I am trying to configure shibboleth service provider in kubernetes environment.
In non-docker environment, apache2 and shibd services runs no the same server and apache2 communicates with shibd using mod_shib apache module (correct me if am wrong)
Is it possible to deploy shibboleth service provider in separate container and apache in separate container? If yes, has anyone done this already? Is there any docs?
As because I already have pods running my environment. One for apache and another one for java spring boot application. Apache acts as a reverse proxy for my java app.
Now I just want to deploy one more container for shibboleth, is it possible?
Shibboleth must be installed inside apache itself.
So No, you cannot separate out shibboleth container out of apache container.
Your assumption is right, you apache communicates with mod_shib.
You have three options,
Issue with this is, you need to setup everything else related to apache on your own for this one.
As you want to install shibboleth SP, you may try to proxy pass the secured location like /secure
in reverse proxy apache to shibboleth installed apache.
This way you can separate out reverse proxy and shibboleth SP in separate container, but you may add little overhead for multiple proxies. However, I don't see too much overhead, though.
Shibboleth in linux is only out of box supported in RPM based distribution. You need to modify shibboleth2.xml
. Add some metadata file or URL for IdP. Some certificates too.
You can mix this option with first two too.