Initial PoC

.gitignore

@@ -0,0 +1 @@
+data_*/*

conf/grafana.ini

@@ -0,0 +1,19 @@
+[server]
+
+[log.console]
+level = debug
+
+[users]
+allow_sign_up = false
+auto_assign_org = true
+auto_assign_org_role = Editor
+
+[auth]
+disable_login_form = true
+
+[auth.proxy]
+enabled = true
+header_name = X-WEBAUTH-USER
+header_property = username
+auto_sign_up = true
+

conf/saml.conf

@@ -0,0 +1,46 @@
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_html_module modules/mod_proxy_html.so
+LoadModule proxy_connect_module modules/mod_proxy_connect.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule proxy_http2_module modules/mod_proxy_http2.so
+
+<VirtualHost *:80>
+  ServerName localhost
+  Redirect / https://localhost/
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName https://localhost
+  ProxyRequests Off
+  ProxyPreserveHost On
+  DocumentRoot /var/www
+  LoadModule auth_mellon_module /usr/local/apache2/modules/mod_auth_mellon.so
+
+  SSLEngine On
+  SSLCertificateFile /usr/local/apache2/ssl/apache-selfsigned.crt
+  SSLCertificateKeyFile /usr/local/apache2/ssl/apache-selfsigned.key
+
+  ProxyRequests Off
+  ProxyPass /mellon/ !
+  ProxyPass /healthcheck/ !
+  ProxyPass / http://grafana:3000/
+  ProxyPassReverse / http://grafana:3000/
+
+  RequestHeader set X-WEBAUTH-USER %{MELLON_NAME_ID}e
+  RequestHeader set X-Forwarded-Proto "https"
+  
+  <Location / >
+    AuthType Mellon
+    MellonEnable auth
+    Require valid-user
+
+    MellonEndpointPath /mellon/
+    MellonSPMetadataFile /etc/httpd/saml2/mellon_metadata.xml
+    MellonSPPrivateKeyFile /etc/httpd/saml2/mellon.key
+    MellonSPCertFile /etc/httpd/saml2/mellon.crt
+    MellonIdPMetadataFile /etc/httpd/saml2/idp_metadata.xml
+  </Location>
+
+
+</VirtualHost>

conf/saml2/idp_metadata.xml

@@ -0,0 +1,39 @@
+<md:EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    entityID="http://127.0.0.1:8080/realms/saml">
+    <md:IDPSSODescriptor WantAuthnRequestsSigned="true"
+        protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <md:KeyDescriptor use="signing">
+            <ds:KeyInfo>
+                <ds:KeyName>3DrQCUPy-TIuAqPnr0hM5wzvQcycxfzX8xM3XbgywIQ</ds:KeyName>
+                <ds:X509Data>
+                    <ds:X509Certificate>
+                        MIIClzCCAX8CBgGPe4dhgDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARzYW1sMB4XDTI0MDUxNTA5MTIwMFoXDTM0MDUxNTA5MTM0MFowDzENMAsGA1UEAwwEc2FtbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmMWzxbM/CQ51MEz7jO8eR+66eaoBQFUG30P71gmNfYdB0Zt8hs5dyZ8Gi7uDEptDJsUMFkdVbhSwmhQmNkEz8kVS+FwDtf7GSlfKllmBA8mjZO1aMGSmCgcHdiGwZmlldnPSHeidQkcQST42O3yAEmOvhpYyO5crOGBYei75xa+hDukjDBfv2uHKf8eeGIQM/+OInk/IL/Z2YjBUZNIeGWvL/x0IwCFL1bsP5b4vQTLtHAPAGnp4C629d2cs6hSMnFxKwMSl2CgVcQzl0SAtoKQkLgem5kp45M7XIVYWLAN0ETr9t5UrepgSa77FLBHO1uOxqOLdQAd6+qGB8oPtcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAlffRKMfiid6mG3Y84k+feGpR2T+quPOiAHv0CP4+IMp4WKxo+z6GpEPxXEqLaS/UXU+OrGB4R7xG6PVZ32HIWlVft2HVlIDPpar6EgrjI//e40HEEod9xspeR+K1wVc+vtmTMJShFKrmCkcZ4IQXAjNL5m+UMhbiZITeH8GsoMWY0UNWYKGb3nt9Aa0DLqC44JPkrBIKD6Y6slQhDkEwEyzEWh786DUXwB+I8QJ7PIXMcqAZAD2dkomUrh6hqcbxbYW8Rjs3KyH7pA64jMvcMS1Ida+oxUgNsLHTne/JbUt5MOnIczmM+unYMTdSB6hDCEFVMlPg1Vo+kzbN1cH2RA==</ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
+        </md:KeyDescriptor>
+        <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+            Location="http://127.0.0.1:8080/realms/saml/protocol/saml/resolve" index="0" />
+        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+            Location="http://127.0.0.1:8080/realms/saml/protocol/saml" />
+        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+            Location="http://127.0.0.1:8080/realms/saml/protocol/saml" />
+        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+            Location="http://127.0.0.1:8080/realms/saml/protocol/saml" />
+        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+            Location="http://127.0.0.1:8080/realms/saml/protocol/saml" />
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+            Location="http://127.0.0.1:8080/realms/saml/protocol/saml" />
+        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+            Location="http://127.0.0.1:8080/realms/saml/protocol/saml" />
+        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+            Location="http://127.0.0.1:8080/realms/saml/protocol/saml" />
+        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+            Location="http://127.0.0.1:8080/realms/saml/protocol/saml" />
+    </md:IDPSSODescriptor>
+</md:EntityDescriptor>

conf/saml2/mellon.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtTCCAZ0CFAETmBUXMGyYKEFkJYmJ+IIhi3r/MA0GCSqGSIb3DQEBCwUAMBcx
+FTATBgNVBAMMDDJhYTMxZjBhMmFiYjAeFw0yNDA1MTUxMjIyMjZaFw0zNDA1MTUx
+MjIyMjZaMBcxFTATBgNVBAMMDDJhYTMxZjBhMmFiYjCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAM+1mMnuzTM5Ll6hxxjaWIhalkG/EO+LKRf+R950NkRo
+JQZ14OdZWOyQ6QJgkKh28AC5ADO6PXVmG/iNUP1vLkyIS1j7HX89uvlvCjOvNcrw
+OONI+I5HfuuCypQq/0TEhToefF12CN0XNRwqJVpQUzfnN5qdWkyRLXTLAGVu4Vrx
+l864NUDARerTlFejgxinwjtMzor5kr3j/a26O8ZkocivOW/R7ejYIze7g8GFYW8F
+mBAJzm3X7ivMYLt/2cWXK6jgv6lLUJS/7AkJ0Z3eqy4HP0AVDsYBKzcE2PNpf2eQ
+1yhwNYD4dD/JiFFNXgVk/pZmAKBl0ORW2OjqXcCHHc8CAwEAATANBgkqhkiG9w0B
+AQsFAAOCAQEAhj/sI6vGLN9VLhiNQZeJoOjqEMsj3OxJg8Z7HYbPi1o/eASE9569
+UeposHcpWryaDeL3XeES9c3r0tZ9bguBJj6OMawllLlThjTgEwB1V4aTTXAD8/zR
+lUX7SwY9r2B7EXYlhQt54NGJzFXG+NbEa7pKqqL2nAfffyxj0cC3MRfMOsukXKGx
+3YqhdC6kNz4fTkxX+5MDELzFZwpLdq0rZwRM07voC/CCog2OMJ4AxGZXCLysAS9/
+w6ddIY2h7IY3vv/y0vHi4giuq2ImA0B2gIUaK7AxjE9OdCEq4XmgM+6Bjlp43aYk
+R9j8/gRzCOzXngnrFJkXe2uttlGAvRUKqg==
+-----END CERTIFICATE-----

conf/saml2/mellon.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDPtZjJ7s0zOS5e
+occY2liIWpZBvxDviykX/kfedDZEaCUGdeDnWVjskOkCYJCodvAAuQAzuj11Zhv4
+jVD9by5MiEtY+x1/Pbr5bwozrzXK8DjjSPiOR37rgsqUKv9ExIU6HnxddgjdFzUc
+KiVaUFM35zeanVpMkS10ywBlbuFa8ZfOuDVAwEXq05RXo4MYp8I7TM6K+ZK94/2t
+ujvGZKHIrzlv0e3o2CM3u4PBhWFvBZgQCc5t1+4rzGC7f9nFlyuo4L+pS1CUv+wJ
+CdGd3qsuBz9AFQ7GASs3BNjzaX9nkNcocDWA+HQ/yYhRTV4FZP6WZgCgZdDkVtjo
+6l3Ahx3PAgMBAAECggEAKSDrRSj9BuSOsvxTwS8TEsTlNdWQk+45T9/w+TKHwFni
+4vmadBT0D7vN98OJQWJzuaDoUlXRb5qtdTT+UYCfaVYfnVn0CEr/5/49xeguvaV9
+jjvXw8ySbC300QwGieZj/xMkSxlhPe4nfRE3Xj/DirFFCF+aDsk8eADubidbhjcu
+vmNsH7QTtGXzZUHWlJ0jB4H9sN8JrjddJtMWB2lhyfYsqKSIdwtVgiLsokTsrPhv
+hpKxXpVBoeYGdQ9buaN1yqQ7oVDCdcF2h2ctx/VcUp4s5QurEA0KupuHpASnRIbu
+1NGsN/Wn/x26TFC/plS4x65lqkAnvjneAVBcZnOSkQKBgQD9c5cBloaA064y5UKv
+xM7I+SH++C+6+kZlzOcv3JGccrghpjPzetICjOxpejHphKCPKPN4FOkNZGlcad00
+ns3IeX4cf9MtRdZ1bDsnfuIc1+GC2OwAqxsGUFQqdET3u9O17rK1Lhc5ieauVDvh
+27IWN/jXcHcqQtPlCPKOcbSEJwKBgQDRzEMQNnFVWJuSB+LZygTkur1SJofnUunF
+wo7kVK2xaNM8gOYZSp4YWlA90r84MuPU3LTYuBW3d465sG2fZCeEZ1nVaoWdtJZn
++kLGd2Gh9yu5EJEI+0YzRPsqqysDu1G/XR7z88H2a1y30fajEDlEfKormdTZC882
+pd05INvaGQKBgAtkoMsfexhba586Ew9Xp3v9RvvxKCQdkACPf2z1W05PEdvhXsB5
+KuuWbiInrgqzPYxx6M/jEL7bXqka0SjGYrW6UGLzlAia9RL+NIKH/54QTkDVg3Zc
+OrDD96SY6WjBdrjc7Aec9MpPWqFHhBGZEJ5TEcqNca3ipyfKiSzCC71NAoGARiHW
+OVE5yaH5P3PLbaqOwDd8mj2vKLEa3LURN1rnRWsZUhx0zveWqeVm9YPB0HOSndG5
+0siW2eHpoEFOI/5DB4vVB/a3++Qmc1PBhr7ZsF8ECrVzBmGZMgJZRAY8Nt8jkKj8
+c+iEam+xavGRVSlTO4XBDRo7gOLlvgrsTPCjDeECgYEAlB6HEeF2e2HO2qmFYuo4
+2Ek7wViGaBH5tqVwKA9HYaNL/B72LSnI8/BzUPvSTNQDbZ4KLYmUqIqyuQGseC6K
+2OaOUf9heHHmXsXpAr+OLeLNyb3L6Qs6B46+d+SSFS/+4fA/nHlI6mDLA9sFE7MN
+4VxbsDX+4X9uR319h4O0Hbw=
+-----END PRIVATE KEY-----

conf/saml2/mellon_metadata.xml

@@ -0,0 +1,17 @@
+<md:EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+  xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+  xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="apache-client" ID="ID_8560f9d7-5547-4a5d-bf31-01862b1057a9">
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="false">
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <ds:X509Certificate>MIICtTCCAZ0CFAETmBUXMGyYKEFkJYmJ+IIhi3r/MA0GCSqGSIb3DQEBCwUAMBcxFTATBgNVBAMMDDJhYTMxZjBhMmFiYjAeFw0yNDA1MTUxMjIyMjZaFw0zNDA1MTUxMjIyMjZaMBcxFTATBgNVBAMMDDJhYTMxZjBhMmFiYjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+1mMnuzTM5Ll6hxxjaWIhalkG/EO+LKRf+R950NkRoJQZ14OdZWOyQ6QJgkKh28AC5ADO6PXVmG/iNUP1vLkyIS1j7HX89uvlvCjOvNcrwOONI+I5HfuuCypQq/0TEhToefF12CN0XNRwqJVpQUzfnN5qdWkyRLXTLAGVu4Vrxl864NUDARerTlFejgxinwjtMzor5kr3j/a26O8ZkocivOW/R7ejYIze7g8GFYW8FmBAJzm3X7ivMYLt/2cWXK6jgv6lLUJS/7AkJ0Z3eqy4HP0AVDsYBKzcE2PNpf2eQ1yhwNYD4dD/JiFFNXgVk/pZmAKBl0ORW2OjqXcCHHc8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhj/sI6vGLN9VLhiNQZeJoOjqEMsj3OxJg8Z7HYbPi1o/eASE9569UeposHcpWryaDeL3XeES9c3r0tZ9bguBJj6OMawllLlThjTgEwB1V4aTTXAD8/zRlUX7SwY9r2B7EXYlhQt54NGJzFXG+NbEa7pKqqL2nAfffyxj0cC3MRfMOsukXKGx3YqhdC6kNz4fTkxX+5MDELzFZwpLdq0rZwRM07voC/CCog2OMJ4AxGZXCLysAS9/w6ddIY2h7IY3vv/y0vHi4giuq2ImA0B2gIUaK7AxjE9OdCEq4XmgM+6Bjlp43aYkR9j8/gRzCOzXngnrFJkXe2uttlGAvRUKqg==</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8081/mellon/logout"></md:SingleLogoutService>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8081/mellon/postResponse" isDefault="true" index="0"></md:AssertionConsumerService>
+  </md:SPSSODescriptor>
+</md:EntityDescriptor>

conf/ssl/apache-selfsigned.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIzCCAgugAwIBAgIUNDMceqFG0Ni92re7FH2qdFrduiIwDQYJKoZIhvcNAQEL
+BQAwITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yNDA1MTUx
+MzA5MzZaFw0yNTA1MTUxMzA5MzZaMCExCzAJBgNVBAYTAkZSMRIwEAYDVQQDDAls
+b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFj+df8RHH
+c+qcOQPBp2eX5VpZkBKw4iXaHbWt+HDmGTGlWWold3cf/K+9g4mjEAL8XvFmF2Gk
+L2IEGRh49nXRcLCjpzEgFXMpSDwVAd3+ISIzf0VYBFqb01x6bVCP6ffrxrOKGyS8
+CI/RkGblbECG+GM84iU8Mp66pZ8/sa9lZ8ItTKNKUljgOumXtQfEC2ZC7fQJ86Ts
+1OOai7He404o8FP6K4JeUBOB5/SQmmL2xmIHzxNEg/21yeDen75T7hbks62Tcp9i
+pNqZK6kmo4F1P+0s2zmtn+C+/1FG+YOWMBtVtM6tZ4hT2tExbyO7EMvqqY1Ff8AI
+GdHbXk63NAQDAgMBAAGjUzBRMB0GA1UdDgQWBBTq+MjgZOEIuoPdeL7JMqDIA1LX
+zTAfBgNVHSMEGDAWgBTq+MjgZOEIuoPdeL7JMqDIA1LXzTAPBgNVHRMBAf8EBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAEi5+910cC0MxtYRkpUc8gmZkrAjrJpn37
+tjPoWTYC3wUaVrPdL0sRHeNnDdK7Zdq7DOGolg4lj9HNDa8kf/um00RSe1QvjPrU
+CCMjHD+HozwPW1p0o7L6BpE4Xv8DRF+mB/qffjStrLd10vKe5Nr4eNFvFFOQ1HaE
+CXX8Tf9ARQsEydw7P5wjGGmEi6Elfnz4LVZxMT4QBNHLaBnrHshoavgBWqX060MX
+ACiR3weszA89fvx3t4I9Bxf73k64SGysOXc0woellW25bnlxw/F46cX1tKEyG4fH
+Z6Rk8GjFTteEz2E7kS6VsY97GOF30WtmMM1sOxL8LQD7rz7YDoAA
+-----END CERTIFICATE-----

conf/ssl/apache-selfsigned.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFj+df8RHHc+qc
+OQPBp2eX5VpZkBKw4iXaHbWt+HDmGTGlWWold3cf/K+9g4mjEAL8XvFmF2GkL2IE
+GRh49nXRcLCjpzEgFXMpSDwVAd3+ISIzf0VYBFqb01x6bVCP6ffrxrOKGyS8CI/R
+kGblbECG+GM84iU8Mp66pZ8/sa9lZ8ItTKNKUljgOumXtQfEC2ZC7fQJ86Ts1OOa
+i7He404o8FP6K4JeUBOB5/SQmmL2xmIHzxNEg/21yeDen75T7hbks62Tcp9ipNqZ
+K6kmo4F1P+0s2zmtn+C+/1FG+YOWMBtVtM6tZ4hT2tExbyO7EMvqqY1Ff8AIGdHb
+Xk63NAQDAgMBAAECggEACdSQQcDgDpmg+ecIXdFzoSZDaaN2mqCWG5VQ3fg3vetR
+AhZB5t1b6xaKtBZgeeGpFF+xCVBuhlnpOaT6B8LTt/kwgOQn2J3Ynhw/CRiPsD57
+0i4qCCgnTgulVV4tHQwaTvwTIPMaz9RpO5dA13ecelrPrU7fZXBrX4QwOV4hCR2b
+FFfv1fCxIc4ZYkzcTfB/kPHY95MH/XihKdIUdOOS7WCkbim8p/Uja/hukzxENe8v
+2iwpqM88k939hYuS2uZinNkYspjv1G20JjTfaB0ragn1ZGOBqVPiVVtOgRrs+ee5
+2e8Yl1dA1QonaK6GEs6iELJVOeIMzY/Y3iM9JxQFSQKBgQD6ZIaQJBJLEZeYTY96
+kxCb+jIgYyfedi/SY1hJVF/QU0kP1jED77rGSHDklMH8rBe64vGUTD8ajLrSHUMl
+0Bswqd0bu7fPGydM+fYpyC1/bhaKcZhDE3BdWCO1L9NLGWQmtHR7gUNqLc0jEASl
+s63pWY7eGHg0vog5nZcguzhz7wKBgQDJ/IGbDHWqiior+BdfmLLDQzS6p4Cuev4K
+WbkoF5UDIyuPSKBi0pzjACtDghlJdxWCYEqM8hNSPBcxBPIdEfmPs10pEIQ4WKQN
+lvbh0D7vfBpHdqhOsj5Mbi/a3GUYeKjOHIGFJRaF6EWyTdqxbDU0u++Xh4W5Uicw
+TcjOL2ONLQKBgCvYdoe/CUUD65vL2RgJsJrfkO+C7XRTFcStiMQudiiwrNaNF0At
+NnOKM9qTAfUQ3YboPo1NXK91fTFV1nBEpL48wG8ey+0EQDmGe8iNOQpbaK8NfTAh
+s0dlK7uKiGFaLONqLguCcx+grY86OtYZRJbcC9xwRHxX8NrF8bTVk+kZAoGAGHJT
+TWzIoQdv6zpvucZFfJSZwS2cyYFhVedeHZgdFPAgyYrEvrE3A9J1agpI/TdIhysY
+Ws7Bv+Y9+FTc6N/QELBoyhuRpTA1St/GqbYGp/2hQJz/6eZw29dKO3cJVVjlNW0F
+0BOZEkP2i4oYufiax/MnIHPqn29uBs6jSzE5H1ECgYEAs3NHSWL3b6YbLB9unrey
+7vOlYqasiK50ba/eMqMEmykbAcDOck5JMVwA//VoMdDrl4LPYE+Z5G1trCjbq/nB
+J3XFAVqQkj8WAguaH29LK1cCtm2QJDZm00XXBdxdIzX3kHUnGZch1/u/w4aFVUyR
+c1egwjfne9RU5COgGQt9Zzk=
+-----END PRIVATE KEY-----

docker-compose.yml

@@ -0,0 +1,41 @@
+services:
+  apache-proxy:
+    image: soarinferret/mod_auth_mellon:0.15.0-alpine
+    restart: unless-stopped
+    container_name: apache_proxy
+    ports: 
+      - '8081:443'
+    volumes:
+      - ./conf/saml.conf:/usr/local/apache2/conf.d/saml.conf:ro
+      - ./conf/saml2/:/etc/httpd/saml2/:ro
+      - ./conf/ssl/:/usr/local/apache2/ssl/:ro
+      - ./www:/var/www/:ro
+    develop:
+      watch:
+        - action: rebuild
+          path: ./docker-compose.yml
+        - action: rebuild
+          path: ./conf/**/*
+  idp:
+    image: quay.io/keycloak/keycloak:24.0.4
+    restart: unless-stopped
+    container_name: keycloak
+    command: start-dev
+    ports: 
+      - '8080:8080'
+    environment:
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=admin
+      #- KC_LOG_LEVEL=DEBUG
+      #- KC_HOSTNAME=localhost
+    volumes:
+      - ./data_keycloak:/opt/keycloak/data/
+  grafana:
+    image: grafana/grafana-oss
+    restart: unless-stopped
+    container_name: grafana
+    ports:
+      - '3000:3000'
+    volumes:
+      - ./conf/grafana.ini:/etc/grafana/grafana.ini:ro
+      - ./data_grafana:/var/lib/grafana