Open vwbusguy opened 4 years ago
vwbusguy
commented
4 years ago Note that 3.4.6 is required for the latest version of shib-cas-authn: https://github.com/Unicon/shib-cas-authn3/releases/tag/3.3.0 . 3.4.6 is necessary to fix a security flow problem with ExternalAuthentication, such as via CAS.
jtgasper3
commented
4 years ago I think the Unicon images have been abandoned since I left the organization in July. I no longer have commit access or I would personally keep them updated.
I've thought about forking the project and updating them, but I don't know if anyone would use/trust Docker Hub images from the jtgasper3 org as much as they would them from the unicon org. Thoughts?
vwbusguy
commented
4 years ago Good to know. The other option is seeing how much effort it would be to migrate to the TIER Shibboleth IdP containers.
https://hub.docker.com/r/tier/shib-idp
https://spaces.at.internet2.edu/plugins/servlet/mobile?contentId=140181885#content/view/140181885
netscruff
commented
4 years ago I migrated to use the TIER images but I definitely prefer the approach of this image (Jetty, multistage builds, issues on the github repo). I think it's still possible to influence the development of the TIER/TAP images though and maybe that's the place to put effort now.
vwbusguy
commented
4 years ago @netscruff - I prefer these images as well. It looks like there's a broken link in the Dockerfile in the repo for updating to 3.4.6. If Unicon isn't going to maintain this anymore and @jtgasper3 would rather not use his namespace, I could fork it under the Azusa Pacific University org and add @jtgasper3 as an external member.
vwbusguy
commented
4 years ago I got our images fully ported over to the TIER images. I have to agree with @netscruff that jetty with the simple overlay is a better architecture for containerization. There are other small but not insignificant things, like logging and not having to rebuild the war file for added Java deps, that are also done better out of box with these images.
jtgasper3
commented
4 years ago I'm quite partial to this image too. I've tried to optimize it in every way I can think of.
I'm good hosting it under jtgasper3, I just didn't know if folks would trust it. But if you folks are fine with it, then I'll give it ago. I've got a bit of traveling during December, but I'll get the image current this month.
vwbusguy
commented
4 years ago I added myself as a watcher on https://github.com/jtgasper3/docker-shibboleth-idp . Thanks, @jtgasper3, and please feel free to reach out to me if you'd like any help with testing or development.
klaalo
commented
4 years ago This is an old thread already, but as I stumbled upon it, I believe others might too. So to let you know: CSC.fi has a fork and they seem to be doing wonderful work in getting this image updated: https://github.com/CSCfi/shibboleth-idp-dockerized . There seems to be quite many forks of this Unicon project (which seems abandoned) and I don't know about activity of those other forks, but CSC guys have done very good work around Shibboleth, so in my opinion their work is worth of following.
winstonhong
commented
3 years ago @vwbusguy I have updated Java 8, Jetty 9 and Shibboleth IdP to the latest release (i.e., Update latest image tag to 3.4.7) based on Unicon's Shibboleth IdP and SP Docker image which have been cited in README.
I have validated all the the three (3) projects with the latest commit (i.e., commit #22) based on README tutorial on brand-new Ubuntu 22.04.
The current latest tag is 3.4.3, which is 3 patch versions behind at this point. https://wiki.shibboleth.net/confluence/display/IDP30/ReleaseNotes#ReleaseNotes-3.4.6(Oct2,2019)