Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • alexander.pace/server
  • geoffrey.mo/gracedb-server
  • deep.chatterjee/gracedb-server
  • cody.messick/server
  • sushant.sharma-chaudhary/server
  • michael-coughlin/server
  • daniel.wysocki/gracedb-server
  • roberto.depietri/gracedb
  • philippe.grassia/gracedb
  • tri.nguyen/gracedb
  • jonah-kanner/gracedb
  • brandon.piotrzkowski/gracedb
  • joseph-areeda/gracedb
  • duncanmmacleod/gracedb
  • thomas.downes/gracedb
  • tanner.prestegard/gracedb
  • leo-singer/gracedb
  • computing/gracedb/server
18 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 1155 additions and 45 deletions
config/settings/test.py config/settings/vm/dev.py
View file @ 5797d777
# Settings for a test GraceDB instance.
# Starts with base.py settings and overrides or adds to them.
from .base import *
# Settings for a test/dev GraceDB instance running on a VM with Puppet
# provisioning. Starts with vm.py settings (which inherits from base.py
# settings) and overrides or adds to them.
import socket
from .base import *
CONFIG_NAME = "TEST"
TIER = "dev"
CONFIG_NAME = "DEV"
# Debug settings
DEBUG = True
SEND_XMPP_ALERTS=True
SEND_MATTERMOST_ALERTS=True
# Override EMBB email address
# TP (8 Aug 2017): not sure why?
......@@ -16,14 +20,14 @@ EMBB_MAIL_ADDRESS = 'gracedb@{fqdn}'.format(fqdn=SERVER_FQDN)
debug_middleware = 'debug_toolbar.middleware.DebugToolbarMiddleware'
MIDDLEWARE += [
debug_middleware,
'silk.middleware.SilkyMiddleware',
#'silk.middleware.SilkyMiddleware',
#'core.middleware.profiling.ProfileMiddleware',
#'core.middleware.admin.AdminsOnlyMiddleware',
]
# Add to installed apps
INSTALLED_APPS += [
'debug_toolbar',
'silk'
]
# Add testserver to ALLOWED_HOSTS
......@@ -38,17 +42,41 @@ if 'silk' in INSTALLED_APPS:
# prevent DOS attacks, so should not be changed in production.
DATA_UPLOAD_MAX_MEMORY_SIZE = 20*(1024**2)
# Add XForwardedFor middleware directly before debug_toolbar middleware
# if debug_toolbar is enabled and DEBUG is True.
if DEBUG and debug_middleware in MIDDLEWARE:
MIDDLEWARE.insert(MIDDLEWARE.index(debug_middleware),
'core.middleware.proxy.XForwardedForMiddleware')
# Tuple of IPs which are marked as internal, useful for debugging.
# Tanner (5 Dec. 2017): DON'T CHANGE THIS! Django Debug Toolbar exposes
# some headers which we want to keep hidden. So to be safe, we only allow
# it to be used through this server. You need to configure a SOCKS proxy
# on your local machine to use DJDT (see admin docs).
INTERNAL_IPS = [
socket.gethostbyname(socket.gethostname()),
INTERNAL_IP_ADDRESS,
]
INSTANCE_TITLE = 'GraceDB Development VM'
# Add sub-bullet with igwn-alert group:
if (len(LVALERT_OVERSEER_INSTANCES) == 2):
igwn_alert_group = os.environ.get('IGWN_ALERT_GROUP', 'lvalert-dev')
group_sub_bullet = """<ul>
<li> Messages are sent to group: <span class="text-monospace"> {0} </span></li>
</ul>""".format(igwn_alert_group)
INSTANCE_LIST = INSTANCE_LIST + group_sub_bullet
INSTANCE_INFO = """
<h5>Development Instance</h5>
<hr>
<p>
This GraceDB instance is designed for GraceDB maintainers to develop and
test in the AWS cloud architecture. There is <b>no guarantee</b> that the
behavior of this instance will mimic the production system at any time.
Events and associated data may change or be removed at any time.
</p>
<ul>
{}
<li>Only LIGO logins are provided (no login via InCommon or Google).</li>
</ul>
""".format(INSTANCE_LIST)
# Turn off public page caching for development and testing:
PUBLIC_PAGE_CACHING = 0
# Hardcode pipelines not approved for production (for vm testing)
# UNAPPROVED_PIPELINES += ['aframe', 'GWAK']
config/settings/vm/playground.py 0 → 100644
View file @ 5797d777
# Settings for a playground GraceDB instance (for user testing) running
# on a VM with Puppet provisioning. Starts with vm.py settings (which inherits
# from base.py settings) and overrides or adds to them.
from .base import *
TIER = "playground"
CONFIG_NAME = "USER TESTING"
# Debug settings
DEBUG = False
# Override EMBB email address
# TP (8 Aug 2017): not sure why?
EMBB_MAIL_ADDRESS = 'gracedb@{fqdn}'.format(fqdn=SERVER_FQDN)
# Turn on XMPP alerts
SEND_XMPP_ALERTS = True
# Turn on Mattermost alerts
SEND_MATTERMOST_ALERTS = True
# Enforce that phone and email alerts are off
SEND_PHONE_ALERTS = False
SEND_EMAIL_ALERTS = False
# Define correct LVAlert settings
LVALERT_OVERSEER_INSTANCES = [
{
"lvalert_server": "lvalert-playground.cgca.uwm.edu",
"listen_port": 8001,
},
]
# Add testserver to ALLOWED_HOSTS
ALLOWED_HOSTS += ['testserver']
# Home page stuff
INSTANCE_TITLE = 'GraceDB Playground'
INSTANCE_INFO = """
<h3>Playground instance</h3>
<p>
This GraceDB instance is designed for users to develop and test their own
applications. It mimics the production instance in all but the following ways:
</p>
<ul>
<li>Phone and e-mail alerts are turned off.</li>
<li>Only LIGO logins are provided (no login via InCommon or Google).</li>
<li>LVAlert messages are sent to lvalert-playground.cgca.uwm.edu.</li>
<li>Events and associated data will <b>not</b> be preserved indefinitely.
A nightly cron job removes events older than 21 days.</li>
</ul>
"""
# Safety check on debug mode for playground
if (DEBUG == True):
raise RuntimeError("Turn off debug mode for playground")
config/settings/vm/production.py 0 → 100644
View file @ 5797d777
# Settings for a production GraceDB instance running on a VM with Puppet
# provisioning. Starts with vm.py settings (which inherits from base.py
# settings) and overrides or adds to them.
from .base import *
TIER = "production"
DEBUG = False
# LVAlert Overseer settings
LVALERT_OVERSEER_INSTANCES = [
{
"lvalert_server": "lvalert.cgca.uwm.edu",
"listen_port": 8000,
},
]
# Turn on alerts
SEND_XMPP_ALERTS = True
SEND_PHONE_ALERTS = True
SEND_EMAIL_ALERTS = True
SEND_MATTERMOST_ALERTS = True
# Safety check on debug mode for production
if (DEBUG == True):
raise RuntimeError("Turn off debug mode for production")
config/urls.py
View file @ 5797d777
# Changed for Django 1.11 upgrade
from django.conf.urls import url, include
from django.conf import settings
# Uncomment the next two lines to enable the admin:
from django.urls import re_path, include
from django.contrib import admin
admin.autodiscover()
from django.contrib.auth.views import LogoutView
from django.views.generic import TemplateView
# Import feeds
import core.views
from events.feeds import EventFeed, feedview
# After Django 1.10, have to import views directly, rather
# than just using a string
import events.reports
import events.views
from ligoauth.views import (
manage_password, ShibLoginView, ShibPostLoginView
)
import search.views
import events.reports
# Django admin auto-discover
admin.autodiscover()
feeds = {
'latest' : EventFeed
}
urlpatterns = [
url(r'^$', events.views.index, name="home"),
url(r'^navbar_only$', events.views.navbar_only, name="navbar-only"),
url(r'^SPInfo', events.views.spinfo, name="spinfo"),
url(r'^SPPrivacy', events.views.spprivacy, name="spprivacy"),
url(r'^DiscoveryService', events.views.discovery, name="discovery"),
url(r'^events/', include('events.urls')),
url(r'^superevents/', include('superevents.urls')),
url(r'^options/', include('userprofile.urls')),
url(r'^feeds/(?P<url>.*)/$', EventFeed()),
url(r'^feeds/$', feedview, name="feeds"),
url(r'^performance/$', events.views.performance, name="performance"),
url(r'^reports/$', events.reports.histo, name="reports"),
url(r'^reports/cbc_report/(?P<format>(json|flex))?$',
events.reports.cbc_report, name="cbc_report"),
url(r'^latest/$', search.views.latest, name="latest"),
re_path(r'^$', events.views.index, name="home"),
re_path(r'^navbar_only$', TemplateView.as_view(
template_name='navbar_only.html'), name="navbar-only"),
re_path(r'^SPInfo', TemplateView.as_view(template_name='gracedb/spinfo.html'),
name="spinfo"),
re_path(r'^SPPrivacy', TemplateView.as_view(
template_name='gracedb/spprivacy.html'), name="spprivacy"),
re_path(r'^DiscoveryService', TemplateView.as_view(
template_name='discovery.html'), name="discovery"),
re_path(r'^events/', include('events.urls')),
re_path(r'^superevents/', include('superevents.urls')),
re_path(r'^alerts/', include('alerts.urls')),
re_path(r'^feeds/(?P<url>.*)/$', EventFeed()),
re_path(r'^feeds/$', feedview, name="feeds"),
re_path(r'^other/$', TemplateView.as_view(template_name='other.html'),
name='other'),
re_path(r'^performance/$', events.views.performance, name="performance"),
re_path(r'^reports/$', events.reports.reports_page_context, name="reports"),
re_path(r'^latest/$', search.views.latest, name="latest"),
#(r'^reports/(?P<path>.+)$', 'django.views.static.serve',
# {'document_root': settings.LATENCY_REPORT_DEST_DIR}),
url(r'^search/$', search.views.search, name="mainsearch"),
re_path(r'^search/$', search.views.search, name="mainsearch"),
# Authentication
re_path(r'^login/$', ShibLoginView.as_view(), name='login'),
re_path(r'^post-login/$', ShibPostLoginView.as_view(), name='post-login'),
re_path(r'^logout/$', LogoutView.as_view(), name='logout'),
# Password management
re_path('^manage-password/$', manage_password, name='manage-password'),
# API URLs
url(r'^apibasic/', include('api.urls', namespace="basic")),
url(r'^apiweb/', include('api.urls', namespace="shib")),
url(r'^api/', include('api.urls', namespace="x509")),
#url(r'^apinew/', include('api.urls')), # one place for all auth schemes
re_path(r'^api/', include('api.urls')),
# Legacy API URLs - must be maintained!
re_path(r'^apibasic/', include('api.urls', namespace='legacy_apibasic')),
re_path(r'^apiweb/', include('api.urls', namespace='legacy_apiweb')),
# Heartbeat URL
re_path(r'^heartbeat/$', core.views.heartbeat, name='heartbeat'),
# Uncomment the admin/doc line below and add 'django.contrib.admindocs'
# to INSTALLED_APPS to enable admin documentation:
# (r'^admin/doc/', include('django.contrib.admindocs.urls')),
url(r'^admin/', admin.site.urls),
re_path(r'^admin/', admin.site.urls),
# Sessions
re_path(r'^', include('user_sessions.urls', 'user_sessions')),
]
# We don't require settings.DEBUG for django-silk since running unit tests
# by default setings settings.DEBUG to False, unless you use the
# --debug-mode flag
if settings.DEBUG or ('silk' in settings.INSTALLED_APPS and
['silk' in m for m in settings.MIDDLEWARE]):
if ('silk' in settings.INSTALLED_APPS):
# Add django-silk
urlpatterns = [
url(r'^silk/', include('silk.urls', namespace='silk'))
re_path(r'^silk/', include('silk.urls', namespace='silk'))
] + urlpatterns
# Add django-debug-toolbar
if settings.DEBUG and 'debug_toolbar' in settings.INSTALLED_APPS:
import debug_toolbar
urlpatterns = [
url(r'^__debug__/', include(debug_toolbar.urls)),
re_path(r'^__debug__/', include(debug_toolbar.urls)),
] + urlpatterns
config/wsgi.py
View file @ 5797d777
......@@ -3,12 +3,8 @@ import sys
from os.path import abspath, dirname, join
# Parameters
SETTINGS_MODULE = 'config.settings'
DEFAULT_SETTINGS_MODULE = 'config.settings.vm.dev'
PROJECT_ROOT_NAME = 'gracedb'
VENV_NAME = 'djangoenv'
# Set DJANGO_SETTINGS_MODULE environment variable if not already set
os.environ.setdefault('DJANGO_SETTINGS_MODULE', SETTINGS_MODULE)
# Set up base dir of repository
BASE_DIR = abspath(join(dirname(__file__), ".."))
......@@ -17,14 +13,11 @@ BASE_DIR = abspath(join(dirname(__file__), ".."))
sys.path.append(BASE_DIR)
sys.path.append(join(BASE_DIR, PROJECT_ROOT_NAME))
# Activate the virtual environment
VIRTUALENV_ACTIVATOR = abspath(join(BASE_DIR, '..', VENV_NAME, 'bin',
'activate_this.py'))
execfile(VIRTUALENV_ACTIVATOR, dict(__file__=VIRTUALENV_ACTIVATOR))
# Set DJANGO_SETTINGS_MODULE environment variable if it's not already set
os.environ.setdefault('DJANGO_SETTINGS_MODULE', DEFAULT_SETTINGS_MODULE)
# Matplotlib config directory
os.environ['MPLCONFIGDIR'] = '/tmp/'
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
docker/SWITCHaai-swdistrib.gpg 0 → 100644
View file @ 5797d777
File added
docker/apache-config 0 → 100644
View file @ 5797d777
ServerName ${DJANGO_PRIMARY_FQDN}
<VirtualHost *:80>
ServerName https://${DJANGO_PRIMARY_FQDN}:443
UseCanonicalName On
ServerSignature On
ErrorLog /dev/stderr
Transferlog /dev/stdout
ServerAdmin cgca-admins@uwm.edu
## Log format
LogFormat "APACHE | %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
## Vhost docroot
DocumentRoot "/var/www/html"
## Directories, there should at least be a declaration for /var/www/html
<Directory "/var/www/html">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
# Improve proxy behavior with gunicorn:
# https://serverfault.com/questions/206738/intermittent-error-when-using-mod-proxy-to-do-reverse-proxy-to-soap-service#comment1327184_209006
# https://github.com/benoitc/gunicorn/issues/207
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
## Custom fragment
# gUnicorn edits
Alias /shibboleth-ds/idpselect_config.js /etc/shibboleth-ds/idpselect_config.js
Alias /shibboleth-ds/idpselect.js /etc/shibboleth-ds/idpselect.js
Alias /shibboleth-ds/idpselect.css /etc/shibboleth-ds/idpselect.css
Alias /static/ "/app/gracedb_project/static_root/"
# Aliases for docs and admin_docs
Alias /documentation/ "/app/gracedb_project/docs/user_docs/build/"
Alias /admin_docs/ "/app/gracedb_project/docs/admin_docs/build/"
ProxyPreserveHost on
ProxyAddHeaders off
ProxyPass "/robots.txt" "!"
ProxyPass "/shibboleth-ds" "!"
ProxyPass "/Shibboleth.sso" "!"
ProxyPass "/static" "!"
ProxyPass "/documentation" "!"
ProxyPass "/admin_docs" "!"
ProxyPass "/" "http://localhost:8080/" timeout=120
ProxyPassReverse "/" "http://localhost:8080/"
# This section is for apache2 timeout and keepalive tuning parameters.
# https://ioflood.com/blog/2020/02/21/what-is-apache-keepalive-timeout-how-to-optimize-this-critical-setting/
# KeepAlive will... keep a connection alive for subsequent requests.
# Turn this on.
KeepAlive On
# The maximum number of requests served to a client before terminating the connection.
# This can be large, possibly safely unlimited. (0 = unlimited)
MaxKeepAliveRequests 0
# The number of seconds Apache will wait for a subsequent request before closing the
# connection. Once a request has been received, the timeout value specified by the
# Timeout directive applies. Setting KeepAliveTimeout to a high value may cause
# performance problems in heavily loaded servers. The higher the timeout, the more
# server processes will be kept occupied waiting on connections with idle clients
KeepAliveTimeout 5
# Amount of time the server will wait for certain events before failing a
# request. The TimeOut directive defines the length of time Apache will wait for
# I/O (e.g., when reading data from the client, when writing data to the client, etc.)
# Default: 300s. Try setting this lower, then do a test like a long query with the API
# and in the browser and see what happens.
Timeout 60
# Unset certain headers to help prevent spoofing
RequestHeader unset REMOTE_USER
RequestHeader unset ISMEMBEROF
RequestHeader unset X_FORWARDED_FOR
RequestHeader unset REMOTE_ADDR
RequestHeader unset SSL_CLIENT_S_DN
RequestHeader unset SSL_CLIENT_I_DN
RequestHeader unset X_FORWARDED_PROTO
# Get a few of them from the environment
RequestHeader set X_FORWARDED_FOR "%{X_FORWARDED_FOR}e" env=X_FORWARDED_FOR
RequestHeader set REMOTE_ADDR "%{REMOTE_ADDR}e" env=REMOTE_ADDR
# Set X_FORWARDED_PROTO to https
RequestHeader set X_FORWARDED_PROTO "https"
# Increase the max allowable header size:
LimitRequestFieldSize 16384
# Set up mod_xsendfile for serving static event files as directed by Django
XSendFile On
XSendFilePath /app/db_data/
Alias /shibboleth-ds/idpselect_config.js /etc/shibboleth-ds/idpselect_config.js
Alias /shibboleth-ds/idpselect.js /etc/shibboleth-ds/idpselect.js
Alias /shibboleth-ds/idpselect.css /etc/shibboleth-ds/idpselect.css
<Directory /etc/shibboleth-ds>
Require all granted
</Directory>
# Deny access to the DocumentRoot. This makes it possible to upload
# large files. See notes.
<Directory "/var/www/">
Require all denied
</Directory>
<Directory "/app/gracedb_project/static_root/">
AllowOverride None
Options None
Require all granted
</Directory>
Alias /robots.txt /app/gracedb_project/static_root/robots.txt
<Location /Shibboleth.sso>
SetHandler shib
Require all granted
</Location>
<Location /shibboleth-sp>
Require all granted
</Location>
<Location "/post-login/">
AuthType Shibboleth
Require shibboleth
ShibRequestSetting requireSession true
ShibUseHeaders On
# use funky method to get REMOTE_USER variable
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader set REMOTE_USER %{RU}e
# this way only works with SSLEngine On because REMOTE_USER is secure variable
#RequestHeader set REMOTE_USER %{REMOTE_USER}s
RequestHeader set ISMEMBEROF "%{ISMEMBEROF}e" env=ISMEMBEROF
</Location>
<Directory "/app/gracedb_project/docs/user_docs/build/">
Require all granted
</Directory>
# Restrict access to admin documentation
<Location "/admin_docs/">
AuthType Shibboleth
ShibRequestSetting requireSession true
ShibUseHeaders On
Require shib-user duncan.meacher@ligo.org alexander.pace@ligo.org daniel.wysocki@ligo.org patrick.brady@ligo.org
</Location>
</VirtualHost>
docker/backports.pref 0 → 100644
View file @ 5797d777
Explanation: shibboleth 3.0 dependencies
Package: init-system-helpers libxerces-c3.2
Pin: release a=stretch-backports
Pin-Priority: 500
docker/check_shibboleth_status 0 → 100644
View file @ 5797d777
#!/usr/bin/python3
'''
Pulls Shibboleth status.sso page, checks for:
1. Presence of <OK/> tags under Status and SessionCache,
2. Presence of required metadata feeds (see metadata_feeds).
Run ./check_shibboleth_status -h for help.
'''
# Imports
import argparse
import sys
import xml.etree.ElementTree as ET
try:
from urllib.request import urlopen
from urllib.error import URLError
except ImportError: # python < 3
from urllib2 import (urlopen, URLError)
# Parameters - may need to be modified in the future
# if Shibboleth status pages change or new metadata
# providers are added.
tags_to_check = ["Status", "SessionCache"] # XML tags to check for "OK" status.
# Metadata feeds.
default_metadata_feeds = ["ligo-approved-idp-none", "incommon", "cirrus"]
# Default arguments
default_host = "localhost"
default_urlpath = "Shibboleth.sso/Status"
default_timeout = 10
# Process arguments.
parser = argparse.ArgumentParser(formatter_class=
argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument("-H", "--host", type=str,
help="Hostname of gracedb server",
default=default_host)
parser.add_argument("-U", "--urlpath", type=str,
help="Path to gracedb server Shibboleth status page",
default=default_urlpath)
parser.add_argument("-T", "--timeout", type=int,
help="Maximum time (in sec.) to allow connecting to server",
default=default_timeout)
parser.add_argument("-F", "--feeds", type=str,
help=("Comma-separated list of metadata feeds to check"
"for the presence of"), default=",".join(
default_metadata_feeds))
args = parser.parse_args()
host = "http://" + args.host
urlpath = args.urlpath
timeout = args.timeout
metadata_feeds = args.feeds.split(",")
# Get XML data from URL.
host_url = host + "/" + urlpath
try:
response = urlopen(host_url, timeout=timeout)
except URLError:
print("Error opening Shibboleth status page (" + host_url + ").")
sys.exit(2)
except:
print("Unknown error opening Shibboleth status page (" + host_url + ").")
sys.exit(3)
# Convert from string to ElementTree
try:
status_tree = ET.fromstring(response.read())
except ET.ParseError:
# Error parsing response.
print("Error parsing response from server - not in XML format.")
sys.exit(2)
except:
# Error that is not ParseError.
print("Unknown error occurred when parsing response from server.")
sys.exit(3)
response.close()
# Process XML. ----------------------------
# Check 1: find <Status> and <SessionCache> tags, make sure
# they both contain an <OK/> child.
for tag in tags_to_check:
status_tag = status_tree.find(tag)
if (status_tag is None):
print("Error: tag \'" + tag + "\' not found.")
sys.exit(2)
else:
status_OK = status_tag.find('OK')
if (status_OK is None):
print("Error: tag \'" + tag + "\' is not OK.")
sys.exit(2)
# Check 2: make sure metadata feeds that we expect
# are actually there.
metaprov_tags = status_tree.findall("MetadataProvider")
srcs = [element.attrib['source'] for element in metaprov_tags]
for feed in metadata_feeds:
feed_found = [src.lower().find(feed) >= 0 for src in srcs]
if (sum(feed_found) < 1):
print("MetadataProvider " + feed + " not found.")
sys.exit(2)
elif (sum(feed_found) < 1):
print("MetadataProvider " + feed + "found in multiple elements.")
sys.exit(2)
# If we make it to this point, everything is OK.
print("All MetadataProviders found. Status and SessionCache are OK.")
sys.exit(0)
docker/cleanup 0 → 100644
View file @ 5797d777
#!/bin/sh
python3 /app/gracedb_project/manage.py update_user_accounts_from_ligo_ldap kagra
python3 /app/gracedb_project/manage.py update_user_accounts_from_ligo_ldap ligo
python3 /app/gracedb_project/manage.py update_user_accounts_from_ligo_ldap robots
python3 /app/gracedb_project/manage.py update_catalog_managers_group
python3 /app/gracedb_project/manage.py remove_inactive_alerts
python3 /app/gracedb_project/manage.py clearsessions 2>&1 | grep -v segment
python3 /app/gracedb_project/manage.py remove_old_mdc_public_perms
PGPASSWORD=$DJANGO_DB_PASSWORD psql -h $DJANGO_DB_HOST -U $DJANGO_DB_USER -c "VACUUM VERBOSE ANALYZE;" $DJANGO_DB_NAME
docker/entrypoint 0 → 100644
View file @ 5797d777
#!/bin/bash
export LVALERT_OVERSEER_RESOURCE=${LVALERT_USER}_overseer_$(python3 -c 'import uuid; print(uuid.uuid4().hex)')
# Change the file permissions and ownership on /app/db_data:
chown gracedb:www-data /app/db_data
chmod 755 /app/db_data
## PGA: 2019-10-15: use certs from secrets for Shibboleth SP
SHIB_SP_CERT=/run/secrets/saml_certificate
SHIB_SP_KEY=/run/secrets/saml_private_key
if [[ -f $SHIB_SP_CERT && -f $SHIB_SP_KEY ]]
then
echo "Using Shibboleth Cert from docker secrets over the image one"
cp -f $SHIB_SP_CERT /etc/shibboleth/sp-cert.pem
cp -f $SHIB_SP_KEY /etc/shibboleth/sp-key.pem
chown _shibd:_shibd /etc/shibboleth/sp-{cert,key}.pem
chmod 0600 /etc/shibboleth/sp-key.pem
fi
## PGA 2019-10-16: use secrets for sensitive environment variables
LIST="aws_ses_access_key_id
aws_ses_secret_access_key
django_db_password
django_secret_key
django_twilio_account_sid
django_twilio_auth_token
lvalert_password
igwn_alert_password
gracedb_ldap_keytab
egad_url
egad_api_key
django_sentry_dsn"
for SECRET in $LIST
do
VARNAME=$( tr [:lower:] [:upper:] <<<$SECRET)
[ -f /run/secrets/$SECRET ] && export $VARNAME="$(< /run/secrets/$SECRET)"
done
# get x509 cert for ldap access from environment variable.
echo "${GRACEDB_LDAP_KEYTAB}" | base64 -d | install -m 0600 /dev/stdin keytab
kinit ldap/gracedb.ligo.org@LIGO.ORG -k -t keytab
exec "$@"
docker/inc-md-cert.pem 0 → 100644
View file @ 5797d777
-----BEGIN CERTIFICATE-----
MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
-----END CERTIFICATE-----
docker/login.ligo.org.cert.LIGOCA.pem 0 → 100644
View file @ 5797d777
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 40 (0x28)
Signature Algorithm: sha1WithRSAEncryption
Issuer: DC=org, DC=ligo, O=LIGO, OU=Certificate Authorities, OU=Web Services, CN=LIGO CA 1
Validity
Not Before: Dec 20 19:42:07 2010 GMT
Not After : Dec 19 19:42:07 2020 GMT
Subject: DC=org, DC=ligo, O=LIGO, OU=Web Services, CN=login.ligo.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:dc:4c:a7:a0:cd:c3:7e:af:94:57:cc:c6:e7:fe:
3d:0b:e2:28:f2:b6:39:fd:0e:46:d8:a9:4a:39:8e:
bb:f3:47:e1:3b:0d:4b:a4:9c:72:a8:16:29:d9:ba:
ef:75:71:8d:4b:36:b2:68:0e:94:b8:20:dc:b1:d3:
3c:f4:a5:c5:f4:76:1c:f1:59:34:7d:5a:cc:14:41:
89:7a:e3:27:8e:4f:7c:d1:e8:a2:52:d0:4e:a0:97:
6d:46:bf:7b:44:99:40:1a:5f:3d:40:1b:54:a7:27:
f4:38:cb:f0:e4:b7:9d:d2:28:b6:3b:b3:ce:f5:ba:
fb:e8:3e:16:62:0f:c3:de:da:f5:a7:b3:29:85:7a:
de:74:00:4d:37:76:71:d5:6c:ed:fb:15:5f:ad:50:
da:25:28:d8:cf:f1:b0:5a:9b:e2:82:72:32:42:fe:
36:84:b4:de:7f:67:14:45:c1:7e:e3:2b:5c:0c:ae:
bb:36:1f:b3:01:03:df:8a:8c:10:36:ea:2a:2c:54:
f0:fd:6b:13:20:f7:20:aa:35:c8:bf:6b:5b:7a:ca:
31:be:b1:5f:1d:13:c5:5c:7d:ab:1b:e7:c3:a1:9b:
1b:74:75:8e:cf:ec:61:c3:95:84:2f:23:0e:35:76:
ef:ef:bc:d6:ab:30:3d:c2:de:1d:21:ec:f1:43:2c:
24:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.32070.2.1.2.1
X509v3 CRL Distribution Points:
URI:http://ca.ligo.org/541404c3/541404c3.crl
X509v3 Authority Key Identifier:
keyid:52:6E:DD:7B:AA:6F:85:5C:08:22:D3:97:9F:AD:7F:23:56:1E:6A:D1
X509v3 Subject Alternative Name:
DNS:login.ligo.org:scott.koranda@ligo.org
Signature Algorithm: sha1WithRSAEncryption
1e:4b:cb:44:4c:35:7e:0b:19:85:07:b2:82:10:50:04:84:80:
c2:84:8d:ab:0d:5c:fb:b8:68:c6:0d:b9:83:a4:02:be:8e:0a:
4b:e6:da:45:f2:19:d0:69:da:d0:c5:e7:30:46:03:05:43:e1:
84:94:92:f9:03:d0:dd:31:ec:18:ad:c9:77:3a:14:8e:12:9f:
2a:ab:1a:5f:8a:eb:3d:ac:9d:c8:ce:74:e2:72:0c:de:1c:6d:
54:67:2d:b9:c9:ac:4d:c1:96:1c:00:92:ac:89:d9:81:c8:83:
9a:73:75:14:91:cf:9b:4f:bf:a3:41:2e:36:42:e6:ec:11:bc:
5c:07:0c:43:ad:bb:9e:fa:b4:1d:0f:d5:f9:00:70:78:e4:be:
dc:3d:84:fe:fa:17:43:c1:d6:01:7e:8f:0b:b7:9a:08:ff:0c:
be:cf:d0:cd:a4:1e:77:b9:86:80:e2:b1:e2:1c:9a:68:97:a3:
96:06:06:59:19:ad:ca:17:8f:50:f1:44:fa:69:bf:04:06:9b:
f3:2c:24:75:c4:79:69:9a:dc:be:3e:25:8e:83:a6:b8:75:91:
9b:86:5f:85:9b:ae:d9:1d:07:97:ec:b1:08:51:93:53:7a:f1:
64:e3:5d:a1:73:e1:95:42:e2:b2:38:7b:d5:56:f4:f2:15:84:
d9:e8:72:98
-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIBKDANBgkqhkiG9w0BAQUFADCBhzETMBEGCgmSJomT8ixk
ARkWA29yZzEUMBIGCgmSJomT8ixkARkWBGxpZ28xDTALBgNVBAoTBExJR08xIDAe
BgNVBAsTF0NlcnRpZmljYXRlIEF1dGhvcml0aWVzMRUwEwYDVQQLEwxXZWIgU2Vy
dmljZXMxEjAQBgNVBAMTCUxJR08gQ0EgMTAeFw0xMDEyMjAxOTQyMDdaFw0yMDEy
MTkxOTQyMDdaMGoxEzARBgoJkiaJk/IsZAEZFgNvcmcxFDASBgoJkiaJk/IsZAEZ
FgRsaWdvMQ0wCwYDVQQKEwRMSUdPMRUwEwYDVQQLEwxXZWIgU2VydmljZXMxFzAV
BgNVBAMTDmxvZ2luLmxpZ28ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3EynoM3Dfq+UV8zG5/49C+Io8rY5/Q5G2KlKOY6780fhOw1LpJxyqBYp
2brvdXGNSzayaA6UuCDcsdM89KXF9HYc8Vk0fVrMFEGJeuMnjk980eiiUtBOoJdt
Rr97RJlAGl89QBtUpyf0OMvw5Led0ii2O7PO9br76D4WYg/D3tr1p7MphXredABN
N3Zx1Wzt+xVfrVDaJSjYz/GwWpvignIyQv42hLTef2cURcF+4ytcDK67Nh+zAQPf
iowQNuoqLFTw/WsTIPcgqjXIv2tbesoxvrFfHRPFXH2rG+fDoZsbdHWOz+xhw5WE
LyMONXbv77zWqzA9wt4dIezxQywkxQIDAQABo4HpMIHmMAwGA1UdEwEB/wQCMAAw
DgYDVR0PAQH/BAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAZ
BgNVHSAEEjAQMA4GDCsGAQQBgfpGAgECATA5BgNVHR8EMjAwMC6gLKAqhihodHRw
Oi8vY2EubGlnby5vcmcvNTQxNDA0YzMvNTQxNDA0YzMuY3JsMB8GA1UdIwQYMBaA
FFJu3Xuqb4VcCCLTl5+tfyNWHmrRMDAGA1UdEQQpMCeCJWxvZ2luLmxpZ28ub3Jn
OnNjb3R0LmtvcmFuZGFAbGlnby5vcmcwDQYJKoZIhvcNAQEFBQADggEBAB5Ly0RM
NX4LGYUHsoIQUASEgMKEjasNXPu4aMYNuYOkAr6OCkvm2kXyGdBp2tDF5zBGAwVD
4YSUkvkD0N0x7BityXc6FI4SnyqrGl+K6z2sncjOdOJyDN4cbVRnLbnJrE3BlhwA
kqyJ2YHIg5pzdRSRz5tPv6NBLjZC5uwRvFwHDEOtu576tB0P1fkAcHjkvtw9hP76
F0PB1gF+jwu3mgj/DL7P0M2kHne5hoDiseIcmmiXo5YGBlkZrcoXj1DxRPppvwQG
m/MsJHXEeWma3L4+JY6Dprh1kZuGX4WbrtkdB5fssQhRk1N68WTjXaFz4ZVC4rI4
e9VW9PIVhNnocpg=
-----END CERTIFICATE-----
docker/mpm_prefork.conf 0 → 100644
View file @ 5797d777
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxRequestWorkers: maximum number of server processes allowed to start
# MaxConnectionsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxRequestWorkers 128
ServerLimit 128
MaxConnectionsPerChild 0
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
docker/shibboleth-ds/LICENSE.txt 0 → 100644
View file @ 5797d777
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
docker/shibboleth-ds/Makefile 0 → 100644
View file @ 5797d777
#
# Note: Changes made here should be reflected in the windows .bat file at src/build.bat
#
INSTALL=/usr/bin/install
JAVA=java
TAR=tar
ZIP=zip
TARGET=shibboleth-embedded-ds-1.2.0
prefix=
sysconfdir=${prefix}/etc
all:
install: index.html
${INSTALL} -d $(DESTDIR)${sysconfdir}/shibboleth-ds
${INSTALL} -m 644 *.txt *.html *.css *.gif *.js *.conf $(DESTDIR)${sysconfdir}/shibboleth-ds
clean:
rm -rf ${TARGET}
kit: clean
mkdir ${TARGET}
mkdir ${TARGET}/nonminimised
cat src/javascript/idpselect_languages.js src/javascript/typeahead.js src/javascript/idpselect.js | ${JAVA} -jar build/yuicompressor-2.4.8.jar -o ${TARGET}/idpselect.js --type js
cp Makefile shibboleth-embedded-ds.spec LICENSE.txt doc/*.txt src/resources/index.html src/resources/idpselect.css src/resources/blank.gif src/javascript/idpselect_config.js src/apache/*.conf ${TARGET}
cp src/javascript/*.js ${TARGET}/nonminimised
dist: kit
${TAR} czf ${TARGET}.tar.gz ${TARGET}/*
${ZIP} ${TARGET}.zip ${TARGET}/*
rm -rf ${TARGET}
docker/shibboleth-ds/README.txt 0 → 100644
View file @ 5797d777
Welcome to the Shibboleth Embedded Discovery Service.
Shibboleth is a federated web authentication and attribute exchange
system based on SAML. The Embedded Discovery Service allows anyone
running a suitable SP to quickly and easily deploy IdP discovery.
For full instructions on installation and deployment please read:
https://wiki.shibboleth.net/confluence/display/EDS10
INSTALLED FILES.
================
The following files will be installed, please consult the documentation
for more details.
index.html - An example file showing how to embed the EDS into a
standard webpage.
idpselect.js - The minified sources for the EDS. DO NOT EDIT THIS FILE
since it will be updated by future releases.
idpselect_config.js - Configuration. Edit this file according to the
documentation (cited above).
idpselect.css - CSS for the EDS. You may wish to edit this file.
README.TXT - This file
RELEASE-NOTES.TXT - The list of bugs fixed in this and previous releases.
FURTHER DETAILS.
================
Shibboleth is licensed under the Apache 2.0 license which is provided in the
LICENSE.txt file.
Shibboleth Project Site:
http://shibboleth.internet2.edu/
Shibboleth Documentation Site:
https://wiki.shibboleth.net/confluence/display/SHIB2/Home
Source and binary distributions
http://www.shibboleth.net/downloads/
Bug Tracker:
https://issues.shibboleth.net/
Other sources:
This tools embeds the JSON parsing tool from https://github.com/douglascrockford/JSON-js
The build process uses the yui compressor (http://developer.yahoo.com/yui/compressor/)
docker/shibboleth-ds/RELEASE-NOTES.txt 0 → 100644
View file @ 5797d777
See https://issues.shibboleth.net/jira/projects/EDS
docker/shibboleth-ds/blank.gif 0 → 100644
View file @ 5797d777
docker/shibboleth-ds/blank.gif

43 B

docker/shibboleth-ds/idpselect.css 0 → 100644
View file @ 5797d777
/* Top level is idpSelectIdPSelector */
#idpSelectIdPSelector
{
width:fit-content;
text-align: center;
background-color: #FFFFFF;
border: 2px #A40000 solid;
padding: 10px;
margin-top:25px;
margin-bottom:25px;
}
/* Next down are the idpSelectPreferredIdPTile, idpSelectIdPEntryTile & idpSelectIdPListTile */
/**
* The preferred IdP tile (if present) has a specified height, so
* we can fit the preselected * IdPs in there
*/
#idpSelectPreferredIdPTile
{
height: 138px /* Force the height so that the selector box
* goes below when there is only one preslect
*/
}
#idpSelectPreferredIdPTileNoImg
{
height:60px;
}
/***
* The preselect buttons
*/
div.IdPSelectPreferredIdPButton
{
margin: 3px;
width: 120px; /* Make absolute because 3 of these must fit inside
div.IdPSelect{width} with not much each side. */
float: left;
}
/*
* Make the entire box look like a hyperlink
*/
div.IdPSelectPreferredIdPButton a
{
float: left;
width: 99%; /* Need a specified width otherwise we'll fit
the contents which we don't want because
they have auto margins */
}
div.IdPSelectTextDiv{
height: 3.5ex; /* Add some height to separate the text from the boxes */
font-size: 15px;
clear: left;
}
div.IdPSelectPreferredIdPImg
{
/* max-width: 95%; */
height: 69px; /* We need the absolute height to force all buttons to the same size */
margin: 2px;
}
img.IdPSelectIdPImg {
width:auto;
}
div.IdPSelectautoDispatchTile {
display: block;
}
div.IdPSelectautoDispatchArea {
margin-top: 30px ;
}
div.IdPSelectPreferredIdPButton img
{
display: block; /* Block display to allow auto centring */
max-width: 114px; /* Specify max to allow scaling, percent does work */
max-height: 64px; /* Specify max to allow scaling, percent doesn't work */
margin-top: 3px ;
margin-bottom: 3px ;
border: solid 0px #000000; /* Strip any embellishments the brower may give us */
margin-left: auto; /* Auto centring */
margin-right: auto; /* Auto centring */
}
div.IdPSelectPreferredIdPButton div.IdPSelectTextDiv
{
text-align: center;
font-size: 12px;
font-weight: normal;
max-width: 95%;
height: 30px; /* Specify max height to allow two lines. The
* Javascript controlls the max length of the
* strings
*/
}
/*
* Force the size of the selectors and the buttons
*/
#idpSelectInput, #idpSelectSelector
{
width: 80%;
}
/*
* For some reason a <select> width includes the border and an
* <input> doesn't hence we have to force a margin onto the <select>
*/
#idpSelectSelector
{
margin-left: 2px;
margin-right: 2px;
}
#idpSelectSelectButton, #idpSelectListButton
{
margin-left: 5px;
width: 16%;
}
#idpSelectSelectButton
{
padding-left: 2px;
padding-right: 2px;
}
/*
* change underlining of HREFS
*/
#idpSelectIdPSelector a:link
{
text-decoration: none;
}
#idpSelectIdPSelector a:visited
{
text-decoration: none;
}
#idpSelectIdPSelector a:hover
{
text-decoration: underline;
}
/*
* Arrange to have the dropdown/list aref on the left and the
* help button on the right
*/
a.IdPSelectDropDownToggle
{
display: inline-block;
width: 80%;
}
a.IdPSelectHelpButton
{
display: inline-block;
text-align: right;
width: 20%;
}
/**
* Drop down (incremental search) stuff - see the associated javascript for reference
*/
ul.IdPSelectDropDown {
-moz-box-sizing: border-box;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: small;
box-sizing: border-box;
list-style: none;
padding-left: 0px;
border: 1px solid black;
z-index: 6;
position: absolute;
}
ul.IdPSelectDropDown li {
background-color: white;
cursor: default;
padding: 0px 3px;
}
ul.IdPSelectDropDown li.IdPSelectCurrent {
background-color: #3366cc;
color: white;
}
/* Legacy */
div.IdPSelectDropDown {
-moz-box-sizing: border-box;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: small;
box-sizing: border-box;
border: 1px solid black;
z-index: 6;
position: absolute;
}
div.IdPSelectDropDown div {
background-color: white;
cursor: default;
padding: 0px 3px;
}
div.IdPSelectDropDown div.IdPSelectCurrent {
background-color: #3366cc;
color: white;
}
/* END */