/[pdpsoft]/trunk/eu.rcauth.pilot-ica/DS/ansible/roles/delegserver/tasks/dep-shib.yml
ViewVC logotype

Contents of /trunk/eu.rcauth.pilot-ica/DS/ansible/roles/delegserver/tasks/dep-shib.yml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3003 - (show annotations) (download) (as text)
Mon Apr 11 16:34:29 2016 UTC (5 years, 9 months ago) by tamasb
File MIME type: text/x-yaml
File size: 1830 byte(s)
protect /register endpoint with SSO

1 ---
2
3 # install shibboleth
4
5 #- name: add shib repository
6 # yumrepo:
7 # name: shibboleth
8 # description: shibboleth opensuse repository
9 # baseurl: "{{ shib_repo_baseurl }}"
10 # gpgcheck: yes
11 # gpgkey: "{{ shib_repo_gpgkey }}"
12 # protect: yes
13 # enabled: yes
14 # when: (shib_repo_baseurl is defined) and (shib_repo_gpgkey is defined)
15
16 - name: install shibboleth SP
17 yum:
18 name: "{{ item }}"
19 state: present
20 with_items: "{{ shib_packages }}"
21
22 # configure shibboleth SP
23
24 - name: add attribute map
25 template:
26 src: attribute-map.xml.j2
27 dest: "{{ shib_attr_map_file }}"
28 owner: "root"
29 group: "root"
30 mode: 0644
31 backup: yes
32 notify:
33 - restart shibd
34 - restart httpd
35
36 - name: add shibboleth2.xml
37 template:
38 src: shibboleth2.xml.j2
39 dest: "{{ shib_conf_file }}"
40 owner: "root"
41 group: "root"
42 mode: 0644
43 backup: yes
44 notify:
45 - restart shibd
46 - restart httpd
47
48 - name: register protected resource /authorize in httpd
49 blockinfile:
50 dest: "{{ shib_httpd_conf }}"
51 marker: "# {mark} ANSIBLE MANAGED BLOCK /authorize"
52 owner: "root"
53 group: "root"
54 mode: 0644
55 block: |
56 <Location /{{oa4mp_server}}/authorize>
57 AuthType shibboleth
58 ShibRequestSetting requireSession 1
59 ShibUseHeaders On
60 Require valid-user
61 </Location>
62 notify: restart httpd
63
64 - name: register protected resource /register in httpd
65 blockinfile:
66 dest: "{{ shib_httpd_conf }}"
67 marker: "# {mark} ANSIBLE MANAGED BLOCK /register"
68 owner: "root"
69 group: "root"
70 mode: 0644
71 block: |
72 <Location /{{oa4mp_server}}/register>
73 AuthType shibboleth
74 ShibRequestSetting requireSession 1
75 ShibUseHeaders On
76 Require valid-user
77 </Location>
78 notify: restart httpd

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28