Rebuild on php8.2 and simpleSAML 2.0.7

uqlibrary · Nov 8, 2023 · 4b858b8 · 4b858b8
1 parent aed3713
commit 4b858b8
Show file tree

Hide file tree

Showing 31 changed files with 2,969 additions and 1,199 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,23 +1,55 @@
-FROM php:5.6-apache
-MAINTAINER Ian Blenke <[email protected]>
+FROM php:8.2-apache
 
-env VERSION 1.15.4
+ENV COMPOSER_ALLOW_SUPERUSER=1
+ENV VERSION=2.0.7
 
 WORKDIR /var/www/html
 
-RUN apt-get update -y && \
-    apt-get install -y wget && \
-    wget https://github.com/simplesamlphp/simplesamlphp/releases/download/v$VERSION/simplesamlphp-$VERSION.tar.gz && \
+RUN apt-get update && \
+    apt-get -y --no-install-recommends install \
+        wget \
+        git \
+        re2c \
+        file \
+        unzip \
+        zlib1g-dev \
+        libicu-dev \
+        libmcrypt-dev \
+        libmhash-dev \
+        libonig-dev \
+        libpng-dev \
+        && \
+    apt-get clean; \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
+
+RUN docker-php-ext-install -j5 \
+        bcmath \
+        gd \
+        intl \
+        mbstring \
+        mysqli \
+        pdo \
+        pdo_mysql \
+        && \
+    pecl install \
+        mcrypt \
+        redis \
+        && \
+    docker-php-ext-enable \
+        mcrypt \
+        redis 
+
+RUN wget https://github.com/simplesamlphp/simplesamlphp/releases/download/v$VERSION/simplesamlphp-$VERSION.tar.gz && \
     tar xvzf simplesamlphp-$VERSION.tar.gz --strip-components 1 -C /var/www/html
 
-RUN cp -r config-templates/* config/ && cp -r metadata-templates/* metadata/
+RUN cp config/config.php.dist config/config.php && \
+    cp config/authsources.php.dist config/authsources.php && \
+    cp metadata/saml20-idp-hosted.php.dist metadata/saml20-idp-hosted.php && \
+    cp metadata/saml20-idp-remote.php.dist metadata/saml20-idp-remote.php && \
+    cp metadata/saml20-sp-remote.php.dist metadata/saml20-sp-remote.php
 
 VOLUME /var/www/html/config
 VOLUME /var/www/html/metadata
 
-# Install the gmp and mcrypt extensions
-RUN apt-get update -y && \
-    apt-get install -y git re2c libmhash-dev file
-
 RUN curl -sS https://getcomposer.org/installer | php
 RUN php composer.phar install
diff --git a/Dockerfile.yours b/Dockerfile.yours
diff --git a/Makefile b/Makefile
diff --git a/README.md b/README.md
@@ -1,8 +1,8 @@
 # docker-simplesamlphp
 
-This is a packaging of [simplesamlphp](http://simplesamlphp.org)
+This is a packaging of [simplesamlphp](http://simplesamlphp.org) version 2.0.7
 
-To use this image, you will want to make your own config/ and metadata/ folders
+To use this image, you will want to make your own config/ and metadata/ folders (dist template folders are in this repo).
 
-This can be done by mounting volumes under /var/lib/html/config and /var/lib/html/metadat, or by basing another image off of this one (take a look at Dockerfile.yours).
+This can be done by mounting volumes under /var/www/html/config and /var/www/html/metadata, or by basing another image off of this one and copying the config/metadata files into that during build.
 
diff --git a/config/acl.php b/config/acl.php
diff --git a/config/acl.php.dist b/config/acl.php.dist
@@ -0,0 +1,59 @@
+<?php
+
+/*
+ * This file defines "named" access control lists, which can
+ * be reused in several places.
+ */
+$config = [
+    'adminlist' => [
+        //['allow', 'equals', 'mail', '[email protected]'],
+        //['allow', 'has', 'groups', 'admin'],
+        // The default action is to deny access.
+    ],
+
+    'example-simple' => [
+        ['allow', 'equals', 'mail', '[email protected]'],
+        ['allow', 'equals', 'mail', '[email protected]'],
+        // The default action is to deny access.
+    ],
+
+    'example-deny-some' => [
+        ['deny', 'equals', 'mail', '[email protected]'],
+        ['allow'], // Allow everybody else.
+    ],
+
+    'example-maildomain' => [
+        ['allow', 'equals-preg', 'mail', '/@example\.org$/'],
+        // The default action is to deny access.
+    ],
+
+    'example-allow-employees' => [
+        ['allow', 'has', 'eduPersonAffiliation', 'employee'],
+        // The default action is to deny access.
+    ],
+
+    'example-allow-employees-not-students' => [
+        ['deny', 'has', 'eduPersonAffiliation', 'student'],
+        ['allow', 'has', 'eduPersonAffiliation', 'employee'],
+        // The default action is to deny access.
+    ],
+
+    'example-deny-student-except-one' => [
+        ['deny', 'and',
+            ['has', 'eduPersonAffiliation', 'student'],
+            ['not', 'equals', 'mail', '[email protected]'],
+        ],
+        ['allow'],
+    ],
+
+    'example-allow-or' => [
+        ['allow', 'or',
+            ['equals', 'eduPersonAffiliation', 'student', 'member'],
+            ['equals', 'mail', '[email protected]'],
+        ],
+    ],
+
+    'example-allow-all' => [
+        ['allow'],
+    ],
+];
diff --git a/config/authmemcookie.php b/config/authmemcookie.php