Versions Compared

Old Version 28

changes.mady.by.user thompsow@lafayette.edu

Saved on

compared with

New Version 29

changes.mady.by.user Jim Jokl (virginia.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. The Shibboleth IdP must operate in high-availability mode, supporting multiple containers running on diverse hardware.
  2. Local, cloud, and hybrid local/cloud deployments should be possible with the deployment.
  3. As with the other TIER Shibboleth releases, Shibboleth is delivered to scale horizontally.  No database or provisions for cross-node state are made.
  4. Load Balancing
    1. External load balancing configuration is out of scope, but a high-level discussion and/or pointers to what a campus will need to do (e.g., sticky sessions) is in-scope.
    2. Note that Shibboleth requests can be sent to any node of a Swarm and the Swarm will direct the requests to an appropriate container.
  5. Shibboleth keying material and other commonly changed configuration data are stored as Docker Swarm Secrets and made available to the Shibboleth containers as needed.  The Swarm encrypts this data both in transit and at rest.
  6. Assumption: school will provide docker host(s) configured for swarm mode.
  7. Logging
    1. Via stdout with Docker capturing via syslog?
    2. Shibboleth logging directly via syslog, (feels natural - need to touch the Shib logging config anyway)?All logs will be sent to stdout using the TIER container standard format.

Components

  1. TIER Shibboleth IdP Docker Container
    1. Shibboleth IdP software
    2. Installation, after license approval, of the needed pre-requisite software of the Oracle Java 8 JRE and the Tomcat 8.0 application server.
    3. Used here in TIER Docker Shibboleth hybrid mode
  2. Docker Registry
    1. Docker does not automatically provide a container registry for the Swarm environment.  TIER includes Docker's registry container for this function.
  3. Swarm Mode Secrets
    1. Tooling/documentation on what to place in and how to update the Docker Swarm secrets.
  4. Tooling
    1. Configuration Builder tool that accepts user input and builds a full Shibboleth initial configuration based on TIER default settings.
    2. Scripting / documentation for existing configuration migration into the container environment, separating out secrets, etc.
  5. Operational Documentation
    1. High level, focused on summarized and bootstrap information as opposed to a tutorial.
    2. Health status

...

  1. Performance Testing (perhaps some implementation guidance)

 

...