From 151cdcc3d8044772208bd830143e733934b8ffd0 Mon Sep 17 00:00:00 2001
From: Marco Fargetta <marco.fargetta@ct.infn.it>
Date: Wed, 22 Oct 2014 19:03:50 +0200
Subject: [PATCH] Fixed shibboleth role

Both VMs (debian and CentOS) work correctly
---
 Ansible/group_vars/CentOS-servers             |  3 ++-
 Ansible/group_vars/Debian-servers             |  4 ++--
 .../fmarco76.IDPPublic/tasks/install.yml      |  5 +++--
 Ansible/roles/shibboleth-idp/tasks/main.yml   |  4 ++--
 .../templates/relying-party.xml.j2            | 10 ++++-----
 Ansible/roles/shibboleth-idp/vars/main.yml    | 22 +++++++++----------
 6 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/Ansible/group_vars/CentOS-servers b/Ansible/group_vars/CentOS-servers
index 4a4d312..c43012d 100644
--- a/Ansible/group_vars/CentOS-servers
+++ b/Ansible/group_vars/CentOS-servers
@@ -25,7 +25,8 @@ tomcat6_service: tomcat6
 tomcat6_user: tomcat
 tomcat6_group: tomcat
 tomcat6_config_start: /etc/tomcat6/tomcat6.conf
-tomcat6_lib_path: /usr/share/tomcat6/lib/
+tomcat6_lib_path: /usr/share/tomcat6/lib
+tomcat6_webapps: /var/lib/tomcat6/webapps
 yum_flags: " "
 lokkit_flags: " "
 epel_release_url: http://dl.fedoraproject.org/pub/epel/6/x86_64/
diff --git a/Ansible/group_vars/Debian-servers b/Ansible/group_vars/Debian-servers
index 85561b8..ca7e082 100644
--- a/Ansible/group_vars/Debian-servers
+++ b/Ansible/group_vars/Debian-servers
@@ -19,5 +19,5 @@ tomcat6_service: tomcat6
 tomcat6_user: tomcat6
 tomcat6_group: tomcat6
 tomcat6_config_start: /etc/default/tomcat6
-tomcat6_lib_path: /usr/share/tomcat6/lib/
-tomcat6_webapps: /var/lib/tomcat6/webapps/
+tomcat6_lib_path: /usr/share/tomcat6/lib
+tomcat6_webapps: /var/lib/tomcat6/webapps
diff --git a/Ansible/roles/fmarco76.IDPPublic/tasks/install.yml b/Ansible/roles/fmarco76.IDPPublic/tasks/install.yml
index 0774f5c..f6a2fe0 100644
--- a/Ansible/roles/fmarco76.IDPPublic/tasks/install.yml
+++ b/Ansible/roles/fmarco76.IDPPublic/tasks/install.yml
@@ -20,16 +20,17 @@
   command: ant dist creates={{ ansible_env.HOME }}/idpFrontEnd/IDPPublic-{{ IDPPublic_release }}/dist/IDPPublic.war chdir={{ ansible_env.HOME }}/idpFrontEnd/IDPPublic-{{ IDPPublic_release }}
   tags:
   -  install
+
 - name: Rename the old ROOT webapp 
   sudo: yes
-  command: mv {{ tomcat6_webapps }}/ROOT {{ tomcat6_webapps }}/ROOT.old creates={{ tomcat6_webapps }}/ROOT.old/META-INF/context.xml
+  command: creates="{{ tomcat6_webapps }}/ROOT.old/META-INF/context.xml" mv {{ tomcat6_webapps }}/ROOT {{ tomcat6_webapps }}/ROOT.old
   tags:
     - tomcat6
     - install
 
 - name: Copy the application into the webapps 
   sudo: yes
-  command: cp {{ ansible_env.HOME }}/idpFrontEnd/IDPPublic-{{ IDPPublic_release }}/dist/IDPPublic.war {{ tomcat6_webapps }}/ROOT.war creates={{ tomcat6_webapps }}/ROOT.war
+  command: creates="{{ tomcat6_webapps }}/ROOT.war" cp {{ ansible_env.HOME }}/idpFrontEnd/IDPPublic-{{ IDPPublic_release }}/dist/IDPPublic.war {{ tomcat6_webapps }}/ROOT.war
 
 - name: Configure the ROOT
   sudo: yes
diff --git a/Ansible/roles/shibboleth-idp/tasks/main.yml b/Ansible/roles/shibboleth-idp/tasks/main.yml
index 7994ee5..880e323 100644
--- a/Ansible/roles/shibboleth-idp/tasks/main.yml
+++ b/Ansible/roles/shibboleth-idp/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
 # tasks file for shibboleth-idp
-#- include: install.yml
-#- include: tomcat-config.yml 
+- include: install.yml
+- include: tomcat-config.yml 
 - include: configure.yml
diff --git a/Ansible/roles/shibboleth-idp/templates/relying-party.xml.j2 b/Ansible/roles/shibboleth-idp/templates/relying-party.xml.j2
index ddb63d4..3eda315 100644
--- a/Ansible/roles/shibboleth-idp/templates/relying-party.xml.j2
+++ b/Ansible/roles/shibboleth-idp/templates/relying-party.xml.j2
@@ -103,7 +103,7 @@
         
 {%- for federation in federations %}
         
-      <metadata:MetadataProvider id="{{ federation.metadata_provider }} CatchAllFederation" xsi:type="metadata:FileBackedHTTPMetadataProvider"
+      <metadata:MetadataProvider id="{{ federation.provider }}" xsi:type="metadata:FileBackedHTTPMetadataProvider"
 				 metadataURL="{{ federation.metadata_URL }} "
 				 backingFile="{{ shibboleth_install_path }}/metadata/{{ backing_file }}.xml"
 				 disregardSslCertificate="true">
@@ -112,9 +112,9 @@
 
 <!-- various service providers --> 
 {%- for sp in other_service_providers %}
-        <metadata:MetadataProvider id="sp.provider" xsi:type="metadata:FileBackedHTTPMetadataProvider"
-				 metadataURL="sp.metadata_URL"
-				 backingFile="{{ shibboleth_install_path }}/metadata/sp.backing_file"
+        <metadata:MetadataProvider id="{{ sp.provider }}" xsi:type="metadata:FileBackedHTTPMetadataProvider"
+				 metadataURL="{{ sp.metadata_URL }}"
+				 backingFile="{{ shibboleth_install_path }}/metadata/{{ sp.backing_file }}"
 				 disregardSslCertificate="true">
 	</metadata:MetadataProvider>
 {% endfor %}
@@ -127,7 +127,7 @@
     <!--     Security Configurations                -->
     <!-- ========================================== -->
     <security:Credential id="IdPCredential" xsi:type="security:X509Filesystem">
-        <security:PrivateKey>{{ shibboleth_install_path }}/credentials/{{ idp_key_cert }}</security:PrivateKey>
+        <security:PrivateKey>{{ shibboleth_install_path }}/credentials/{{ idp_private_key_file }}</security:PrivateKey>
         <security:Certificate>{{ shibboleth_install_path }}/credentials/{{ idp_cert_file }}</security:Certificate>
     </security:Credential>
     
diff --git a/Ansible/roles/shibboleth-idp/vars/main.yml b/Ansible/roles/shibboleth-idp/vars/main.yml
index e8f1625..ccff30f 100644
--- a/Ansible/roles/shibboleth-idp/vars/main.yml
+++ b/Ansible/roles/shibboleth-idp/vars/main.yml
@@ -7,9 +7,9 @@ apache:
 # vars file for shibboleth-idp
 idp_version: 2.4.1
 shibboleth_install_path: /opt/shibboleth-idp
-shibboleth_install_cert_pass: thisismystupidpassphrase 
-shibboleth_idp_log_level: DEBUG
-shibboleth_ldap_log_level: DEBUG
+shibboleth_install_cert_pass: thisismystupidpassphrase
+shibboleth_idp_log_level: INFO
+shibboleth_ldap_log_level: INFO
 idp_url: http://shibboleth.net/downloads/identity-provider/
 idp_package_name: shibboleth-identityprovider
 idp_package_endorsed_jars:
@@ -35,19 +35,19 @@ federations:
     backing_file: CatchAllFederation
   - test_federation:
     provider: TestCatchAllFederation
-    metadata_URL: https://gridp.garr.it/metadata/gridp.xml
+    metadata_URL: https://gridp.garr.it/metadata/gridp-test.xml
     backing_file: TestCatchAllFederation
 
-other_service_providers:
-  - science_gateway_1: 
-    provider: url.of.service.provider
-    metadata_URL: https://url.of.service.provider/Shibboleth.sso/Metadata
-    backing_file: url.of.service.provider.xml
+other_service_providers: []
+#  - science_gateway_1: 
+#    provider: url.of.service.provider
+#    metadata_URL: https://url.of.service.provider/Shibboleth.sso/Metadata
+#    backing_file: url.of.service.provider.xml
  
  # security and certs - just the file name without the path
  
-idp_private_key_file: "key.key"
-idp_cert_file: "cert.crt"
+idp_private_key_file: "idp.key"
+idp_cert_file: "idp.crt"
  # this can be set to either something under /etc/grid-security/certificates (for EUGridPMA-issued certs) or something in /etc/pki/CA/certs
 ca_cert_file: "/etc/grid-security/INFN-CA-2006.pem"