Internet2's Trust and Identity in Education and Research (TIER) program's Packaging Working Group has produced several Docker images that TIER adopters may find beneficial. They have released images for the Shibboleth IdP (Windows and Linux), Shibboleth SP (Apache HTTP Server and IIS), Internet2 COmanage, and Internet2 Grouper. A container for Evolveum midPoint is still in the works. With these images, deployers can easily stand up application instances for development work, testing, and production use.
All of the images allow configuration files / options to be bind-mounted or provided as environment variables. Docker Swarm Secrets and Configs are natively supported. These images can also be used as base images to incorporate organizational modification / enhancements for the applications.
Deployers just need to mount (or overlay via a new image layer for additional customizations) and start the container. The application will start up and start serving requests.
Let's dive into the specific images.
Evolveum midPoint
TIER's latest IAM related image is midPoint. It is still a work in-progress, but is being built by the Evolveum team themselves. It is definitely worth looking at if you are a midPoint adopter.
Internet2 COmanage
The COmanage image ships with Apache HTTP Server, PHP, and COmanage.
Internet2 Grouper
The Grouper image is able to run each of Grouper's components: api, daemon, ui, and web services. I have created a video tutorial on how to deploy the image with Docker Swarm. Feel free to check it out at https://github.com/Unicon/tier-grouper-deployment.
There is also a completely self-contained set of images which includes Grouper and pre-populated MariaDB and OpenLDAP server instances. These images were designed for the Grouper training course but are also perfect for kicking the tires on Grouper (using the image directly) or for developing custom Grouper extensions (using a deployment specific image and adding in configuration settings specific to the user story being worked on).
Shibboleth IdP (Linux)
This Shibboleth IdP image runs on a Linux host/kernel and ships with the Zulu release of OpenJDK and Apache Tomcat. For those just starting out with an IdP, there is an initialization process that will generate and export the various cryptographic keys and configuration files. These files can be edited and managed locally and attached to a running instance through the normal mechanisms.
Shibboleth IdP (Windows)
This Shibboleth IdP image runs on a Windows host/kernel and ships with the Zulu release of OpenJDK and Apache Tomcat. For those just starting out with an IdP, there is an initialization process that will generate and export the various cryptographic keys and configuration files. These files can be edited and managed locally and attached to a running instance through the normal mechanisms.
Shibboleth SP (Linux/Apache HTTP Server)
This Shibboleth SP image runs on a Linux host/kernel and installs Shibboleth SP and the Apache HTTP Server. Add PHP, or another framework of your choice, and incorporate your application bits on top of this image to build an application-specific image.
Shibboleth SP (Windows/IIS)
This Shibboleth SP image runs on a Windows host/kernel and installs Shibboleth SP and Microsoft IIS. The image has ASP.NET 4.5 pre-installed; however, you can install PHP or another framework of your choice, and incorporate your application bits on top of this image to build an application-specific image.
More and up-to-date information about these images can be found on the TIER Package Delivery Wiki page.
As always, if you need assistance working with any of the TIER images (or the applications themselves), Unicon's IAM team would love to assist you. Unicon can also help you set up a DevOps environment that can automate the deployment of these applications when changes are made to your local images' versions, etc. Please reach out and let's talk.
