Ansible LDAP/Shibboleth Role Release

Pre-release v0.0.3

In this release, we have new functionality for deploying a fully-integrated Shibboleth identity provider, along with LDAP backend. The idp-ldap.yml playbook configures both services, and delpoys the web frontend for the Shibboleth IDP on the identity provider.

New Functionality

The playbooks support RedHat 6 clones (CentOS) and Debian 6 (including Ubuntu). Variables for these OSs can be found in group_vars/{{ ansible_os_family }}.yml

New functionality with respect to the previous version includes:

1. Shibboleth Identity provider deployment
2. LDAP integration with IdP
3. Web frontend (IDPPublic) deployment and integration

New Ansible Roles

New Ansible roles have been developed and included in this release

1. fmarco76.tomcat : provisions the tomcat instance for Shibboleth.
2. fmarco76.firewall : applies the correct iptables for the site services
3. fmarco76.IDPPublic : deployes the web mnanagement interface
4. shibboleth-idp : provisions the Shibboleth identity provider

Using this release

The idp-ldap.yml playbook will configure the services at your site, on hosts defined in your inventory. You need to specify certain site-specific variables along with the inventory :

---
server_country: 
server_state: 
server_location: 
server_organization: 
organisation: 
mail_contact:
useradmin_password: 
ldap_server:

These are used to configure the ldap and shibboleth integration.

Testing and Feedback

This has been tested against the dev site at INFN Catania and the ZAMREN site in Zambia. Please open tickets if there are any issues.