TIER Docker Images

John Gasper , Software Architect , January 18, 2019
This is the second posting in a three part series. In the first part, which was posted more than a year and a half ago, I described Unicon's IAM Docker images. In this post, I list the Internet2 TIER program's Docker images. In the final post, I discuss the pros and cons of the various related images.

Docker LogoInternet2's Trust and Identity in Education and Research (TIER) program's Packaging Working Group has produced several Docker images that TIER adopters may find beneficial. They have released images for the Shibboleth IdP (Windows and Linux), Shibboleth SP (Apache HTTP Server and IIS), Internet2 COmanage, and Internet2 Grouper. A container for Evolveum midPoint is still in the works. With these images, deployers can easily stand up application instances for development work, testing, and production use.

All of the images allow configuration files / options to be bind-mounted or provided as environment variables. Docker Swarm Secrets and Configs are natively supported. These images can also be used as base images to incorporate organizational modification / enhancements for the applications.

Deployers just need to mount (or overlay via a new image layer for additional customizations) and start the container. The application will start up and start serving requests.

Let's dive into the specific images.

Evolveum midPoint

TIER's latest IAM related image is midPoint. It is still a work in-progress, but is being built by the Evolveum team themselves. It is definitely worth looking at if you are a midPoint adopter.

Internet2 COmanage

The COmanage image ships with Apache HTTP Server, PHP, and COmanage.

Internet2 Grouper

The Grouper image is able to run each of Grouper's components: api, daemon, ui, and web services. I have created a video tutorial on how to deploy the image with Docker Swarm. Feel free to check it out at https://github.com/Unicon/tier-grouper-deployment.

There is also a completely self-contained set of images which includes Grouper and pre-populated MariaDB and OpenLDAP server instances. These images were designed for the Grouper training course but are also perfect for kicking the tires on Grouper (using the image directly) or for developing custom Grouper extensions (using a deployment specific image and adding in configuration settings specific to the user story being worked on).

Shibboleth IdP (Linux)

This Shibboleth IdP image runs on a Linux host/kernel and ships with the Zulu release of OpenJDK and Apache Tomcat. For those just starting out with an IdP, there is an initialization process that will generate and export the various cryptographic keys and configuration files. These files can be edited and managed locally and attached to a running instance through the normal mechanisms.

Shibboleth IdP (Windows)

This Shibboleth IdP  image runs on a Windows host/kernel and ships with the Zulu release of OpenJDK and Apache Tomcat. For those just starting out with an IdP, there is an initialization process that will generate and export the various cryptographic keys and configuration files. These files can be edited and managed locally and attached to a running instance through the normal mechanisms.

Shibboleth SP (Linux/Apache HTTP Server)

This Shibboleth SP image runs on a Linux host/kernel and installs Shibboleth SP and the Apache HTTP Server. Add PHP, or another framework of your choice, and incorporate your application bits on top of this image to build an application-specific image.

Shibboleth SP (Windows/IIS)

This Shibboleth SP image runs on a Windows host/kernel and installs Shibboleth SP and Microsoft IIS. The image has ASP.NET 4.5 pre-installed; however, you can install PHP or another framework of your choice, and incorporate your application bits on top of this image to build an application-specific image.

More and up-to-date information about these images can be found on the TIER Package Delivery Wiki page.

As always, if you need assistance working with any of the TIER images (or the applications themselves), Unicon's IAM team would love to assist you. Unicon can also help you set up a DevOps environment that can automate the deployment of these applications when changes are made to your local images' versions, etc. Please reach out and let's talk.

Useful Reading

John Gasper photo

John Gasper

Software Architect

John Gasper is a wonderful mix of Identity and Access Management (IAM) consultant and DevOps implementer. By day, he is implementing, configuring, or advising on one of the many open source IAM applications including CAS Server, Shibboleth, Grouper, SimpleSAMLphp, 389 Directory Server, and occasionally on a closed source applications like Microsoft Active Directory and Active Directory Federation Services. By night, John tries to automate the world of IT using tools, such as Docker, Jenkins, and Kubernetes. He has experience with cloud providers including Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure. Before joining Unicon in 2013, he worked in IT at Eastern Washington University covering multiple facets of IT including Banner development and administration, Active Directory administration, and pretty much everything in between. They even let him write code for Cisco IP Phone applications