Can env vars be referenced in shibboleth2.xml?

[Peter Schober]

* Wessel, Keith <kwessel at illinois.edu> [2020-09-30 00:17]:
> In AWS, the TCP listener address will always be localhost, and the
> acl list will always be localhost (equivalent IP, of course).
> In docker-compose, though, it's going to be an IP address other than
> localhost's. So, doing this somewhat dynamically is the goal, of
> course.

To support the most fundamental workings of the software (telling
shibd where to listen on and from whom to allow connections, telling
Apache httpd where to connect to shibd) I suppose literally extending
the SP to take the values of these settings (address, port, acl
attributes on the TCPListener) from environment variables would be a
sensible way forward.
(Or maybe sharing the Unix domain socket from the shibd container to
the httpd one via a volume mount.)

Something else would then still have to perform the service discovery
parts and inject the dynamically determined IP address of a running
shibd container as env vars into your httpd container, but that'll be
the same whatever you're doing here.

Btw, the network between httpd and shibd is assumed to be "private"
and hence "secure"? Otherwise you'd have to ensure transport layer
security, e.g. using stunnel (on both ends!) for that connection,
too. Which would mean two additional processes. And if you stuck these
additional processes into additional containers (as per your own
requirements) you're stuck in a loop trying to secure the connection
to the stunnel process.
Also stunnel doesn't allow reading of IP addresses to connect to (or
listen on) from environment variables, either. So that would merely
shift the problem from Shib (which would always have address and acl
set to localhost) to stunnel configuration.
(While the alternative ghostunnel doesn't seem to support environment
variables either at least it supports supplying the necessary
parameters as options on the command line, contrary to
stunnel. Everything else above applies just the same.)

-peter