-flow.xml +%%DATADIR%%/flows/authn/conditions/expiring-password/expiring-password-flow.xml +%%DATADIR%%/flows/user/prefs/prefs-flow.xml +@comment %%DATADIR%%/logs/.gitkeep +%%DATADIR%%/messages/messages.properties +%%DATADIR%%/system/DONOTTOUCH +%%DATADIR%%/system/conf/global-system.xml +%%DATADIR%%/system/conf/mvc-beans.xml +%%DATADIR%%/system/conf/webflow-config.xml +%%DATADIR%%/views/client-storage/client-storage-read.vm +%%DATADIR%%/views/client-storage/client-storage-write.vm +%%DATADIR%%/views/error.vm +%%DATADIR%%/views/logout-complete.vm +%%DATADIR%%/views/logout-propagate.vm +%%DATADIR%%/views/logout.vm +%%DATADIR%%/views/user-prefs.js +%%DATADIR%%/views/user-prefs.vm +%%DATADIR%%/webapp/META-INF/MANIFEST.MF +%%DATADIR%%/webapp/WEB-INF/idpui.tld +%%DATADIR%%/webapp/WEB-INF/jsp/metadata.jsp +%%DATADIR%%/webapp/WEB-INF/jsp/status.jsp +%%DATADIR%%/webapp/WEB-INF/lib/DuoWeb-1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/UserAgentUtils-1.21.jar +%%DATADIR%%/webapp/WEB-INF/lib/annotations-17.0.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/antlr-2.7.7.jar +%%DATADIR%%/webapp/WEB-INF/lib/bcpkix-jdk15on-1.70.jar +%%DATADIR%%/webapp/WEB-INF/lib/bcprov-jdk15on-1.70.jar +%%DATADIR%%/webapp/WEB-INF/lib/bcutil-jdk15on-1.70.jar +%%DATADIR%%/webapp/WEB-INF/lib/byte-buddy-1.10.21.jar +%%DATADIR%%/webapp/WEB-INF/lib/checker-qual-3.12.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/classmate-1.5.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-cli-1.4.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-codec-1.15.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-compiler-3.1.6.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-dbcp2-2.9.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-lang-2.6.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-lang3-3.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-pool2-2.10.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/cryptacular-1.2.4.jar +%%DATADIR%%/webapp/WEB-INF/lib/dom4j-2.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/error_prone_annotations-2.11.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/failureaccess-1.0.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/guava-31.1-jre.jar +%%DATADIR%%/webapp/WEB-INF/lib/hibernate-commons-annotations-5.1.2.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/hibernate-core-5.4.30.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpclient-4.5.13.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpclient-cache-4.5.13.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpcore-4.4.15.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-admin-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-admin-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-spring-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-spring-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-authn-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-authn-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-cas-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-cas-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-conf-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-consent-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-consent-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-core-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-profile-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-profile-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-profile-spring-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-saml-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-saml-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-schema-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-session-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-session-impl-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-ui-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/idwsfconsumer-2.1.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/istack-commons-runtime-3.0.12.jar +%%DATADIR%%/webapp/WEB-INF/lib/j2objc-annotations-1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-annotations-2.13.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-core-2.13.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-databind-2.13.2.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-datatype-jsr310-2.13.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jakarta.activation-1.2.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jakarta.json-1.1.6.jar +%%DATADIR%%/webapp/WEB-INF/lib/jakarta.mail-1.6.7.jar +%%DATADIR%%/webapp/WEB-INF/lib/jakarta.xml.bind-api-2.3.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/jandex-2.2.3.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/janino-3.1.6.jar +%%DATADIR%%/webapp/WEB-INF/lib/java-support-8.3.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/javassist-3.27.0-GA.jar +%%DATADIR%%/webapp/WEB-INF/lib/javax.persistence-api-2.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jaxb-runtime-2.3.6.jar +%%DATADIR%%/webapp/WEB-INF/lib/jboss-logging-3.4.1.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/jboss-transaction-api_1.2_spec-1.1.1.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/joda-time-2.10.14.jar +%%DATADIR%%/webapp/WEB-INF/lib/jsonapi-converter-0.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/jsr305-3.0.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jul-to-slf4j-1.7.36.jar +%%DATADIR%%/webapp/WEB-INF/lib/ldaptive-1.3.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar +%%DATADIR%%/webapp/WEB-INF/lib/log4j-over-slf4j-1.7.36.jar +%%DATADIR%%/webapp/WEB-INF/lib/logback-classic-1.2.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/logback-core-1.2.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/metrics-core-4.2.9.jar +%%DATADIR%%/webapp/WEB-INF/lib/metrics-json-4.2.9.jar +%%DATADIR%%/webapp/WEB-INF/lib/metrics-jvm-4.2.9.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-core-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-messaging-api-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-messaging-impl-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-profile-api-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-profile-impl-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-saml-api-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-saml-impl-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-security-api-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-security-impl-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-soap-api-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-soap-impl-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-storage-api-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-storage-impl-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-xmlsec-api-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-xmlsec-impl-4.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/slf4j-api-1.7.36.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-aop-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-beans-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-binding-2.5.1.RELEASE.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-context-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-core-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-expression-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-extensions-6.2.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-jcl-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-jdbc-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-orm-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-tx-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-web-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-webflow-2.5.1.RELEASE.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-webmvc-5.3.19.jar +%%DATADIR%%/webapp/WEB-INF/lib/spymemcached-2.12.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/stax2-api-4.2.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/txw2-2.3.6.jar +%%DATADIR%%/webapp/WEB-INF/lib/unboundid-ldapsdk-4.0.14.jar +%%DATADIR%%/webapp/WEB-INF/lib/velocity-engine-core-2.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/woodstox-core-6.2.6.jar +%%DATADIR%%/webapp/WEB-INF/lib/xmlsec-2.3.0.jar +%%DATADIR%%/webapp/WEB-INF/spring.tld +%%DATADIR%%/webapp/WEB-INF/web.xml +%%DATADIR%%/webapp/css/logout.css +%%DATADIR%%/webapp/css/placeholder.css +%%DATADIR%%/webapp/images/failure-32x32.png +%%DATADIR%%/webapp/images/placeholder-logo.png +%%DATADIR%%/webapp/images/success-32x32.png +%%DATADIR%%/webapp/index.jsp +%%DATADIR%%/webapp/js/Duo-Web-v2.js +%%DATADIR%%/webapp/js/Duo-Web-v2.min.js +%%DATADIR%%/webapp/js/jquery-3.6.0.min.js +@dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%DATADIR%%/metadata +@dir %%DATADIR%%/webapp/WEB-INF/classes +%%ETCDIR%%/shibboleth-idp +@dir %%ETCDIR%% +@sample %%EXAMPLESDIR%%/etc/jetty-requestlog.xml %%WWWDIR%%/etc/jetty-requestlog.xml +@sample %%EXAMPLESDIR%%/index.html %%WWWDIR%%/webapps/ROOT/index.html +@sample %%EXAMPLESDIR%%/modules/idp-logging.mod %%WWWDIR%%/modules/idp-logging.mod +@sample %%EXAMPLESDIR%%/modules/idp.mod %%WWWDIR%%/modules/idp.mod +@sample %%EXAMPLESDIR%%/resources/logback-access.xml %%WWWDIR%%/resources/logback-access.xml +@sample %%EXAMPLESDIR%%/resources/logback.xml %%WWWDIR%%/resources/logback.xml +@sample %%EXAMPLESDIR%%/start.d/http.ini %%WWWDIR%%/start.d/http.ini +@mode 640 +@group %%SHIBGROUP%% +@sample %%EXAMPLESDIR%%/start.d/idp.ini %%WWWDIR%%/start.d/idp.ini +@mode +@group +@sample %%EXAMPLESDIR%%/start.d/start.ini %%WWWDIR%%/start.d/start.ini +@sample %%EXAMPLESDIR%%/webapps/idp.xml %%WWWDIR%%/webapps/idp.xml +@sample %%EXAMPLESDIR%%/webapps/static.xml %%WWWDIR%%/webapps/static.xml +%%WWWDIR%%/lib/logging/logback-classic-%%LOGBACKVER%%.jar +%%WWWDIR%%/lib/logging/logback-core-%%LOGBACKVER%%.jar +@dir %%WWWDIR%%/conf +@dir %%WWWDIR%%/credentials +@dir %%WWWDIR%%/etc +@dir %%WWWDIR%%/modules +@dir %%WWWDIR%%/resources +@dir %%WWWDIR%%/start.d +@dir %%WWWDIR%%/webapps/ROOT +@dir %%WWWDIR%%/webapps +@dir %%WWWDIR%% +sbin/shibboleth-idp.sh +@dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%RUNDIR%% +@dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%LOGDIR%% |