You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stratos.apache.org by re...@apache.org on 2015/03/01 19:36:09 UTC
[48/50] [abbrv] stratos git commit: Tomcat and WSO2 IS SAML SSO
docker files added with PCA plugins Changed PORT_MAPPINGS payload format in
KubernetesIaaS
Tomcat and WSO2 IS SAML SSO docker files added with PCA plugins
Changed PORT_MAPPINGS payload format in KubernetesIaaS
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/188377af
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/188377af
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/188377af
Branch: refs/heads/docker-grouping-merge
Commit: 188377afe2732ea867d233a1a2eb03f062586749
Parents: f9948c5
Author: Chamila de Alwis <ch...@wso2.com>
Authored: Sun Mar 1 23:20:03 2015 +0530
Committer: Chamila de Alwis <ch...@wso2.com>
Committed: Sun Mar 1 23:54:57 2015 +0530
----------------------------------------------------------------------
.../iaases/kubernetes/KubernetesIaas.java | 2 +-
.../cartridge.agent/cartridge.agent/config.py | 5 +-
.../cartridge.agent/plugins/TestPlugin.py | 26 -
.../plugins/TestPlugin.yapsy-plugin | 9 -
.../base-image/files/populate-user-data.sh | 4 +-
.../base-image/files/run | 15 +-
.../service-images/tomcat-saml-sso/Dockerfile | 46 ++
.../tomcat-saml-sso/files/create-admin-user.sh | 21 +
.../service-images/tomcat-saml-sso/files/env | 2 +
.../packs/plugins/TomcatServerStarterPlugin.py | 59 ++
.../TomcatServerStarterPlugin.yapsy-plugin | 9 +
.../plugins/TomcatWSO2ISMetadataPublisher.py | 55 ++
.../TomcatWSO2ISMetadataPublisher.yapsy-plugin | 9 +
.../service-images/wso2is-saml-sso/Dockerfile | 39 ++
.../wso2is-saml-sso/files/carbon.xml | 625 +++++++++++++++++++
.../service-images/wso2is-saml-sso/files/env | 2 +
.../packs/plugins/WSO2ISMetaDataHandler.py | 144 +++++
.../plugins/WSO2ISMetaDataHandler.yapsy-plugin | 9 +
18 files changed, 1040 insertions(+), 41 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/kubernetes/KubernetesIaas.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/kubernetes/KubernetesIaas.java b/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/kubernetes/KubernetesIaas.java
index d8b06fc..34af6ac 100644
--- a/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/kubernetes/KubernetesIaas.java
+++ b/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/kubernetes/KubernetesIaas.java
@@ -541,7 +541,7 @@ public class KubernetesIaas extends Iaas {
if (portMappingStrBuilder.toString().length() > 0) {
portMappingStrBuilder.append(":");
}
- portMappingStrBuilder.append(String.format("PROTOCOL=%s|PORT=%d|PROXY_PORT=%d",
+ portMappingStrBuilder.append(String.format("PROTOCOL:%s|PORT:%d|PROXY_PORT:%d",
portMapping.getProtocol(), portMapping.getPort(), portMapping.getProxyPort()));
if (log.isInfoEnabled()) {
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/config.py
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/config.py b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/config.py
index 1ad9499..5f5f07d 100644
--- a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/config.py
+++ b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/config.py
@@ -297,7 +297,10 @@ class CartridgeAgentConfiguration:
if param.strip() != "":
param_value = param.strip().split("=")
try:
- self.__payload_params[param_value[0]] = param_value[1]
+ if str(param_value[1]).strip().lower() == "null" or str(param_value[1]).strip() == "":
+ self.__payload_params[param_value[0]] = None
+ else:
+ self.__payload_params[param_value[0]] = param_value[1]
except IndexError:
# If an index error comes when reading values, keep on reading
pass
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/plugins/TestPlugin.py
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/plugins/TestPlugin.py b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/plugins/TestPlugin.py
deleted file mode 100644
index e4c69f6..0000000
--- a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/plugins/TestPlugin.py
+++ /dev/null
@@ -1,26 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-from plugins.contracts import ICartridgeAgentPlugin
-
-
-class TestPlugin(ICartridgeAgentPlugin):
-
- def run_plugin(self, values, log):
- log.debug("Running test plugin for event %s" % values["EVENT"])
- for key, value in values.iteritems():
- log.debug("%s => %s" % (key, value))
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/plugins/TestPlugin.yapsy-plugin
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/plugins/TestPlugin.yapsy-plugin b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/plugins/TestPlugin.yapsy-plugin
deleted file mode 100644
index d321048..0000000
--- a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/plugins/TestPlugin.yapsy-plugin
+++ /dev/null
@@ -1,9 +0,0 @@
-[Core]
-Name = Test plugin for MemberInitializedEvent and ArtifactUpdatedEvent
-Module = TestPlugin
-
-[Documentation]
-Description = MemberInitializedEvent,ArtifactUpdatedEvent
-Author = Op1
-Version = 0.1
-Website = stratos.apache.org
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/base-image/files/populate-user-data.sh
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/base-image/files/populate-user-data.sh b/tools/docker-images/cartridge-docker-images/base-image/files/populate-user-data.sh
index dce722d..522b392 100755
--- a/tools/docker-images/cartridge-docker-images/base-image/files/populate-user-data.sh
+++ b/tools/docker-images/cartridge-docker-images/base-image/files/populate-user-data.sh
@@ -22,4 +22,6 @@
# Persists the payload parameters by storing the environment variables in the launch-params file
-echo "APPLICATION_ID=${APPLICATION_ID},APPLICATION_PATH=${APPLICATION_PATH},SERVICE_NAME=${SERVICE_NAME},HOST_NAME=${HOST_NAME},MULTITENANT=false,TENANT_ID=${TENANT_ID},TENANT_RANGE=*,CARTRIDGE_ALIAS=${CARTRIDGE_ALIAS},CLUSTER_ID=${CLUSTER_ID},CLUSTER_INSTANCE_ID=${CLUSTER_INSTANCE_ID},CARTRIDGE_KEY=${CARTRIDGE_KEY},DEPLOYMENT=${DEPLOYMENT},REPO_URL=${REPO_URL},PORTS=${PORTS},PUPPET_IP=${PUPPET_IP},PUPPET_HOSTNAME=${PUPPET_HOSTNAME},PUPPET_ENV=${PUPPET_ENV},MEMBER_ID=${MEMBER_ID},LB_CLUSTER_ID=${LB_CLUSTER_ID},NETWORK_PARTITION_ID=${NETWORK_PARTITION_ID},PARTITION_ID=${PARTITION_ID},MIN_COUNT=${MIN_COUNT},INTERNAL=${INTERNAL},CLUSTERING_PRIMARY_KEY=${CLUSTERING_PRIMARY_KEY}" >> /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/payload/launch-params
+#echo "APPLICATION_ID=${APPLICATION_ID},APPLICATION_PATH=${APPLICATION_PATH},SERVICE_NAME=${SERVICE_NAME},HOST_NAME=${HOST_NAME},MULTITENANT=false,TENANT_ID=${TENANT_ID},TENANT_RANGE=*,CARTRIDGE_ALIAS=${CARTRIDGE_ALIAS},CLUSTER_ID=${CLUSTER_ID},CLUSTER_INSTANCE_ID=${CLUSTER_INSTANCE_ID},CARTRIDGE_KEY=${CARTRIDGE_KEY},DEPLOYMENT=${DEPLOYMENT},REPO_URL=${REPO_URL},PORTS=${PORTS},PUPPET_IP=${PUPPET_IP},PUPPET_HOSTNAME=${PUPPET_HOSTNAME},PUPPET_ENV=${PUPPET_ENV},MEMBER_ID=${MEMBER_ID},LB_CLUSTER_ID=${LB_CLUSTER_ID},NETWORK_PARTITION_ID=${NETWORK_PARTITION_ID},PARTITION_ID=${PARTITION_ID},MIN_COUNT=${MIN_COUNT},INTERNAL=${INTERNAL},CLUSTERING_PRIMARY_KEY=${CLUSTERING_PRIMARY_KEY}" >> /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/payload/launch-params
+
+set -o posix ; set | sed -e ':a;N;$!ba;s/\n/,/g' > /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/payload/launch-params
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/base-image/files/run
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/base-image/files/run b/tools/docker-images/cartridge-docker-images/base-image/files/run
index 513e6e7..69f45b6 100755
--- a/tools/docker-images/cartridge-docker-images/base-image/files/run
+++ b/tools/docker-images/cartridge-docker-images/base-image/files/run
@@ -160,9 +160,15 @@ else
fi
if [ -z "${APPLICATION_PATH}" ]; then
- sed -i "s/APPLICATION_PATH/ /g" /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/agent.conf
+ sed -i "s/APPLICATION-PATH/ /g" /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/agent.conf
else
- sed -i "s#APPLICATION_PATH#${APPLICATION_PATH}#g" /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/agent.conf
+ sed -i "s#APPLICATION-PATH#${APPLICATION_PATH}#g" /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/agent.conf
+fi
+
+if [ -z "${METADATA_SERVICE_URL}" ]; then
+ sed -i "s/METADATA-SERVICE-URL/ /g" /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/agent.conf
+else
+ sed -i "s#METADATA-SERVICE-URL#${METADATA_SERVICE_URL}#g" /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/agent.conf
fi
if [ -z "${LOG_LEVEL}" ]; then
@@ -171,7 +177,10 @@ else
sed -i "s/LOG_LEVEL/${LOG_LEVEL}/g" /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/logging.ini
fi
+# copy plugins to PCA
+cp -R /mnt/plugins /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT/
+
# Start cartridge agent
cd /mnt/apache-stratos-python-cartridge-agent-4.1.0-SNAPSHOT
python agent.py > /tmp/agent.screen.log 2>&1 &
-/usr/sbin/apache2ctl -D FOREGROUND
+#/usr/sbin/apache2ctl -D FOREGROUND
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/Dockerfile
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/Dockerfile b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/Dockerfile
new file mode 100644
index 0000000..1096d45
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/Dockerfile
@@ -0,0 +1,46 @@
+FROM chamilad/base-image:4.1.0-beta
+MAINTAINER dev@stratos.apache.org
+
+# ----------------------
+# Install prerequisites
+# ----------------------
+# RUN apt-get update && \ apt-get install -yq --no-install-recommends openjdk-7-jre wget ca-certificates && \apt-get clean && \rm -rf /var/lib/apt/lists/*
+WORKDIR /opt
+# RUN wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/7u67-b01/jdk-7u67-linux-x64.tar.gz
+ADD packs/jdk-7u67-linux-x64.tar.gz /mnt/jdk-7u67-linux-x64.tar.gz
+# RUN tar zxvf /mnt/jdk-7u67-linux-x64.tar.gz
+RUN mv /mnt/jdk-7u67-linux-x64.tar.gz/jdk1.7.0_67 /opt/jdk1.7.0_67
+ENV JAVA_HOME /opt/jdk1.7.0_67
+
+
+ENV CATALINA_HOME /opt/tomcat
+
+# ----------------------
+# Install Tomcat
+# ----------------------
+ADD packs/apache-tomcat-7.0.59.tar.gz /opt/apache-tomcat-7.0.59.tar.gz
+RUN mv /opt/apache-tomcat-7.0.59.tar.gz/apache-tomcat-7.0.59 /opt/tomcat
+
+# -----------------------
+# Add shell scripts
+# -----------------------
+ADD files/create-admin-user.sh /opt/create-admin-user.sh
+# ADD files/run.sh /opt/run.sh
+RUN chmod +x /opt/create-admin-user.sh && \
+ bash /opt/create-admin-user.sh
+
+ADD files/env /tmp/env
+RUN cat /tmp/env >> /etc/environment
+
+#------------------------
+# Copy Tomcat related PCA plugins
+#-----------------------
+ADD packs/plugins /mnt/plugins
+
+
+EXPOSE 8080
+
+# -----------------------
+# Define entry point
+# -----------------------
+ENTRYPOINT /usr/local/bin/run | /usr/sbin/sshd -D
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/files/create-admin-user.sh
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/files/create-admin-user.sh b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/files/create-admin-user.sh
new file mode 100755
index 0000000..2f9a9c9
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/files/create-admin-user.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ -f /.tomcat-admin-created ]; then
+ echo "Tomcat 'admin' user already created"
+ exit 0
+fi
+
+PWD="admin"
+
+echo "=> Creating Tomcat admin user"
+sed -i -r 's/<\/tomcat-users>//' ${CATALINA_HOME}/conf/tomcat-users.xml
+echo '<role rolename="manager-gui"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
+echo '<role rolename="manager-script"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
+echo '<role rolename="manager-jmx"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
+echo '<role rolename="admin-gui"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
+echo '<role rolename="admin-script"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
+echo "<user username=\"admin\" password=\"${PWD}\" roles=\"manager-gui,manager-script,manager-jmx,admin-gui, admin-script\"/>" >> ${CATALINA_HOME}/conf/tomcat-users.xml
+echo '</tomcat-users>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
+echo "=> Done!"
+touch /.tomcat-admin-created
+
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/files/env
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/files/env b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/files/env
new file mode 100644
index 0000000..97d9119
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/files/env
@@ -0,0 +1,2 @@
+JAVA_HOME=/opt/jdk1.7.0_67
+CATALINA_HOME=/opt/tomcat
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatServerStarterPlugin.py
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatServerStarterPlugin.py b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatServerStarterPlugin.py
new file mode 100644
index 0000000..eda93c1
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatServerStarterPlugin.py
@@ -0,0 +1,59 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+import mdsclient
+from plugins.contracts import ICartridgeAgentPlugin
+import time
+import zipfile
+import subprocess
+from modules.util.log import LogFactory
+import os
+
+
+class TomcatServerStarterPlugin(ICartridgeAgentPlugin):
+
+ def run_plugin(self, values):
+ log = LogFactory().get_log(__name__)
+ # wait till SAML_ENDPOINT becomes available
+ mds_response = None
+ while mds_response is None:
+ log.debug("Waiting for SAML_ENDPOINT to be available from metadata service for app ID: %s" % values["APPLICATION_ID"])
+ time.sleep(5)
+ mds_response = mdsclient.get(app=True)
+ if mds_response is not None and mds_response.properties.get("SAML_ENDPOINT") is None:
+ mds_response = None
+
+ saml_endpoint = mds_response.properties["SAML_ENDPOINT"]
+ log.debug("SAML_ENDPOINT value read from Metadata service: %s" % saml_endpoint)
+
+ # start tomcat
+ tomcat_start_command = "exec /opt/tomcat/bin/startup.sh"
+ log.info("Starting Tomcat server: [command] %s, [STRATOS_SAML_ENDPOINT] %s" % (tomcat_start_command, saml_endpoint))
+ env_var = os.environ.copy()
+ env_var["STRATOS_SAML_ENDPOINT"] = saml_endpoint
+ env_var["JAVA_HOME"] = "/opt/jdk1.7.0_67"
+ p = subprocess.Popen(tomcat_start_command, env=env_var, shell=True)
+ output, errors = p.communicate()
+ log.debug("Tomcat server started")
+
+
+
+
+
+
+
+
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatServerStarterPlugin.yapsy-plugin
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatServerStarterPlugin.yapsy-plugin b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatServerStarterPlugin.yapsy-plugin
new file mode 100644
index 0000000..87e0de2
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatServerStarterPlugin.yapsy-plugin
@@ -0,0 +1,9 @@
+[Core]
+Name = TomcatServerStarterPlugin to read SAML SSO related metadata needed to configure SAML SSO for apps and start tomcat
+Module = TomcatServerStarterPlugin
+
+[Documentation]
+Description = ArtifactUpdatedEvent
+Author = Op1
+Version = 0.1
+Website = stratos.apache.org
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatWSO2ISMetadataPublisher.py
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatWSO2ISMetadataPublisher.py b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatWSO2ISMetadataPublisher.py
new file mode 100644
index 0000000..66084d8
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatWSO2ISMetadataPublisher.py
@@ -0,0 +1,55 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+import mdsclient
+from plugins.contracts import ICartridgeAgentPlugin
+import time
+import zipfile
+import subprocess
+
+
+class TomcatWSO2ISMetadataPublisher(ICartridgeAgentPlugin):
+
+ def run_plugin(self, values):
+ # publish callback and issuer id from tomcat for IS to pickup
+ publish_data = mdsclient.MDSPutRequest()
+ # hostname_entry = {"key": "TOMCAT_HOSTNAME", "values": member_hostname}
+ cluster_hostname = values["HOST_NAME"]
+ # set port name checking if lb is present or not
+ payload_ports = values["PORT_MAPPINGS"].split("|")
+ if values.get("LB_CLUSTER_ID") is not None:
+ port_no = payload_ports[2].split(":")[1]
+ else:
+ port_no = payload_ports[1].split(":")[1]
+
+ callback_url = "https://%s:%s/travelocity.com/home.jsp" % (cluster_hostname, port_no)
+ saml_callback_entry = {"key": "CALLBACK_URL", "values": callback_url}
+ issuer_entry = {"key": "SSO_ISSUER", "values": "travelocity.com"}
+ # properties_data = [hostname_entry, saml_callback_entry]
+ properties_data = [saml_callback_entry, issuer_entry]
+ publish_data.properties = properties_data
+
+ mdsclient.put(publish_data, app=True)
+
+
+
+
+
+
+
+
+
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatWSO2ISMetadataPublisher.yapsy-plugin
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatWSO2ISMetadataPublisher.yapsy-plugin b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatWSO2ISMetadataPublisher.yapsy-plugin
new file mode 100644
index 0000000..6dadbe1
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/tomcat-saml-sso/packs/plugins/TomcatWSO2ISMetadataPublisher.yapsy-plugin
@@ -0,0 +1,9 @@
+[Core]
+Name = TomcatWSO2ISMetadataPublisher to publish metadata needed for a WSO2IS SAML SSO service provider
+Module = TomcatWSO2ISMetadataPublisher
+
+[Documentation]
+Description = InstanceStartedEvent
+Author = Op1
+Version = 0.1
+Website = stratos.apache.org
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/Dockerfile
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/Dockerfile b/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/Dockerfile
new file mode 100644
index 0000000..f23f21e
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/Dockerfile
@@ -0,0 +1,39 @@
+FROM chamilad/base-image:4.1.0-beta
+MAINTAINER dev@stratos.apache.org
+
+ENV DEBIAN_FRONTEND noninteractive
+ENV WSO2_IS_VERSION 5.0.0
+
+# ----------------------
+# Install prerequisites
+# ----------------------
+WORKDIR /opt
+ADD packs/jdk-7u67-linux-x64.tar.gz /mnt/jdk-7u67-linux-x64.tar.gz
+RUN mv /mnt/jdk-7u67-linux-x64.tar.gz/jdk1.7.0_67 /opt/jdk1.7.0_67
+
+ENV JAVA_HOME /opt/jdk1.7.0_67
+
+# -----------------------------
+# Install WSO2 Identity Server
+# -----------------------------
+ADD packs/wso2is-${WSO2_IS_VERSION}-patched.zip /opt/wso2is-${WSO2_IS_VERSION}-patched.zip
+RUN unzip /opt/wso2is-${WSO2_IS_VERSION}-patched.zip -d /opt/
+ENV CARBON_HOME /opt/wso2is-${WSO2_IS_VERSION}
+
+ADD files/env /tmp/env
+RUN cat /tmp/env >> /etc/environment
+
+ADD files/carbon.xml ${CARBON_HOME}/repository/conf/carbon.xml
+
+#------------------------
+# Copy Tomcat related PCA plugins
+#-----------------------
+ADD packs/plugins /mnt/plugins
+
+
+EXPOSE 9443
+
+# -----------------------
+# Define entry point
+# -----------------------
+ENTRYPOINT /usr/local/bin/run | /usr/sbin/sshd -D
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/files/carbon.xml
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/files/carbon.xml b/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/files/carbon.xml
new file mode 100644
index 0000000..42d0765
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/files/carbon.xml
@@ -0,0 +1,625 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!--
+ ~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!--
+ This is the main server configuration file
+
+ ${carbon.home} represents the carbon.home system property.
+ Other system properties can be specified in a similar manner.
+-->
+<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
+ <!--
+ Product Name
+ -->
+ <Name>WSO2 Identity Server</Name>
+
+ <!--
+ machine readable unique key to identify each product
+ -->
+ <ServerKey>IS</ServerKey>
+
+ <!--
+ Product Version
+ -->
+ <Version>5.0.0</Version>
+
+ <!--
+ Host name or IP address of the machine hosting this server
+ e.g. www.wso2.org, 192.168.1.10
+ This is will become part of the End Point Reference of the
+ services deployed on this server instance.
+ -->
+ <HostName>CLUSTER_HOST_NAME</HostName>
+
+ <!--
+ Host name to be used for the Carbon management console
+ -->
+ <MgtHostName>CLUSTER_HOST_NAME</MgtHostName>
+
+ <!--
+ The URL of the back end server. This is where the admin services are hosted and
+ will be used by the clients in the front end server.
+ This is required only for the Front-end server. This is used when seperating BE server from FE server
+ -->
+ <ServerURL>local:/${carbon.context}/services/</ServerURL>
+ <!--
+ <ServerURL>https://localhost:${carbon.management.port}${carbon.context}/services/</ServerURL>
+ -->
+ <!--
+ The URL of the index page. This is where the user will be redirected after signing in to the
+ carbon server.
+ -->
+ <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
+
+ <!--
+ For cApp deployment, we have to identify the roles that can be acted by the current server.
+ The following property is used for that purpose. Any number of roles can be defined here.
+ Regular expressions can be used in the role.
+ Ex : <Role>.*</Role> means this server can act any role
+ -->
+ <ServerRoles>
+ <Role>IdentityServer</Role>
+ </ServerRoles>
+
+ <!-- uncommnet this line to subscribe to a bam instance automatically -->
+ <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
+
+ <!--
+ The fully qualified name of the server
+ -->
+ <Package>org.wso2.carbon</Package>
+
+ <!--
+ Webapp context root of WSO2 Carbon.
+ -->
+ <WebContextRoot>/</WebContextRoot>
+
+ <!-- In-order to get the registry http Port from the back-end when the default http transport is not the same-->
+ <!--RegistryHttpPort>9763</RegistryHttpPort-->
+
+ <!--
+ Number of items to be displayed on a management console page. This is used at the
+ backend server for pagination of various items.
+ -->
+ <ItemsPerPage>15</ItemsPerPage>
+
+ <!-- The endpoint URL of the cloud instance management Web service -->
+ <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
+
+ <!--
+ Ports used by this server
+ -->
+ <Ports>
+
+ <!-- Ports offset. This entry will set the value of the ports defined below to
+ the define value + Offset.
+ e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
+ -->
+ <Offset>0</Offset>
+
+ <!-- The JMX Ports -->
+ <JMX>
+ <!--The port RMI registry is exposed-->
+ <RMIRegistryPort>9999</RMIRegistryPort>
+ <!--The port RMI server should be exposed-->
+ <RMIServerPort>11111</RMIServerPort>
+ </JMX>
+
+ <!-- Embedded LDAP server specific ports -->
+ <EmbeddedLDAP>
+ <!-- Port which embedded LDAP server runs -->
+ <LDAPServerPort>10389</LDAPServerPort>
+ <!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
+ <KDCServerPort>8000</KDCServerPort>
+ </EmbeddedLDAP>
+
+ <!-- Embedded Qpid broker ports -->
+ <EmbeddedQpid>
+ <!-- Broker TCP Port -->
+ <BrokerPort>5672</BrokerPort>
+ <!-- SSL Port -->
+ <BrokerSSLPort>8672</BrokerSSLPort>
+ </EmbeddedQpid>
+
+ <!--
+ Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files
+ -->
+ <!--<JNDIProviderPort>2199</JNDIProviderPort>-->
+ <!--Override receive port of thrift based entitlement service.-->
+ <ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
+
+ </Ports>
+
+ <!--
+ JNDI Configuration
+ -->
+ <JNDI>
+ <!--
+ The fully qualified name of the default initial context factory
+ -->
+ <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
+ <!--
+ The restrictions that are done to various JNDI Contexts in a Multi-tenant environment
+ -->
+ <Restrictions>
+ <!--
+ Contexts that will be available only to the super-tenant
+ -->
+ <!-- <SuperTenantOnly>
+ <UrlContexts>
+ <UrlContext>
+ <Scheme>foo</Scheme>
+ </UrlContext>
+ <UrlContext>
+ <Scheme>bar</Scheme>
+ </UrlContext>
+ </UrlContexts>
+ </SuperTenantOnly> -->
+ <!--
+ Contexts that are common to all tenants
+ -->
+ <AllTenants>
+ <UrlContexts>
+ <UrlContext>
+ <Scheme>java</Scheme>
+ </UrlContext>
+ <!-- <UrlContext>
+ <Scheme>foo</Scheme>
+ </UrlContext> -->
+ </UrlContexts>
+ </AllTenants>
+ <!--
+ All other contexts not mentioned above will be available on a per-tenant basis
+ (i.e. will not be shared among tenants)
+ -->
+ </Restrictions>
+ </JNDI>
+
+ <!--
+ Property to determine if the server is running an a cloud deployment environment.
+ This property should only be used to determine deployment specific details that are
+ applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
+ -->
+ <IsCloudDeployment>false</IsCloudDeployment>
+
+ <!--
+ Property to determine whether usage data should be collected for metering purposes
+ -->
+ <EnableMetering>false</EnableMetering>
+
+ <!-- The Max time a thread should take for execution in seconds -->
+ <MaxThreadExecutionTime>600</MaxThreadExecutionTime>
+
+ <!--
+ A flag to enable or disable Ghost Deployer. By default this is set to false. That is
+ because the Ghost Deployer works only with the HTTP/S transports. If you are using
+ other transports, don't enable Ghost Deployer.
+ -->
+ <GhostDeployment>
+ <Enabled>false</Enabled>
+ <PartialUpdate>false</PartialUpdate>
+ </GhostDeployment>
+
+ <!--
+ Axis2 related configurations
+ -->
+ <Axis2Config>
+ <!--
+ Location of the Axis2 Services & Modules repository
+
+ This can be a directory in the local file system, or a URL.
+
+ e.g.
+ 1. /home/wso2wsas/repository/ - An absolute path
+ 2. repository - In this case, the path is relative to CARBON_HOME
+ 3. file:///home/wso2wsas/repository/
+ 4. http://wso2wsas/repository/
+ -->
+ <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
+
+ <!--
+ Deployment update interval in seconds. This is the interval between repository listener
+ executions.
+ -->
+ <DeploymentUpdateInterval>15</DeploymentUpdateInterval>
+
+ <!--
+ Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
+
+ This can be a file on the local file system, or a URL
+
+ e.g.
+ 1. /home/repository/axis2.xml - An absolute path
+ 2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
+ 3. file:///home/carbon/repository/axis2.xml
+ 4. http://repository/conf/axis2.xml
+ -->
+ <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
+
+ <!--
+ ServiceGroupContextIdleTime, which will be set in ConfigurationContex
+ for multiple clients which are going to access the same ServiceGroupContext
+ Default Value is 30 Sec.
+ -->
+ <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
+
+ <!--
+ This repository location is used to crete the client side configuration
+ context used by the server when calling admin services.
+ -->
+ <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
+ <!-- This axis2 xml is used in createing the configuration context by the FE server
+ calling to BE server -->
+ <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
+ <!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
+ <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
+
+ <!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport.
+ With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks.
+ Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means -->
+ <!--HttpAdminServices>*</HttpAdminServices-->
+
+ </Axis2Config>
+
+ <!--
+ The default user roles which will be created when the server
+ is started up for the first time.
+ -->
+ <ServiceUserRoles>
+ <Role>
+ <Name>admin</Name>
+ <Description>Default Administrator Role</Description>
+ </Role>
+ <Role>
+ <Name>user</Name>
+ <Description>Default User Role</Description>
+ </Role>
+ </ServiceUserRoles>
+
+ <!--
+ Enable following config to allow Emails as usernames.
+ -->
+ <!--EnableEmailUserName>true</EnableEmailUserName-->
+
+ <!--
+ Security configurations
+ -->
+ <Security>
+ <!--
+ KeyStore which will be used for encrypting/decrypting passwords
+ and other sensitive information.
+ -->
+ <KeyStore>
+ <!-- Keystore file location-->
+ <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+ <!-- Keystore type (JKS/PKCS12 etc.)-->
+ <Type>JKS</Type>
+ <!-- Keystore password-->
+ <Password>wso2carbon</Password>
+ <!-- Private Key alias-->
+ <KeyAlias>wso2carbon</KeyAlias>
+ <!-- Private Key password-->
+ <KeyPassword>wso2carbon</KeyPassword>
+ </KeyStore>
+
+ <!--
+ Encrypt Decrypt Store will be used for encrypting and decrypting
+ -->
+ <RegistryKeyStore>
+ <!-- Keystore file location-->
+ <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+ <!-- Keystore type (JKS/PKCS12 etc.)-->
+ <Type>JKS</Type>
+ <!-- Keystore password-->
+ <Password>wso2carbon</Password>
+ <!-- Private Key alias-->
+ <KeyAlias>wso2carbon</KeyAlias>
+ <!-- Private Key password-->
+ <KeyPassword>wso2carbon</KeyPassword>
+ </RegistryKeyStore>
+
+ <!--
+ System wide trust-store which is used to maintain the certificates of all
+ the trusted parties.
+ -->
+ <TrustStore>
+ <!-- trust-store file location -->
+ <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
+ <!-- trust-store type (JKS/PKCS12 etc.) -->
+ <Type>JKS</Type>
+ <!-- trust-store password -->
+ <Password>wso2carbon</Password>
+ </TrustStore>
+
+ <!--
+ The Authenticator configuration to be used at the JVM level. We extend the
+ java.net.Authenticator to make it possible to authenticate to given servers and
+ proxies.
+ -->
+ <NetworkAuthenticatorConfig>
+ <!--
+ Below is a sample configuration for a single authenticator. Please note that
+ all child elements are mandatory. Not having some child elements would lead to
+ exceptions at runtime.
+ -->
+ <!-- <Credential> -->
+ <!--
+ the pattern that would match a subset of URLs for which this authenticator
+ would be used
+ -->
+ <!-- <Pattern>regularExpression</Pattern> -->
+ <!--
+ the type of this authenticator. Allowed values are:
+ 1. server
+ 2. proxy
+ -->
+ <!-- <Type>proxy</Type> -->
+ <!-- the username used to log in to server/proxy -->
+ <!-- <Username>username</Username> -->
+ <!-- the password used to log in to server/proxy -->
+ <!-- <Password>password</Password> -->
+ <!-- </Credential> -->
+ </NetworkAuthenticatorConfig>
+
+ <!--
+ The Tomcat realm to be used for hosted Web applications. Allowed values are;
+ 1. UserManager
+ 2. Memory
+
+ If this is set to 'UserManager', the realm will pick users & roles from the system's
+ WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from
+ CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
+ -->
+ <TomcatRealm>UserManager</TomcatRealm>
+
+ <!--Option to disable storing of tokens issued by STS-->
+ <DisableTokenStore>false</DisableTokenStore>
+
+ <!--
+ Security token store class name. If this is not set, default class will be
+ org.wso2.carbon.security.util.SecurityTokenStore
+ -->
+ <TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName>
+ </Security>
+
+ <!--
+ The temporary work directory
+ -->
+ <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
+
+ <!--
+ House-keeping configuration
+ -->
+ <HouseKeeping>
+
+ <!--
+ true - Start House-keeping thread on server startup
+ false - Do not start House-keeping thread on server startup.
+ The user will run it manually as and when he wishes.
+ -->
+ <AutoStart>true</AutoStart>
+
+ <!--
+ The interval in *minutes*, between house-keeping runs
+ -->
+ <Interval>10</Interval>
+
+ <!--
+ The maximum time in *minutes*, temp files are allowed to live
+ in the system. Files/directories which were modified more than
+ "MaxTempFileLifetime" minutes ago will be removed by the
+ house-keeping task
+ -->
+ <MaxTempFileLifetime>30</MaxTempFileLifetime>
+ </HouseKeeping>
+
+ <!--
+ Configuration for handling different types of file upload & other file uploading related
+ config parameters.
+ To map all actions to a particular FileUploadExecutor, use
+ <Action>*</Action>
+ -->
+ <FileUploadConfig>
+ <!--
+ The total file upload size limit in MB
+ -->
+ <TotalFileSizeLimit>100</TotalFileSizeLimit>
+
+ <Mapping>
+ <Actions>
+ <Action>keystore</Action>
+ <Action>certificate</Action>
+ <Action>*</Action>
+ </Actions>
+ <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
+ </Mapping>
+
+ <Mapping>
+ <Actions>
+ <Action>jarZip</Action>
+ </Actions>
+ <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
+ </Mapping>
+ <Mapping>
+ <Actions>
+ <Action>dbs</Action>
+ </Actions>
+ <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
+ </Mapping>
+ <Mapping>
+ <Actions>
+ <Action>tools</Action>
+ </Actions>
+ <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
+ </Mapping>
+ <Mapping>
+ <Actions>
+ <Action>toolsAny</Action>
+ </Actions>
+ <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
+ </Mapping>
+ </FileUploadConfig>
+
+ <!--
+ Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
+
+ In order to plug in a processor to handle a special request, simply add an entry to this
+ section.
+
+ The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
+ which needs special processing
+
+ The value of the Class element is a class which implements
+ org.wso2.carbon.transport.HttpGetRequestProcessor
+ -->
+ <HttpGetRequestProcessors>
+ <Processor>
+ <Item>info</Item>
+ <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
+ </Processor>
+ <Processor>
+ <Item>wsdl</Item>
+ <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
+ </Processor>
+ <Processor>
+ <Item>wsdl2</Item>
+ <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
+ </Processor>
+ <Processor>
+ <Item>xsd</Item>
+ <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
+ </Processor>
+ </HttpGetRequestProcessors>
+
+ <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync.
+ In master nodes you need to set both AutoCommit and AutoCheckout to true
+ and in worker nodes set only AutoCheckout to true.
+ -->
+ <DeploymentSynchronizer>
+ <Enabled>false</Enabled>
+ <AutoCommit>false</AutoCommit>
+ <AutoCheckout>true</AutoCheckout>
+ <RepositoryType>svn</RepositoryType>
+ <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
+ <SvnUser>username</SvnUser>
+ <SvnPassword>password</SvnPassword>
+ <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
+ </DeploymentSynchronizer>
+
+ <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
+ In master nodes you need to set both AutoCommit and AutoCheckout to true
+ and in worker nodes set only AutoCheckout to true.
+ -->
+ <!--<DeploymentSynchronizer>
+ <Enabled>true</Enabled>
+ <AutoCommit>false</AutoCommit>
+ <AutoCheckout>true</AutoCheckout>
+ </DeploymentSynchronizer>-->
+
+ <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
+ <!--<MediationConfig>
+ <LoadFromRegistry>false</LoadFromRegistry>
+ <SaveToFile>false</SaveToFile>
+ <Persistence>enabled</Persistence>
+ <RegistryPersistence>enabled</RegistryPersistence>
+ </MediationConfig>-->
+
+ <!--
+ Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
+ This code will be run when the Carbon server is initialized
+ -->
+ <ServerInitializers>
+ <!--<Initializer></Initializer>-->
+ </ServerInitializers>
+
+ <!--
+ Indicates whether the Carbon Servlet is required by the system, and whether it should be
+ registered
+ -->
+ <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
+
+ <!--
+ Carbon H2 OSGI Configuration
+ By default non of the servers start.
+ name="web" - Start the web server with the H2 Console
+ name="webPort" - The port (default: 8082)
+ name="webAllowOthers" - Allow other computers to connect
+ name="webSSL" - Use encrypted (HTTPS) connections
+ name="tcp" - Start the TCP server
+ name="tcpPort" - The port (default: 9092)
+ name="tcpAllowOthers" - Allow other computers to connect
+ name="tcpSSL" - Use encrypted (SSL) connections
+ name="pg" - Start the PG server
+ name="pgPort" - The port (default: 5435)
+ name="pgAllowOthers" - Allow other computers to connect
+ name="trace" - Print additional trace information; for all servers
+ name="baseDir" - The base directory for H2 databases; for all servers
+ -->
+ <!--H2DatabaseConfiguration>
+ <property name="web" />
+ <property name="webPort">8082</property>
+ <property name="webAllowOthers" />
+ <property name="webSSL" />
+ <property name="tcp" />
+ <property name="tcpPort">9092</property>
+ <property name="tcpAllowOthers" />
+ <property name="tcpSSL" />
+ <property name="pg" />
+ <property name="pgPort">5435</property>
+ <property name="pgAllowOthers" />
+ <property name="trace" />
+ <property name="baseDir">${carbon.home}</property>
+ </H2DatabaseConfiguration-->
+ <!--Disabling statistics reporter by default-->
+ <StatisticsReporterDisabled>true</StatisticsReporterDisabled>
+
+ <!-- Enable accessing Admin Console via HTTP -->
+ <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
+
+ <!--
+ Default Feature Repository of WSO2 Carbon.
+ -->
+ <FeatureRepository>
+ <RepositoryName>default repository</RepositoryName>
+ <RepositoryURL>${p2.repo.url}</RepositoryURL>
+ </FeatureRepository>
+
+ <!--
+ Configure API Management
+ -->
+ <APIManagement>
+
+ <!--Uses the embedded API Manager by default. If you want to use an external
+ API Manager instance to manage APIs, configure below externalAPIManager-->
+
+ <Enabled>true</Enabled>
+
+ <!--Uncomment and configure API Gateway and
+ Publisher URLs to use external API Manager instance-->
+
+ <!--ExternalAPIManager>
+
+ <APIGatewayURL>http://localhost:8281</APIGatewayURL>
+ <APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
+
+ </ExternalAPIManager-->
+
+ <LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
+ </APIManagement>
+</Server>
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/files/env
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/files/env b/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/files/env
new file mode 100644
index 0000000..e7555c7
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/files/env
@@ -0,0 +1,2 @@
+JAVA_HOME=/opt/jdk1.7.0_67
+CARBON_HOME=/opt/wso2is-5.0.0
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/packs/plugins/WSO2ISMetaDataHandler.py
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/packs/plugins/WSO2ISMetaDataHandler.py b/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/packs/plugins/WSO2ISMetaDataHandler.py
new file mode 100644
index 0000000..53e10fe
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/packs/plugins/WSO2ISMetaDataHandler.py
@@ -0,0 +1,144 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+import mdsclient
+from plugins.contracts import ICartridgeAgentPlugin
+from xml.dom.minidom import parse
+import socket
+from modules.util.log import LogFactory
+import time
+import subprocess
+import os
+
+
+class WSO2ISMetaDataHandler(ICartridgeAgentPlugin):
+
+ def run_plugin(self, values):
+ log = LogFactory().get_log(__name__)
+ # read tomcat app related values from metadata
+ mds_response = None
+ while mds_response is None:
+ log.debug("Waiting for SSO_ISSUER and CALLBACK_URL to be available from metadata service for app ID: %s"
+ % values["APPLICATION_ID"])
+ time.sleep(5)
+ mds_response = mdsclient.get(app=True)
+ if mds_response is not None and mds_response.properties.get("SSO_ISSUER") is None or \
+ mds_response.properties.get("CALLBACK_URL") is None:
+ mds_response = None
+ # mds_response = mdsclient.get()
+ issuer = mds_response.properties["SSO_ISSUER"]
+ acs = mds_response.properties["CALLBACK_URL"]
+
+ # add a service provider in the security/sso-idp-config.xml file
+ # is_root = values["APPLICATION_PATH"]
+ is_root = os.environ.get("CARBON_HOME")
+ sso_idp_file = "%s/repository/conf/security/sso-idp-config.xml" % is_root
+
+ # <SSOIdentityProviderConfig>
+ # <ServiceProviders>
+ # <ServiceProvider>
+ # <Issuer>wso2.my.dashboard</Issuer>
+ # <AssertionConsumerService>https://is.wso2.com/dashboard/acs</AssertionConsumerService>
+ # <SignAssertion>true</SignAssertion>
+ # <SignResponse>true</SignResponse>
+ # <EnableAttributeProfile>false</EnableAttributeProfile>
+ # <IncludeAttributeByDefault>false</IncludeAttributeByDefault>
+ # <Claims>
+ # <Claim>http://wso2.org/claims/role</Claim>
+ # </Claims>
+ # <EnableSingleLogout>false</EnableSingleLogout>
+ # <SingleLogoutUrl></SingleLogoutUrl>
+ # <EnableAudienceRestriction>true</EnableAudienceRestriction>
+ # <AudiencesList>
+ # <Audience>carbonServer</Audience>
+ # </AudiencesList>
+ # <ConsumingServiceIndex></ConsumingServiceIndex>
+ # </ServiceProvider>
+ with open(sso_idp_file, "r") as f:
+ sp_dom = parse(f)
+
+ root_element = sp_dom.documentElement
+ sps_element = sp_dom.getElementsByTagName("ServiceProviders")[0]
+
+ sp_entry = sp_dom.createElement("ServiceProvider")
+
+ sp_entry_issuer = sp_dom.createElement("Issuer")
+ sp_entry_issuer.appendChild(sp_dom.createTextNode(issuer))
+
+ sp_entry_acs = sp_dom.createElement("AssertionConsumerService")
+ sp_entry_acs.appendChild(sp_dom.createTextNode(acs))
+
+ sp_entry_sign_resp = sp_dom.createElement("SignResponse")
+ sp_entry_sign_resp.appendChild(sp_dom.createTextNode("true"))
+
+ sp_entry_sign_assert = sp_dom.createElement("SignAssertion")
+ sp_entry_sign_assert.appendChild(sp_dom.createTextNode("true"))
+
+ sp_entry_single_logout = sp_dom.createElement("EnableSingleLogout")
+ sp_entry_single_logout.appendChild(sp_dom.createTextNode("true"))
+
+ sp_entry_attribute_profile = sp_dom.createElement("EnableAttributeProfile")
+ sp_entry_attribute_profile.appendChild(sp_dom.createTextNode("true"))
+
+ sp_entry.appendChild(sp_entry_issuer)
+ sp_entry.appendChild(sp_entry_acs)
+ sp_entry.appendChild(sp_entry_sign_resp)
+ sp_entry.appendChild(sp_entry_sign_assert)
+ sp_entry.appendChild(sp_entry_single_logout)
+ sp_entry.appendChild(sp_entry_attribute_profile)
+
+ sps_element.appendChild(sp_entry)
+
+ with open(sso_idp_file, 'w+') as f:
+ root_element.writexml(f, newl="\n")
+ # root_element.writexml(f)
+
+ # data = json.loads(urllib.urlopen("http://ip.jsontest.com/").read())
+ # ip_entry = data["ip"]
+
+ # publish SAML_ENDPOINT to metadata service
+ # member_hostname = socket.gethostname()
+ member_hostname = values["HOST_NAME"]
+ payload_ports = values["PORT_MAPPINGS"].split("|")
+ if values.get("LB_CLUSTER_ID") is not None:
+ port_no = payload_ports[2].split(":")[1]
+ else:
+ port_no = payload_ports[1].split(":")[1]
+ saml_endpoint = "https://%s:%s/samlsso" % (member_hostname, port_no)
+ publish_data = mdsclient.MDSPutRequest()
+ hostname_entry = {"key": "SAML_ENDPOINT", "values": saml_endpoint}
+ properties_data = [hostname_entry]
+ publish_data.properties = properties_data
+
+ mdsclient.put(publish_data, app=True)
+
+ # start servers
+ log.info("Starting WSO2 IS server")
+
+ # set configurations
+ carbon_replace_command = "sed -i \"s/CLUSTER_HOST_NAME/%s/g\" %s" % (member_hostname, "/opt/wso2is-5.0.0/repository/conf/carbon.xml")
+
+ p = subprocess.Popen(carbon_replace_command, shell=True)
+ output, errors = p.communicate()
+ log.debug("Set carbon.xml hostname")
+
+ wso2is_start_command = "exec /opt/wso2is-5.0.0/bin/wso2server.sh start"
+ env_var = os.environ.copy()
+ env_var["JAVA_HOME"] = "/opt/jdk1.7.0_67"
+ p = subprocess.Popen(wso2is_start_command, env=env_var, shell=True)
+ output, errors = p.communicate()
+ log.debug("WSO2 IS server started")
http://git-wip-us.apache.org/repos/asf/stratos/blob/188377af/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/packs/plugins/WSO2ISMetaDataHandler.yapsy-plugin
----------------------------------------------------------------------
diff --git a/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/packs/plugins/WSO2ISMetaDataHandler.yapsy-plugin b/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/packs/plugins/WSO2ISMetaDataHandler.yapsy-plugin
new file mode 100644
index 0000000..d0d7e91
--- /dev/null
+++ b/tools/docker-images/cartridge-docker-images/service-images/wso2is-saml-sso/packs/plugins/WSO2ISMetaDataHandler.yapsy-plugin
@@ -0,0 +1,9 @@
+[Core]
+Name = WSO2ISMetaDataHandler to read and publish metadata from and to Metadata service
+Module = WSO2ISMetaDataHandler
+
+[Documentation]
+Description = InstanceStartedEvent
+Author = Op1
+Version = 0.1
+Website = stratos.apache.org
\ No newline at end of file