0

I am trying to configure shibboleth service provider in kubernetes environment.

In non-docker environment, apache2 and shibd services runs no the same server and apache2 communicates with shibd using mod_shib apache module (correct me if am wrong)

Is it possible to deploy shibboleth service provider in separate container and apache in separate container? If yes, has anyone done this already? Is there any docs?

As because I already have pods running my environment. One for apache and another one for java spring boot application. Apache acts as a reverse proxy for my java app.

Now I just want to deploy one more container for shibboleth, is it possible?

karthikeayan
  • 4,291
  • 7
  • 37
  • 75

1 Answers1

1

Shibboleth must be installed inside apache itself.

So No, you cannot separate out shibboleth container out of apache container.

Your assumption is right, you apache communicates with mod_shib.

You have three options,

  1. Use readymade docker image for shibboleth - like this one.

Issue with this is, you need to setup everything else related to apache on your own for this one.

  1. Use two separate apache instances , one for proxy pass and other for shibboleth installation.

As you want to install shibboleth SP, you may try to proxy pass the secured location like /secure in reverse proxy apache to shibboleth installed apache.

This way you can separate out reverse proxy and shibboleth SP in separate container, but you may add little overhead for multiple proxies. However, I don't see too much overhead, though.

  1. Build on your own. Use this steps.

Shibboleth in linux is only out of box supported in RPM based distribution. You need to modify shibboleth2.xml. Add some metadata file or URL for IdP. Some certificates too.

You can mix this option with first two too.

Akshay
  • 3,558
  • 4
  • 43
  • 77
  • I had an Angular app in a different container. How can i point that application to Shibboleth SP container. I dont want to install Shibboleth SP to every single container where my app is stored. Thanks. – daniel8x Aug 02 '19 at 21:05
  • Single Different container for SP will do. You will need to map the URL or rather particular path/location in apache/nginx/etc to the SP container and other traffic to angular app – Akshay Aug 05 '19 at 07:05
  • This is exactly where i am getting stuck. i had : angular app + Nginx (1 container - https://example.com/ang-app). Shibboleth SP + Apache (1 container - https://example.com). Whenever i hit angular app, i really want it to hit the SP container first. but its not happens. I really have no ideal how to do that ? do you have any suggestion. Thank you. – daniel8x Aug 05 '19 at 21:24