Update latest image tag to 3.4.6

[vwbusguy]

The current latest tag is 3.4.3, which is 3 patch versions behind at this point. https://wiki.shibboleth.net/confluence/display/IDP30/ReleaseNotes#ReleaseNotes-3.4.6(Oct2,2019)

[vwbusguy]

Note that 3.4.6 is required for the latest version of shib-cas-authn: https://github.com/Unicon/shib-cas-authn3/releases/tag/3.3.0 . 3.4.6 is necessary to fix a security flow problem with ExternalAuthentication, such as via CAS.

[jtgasper3]

I think the Unicon images have been abandoned since I left the organization in July. I no longer have commit access or I would personally keep them updated.

I've thought about forking the project and updating them, but I don't know if anyone would use/trust Docker Hub images from the jtgasper3 org as much as they would them from the unicon org. Thoughts?

[vwbusguy]

Good to know. The other option is seeing how much effort it would be to migrate to the TIER Shibboleth IdP containers.

https://hub.docker.com/r/tier/shib-idp

https://spaces.at.internet2.edu/plugins/servlet/mobile?contentId=140181885#content/view/140181885

[netscruff]

I migrated to use the TIER images but I definitely prefer the approach of this image (Jetty, multistage builds, issues on the github repo). I think it's still possible to influence the development of the TIER/TAP images though and maybe that's the place to put effort now.

[vwbusguy]

@netscruff - I prefer these images as well. It looks like there's a broken link in the Dockerfile in the repo for updating to 3.4.6. If Unicon isn't going to maintain this anymore and @jtgasper3 would rather not use his namespace, I could fork it under the Azusa Pacific University org and add @jtgasper3 as an external member.

[vwbusguy]

I got our images fully ported over to the TIER images. I have to agree with @netscruff that jetty with the simple overlay is a better architecture for containerization. There are other small but not insignificant things, like logging and not having to rebuild the war file for added Java deps, that are also done better out of box with these images.

[jtgasper3]

I'm quite partial to this image too. I've tried to optimize it in every way I can think of.

I'm good hosting it under jtgasper3, I just didn't know if folks would trust it. But if you folks are fine with it, then I'll give it ago. I've got a bit of traveling during December, but I'll get the image current this month.

[vwbusguy]

I added myself as a watcher on https://github.com/jtgasper3/docker-shibboleth-idp . Thanks, @jtgasper3, and please feel free to reach out to me if you'd like any help with testing or development.

[klaalo]

This is an old thread already, but as I stumbled upon it, I believe others might too. So to let you know: CSC.fi has a fork and they seem to be doing wonderful work in getting this image updated: https://github.com/CSCfi/shibboleth-idp-dockerized . There seems to be quite many forks of this Unicon project (which seems abandoned) and I don't know about activity of those other forks, but CSC guys have done very good work around Shibboleth, so in my opinion their work is worth of following.

[winstonhong]

@vwbusguy I have updated Java 8, Jetty 9 and Shibboleth IdP to the latest release (i.e., Update latest image tag to 3.4.7) based on Unicon's Shibboleth IdP and SP Docker image which have been cited in README.

I have validated all the the three (3) projects with the latest commit (i.e., commit #22) based on README tutorial on brand-new Ubuntu 22.04.

https://github.com/winstonhong/Shibboleth-SAML-IdP-and-SP