Commit 53209c9b authored by Robert Butora's avatar Robert Butora
Browse files

docker: consolidates docker build/configure and makes security conf the same... 

docker: consolidates docker build/configure and makes security conf the same as in vlkb-soda + example-security added now
parent aff777fc

docker/example-security/README.tex

0 → 100644
+31 −0
Original line number Diff line number Diff line 


# notes on security:

# set volume mapping in compose.yaml: security/ -> /etc/pki/tls/

# configure port/SSL connector: (path is relative to the dir where compose.yaml is

# * server-connector.xml : set tomcat connector with certificates

#    -- ia2 needs SECTIGO

#    -- iam needs self-signed keystore.jks

# * keep right jjwt*.jar libs (ia2 authlib needs v0.11, iam needs v0.12)

# FIXME implement *.properties and server-connector.xml by paramters







#### Security

# SSL-certificates are site-dependent and must be regularly updated:

# vlkb-cutout expects them in /etc/pki/tls

#

# map volume: ./security:/etc/pki/tls:z,ro

#

# ia2token: 

#  auth.propeties

#  authpolicy.properties

#  server-connector.xml

#  SECTIGO/*

#

# iamtoken:

#  iamtoken.properties

#  server-connector.xml

#  keystore.jks

#

docker/example-security/garrtoken/keystore.jks

0 → 100644
+2.63 KiB

File added.

No diff preview for this file type.

View file

docker/example-security/garrtoken/neatoken.properties

0 → 100644
+10 −0
Original line number Diff line number Diff line 


# certificates endpoint

jwks_url=



# account created for the service

resource_id=



# username for non-authenticated requests

non_authn_username=anonymous

docker/example-security/garrtoken/server-connector-8443.xml-self-signed-keystore-jks

0 → 100644
+11 −0
Original line number Diff line number Diff line 
   <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"

               maxThreads="150" SSLEnabled="true" >

        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />

        <SSLHostConfig>

            <Certificate certificateKeyAlias="tomcat"

                         certificateKeystoreFile="/etc/pki/tls/keystore.jks"

                         certificateKeystorePassword="tomcatskassl"

                         type="RSA" />

        </SSLHostConfig>

   </Connector>

docker/example-security/ia2token/auth.properties

0 → 100644
+10 −0
Original line number Diff line number Diff line 
rap_uri=https://sso.ia2.inaf.it/rap-ia2

gms_uri=https://sso.ia2.inaf.it/gms

client_id=vospace_ui_demo

client_secret=VOSpaceDemo123



groups_autoload=true

store_state_on_login_endpoint=true

scope=openid email profile read:rap



allow_anonymous_access=true