From bc67dbf3332307e72440f4791fdd126c016457f0 Mon Sep 17 00:00:00 2001 From: Ondrej Kosarko Date: Thu, 22 Feb 2024 13:03:11 +0100 Subject: [PATCH] shibboleth2.xml include `template="md_template.xml"` only if the file exists resolves https://github.com/ufal/dockerized-nginx-with-shibboleth/issues/2 --- README.md | 2 +- shibboleth/docker-entrypoint.sh | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index deeadd4..475490c 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ Nginx by default logs to stdout/stderr and syslog (provided by fluent-bit image) The shibboleth image (its entrypoint) has some similar mechanisms to what nginx does. 0. New signing and encrypt keys are generated if they were not provided in `/sp-keys` (bind mounted from `./shibboleth/sp-keys`) -1. `/overrides` (bind mounted by docker-compose from `./shibboleth/overrides`) gets overlaid on top of `/opt/shibboleth-sp` (this provides the option of overriding any defaults, e.g. `attribute-map.xml`) +1. `/overrides` (bind mounted by docker-compose from `./shibboleth/overrides`) gets overlaid on top of `/opt/shibboleth-sp` (this provides the option of overriding any defaults, e.g. `attribute-map.xml`. You can provide `shibboleth/overrides/etc/shibboleth/md_template.xml` and this will be used as a template attribute on the `MetadataGenerator` `Handler` (`/Shibboleth.sso/Metadata`)) 2. `*.template` files from `/opt/shibboleth-sp/templates` get interpolated and the resulting files ends up in `/opt/shibboleth-sp/etc/shibboleth/${template%.template}` 3. `shibboleth2.xml` is run through an xinclude processor (to add custom MetadataProviders) diff --git a/shibboleth/docker-entrypoint.sh b/shibboleth/docker-entrypoint.sh index ca336fb..1740058 100755 --- a/shibboleth/docker-entrypoint.sh +++ b/shibboleth/docker-entrypoint.sh @@ -27,8 +27,15 @@ for template in $(ls *.template); do envsubst "$my_vars" < $template > /opt/shibboleth-sp/etc/shibboleth/${template%.template} done -# process xinclude in shibboleth2.xml cd /opt/shibboleth-sp/etc/shibboleth + +# if md_template.xml does not exist, remove the template attribute from shibboleth2.xml +if [ ! -f md_template.xml ]; then + echo "Removing md_template attribute from shibboleth2.xml" + sed -i -e 's# template="md_template.xml"##' shibboleth2.xml +fi + +# process xinclude in shibboleth2.xml echo "Processing xinclude in shibboleth2.xml" xmllint --xinclude --output shibboleth2.xml shibboleth2.xml