Merge pull request #87 from INFN-Catania/master

Fixed shibboleth role
AAROC · Oct 23, 2014 · dd4411d · dd4411d
2 parents 5d8633f + 151cdcc
commit dd4411d
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 23 deletions.
diff --git a/Ansible/group_vars/CentOS-servers b/Ansible/group_vars/CentOS-servers
@@ -25,7 +25,8 @@ tomcat6_service: tomcat6
 tomcat6_user: tomcat
 tomcat6_group: tomcat
 tomcat6_config_start: /etc/tomcat6/tomcat6.conf
-tomcat6_lib_path: /usr/share/tomcat6/lib/
+tomcat6_lib_path: /usr/share/tomcat6/lib
+tomcat6_webapps: /var/lib/tomcat6/webapps
 yum_flags: " "
 lokkit_flags: " "
 epel_release_url: http://dl.fedoraproject.org/pub/epel/6/x86_64/

diff --git a/Ansible/group_vars/Debian-servers b/Ansible/group_vars/Debian-servers
@@ -19,5 +19,5 @@ tomcat6_service: tomcat6
 tomcat6_user: tomcat6
 tomcat6_group: tomcat6
 tomcat6_config_start: /etc/default/tomcat6
-tomcat6_lib_path: /usr/share/tomcat6/lib/
-tomcat6_webapps: /var/lib/tomcat6/webapps/
+tomcat6_lib_path: /usr/share/tomcat6/lib
+tomcat6_webapps: /var/lib/tomcat6/webapps
diff --git a/Ansible/roles/fmarco76.IDPPublic/tasks/install.yml b/Ansible/roles/fmarco76.IDPPublic/tasks/install.yml
@@ -20,16 +20,17 @@
   command: ant dist creates={{ ansible_env.HOME }}/idpFrontEnd/IDPPublic-{{ IDPPublic_release }}/dist/IDPPublic.war chdir={{ ansible_env.HOME }}/idpFrontEnd/IDPPublic-{{ IDPPublic_release }}
   tags:
   -  install
+
 - name: Rename the old ROOT webapp 
   sudo: yes
-  command: mv {{ tomcat6_webapps }}/ROOT {{ tomcat6_webapps }}/ROOT.old creates={{ tomcat6_webapps }}/ROOT.old/META-INF/context.xml
+  command: creates="{{ tomcat6_webapps }}/ROOT.old/META-INF/context.xml" mv {{ tomcat6_webapps }}/ROOT {{ tomcat6_webapps }}/ROOT.old
   tags:
     - tomcat6
     - install
 
 - name: Copy the application into the webapps 
   sudo: yes
-  command: cp {{ ansible_env.HOME }}/idpFrontEnd/IDPPublic-{{ IDPPublic_release }}/dist/IDPPublic.war {{ tomcat6_webapps }}/ROOT.war creates={{ tomcat6_webapps }}/ROOT.war
+  command: creates="{{ tomcat6_webapps }}/ROOT.war" cp {{ ansible_env.HOME }}/idpFrontEnd/IDPPublic-{{ IDPPublic_release }}/dist/IDPPublic.war {{ tomcat6_webapps }}/ROOT.war
 
 - name: Configure the ROOT
   sudo: yes

diff --git a/Ansible/roles/shibboleth-idp/tasks/main.yml b/Ansible/roles/shibboleth-idp/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
 # tasks file for shibboleth-idp
-#- include: install.yml
-#- include: tomcat-config.yml 
+- include: install.yml
+- include: tomcat-config.yml 
 - include: configure.yml
diff --git a/Ansible/roles/shibboleth-idp/templates/relying-party.xml.j2 b/Ansible/roles/shibboleth-idp/templates/relying-party.xml.j2
@@ -103,7 +103,7 @@
 
 {%- for federation in federations %}
 
-      <metadata:MetadataProvider id="{{ federation.metadata_provider }} CatchAllFederation" xsi:type="metadata:FileBackedHTTPMetadataProvider"
+      <metadata:MetadataProvider id="{{ federation.provider }}" xsi:type="metadata:FileBackedHTTPMetadataProvider"
 				 metadataURL="{{ federation.metadata_URL }} "
 				 backingFile="{{ shibboleth_install_path }}/metadata/{{ backing_file }}.xml"
 				 disregardSslCertificate="true">
@@ -112,9 +112,9 @@
 
 <!-- various service providers --> 
 {%- for sp in other_service_providers %}
-        <metadata:MetadataProvider id="sp.provider" xsi:type="metadata:FileBackedHTTPMetadataProvider"
-				 metadataURL="sp.metadata_URL"
-				 backingFile="{{ shibboleth_install_path }}/metadata/sp.backing_file"
+        <metadata:MetadataProvider id="{{ sp.provider }}" xsi:type="metadata:FileBackedHTTPMetadataProvider"
+				 metadataURL="{{ sp.metadata_URL }}"
+				 backingFile="{{ shibboleth_install_path }}/metadata/{{ sp.backing_file }}"
 				 disregardSslCertificate="true">
 	</metadata:MetadataProvider>
 {% endfor %}
@@ -127,7 +127,7 @@
     <!--     Security Configurations                -->
     <!-- ========================================== -->
     <security:Credential id="IdPCredential" xsi:type="security:X509Filesystem">
-        <security:PrivateKey>{{ shibboleth_install_path }}/credentials/{{ idp_key_cert }}</security:PrivateKey>
+        <security:PrivateKey>{{ shibboleth_install_path }}/credentials/{{ idp_private_key_file }}</security:PrivateKey>
         <security:Certificate>{{ shibboleth_install_path }}/credentials/{{ idp_cert_file }}</security:Certificate>
     </security:Credential>
 

diff --git a/Ansible/roles/shibboleth-idp/vars/main.yml b/Ansible/roles/shibboleth-idp/vars/main.yml
@@ -7,9 +7,9 @@ apache:
 # vars file for shibboleth-idp
 idp_version: 2.4.1
 shibboleth_install_path: /opt/shibboleth-idp
-shibboleth_install_cert_pass: thisismystupidpassphrase 
-shibboleth_idp_log_level: DEBUG
-shibboleth_ldap_log_level: DEBUG
+shibboleth_install_cert_pass: thisismystupidpassphrase
+shibboleth_idp_log_level: INFO
+shibboleth_ldap_log_level: INFO
 idp_url: http://shibboleth.net/downloads/identity-provider/
 idp_package_name: shibboleth-identityprovider
 idp_package_endorsed_jars:
@@ -35,19 +35,19 @@ federations:
     backing_file: CatchAllFederation
   - test_federation:
     provider: TestCatchAllFederation
-    metadata_URL: https://gridp.garr.it/metadata/gridp.xml
+    metadata_URL: https://gridp.garr.it/metadata/gridp-test.xml
     backing_file: TestCatchAllFederation
 
-other_service_providers:
-  - science_gateway_1: 
-    provider: url.of.service.provider
-    metadata_URL: https://url.of.service.provider/Shibboleth.sso/Metadata
-    backing_file: url.of.service.provider.xml
+other_service_providers: []
+#  - science_gateway_1: 
+#    provider: url.of.service.provider
+#    metadata_URL: https://url.of.service.provider/Shibboleth.sso/Metadata
+#    backing_file: url.of.service.provider.xml
 
  # security and certs - just the file name without the path
 
-idp_private_key_file: "key.key"
-idp_cert_file: "cert.crt"
+idp_private_key_file: "idp.key"
+idp_cert_file: "idp.crt"
  # this can be set to either something under /etc/grid-security/certificates (for EUGridPMA-issued certs) or something in /etc/pki/CA/certs
 ca_cert_file: "/etc/grid-security/INFN-CA-2006.pem"