forked from liggitt/auth-proxy
-
Notifications
You must be signed in to change notification settings - Fork 11
/
configure
executable file
·102 lines (86 loc) · 3.32 KB
/
configure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/bin/bash
set -e
cd /
EXAMPLES=$(cat <<- EOF
Example:
Docker:
docker run -v <path>/saml_idp.xml:/etc/httpd/conf.d/saml_idp.xml -e BACKEND=https://api.example.com:8443 barnabassudy/saml-proxy
Docker-compose:
version: "2"
services:
yourservice:
...
saml-proxy:
image: "barnabassudy/saml-proxy"
environment:
BACKEND: "http://yourservice:port"
ports:
- "80:80"
volumes:
- "<path>/saml_idp.xml:/etc/httpd/conf.d/saml_idp.xml"
EOF
)
if [ ! -f /etc/httpd/conf.d/saml_idp.xml ]; then
echo -e "No saml_idp.xml file found.\n\n" \
"In order to get the proxy running you must provide a saml_idp.xml file\n" \
"in /etc/httpd/conf.d/ directory.\n\n" \
"$EXAMPLES"
exit 1
fi
if [ -z "$BACKEND" ]; then
echo -e "No BACKEND environement variable is set.\n\n" \
"In order to get the proxy running you must provide a BACKEND environment variable.\n\n" \
"$EXAMPLES"
exit 1
fi
# Get environment
export REAL_HOST=`hostname -f`
export SCHEMA=${SCHEMA:-https}
export HOST=${PROXY_HOST:-$REAL_HOST}
export realm=`echo $HOST | tr [a-z] [A-Z]`
export BACKEND=${BACKEND:-https://api.example.com:8443}
export MELLON_PATH=${MELLON_PATH:-mellon}
# Create mod_auth_mellon service provider config
if [ -f /etc/httpd/conf.d/saml_sp.key ] || [ -f /etc/httpd/conf.d/saml_sp.cert ] || [ -f /etc/httpd/conf.d/saml_sp.xml ]; then
if [ ! -f /etc/httpd/conf.d/saml_sp.key ]; then
echo "/etc/httpd/conf.d/saml_sp.key file is not provided."
exit 1
fi
if [ ! -f /etc/httpd/conf.d/saml_sp.cert ]; then
echo "/etc/httpd/conf.d/saml_sp.cert file is not provided."
exit 1
fi
if [ ! -f /etc/httpd/conf.d/saml_sp.xml ]; then
echo "/etc/httpd/conf.d/saml_sp.xml file is not provided."
exit 1
fi
else
pushd /etc/httpd/conf.d
echo -e "Generating new service provider certificate.\n\n" \
"In order to avoid generating new certificate every time. You can provide the following files as volumes:\n" \
" * /etc/httpd/conf.d/saml_sp.key - private key\n" \
" * /etc/httpd/conf.d/saml_sp.cert - certificate\n" \
" * /etc/httpd/conf.d/saml_sp.xml - SAML SP xml\n\n" \
"The files can be generated by https://github.com/bsudy/saml-proxy/blob/master/mellon_create_metadata.sh script.\n\n" \
" mellon_create_metadata.sh ${SCHEMA}://${HOST} ${SCHEMA}://${HOST}/${MELLON_PATH}\n\n" \
"--------------------------------------------------\n"
/usr/sbin/mellon_create_metadata.sh ${SCHEMA}://${HOST} ${SCHEMA}://${HOST}/${MELLON_PATH}
popd
fi
REQUEST_HEADERS=""
for varname in ${!SAML_MAP_*}
do
declare -n REQUEST_HEADER_NAME=$varname
SAML_ATTR=${varname:9}
echo "Mapping $SAML_ATTR attribute to $REQUEST_HEADER_NAME request header"
REQUEST_HEADER_CONFIG=$(cat << EOF
RequestHeader set ${REQUEST_HEADER_NAME} %{MELLON_$SAML_ATTR}e env=MELLON_$SAML_ATTR
EOF
)
REQUEST_HEADERS=$(echo -e "$REQUEST_HEADERS\n$REQUEST_HEADER_CONFIG")
done
export REQUEST_HEADERS
# configure Apache proxy and auth
cat /etc/httpd/conf.d/proxy.conf.template | envsubst '$SCHEMA,$HOST,$BACKEND,$MELLON_PATH,$REQUEST_HEADERS' > /etc/httpd/conf.d/proxy.conf
# Start apache
httpd -DFOREGROUND