Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the EXCLUDE_CONFIG_SSO_FEATURES flag (vNext) #453

Open
wants to merge 3 commits into
base: vNext
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,19 @@ Refer to [Repository and proxy modifications](https://openliberty.io/docs/ref/co

## Enterprise Functionality

This section describes the optional enterprise functionality that can be enabled via the Dockerfile during `build` time, by setting particular build-arguments (`ARG`) and calling `RUN configure.sh`. Each of these options trigger the inclusion of specific configuration via XML snippets (except for `VERBOSE`), described below:
This section describes the optional enterprise functionality that can be enabled via the Dockerfile during `build` time, by setting particular build-arguments (`ARG`) and calling `RUN configure.sh`. Each of these options trigger the inclusion/exclusion of specific configuration via XML snippets (except for `VERBOSE`), described below:

* `TLS` (`SSL` is deprecated)
* Description: Enable Transport Security in Liberty by adding the `transportSecurity-1.0` feature (includes support for SSL).
* XML Snippet Location: [keystore.xml](/releases/latest/kernel-slim/helpers/build/configuration_snippets/keystore.xml).
* `EXCLUDE_CONFIG_SSO_FEATURES`
* Description: When set to `true` the `sso_features.xml` config will be excluded from feature installation (see [SECURITY.md](/SECURITY.md) for usage).
* XML Snippet Location: [sso-features.xml](/releases/latest/kernel-slim/helpers/build/configuration_snippets/sso-features.xml)
* `HZ_SESSION_CACHE`
* Description: Enable the persistence of HTTP sessions using JCache by adding the `sessionCache-1.0` feature.
* XML Snippet Location: [hazelcast-sessioncache.xml](/releases/latest/kernel-slim/helpers/build/configuration_snippets/hazelcast-sessioncache.xml)
* `TLS` (`SSL` is deprecated)
* Description: Enable Transport Security in Liberty by adding the `transportSecurity-1.0` feature (includes support for SSL).
* XML Snippet Location: [keystore.xml](/releases/latest/kernel-slim/helpers/build/configuration_snippets/keystore.xml).
* `VERBOSE`
* Description: When set to `true` it outputs the commands and results to stdout from `configure.sh`. Otherwise, default setting is `false` and `configure.sh` is silenced.
* Description: When set to `true` it outputs the commands and results to stdout from `features.sh` and `configure.sh`. Otherwise, default setting is `false` and `features.sh` and `configure.sh` are silenced.

### Deprecated Enterprise Functionality

Expand Down
15 changes: 14 additions & 1 deletion SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,20 @@ The following variables configure container security for Single Sign-On using th

* Providers usually require the use of HTTPS. Specify `ARG TLS=true` in your Dockerfile.

* Your Dockerfile must call `RUN configure.sh` for these to take effect.
* Your Dockerfile must call `RUN configure.sh` for these to take effect.

#### The `<feature>` and `appSecurity-2.0` configured features include an incompatible combination of features.

* When specifying the `SEC_SSO_PROVIDERS` ARG, you might get an incompatible set of features with `appSecurity-2.0` similar to the snippet below:

```
CWWKF0044E: The persistence-3.1 and appSecurity-2.0 features cannot be loaded at the same time.
The persistence-3.1 feature of Jakarta EE 10 is incompatible with the appSecurity-2.0 feature of Java EE 6.
The persistence-3.1 and appSecurity-2.0 configured features include an incompatible combination of features.
Your configuration is not supported. Update the configuration to use features that support either the Jakarta EE or Java EE programming models, but not both.
```

* To avoid this error, set `ARG EXCLUDE_CONFIG_SSO_FEATURES=true` in your Dockerfile.

### Configuration needed at image build time or at container deploy time:

Expand Down
4 changes: 3 additions & 1 deletion releases/23.0.0.10/full/helpers/build/configure.sh
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,9 @@ function main() {
fi

if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
if [[ "$EXCLUDE_CONFIG_SSO_FEATURES" != "true" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
fi
parseProviders $SEC_SSO_PROVIDERS
fi

Expand Down
2 changes: 1 addition & 1 deletion releases/23.0.0.10/kernel-slim/helpers/build/features.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ if [ -n "$INFINISPAN_SERVICE_NAME" ] || [ "${HZ_SESSION_CACHE}" == "client" ] ||
fi

# SSO
if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
if [[ -n "$SEC_SSO_PROVIDERS" ]] && [[ "$EXCLUDE_CONFIG_SSO_FEATURES" != "true" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
fi

Expand Down
4 changes: 3 additions & 1 deletion releases/23.0.0.6/full/helpers/build/configure.sh
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,9 @@ function main() {
fi

if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
if [[ "$EXCLUDE_CONFIG_SSO_FEATURES" != "true" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
fi
parseProviders $SEC_SSO_PROVIDERS
fi

Expand Down
2 changes: 1 addition & 1 deletion releases/23.0.0.6/kernel-slim/helpers/build/features.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ if [ -n "$INFINISPAN_SERVICE_NAME" ] || [ "${HZ_SESSION_CACHE}" == "client" ] ||
fi

# SSO
if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
if [[ -n "$SEC_SSO_PROVIDERS" ]] && [[ "$EXCLUDE_CONFIG_SSO_FEATURES" != "true" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
fi

Expand Down
4 changes: 3 additions & 1 deletion releases/23.0.0.9/full/helpers/build/configure.sh
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,9 @@ function main() {
fi

if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
if [[ "$EXCLUDE_CONFIG_SSO_FEATURES" != "true" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
fi
parseProviders $SEC_SSO_PROVIDERS
fi

Expand Down
2 changes: 1 addition & 1 deletion releases/23.0.0.9/kernel-slim/helpers/build/features.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ if [ -n "$INFINISPAN_SERVICE_NAME" ] || [ "${HZ_SESSION_CACHE}" == "client" ] ||
fi

# SSO
if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
if [[ -n "$SEC_SSO_PROVIDERS" ]] && [[ "$EXCLUDE_CONFIG_SSO_FEATURES" != "true" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
fi

Expand Down
4 changes: 3 additions & 1 deletion releases/latest/beta/helpers/build/configure.sh
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,9 @@ function main() {
fi

if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
if [[ "$EXCLUDE_CONFIG_SSO_FEATURES" != "true" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
fi
parseProviders $SEC_SSO_PROVIDERS
fi

Expand Down
4 changes: 3 additions & 1 deletion releases/latest/full/helpers/build/configure.sh
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,9 @@ function main() {
fi

if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
if [[ "$EXCLUDE_CONFIG_SSO_FEATURES" != "true" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
fi
parseProviders $SEC_SSO_PROVIDERS
fi

Expand Down
2 changes: 1 addition & 1 deletion releases/latest/kernel-slim/helpers/build/features.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ if [ -n "$INFINISPAN_SERVICE_NAME" ] || [ "${HZ_SESSION_CACHE}" == "client" ] ||
fi

# SSO
if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
if [[ -n "$SEC_SSO_PROVIDERS" ]] && [[ "$EXCLUDE_CONFIG_SSO_FEATURES" != "true" ]]; then
cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
fi

Expand Down