Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add an install metadata.xml and idp-metadata.xml in /etc/httpd/saml2

Browse source
This commit is contained in:
Pierre-Yves Chibon 2015-09-30 15:18:17 +02:00
parent 95c71a653b
commit 51305453b8
3 changed files with 133 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

83
roles/pdc/files/idp-metadata.xml Normal file
View file

@ -0,0 +1,83 @@
<?xml version='1.0' encoding='UTF-8'?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" val
idUntil="2020-09-28T11:14:04.923891" entityID="http://id.stg.fedoraproject.org/saml2/metadata">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIFOTCCAyGgAwIBAgIJAOtrg+MpYNUgMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNV
BAMMKGlkLmZlZG9yYXByb2plY3Qub3JnIFNURyBURU1QT1JBUlkgU0FNTDIwHhcN
MTUwOTMwMDkxMzU3WhcNMTUxMDMwMDkxMzU3WjAzMTEwLwYDVQQDDChpZC5mZWRv
cmFwcm9qZWN0Lm9yZyBTVEcgVEVNUE9SQVJZIFNBTUwyMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAt1mvOsVxRm9O+dT0QIYxl0vmqQQ4MhQA3wboEeBp
sQYjM2te+2Q/7OOwklVdD5g/rgXuDwOH6ztt1Y6UJmMC9RQCSJ5YNFe95hOE0H+P
ar9/9xm6hlwqxp9S1NftO7G6x7Zad/QHURcQit2EeDJAox/LEk3FEti03Q2tSPBa
wpNk/AUwkXnGn+bQ142JxvfJaO8sdxPpww1955SxKnJ3ClaPw3Qs0SLbD7cQQnyu
gQne0jBNPS5LkXS7DKmPBXY7R7der2gx3Wr6TxHNCcqMruL/RHmGKEB/KnFqxDK1
zNrcUyyghHGBRtGqbJw37kQBWtuoE67iyAiHQWnn4onNHTFeP1SfpzFIM3ya8Iew
Awh93IH2YAAd3SxNsCE27iZej2+8OikkWp6rpG36apskwKLAmOTKATqAII49u32o
aYqMe3LEORzmoR45/FGmQ8fPTxIXoT9kkA8nS3Xa1f6BaGnlxPu+VNAYEQx5hzX1
yhjSEiIcyowIx4/Frp+XHn7USQHb0jBkBGTWlo3QRO3LDarTmcoJZIrMK1fISggv
KJ1jUisrboFm0hX4O0F6TAx9UbWGIpgTiEjynDbBgIWsElGaTOfafPOFAVVusW5W
6na5R0sKDiaw5Ej3tMz5gTlSLk+0Vfc/tQphqIgXu1BIQ5gghyDUAEZRIe7iFEnu
LqUCAwEAAaNQME4wHQYDVR0OBBYEFFIneEZsGOpk6nVXammdrrRVyG5/MB8GA1Ud
IwQYMBaAFFIneEZsGOpk6nVXammdrrRVyG5/MAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggIBAGqXB//gUKBAUFHB4i45/70vWID2lYMu2nFvd7SWI1oc0n78
DTlqFDYDyV05V/qCnezjAb+6KUyyeyAevgZPaDswCVd2aygYGDE9RsvOy60UhZ1c
yfgVx2l/YLzO4bWNKllxpfbLVHTfKo8MfFa99ClN6Y+t8+fucTS2+WOq5MYd5lKS
/4FY7QYq645oYHAlQzOV2PHAcMDbhtaEJJ4CXh4//ArM/NE73NYaH4SGQW1xVD7D
8zS/0TGYDX6MNQvRwzihtKVEtUAGj1zIZZUYFd9+mx4Ir3OBnRozSe8LkfaWYd13
hlRLINzOEQ3ebSGGRlgeFYXw+cTpn64KoyE56CcL//dxZS27LGBIMAul0eARoa6U
Y1DYkZ178QugycphmLCkxe2/Qe9xZjn0ghycxiYAlPqGFG87pW8UC162B7eklOuR
GO/BqcKZcO5GPyWkuslUpx8w0bOnCgXKxVzbt5BGBMvSMxe/QCw9x4sXnKGUtHaV
FqnKqa/sxkfQ8HltSvft8goNw13/I+J5ERHdif0EyI83ba+CyGwEjCe8uZYjp2G3
DqtUXjiYReHTYZr6R9Xgts0RKf44wVJ3D7Fs7P2dBGI7b/R/8HHv9HM+/HcbkRhA
25vdCBgg+KF3u3bZZlUp82PkOtRFcr4kb3GwS4FAaxRC5i/8Z4qI2ICNZFPN
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIFOTCCAyGgAwIBAgIJAOtrg+MpYNUgMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNV
BAMMKGlkLmZlZG9yYXByb2plY3Qub3JnIFNURyBURU1QT1JBUlkgU0FNTDIwHhcN
MTUwOTMwMDkxMzU3WhcNMTUxMDMwMDkxMzU3WjAzMTEwLwYDVQQDDChpZC5mZWRv
cmFwcm9qZWN0Lm9yZyBTVEcgVEVNUE9SQVJZIFNBTUwyMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAt1mvOsVxRm9O+dT0QIYxl0vmqQQ4MhQA3wboEeBp
sQYjM2te+2Q/7OOwklVdD5g/rgXuDwOH6ztt1Y6UJmMC9RQCSJ5YNFe95hOE0H+P
ar9/9xm6hlwqxp9S1NftO7G6x7Zad/QHURcQit2EeDJAox/LEk3FEti03Q2tSPBa
wpNk/AUwkXnGn+bQ142JxvfJaO8sdxPpww1955SxKnJ3ClaPw3Qs0SLbD7cQQnyu
gQne0jBNPS5LkXS7DKmPBXY7R7der2gx3Wr6TxHNCcqMruL/RHmGKEB/KnFqxDK1
zNrcUyyghHGBRtGqbJw37kQBWtuoE67iyAiHQWnn4onNHTFeP1SfpzFIM3ya8Iew
Awh93IH2YAAd3SxNsCE27iZej2+8OikkWp6rpG36apskwKLAmOTKATqAII49u32o
aYqMe3LEORzmoR45/FGmQ8fPTxIXoT9kkA8nS3Xa1f6BaGnlxPu+VNAYEQx5hzX1
yhjSEiIcyowIx4/Frp+XHn7USQHb0jBkBGTWlo3QRO3LDarTmcoJZIrMK1fISggv
KJ1jUisrboFm0hX4O0F6TAx9UbWGIpgTiEjynDbBgIWsElGaTOfafPOFAVVusW5W
6na5R0sKDiaw5Ej3tMz5gTlSLk+0Vfc/tQphqIgXu1BIQ5gghyDUAEZRIe7iFEnu
LqUCAwEAAaNQME4wHQYDVR0OBBYEFFIneEZsGOpk6nVXammdrrRVyG5/MB8GA1Ud
IwQYMBaAFFIneEZsGOpk6nVXammdrrRVyG5/MAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggIBAGqXB//gUKBAUFHB4i45/70vWID2lYMu2nFvd7SWI1oc0n78
DTlqFDYDyV05V/qCnezjAb+6KUyyeyAevgZPaDswCVd2aygYGDE9RsvOy60UhZ1c
yfgVx2l/YLzO4bWNKllxpfbLVHTfKo8MfFa99ClN6Y+t8+fucTS2+WOq5MYd5lKS
/4FY7QYq645oYHAlQzOV2PHAcMDbhtaEJJ4CXh4//ArM/NE73NYaH4SGQW1xVD7D
8zS/0TGYDX6MNQvRwzihtKVEtUAGj1zIZZUYFd9+mx4Ir3OBnRozSe8LkfaWYd13
hlRLINzOEQ3ebSGGRlgeFYXw+cTpn64KoyE56CcL//dxZS27LGBIMAul0eARoa6U
Y1DYkZ178QugycphmLCkxe2/Qe9xZjn0ghycxiYAlPqGFG87pW8UC162B7eklOuR
GO/BqcKZcO5GPyWkuslUpx8w0bOnCgXKxVzbt5BGBMvSMxe/QCw9x4sXnKGUtHaV
FqnKqa/sxkfQ8HltSvft8goNw13/I+J5ERHdif0EyI83ba+CyGwEjCe8uZYjp2G3
DqtUXjiYReHTYZr6R9Xgts0RKf44wVJ3D7Fs7P2dBGI7b/R/8HHv9HM+/HcbkRhA
25vdCBgg+KF3u3bZZlUp82PkOtRFcr4kb3GwS4FAaxRC5i/8Z4qI2ICNZFPN
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://id.stg.fedoraproject.org/saml2/SSO/POST"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://id.stg.fedoraproject.org/saml2/SSO/Redirect"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://id.stg.fedoraproject.org/saml2/SLO/Redirect"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
</md:IDPSSODescriptor>
</md:EntityDescriptor>

33
roles/pdc/files/metadata.xml Normal file
View file

@ -0,0 +1,33 @@
<?xml version='1.0' encoding='UTF-8'?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" cacheDuration="P7D" entityID="https://pdc.fedorainfracloud.org/saml2">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAISFaB3/KZDhMA0GCSqGSIb3DQEBCwUAMCMxITAfBgNV
BAMMGHBkYy5mZWRvcmFpbmZyYWNsb3VkLm9yZzAeFw0xNTA5MzAxMDM4NTFaFw0y
MDA5MjgxMDM4NTFaMCMxITAfBgNVBAMMGHBkYy5mZWRvcmFpbmZyYWNsb3VkLm9y
ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLA2h4tYn7tAFwFZ2JB
xLLcpIY55/NpdQP1yLSfvD4huT3rWRLoojiEpIM61qgnJmVsZ4oPkkSmU3pWLrjw
ZeD5XQimtg6GPHitjIIHhUgPDncpdGsbD1J/Jv7V/gj0CvI9ak0i9d0zxaKGaejP
0VL78xeaEPf53LQywqrV9iGDRpcJzQZrqwUvrSIDRn7SmUNvDYQL6voAO6la/43C
O8oIMiGE/qNs8sK/KupifxjN4BvZzK6ofpYqhycwJFHUTZ5mAEXspINIOr8I43Ap
F6+RDWyIt2G2GK7gwkLfNfb/3Lht8/oMjyiPvKuhSqaDbfcSwsU2A9k9vqV0ufL+
+VUCAwEAAaNQME4wHQYDVR0OBBYEFMy2MUOk6B9kN0nLDO4w7Ja/oL2dMB8GA1Ud
IwQYMBaAFMy2MUOk6B9kN0nLDO4w7Ja/oL2dMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAHWk0SZYofIu0HP96D2RFghS7bcFGoTzG4uOK8v9cYtM3f3N
O5NlmMNYeLG3wbBA+7pZgmIEReZkGlGq4kR4PqulKE4yymyuzIEUYFwlHfxrWCIH
7/A211WxTQRXBGT2h4+uwpqOOOUdd8KHBdRIzYKiNEBjUgbya9fObxPZK2jx7zUq
qa7KneEXaZ86LqPQU6+dv3i4yZE7PkeJ3Pl5wVSIJ7dxIN+81YhfuL3poknqDYmJ
4QHNMcbS3gBaTTsUAUyfPXlAbWaGdypAuzxkwt9etX/bExs/0k28REwtZo9q04R4
8Ejlv4ckKIOFY7aO8saseB4A/n/oLfrW+/8qBnM=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://pdc.fedorainfracloud.org/saml2/logout"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://pdc.fedorainfracloud.org/saml2/postResponse" index="0"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
</md:SPSSODescriptor>
</md:EntityDescriptor>

17
roles/pdc/tasks/main.yml
View file

@ -39,3 +39,20 @@
notify: restart httpd
tags:
- pdc
- name: create /etc/httpd/saml2
action: file state=directory
path=/etc/httpd/saml2
owner=apache group=apache mode=0775
tags:
- pdc
- name: Install saml2 xml files
copy: >
src="{{ item }}" dest="/etc/httpd/saml2/{{ item }}"
owner="apache" group="apache" mode=0600
with_items:
- metadata.xml
- idp-metadata.xml
tags:
- pdc