mirror of https://github.com/MISP/misp-docker
Stefano Ortolani
GitHub
commit
2d1a3b59fd
|
|
@ -1,6 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
source /rest_client.sh
|
||||
source /utilities.sh
|
||||
|
||||
[ -z "$ADMIN_EMAIL" ] && ADMIN_EMAIL="admin@admin.test"
|
||||
[ -z "$GPG_PASSPHRASE" ] && GPG_PASSPHRASE="passphrase"
|
||||
|
|
@ -10,6 +11,7 @@ source /rest_client.sh
|
|||
# Switches to selectively disable configuration logic
|
||||
[ -z "$AUTOCONF_GPG" ] && AUTOCONF_GPG="true"
|
||||
[ -z "$AUTOCONF_ADMIN_KEY" ] && AUTOCONF_ADMIN_KEY="true"
|
||||
[ -z "$OIDC_ENABLE" ] && OIDC_ENABLE="false"
|
||||
|
||||
init_configuration(){
|
||||
# Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
|
||||
|
|
@ -93,6 +95,36 @@ GPGEOF
|
|||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.binary" "$(which gpg)"
|
||||
}
|
||||
|
||||
set_up_oidc() {
|
||||
if [[ "$OIDC_ENABLE" != "true" ]]; then
|
||||
echo "... OIDC authentication disabled"
|
||||
return
|
||||
fi
|
||||
|
||||
# Check required variables
|
||||
check_env_vars OIDC_PROVIDER_URL OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_ROLES_PROPERTY OIDC_ROLES_MAPPING OIDC_DEFAULT_ORG
|
||||
|
||||
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
|
||||
\"Security\": {
|
||||
\"auth\": [\"OidcAuth.Oidc\"]
|
||||
}
|
||||
}" > /dev/null
|
||||
|
||||
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
|
||||
\"OidcAuth\": {
|
||||
\"provider_url\": \"${OIDC_PROVIDER_URL}\",
|
||||
\"client_id\": \"${OIDC_CLIENT_ID}\",
|
||||
\"client_secret\": \"${OIDC_CLIENT_SECRET}\",
|
||||
\"roles_property\": \"${OIDC_ROLES_PROPERTY}\",
|
||||
\"role_mapper\": ${OIDC_ROLES_MAPPING},
|
||||
\"default_org\": \"${OIDC_DEFAULT_ORG}\"
|
||||
}
|
||||
}" > /dev/null
|
||||
|
||||
# Disable password confirmation as stated at https://github.com/MISP/MISP/issues/8116
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false
|
||||
}
|
||||
|
||||
apply_updates() {
|
||||
# Disable weird default
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.ZeroMQ_enable" false
|
||||
|
|
@ -164,7 +196,7 @@ apply_critical_fixes() {
|
|||
apply_optional_fixes() {
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q --force "MISP.welcome_text_top" ""
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q --force "MISP.welcome_text_bottom" ""
|
||||
|
||||
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.contact" "${ADMIN_EMAIL}"
|
||||
# This is not necessary because we update the DB directly
|
||||
# sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.org" "${ADMIN_ORG}"
|
||||
|
|
@ -254,5 +286,7 @@ echo "MISP | Create sync servers ..." && create_sync_servers
|
|||
|
||||
echo "MISP | Update components ..." && update_components
|
||||
|
||||
echo "MISP | Set Up OIDC ..." && set_up_oidc
|
||||
|
||||
echo "MISP | Mark instance live"
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin live 1
|
||||
|
|
|
|||
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Check whether passed env variables are defined
|
||||
check_env_vars() {
|
||||
local required_vars=("$@")
|
||||
|
||||
missing_vars=()
|
||||
for i in "${required_vars[@]}"
|
||||
do
|
||||
test -n "${!i:+y}" || missing_vars+=("$i")
|
||||
done
|
||||
if [ ${#missing_vars[@]} -ne 0 ]
|
||||
then
|
||||
echo "The following env variables are not set:"
|
||||
printf ' %q\n' "${missing_vars[@]}"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
|
@ -69,6 +69,14 @@ services:
|
|||
- "ADMIN_KEY=${ADMIN_KEY}"
|
||||
- "ADMIN_ORG=${ADMIN_ORG}"
|
||||
- "GPG_PASSPHRASE=${GPG_PASSPHRASE}"
|
||||
# authentication settings
|
||||
- "OIDC_ENABLE=${OIDC_ENABLE}"
|
||||
- "OIDC_PROVIDER_URL=${OIDC_PROVIDER_URL}"
|
||||
- "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}"
|
||||
- "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}"
|
||||
- "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
|
||||
- "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
|
||||
- "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"
|
||||
# sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options)
|
||||
- "SYNCSERVERS=${SYNCSERVERS}"
|
||||
- |
|
||||
|
|
|
|||
|
|
@ -87,3 +87,12 @@ SYNCSERVERS_1_KEY=
|
|||
|
||||
# Disable IPv6 completely (this setting will persist until the container is removed)
|
||||
# DISABLE_IPV6=true
|
||||
|
||||
# Enable OIDC authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md
|
||||
# OIDC_ENABLE=true
|
||||
# OIDC_PROVIDER_URL=
|
||||
# OIDC_CLIENT_ID=
|
||||
# OIDC_CLIENT_SECRET=
|
||||
# OIDC_ROLES_PROPERTY="roles"
|
||||
# OIDC_ROLES_MAPPING={"admin": "1","sync-user": "5"}
|
||||
# OIDC_DEFAULT_ORG=
|
||||
|
|
|
|||
Loading…
Reference in New Issue