# run the IDP's install script (keep the defaults for the source and installation directories)
# this will throw away the container, but the config files are kept on the docker host
docker-compose -f dc.yaml run --rm /opt/scripts/install_idp.sh  

# now configure /opt/jetty-base and /etc/shibboleth-idp
. use idp.home/metadata/idp-metadata.xml to create a reasonable metadata file and upload it to the metadata feed
. configure the metadata provider (local via file system or well-know location URL)
. configure jetty certificates (jetty-base/start.d/ssl.ini, backchannel.ini)  
. attribute-filter, -resolver; idp.properites; ldap.properties 
. optional: redirect logfiles to /var/log: see logback.xml (both jetty and shib-idp
. if running with a reverse proxy (load balancer) fronting the IDP you need to tell jetty to
  activate the ForwardedRequestCustomize class (see example install/jetty-base/etc/jetty.xml)
. optionally copy jstl-1.2.jar to /opt/shibboleth-idp/edit-webapp/WEB-INF/lib (-> for idp/status page)

# start jetty
docker-compose -f dc.yaml run --rm shibidp bash 

# To effect changes to the idp.war file:
docker-compose -f dc.yaml run --rm shibidp /scripts/rebuild_idp_war.sh

# test attribute release for user 'eid-test'
curl 'http://localhost:8080/idp/profile/admin/resolvertest?principal=eid-test&requester=https%3A%2F%2Fsp.example.org%2Fsp'

/scripts/create_idp_cert.sh   # create a new singing and/or encryption certificate
/scripts/seckey_init.sh       # create a new data sealer keystore (e.g. after copying config form other deployment)
/scripts/seckey_refresh.sh    # call daily to create a new data sealer key