Znema SP entity ID

d43dd7bf · Andrej Ramašeuski · f0a2ef9d · d43dd7bf · d43dd7bf
Commit d43dd7bf authored 5 years ago by Andrej Ramašeuski
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -2,7 +2,6 @@
 # Entrypoint for Docker Container

 HOST=${HOST:-'dotazniky.pirati.cz'}
-SP_ID=${SP_ID:-'dotazniky'}
 IDP_METADATA=${IDP_METADATA:-'https://auth.pirati.cz/auth/realms/pirati/protocol/saml/descriptor'}

 DB_TYPE=${DB_TYPE:-'pgsql'}
@@ -31,14 +30,14 @@ if [ ! -f /etc/apache2/saml2/idp.xml ]; then
 fi

 # Create mod_auth_mellon service provider config
-if [ ! -f /etc/apache2/saml2/${SP_ID}.xml ]; then
+if [ ! -f /etc/apache2/saml2/${HOST}.xml ]; then
    pushd /etc/apache2/saml2
     echo -e "Generating new service provider certificate.\n\n" 
-     /usr/sbin/mellon_create_metadata ${SP_ID} https://${HOST}/mellon
+     /usr/sbin/mellon_create_metadata https://${HOST}/mellon/metadata https://${HOST}/mellon
    popd
 fi

-sed -i "s/{{SP_ID}}/${SP_ID}/g" /etc/apache2/conf-enabled/mod_auth_mellon.conf
+sed -i "s/{{SP_ID}}/${HOST}/g" /etc/apache2/conf-enabled/mod_auth_mellon.conf

 # Check if database is available
 if [ -z "$DB_SOCK" ]; then

--- a/mod_auth_mellon.conf
+++ b/mod_auth_mellon.conf
-<Location /admin >
- AuthType Mellon
- MellonEnable auth
+<Location / >
+ MellonEnable info
 MellonEndpointPath /mellon
 MellonSPPrivateKeyFile /etc/apache2/saml2/{{SP_ID}}.key
 MellonSPCertFile       /etc/apache2/saml2/{{SP_ID}}.cert
 MellonSPMetadataFile   /etc/apache2/saml2/{{SP_ID}}.xml
 MellonIdPMetadataFile  /etc/apache2/saml2/idp.xml
+</Location>
+
+<Location /admin >
+ AuthType Mellon
+ MellonEnable auth
 Require valid-user
 </Location>