From 197224cd5e0efd1da0aa6cc9df971378d741bf32 Mon Sep 17 00:00:00 2001 From: MDreW Date: Thu, 20 Feb 2025 10:25:00 +0100 Subject: [PATCH 1/6] short name for services, add "iam-proxy-italia" as project name (all container are prefixed with project name), add build options for satosa (you ca use `docker compose up --build` to recompile), removed unecessary named network, removed superfluous key in docker-compose, optimized process for metadata and key update (clean and short) --- Docker-compose/docker-compose.yml | 60 ++++++------------------ Docker-compose/env.example | 6 +-- Docker-compose/nginx/conf.d/default.conf | 2 +- example/entrypoint.sh | 27 +++-------- 4 files changed, 26 insertions(+), 69 deletions(-) diff --git a/Docker-compose/docker-compose.yml b/Docker-compose/docker-compose.yml index 8749982a..e4094acb 100644 --- a/Docker-compose/docker-compose.yml +++ b/Docker-compose/docker-compose.yml @@ -1,12 +1,11 @@ +name: iam-proxy-italia services: - - satosa-mongo: + mongo: profiles: - demo - mongo - mongoexpress image: mongo - container_name: satosa-mongo environment: MONGO_INITDB_DATABASE: oidcop MONGO_INITDB_ROOT_USERNAME: "${MONGO_DBUSER:-satosa}" @@ -18,19 +17,16 @@ services: # - mongodata:/data/db # to be used for external volumes ports: - '27017-27019:27017-27019' - networks: - - iam-proxy-italia - satosa-mongo-express: + express: profiles: - demo - mongoexpress image: mongo-express - container_name: satosa-mongo-express ports: - 8082:8081 depends_on: - - satosa-mongo + - mongo environment: ME_CONFIG_BASICAUTH_USERNAME: "${EXPRESS_USER:-satosauser}" ME_CONFIG_BASICAUTH_PASSWORD: "${EXPRESS_PASSWORD:-satosapw}" @@ -38,46 +34,33 @@ services: ME_CONFIG_MONGODB_ADMINPASSWORD: "${MONGO_DBPASSWORD:-thatpassword}" ME_CONFIG_MONGODB_URL: mongodb://${MONGO_DBUSER:-satosa}:${MONGO_DBPASSWORD:-thatpassword}@satosa-mongo:27017/ TZ: "${TZ:-Europe/Rome}" - networks: - - iam-proxy-italia - django_sp: + sp: profiles: - demo - dev build: - context: ../ - args: - - NODE_ENV=local - dockerfile: example_sp/django.Dockerfile - container_name: django_sp + context: ../ + dockerfile: example_sp/django.Dockerfile working_dir: /django_sp entrypoint: "sh ../entrypoint.sh" volumes: - ./djangosaml2_sp:/django_sp:rw ports: - "8000:8000" - networks: - - iam-proxy-italia - iam-proxy-italia: + satosa: image: ghcr.io/italia/iam-proxy-italia:latest - # image: iam-proxy-italia:latest - # build: - # context: ../ - # args: - # - NODE_ENV=local - # dockerfile: Dockerfile - container_name: iam-proxy-italia - # depends_on: - # - satosa-mongo + build: + context: ../ + dockerfile: Dockerfile stdin_open: ${SATOSA_DEBUG:-false} # enables PDB when attach to the compose tty: ${SATOSA_DEBUG:-false} # enables PDB when attach to the compose environment: - TZ=${TZ:-Europe/Rome} - SATOSA_DEBUG=${SATOSA_DEBUG:-false} - SATOSA_BY_DOCKER=1 - - GET_IDEM_MDQ_KEY=${GET_IDEM_MDQ_KEY:-true} + - GET_METADATA_AND_KEY=${GET_IDEM_MDQ_KEY:-true} - BASE_DIR=/satosa_proxy - SATOSA_PRIVATE_KEY=${SATOSA_KEYS_FOLDER:-./pki}/${SATOSA_PRIVATE_KEY_FILENAME:-privkey.pem} @@ -125,22 +108,17 @@ services: - ./satosa-project:/satosa_proxy:rwx # - ./eudi-wallet-it-python/pyeudiw:/.venv/lib/python3.12/site-packages/pyeudiw:rwx # - iam-proxy-italia-data:/satosa_proxy # to be used for external volumes - working_dir: /satosa_proxy - entrypoint: "sh entrypoint.sh" - networks: - - iam-proxy-italia healthcheck: - test: wget -O - https://satosa-nginx/Saml2IDP/metadata --no-check-certificate || exit 1 + test: wget -O - https://nginx/Saml2IDP/metadata --no-check-certificate || exit 1 interval: 30s retries: 10 start_period: 30s timeout: 30s - satosa-nginx: + nginx: image: nginx:alpine - container_name: satosa-nginx depends_on: - - iam-proxy-italia + - satosa ports: - "443:443" volumes: @@ -148,8 +126,6 @@ services: - ./nginx/html:/usr/share/nginx/html:ro - ./nginx/certs:/etc/nginx/certs:ro # - static:/usr/share/nginx/html # to be used for external volumes - networks: - - iam-proxy-italia environment: - NGINX_HOST=${SATOSA_HOSTNAME:-localhost} - TZ=${TZ:-Europe/Rome} @@ -159,14 +135,8 @@ services: - demo - dev image: italia/spid-saml-check - container_name: spid-samlcheck ports: - "8443:8443" - networks: - - iam-proxy-italia -networks: - iam-proxy-italia: - name: iam-proxy-italia ## External volumes # volumes: diff --git a/Docker-compose/env.example b/Docker-compose/env.example index dde23b85..dae702da 100644 --- a/Docker-compose/env.example +++ b/Docker-compose/env.example @@ -1,4 +1,4 @@ -SATOSA_HOSTNAME=localhost +METADATA_ANDSATOSA_HOSTNAME=localhost SATOSA_BASE=https://${SATOSA_HOSTNAME:-localhost} SATOSA_BASE_STATIC=${SATOSA_BASE}/static SATOSA_DISCO_SRV=${SATOSA_BASE_STATIC}/disco.html @@ -55,5 +55,5 @@ SATOSA_UI_LOGO_URL="https://example_organization.org/logo.png" SATOSA_UI_PRIVACY_URL_EN="https://example_organization.org/privacy" SATOSA_UI_PRIVACY_URL_IT="https://example_organization.org/it/privacy" -# If set to true, satosa downloads IDEM's keys and IDPs from registry.spid.gov.it -GET_IDEM_MDQ_KEY=true +# If set to true, satosa downloads IDEM's keys and SPID / CIE / eIDAS metadata +GET_METADATA_AND_KEY=true diff --git a/Docker-compose/nginx/conf.d/default.conf b/Docker-compose/nginx/conf.d/default.conf index 78d8a01c..77009427 100644 --- a/Docker-compose/nginx/conf.d/default.conf +++ b/Docker-compose/nginx/conf.d/default.conf @@ -26,7 +26,7 @@ server { rewrite /.well-known/jwt-vc-issuer/OpenID4VP /OpenID4VP/.well-known/jwt-vc-issuer break; include /etc/nginx/uwsgi_params; - uwsgi_pass iam-proxy-italia:10000; + uwsgi_pass satosa:10000; uwsgi_param Host $host; uwsgi_param X-Real-IP $remote_addr; uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/example/entrypoint.sh b/example/entrypoint.sh index d1b36d2a..dac88e35 100644 --- a/example/entrypoint.sh +++ b/example/entrypoint.sh @@ -1,28 +1,15 @@ #!/bin/bash . /.venv/bin/activate -MAX_RETRY=10 REMOTE_DATA_LOCATION="https://registry.spid.gov.it/entities-idp -O ./spid-entities-idps.xml" -# get IDEM MDQ key -if [[ $GET_IDEM_MDQ_KEY == true ]]; then - wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O $SATOSA_KEYS_FOLDER/idem-mdx-service-crt.pem - - wget $REMOTE_DATA_LOCATION - status=$? - while [[ $status != 0 && $MAX_RETRY -gt 0 ]]; do - echo "Retrying download from registry.spid.gov.it ..." - wget $REMOTE_DATA_LOCATION - status=$? - MAX_RETRY=$((MAX_RETRY-1)) - done - - if [ $MAX_RETRY == 0 ]; then - echo "Cannot fetch identity providers data from remote registry, aborting..." - exit 1 - fi - - echo "Downloaded IDEM MDQ key" +# update federation key and metadata +if [[ $GET_METADATA_AND_KEY == true ]]; then + TMP = `mktemp` + wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -nv -t3 -O $TMP && cp $TMP $SATOSA_KEYS_FOLDER/idem-mdx-service-crt.pem + wget https://registry.spid.gov.it/entities-idp -nv -t3 -O $TMP && cp $TMP ./metadata/idp/spid-entities-idps.xml + wget https://sp-proxy.eid.gov.it/metadata -nv -t3 -O $TMP && cp $TMP ./metadata/idp/ficep.xml + wget https://idserver.servizicie.interno.gov.it/idp/shibboleth?Metadata -nv -t3 -O $TMP && cp $TMP ./metadata/idp/cie-production.xml fi poetry show From a984d525347d3eaa8e35fee2f8ca767a2ec2d649 Mon Sep 17 00:00:00 2001 From: MDreW Date: Thu, 20 Feb 2025 18:17:23 +0100 Subject: [PATCH 2/6] added -b flag to local build container --- Docker-compose/run-docker-compose.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Docker-compose/run-docker-compose.sh b/Docker-compose/run-docker-compose.sh index 09f0793d..97f2a001 100755 --- a/Docker-compose/run-docker-compose.sh +++ b/Docker-compose/run-docker-compose.sh @@ -41,7 +41,11 @@ function update { } function start { - docker compose -f docker-compose.yml up --wait --wait-timeout 60 --remove-orphans + if [[ -z $BUILD ]]; then + docker compose -f docker-compose.yml up --wait --wait-timeout 60 --remove-orphans + else + docker compose -f docker-compose.yml up --wait --wait-timeout 60 --remove-orphans --build + fi echo -e "\n" echo -e "Completato. Per visionare i logs: 'docker-compose -f docker-compose.yml logs -f'" exit 0 @@ -61,11 +65,12 @@ function help { echo "-m Set 'mongo' compose profile. Run: satosa, nginx, mongo" echo "-M Set 'mongoexpress' compose profile. Run: satosa, nginx, mongo, mongo-express" echo "-d Set 'dev' compose profile. Run: satosa, nginx, django-sp, spid-saml-check" + echo "-b Set '--build' option in docker compose for local images generation" echo " if isn't set any of -p, -m, -M, -d, is used 'demo' compose profile" echo " demo compose profile start: satosa, nginx, mongo, mongo-express, django-sp, spid-saml-check" } -while getopts ":fpimMdsh" opt; do +while getopts ":fpimMdsbh" opt; do case ${opt} in f) clean_data @@ -85,6 +90,9 @@ while getopts ":fpimMdsh" opt; do s) SKIP_UPDATE=true ;; + b) + BUILD=true + ;; h) help exit 0 From 7d0eebe9179180c3fc61f333605f549f08a95188 Mon Sep 17 00:00:00 2001 From: MDreW Date: Thu, 20 Feb 2025 18:35:45 +0100 Subject: [PATCH 3/6] renamed plugins to configuration --- .../backends/ciesaml2_backend.yaml | 0 .../backends/pyeudiw_backend.yaml | 0 .../backends/saml2_backend.yaml | 0 .../backends/spidsaml2_backend.yaml | 0 .../frontends/oidcop_frontend.yaml | 0 .../openid_connect_frontend.yaml.example | 0 .../frontends/ping_frontend.yaml | 0 .../frontends/saml2_frontend.yaml | 0 .../microservices/custom_logging_service.yaml | 0 .../microservices/disco_to_target_issuer.yaml | 0 .../microservices/hasher.yaml | 0 .../microservices/idp_hinting.yaml | 0 .../microservices/ldap_attribute_store.yaml | 0 .../multi_ldap_attribute_store.yaml | 0 .../multiple_ldap_attribute_store.yaml | 0 .../spid_unical_account_linking.yaml | 0 .../microservices/static_attributes.yaml | 0 .../microservices/target_based_routing.yaml | 0 example/proxy_conf.yaml | 66 +++++++++---------- 19 files changed, 33 insertions(+), 33 deletions(-) rename example/{plugins => configuration}/backends/ciesaml2_backend.yaml (100%) rename example/{plugins => configuration}/backends/pyeudiw_backend.yaml (100%) rename example/{plugins => configuration}/backends/saml2_backend.yaml (100%) rename example/{plugins => configuration}/backends/spidsaml2_backend.yaml (100%) rename example/{plugins => configuration}/frontends/oidcop_frontend.yaml (100%) rename example/{plugins => configuration}/frontends/openid_connect_frontend.yaml.example (100%) rename example/{plugins => configuration}/frontends/ping_frontend.yaml (100%) rename example/{plugins => configuration}/frontends/saml2_frontend.yaml (100%) rename example/{plugins => configuration}/microservices/custom_logging_service.yaml (100%) rename example/{plugins => configuration}/microservices/disco_to_target_issuer.yaml (100%) rename example/{plugins => configuration}/microservices/hasher.yaml (100%) rename example/{plugins => configuration}/microservices/idp_hinting.yaml (100%) rename example/{plugins => configuration}/microservices/ldap_attribute_store.yaml (100%) rename example/{plugins => configuration}/microservices/multi_ldap_attribute_store.yaml (100%) rename example/{plugins => configuration}/microservices/multiple_ldap_attribute_store.yaml (100%) rename example/{plugins => configuration}/microservices/spid_unical_account_linking.yaml (100%) rename example/{plugins => configuration}/microservices/static_attributes.yaml (100%) rename example/{plugins => configuration}/microservices/target_based_routing.yaml (100%) diff --git a/example/plugins/backends/ciesaml2_backend.yaml b/example/configuration/backends/ciesaml2_backend.yaml similarity index 100% rename from example/plugins/backends/ciesaml2_backend.yaml rename to example/configuration/backends/ciesaml2_backend.yaml diff --git a/example/plugins/backends/pyeudiw_backend.yaml b/example/configuration/backends/pyeudiw_backend.yaml similarity index 100% rename from example/plugins/backends/pyeudiw_backend.yaml rename to example/configuration/backends/pyeudiw_backend.yaml diff --git a/example/plugins/backends/saml2_backend.yaml b/example/configuration/backends/saml2_backend.yaml similarity index 100% rename from example/plugins/backends/saml2_backend.yaml rename to example/configuration/backends/saml2_backend.yaml diff --git a/example/plugins/backends/spidsaml2_backend.yaml b/example/configuration/backends/spidsaml2_backend.yaml similarity index 100% rename from example/plugins/backends/spidsaml2_backend.yaml rename to example/configuration/backends/spidsaml2_backend.yaml diff --git a/example/plugins/frontends/oidcop_frontend.yaml b/example/configuration/frontends/oidcop_frontend.yaml similarity index 100% rename from example/plugins/frontends/oidcop_frontend.yaml rename to example/configuration/frontends/oidcop_frontend.yaml diff --git a/example/plugins/frontends/openid_connect_frontend.yaml.example b/example/configuration/frontends/openid_connect_frontend.yaml.example similarity index 100% rename from example/plugins/frontends/openid_connect_frontend.yaml.example rename to example/configuration/frontends/openid_connect_frontend.yaml.example diff --git a/example/plugins/frontends/ping_frontend.yaml b/example/configuration/frontends/ping_frontend.yaml similarity index 100% rename from example/plugins/frontends/ping_frontend.yaml rename to example/configuration/frontends/ping_frontend.yaml diff --git a/example/plugins/frontends/saml2_frontend.yaml b/example/configuration/frontends/saml2_frontend.yaml similarity index 100% rename from example/plugins/frontends/saml2_frontend.yaml rename to example/configuration/frontends/saml2_frontend.yaml diff --git a/example/plugins/microservices/custom_logging_service.yaml b/example/configuration/microservices/custom_logging_service.yaml similarity index 100% rename from example/plugins/microservices/custom_logging_service.yaml rename to example/configuration/microservices/custom_logging_service.yaml diff --git a/example/plugins/microservices/disco_to_target_issuer.yaml b/example/configuration/microservices/disco_to_target_issuer.yaml similarity index 100% rename from example/plugins/microservices/disco_to_target_issuer.yaml rename to example/configuration/microservices/disco_to_target_issuer.yaml diff --git a/example/plugins/microservices/hasher.yaml b/example/configuration/microservices/hasher.yaml similarity index 100% rename from example/plugins/microservices/hasher.yaml rename to example/configuration/microservices/hasher.yaml diff --git a/example/plugins/microservices/idp_hinting.yaml b/example/configuration/microservices/idp_hinting.yaml similarity index 100% rename from example/plugins/microservices/idp_hinting.yaml rename to example/configuration/microservices/idp_hinting.yaml diff --git a/example/plugins/microservices/ldap_attribute_store.yaml b/example/configuration/microservices/ldap_attribute_store.yaml similarity index 100% rename from example/plugins/microservices/ldap_attribute_store.yaml rename to example/configuration/microservices/ldap_attribute_store.yaml diff --git a/example/plugins/microservices/multi_ldap_attribute_store.yaml b/example/configuration/microservices/multi_ldap_attribute_store.yaml similarity index 100% rename from example/plugins/microservices/multi_ldap_attribute_store.yaml rename to example/configuration/microservices/multi_ldap_attribute_store.yaml diff --git a/example/plugins/microservices/multiple_ldap_attribute_store.yaml b/example/configuration/microservices/multiple_ldap_attribute_store.yaml similarity index 100% rename from example/plugins/microservices/multiple_ldap_attribute_store.yaml rename to example/configuration/microservices/multiple_ldap_attribute_store.yaml diff --git a/example/plugins/microservices/spid_unical_account_linking.yaml b/example/configuration/microservices/spid_unical_account_linking.yaml similarity index 100% rename from example/plugins/microservices/spid_unical_account_linking.yaml rename to example/configuration/microservices/spid_unical_account_linking.yaml diff --git a/example/plugins/microservices/static_attributes.yaml b/example/configuration/microservices/static_attributes.yaml similarity index 100% rename from example/plugins/microservices/static_attributes.yaml rename to example/configuration/microservices/static_attributes.yaml diff --git a/example/plugins/microservices/target_based_routing.yaml b/example/configuration/microservices/target_based_routing.yaml similarity index 100% rename from example/plugins/microservices/target_based_routing.yaml rename to example/configuration/microservices/target_based_routing.yaml diff --git a/example/proxy_conf.yaml b/example/proxy_conf.yaml index b13046d9..c84701ca 100644 --- a/example/proxy_conf.yaml +++ b/example/proxy_conf.yaml @@ -21,27 +21,27 @@ USER_ID_HASH_SALT: !ENV SATOSA_SALT ERROR_URL: !ENV SATOSA_UNKNOW_ERROR_REDIRECT_PAGE CUSTOM_PLUGIN_MODULE_PATHS: - #- "plugins/ping" - - "plugins/backends" - - "plugins/frontends" - - "plugins/micro_services" + #- "configuration/ping" + - "configuration/backends" + - "configuration/frontends" + - "configuration/micro_services" BACKEND_MODULES: - - "plugins/backends/saml2_backend.yaml" - - "plugins/backends/spidsaml2_backend.yaml" - - "plugins/backends/ciesaml2_backend.yaml" - - "plugins/backends/pyeudiw_backend.yaml" + - "configuration/backends/saml2_backend.yaml" + - "configuration/backends/spidsaml2_backend.yaml" + - "configuration/backends/ciesaml2_backend.yaml" + - "configuration/backends/pyeudiw_backend.yaml" FRONTEND_MODULES: - - "plugins/frontends/saml2_frontend.yaml" - # - "plugins/frontends/oidcop_frontend.yaml" + - "configuration/frontends/saml2_frontend.yaml" + # - "configuration/frontends/oidcop_frontend.yaml" MICRO_SERVICES: - # - "plugins/microservices/spid_unical_account_linking.yaml" - # - "plugins/microservices/multiple_ldap_attribute_store.yaml" - # - "plugins/microservices/ldap_attribute_store.yaml" + # - "configuration/microservices/spid_unical_account_linking.yaml" + # - "configuration/microservices/multiple_ldap_attribute_store.yaml" + # - "configuration/microservices/ldap_attribute_store.yaml" # re-process again after new attributes beign pushed (or not) from ldap store - # - "plugins/microservices/spid_unical_account_linking.yaml" - - "plugins/microservices/idp_hinting.yaml" - - "plugins/microservices/disco_to_target_issuer.yaml" - - "plugins/microservices/target_based_routing.yaml" + # - "configuration/microservices/spid_unical_account_linking.yaml" + - "configuration/microservices/idp_hinting.yaml" + - "configuration/microservices/disco_to_target_issuer.yaml" + - "configuration/microservices/target_based_routing.yaml" LOGGING: version: 1 formatters: @@ -67,22 +67,22 @@ LOGGING: level: DEBUG formatter: simple stream: ext://sys.stdout - saml2_debug_file: - class: logging.handlers.RotatingFileHandler - level: DEBUG - formatter: simple - filename: logs/saml2_debug.log - maxBytes: 104857600 # 100MB - backupCount: 20 - encoding: utf8 - oidcop_debug_file: - class: logging.handlers.RotatingFileHandler - level: DEBUG - formatter: simple - filename: logs/oidcop_debug.log - maxBytes: 104857600 # 100MB - backupCount: 20 - encoding: utf8 + # saml2_debug_file: + # class: logging.handlers.RotatingFileHandler + # level: DEBUG + # formatter: simple + # filename: logs/saml2_debug.log + # maxBytes: 104857600 # 100MB + # backupCount: 20 + # encoding: utf8 + # oidcop_debug_file: + # class: logging.handlers.RotatingFileHandler + # level: DEBUG + # formatter: simple + # filename: logs/oidcop_debug.log + # maxBytes: 104857600 # 100MB + # backupCount: 20 + # encoding: utf8 loggers: satosa: level: INFO From 6914dbb923ef420ab7ccd24e66cc95eb6e6e1b5b Mon Sep 17 00:00:00 2001 From: MDreW Date: Fri, 21 Feb 2025 10:46:48 +0100 Subject: [PATCH 4/6] Removed `chmod 777` from run-docker-compose.sh; added entrypoint with `sh`, no executed right requested; commented unused log handled in proxy_conf --- Docker-compose/run-docker-compose.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/Docker-compose/run-docker-compose.sh b/Docker-compose/run-docker-compose.sh index 97f2a001..d185356e 100755 --- a/Docker-compose/run-docker-compose.sh +++ b/Docker-compose/run-docker-compose.sh @@ -22,9 +22,6 @@ function initialize_satosa { if [ ! -f ./satosa-project/proxy_conf.yaml ]; then cp -R ../example/* ./satosa-project/ ; rm -R ./satosa/static/ ; else echo 'satosa-project directory is already initialized' ; fi if [ ! -f ./djangosaml2_sp/run.sh ]; then cp -R ../example_sp/djangosaml2_sp/* ./djangosaml2_sp ; else echo 'djangosaml2_sp directory is already initialided' ; fi if [ ! -f ./nginx/html/static/disco.html ]; then cp -R ../example/static/* ./nginx/html/static ; else echo 'nginx directory is already initialized' ; fi - - chmod -R 777 ./satosa-project - echo "WARNING: satosa-project permission folder set recursively to 777" } function update { From 9fea89206633b6ac15205e7049d6df91ba8520e4 Mon Sep 17 00:00:00 2001 From: MDreW Date: Fri, 21 Feb 2025 10:54:21 +0100 Subject: [PATCH 5/6] Removed `chmod 777` from run-docker-compose.sh; added entrypoint with `sh`, no executed right requested; commented unused log handled in proxy_conf --- .github/workflows/python-app.yml | 4 ++-- Dockerfile | 1 + example/entrypoint.sh | 0 example/proxy_conf.yaml | 16 ++++++++-------- 4 files changed, 11 insertions(+), 10 deletions(-) mode change 100644 => 100755 example/entrypoint.sh diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index ad459380..4c64e048 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -58,8 +58,8 @@ jobs: cat Docker-compose/satosa-project/metadata/sp/djangosaml2_sp.xml - name: Inspect Satosa status run: | - docker container inspect iam-proxy-italia - docker container logs iam-proxy-italia + docker container inspect iam-proxy-italia-satosa-1 + docker container logs iam-proxy-italia-satosa-1 - name: Copy Satosa IDP Metadata to djangosaml2 SP run: | wget -vd --no-check-certificate https://localhost/Saml2IDP/metadata -O Docker-compose/djangosaml2_sp/saml2_sp/saml2_config/iam-proxy-italia.xml diff --git a/Dockerfile b/Dockerfile index 1b2ab4d1..9c0fee32 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,3 +39,4 @@ RUN poetry install RUN poetry add setuptools WORKDIR $BASEDIR/ +ENTRYPOINT ["sh", "entrypoint.sh"] diff --git a/example/entrypoint.sh b/example/entrypoint.sh old mode 100644 new mode 100755 diff --git a/example/proxy_conf.yaml b/example/proxy_conf.yaml index c84701ca..8e34e983 100644 --- a/example/proxy_conf.yaml +++ b/example/proxy_conf.yaml @@ -50,14 +50,6 @@ LOGGING: syslog: format: "[SATOSA] [%(name)s] [%(levelname)s]: %(message)s" handlers: - spid_daily: - class: logging.handlers.TimedRotatingFileHandler - level: INFO - formatter: simple - filename: logs/spid.log - when: D - interval: 1 - backupCount: 860 syslog: class: logging.handlers.SysLogHandler level: INFO @@ -67,6 +59,14 @@ LOGGING: level: DEBUG formatter: simple stream: ext://sys.stdout + # spid_daily: + # class: logging.handlers.TimedRotatingFileHandler + # level: INFO + # formatter: simple + # filename: logs/spid.log + # when: D + # interval: 1 + # backupCount: 860 # saml2_debug_file: # class: logging.handlers.RotatingFileHandler # level: DEBUG From 4666dd0ce980cf19611f34e9c5584829d4646cca Mon Sep 17 00:00:00 2001 From: MDreW Date: Fri, 21 Feb 2025 11:23:33 +0100 Subject: [PATCH 6/6] disabled pyeudi backend on default --- example/proxy_conf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/proxy_conf.yaml b/example/proxy_conf.yaml index 8e34e983..0205296b 100644 --- a/example/proxy_conf.yaml +++ b/example/proxy_conf.yaml @@ -29,7 +29,7 @@ BACKEND_MODULES: - "configuration/backends/saml2_backend.yaml" - "configuration/backends/spidsaml2_backend.yaml" - "configuration/backends/ciesaml2_backend.yaml" - - "configuration/backends/pyeudiw_backend.yaml" + # - "configuration/backends/pyeudiw_backend.yaml" FRONTEND_MODULES: - "configuration/frontends/saml2_frontend.yaml" # - "configuration/frontends/oidcop_frontend.yaml"