diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml index f69845cc3b..c3f4ff6af5 100644 --- a/roles/ipsilon/tasks/main.yml +++ b/roles/ipsilon/tasks/main.yml @@ -132,8 +132,17 @@ - name: Install ipsilon command: - cmd: ipsilon-server-install --admin-user admin --ipa yes --openidc yes --openid yes --saml2 yes --info-sssd yes --form=yes - creates: /etc/ipsilon/idp/ipsilon.conf + cmd: ipsilon-server-install + --root-instance + --admin-user=admin + --ipa=yes + --openidc=yes + --openid=yes + --saml2=yes + --info-sssd=yes + --form=yes + --admin-dburi=configfile:///etc/ipsilon/configuration.conf + creates: /etc/ipsilon/ipsilon.conf tags: - ipsilon @@ -145,7 +154,7 @@ ## - name: copy ipsilon configuration ## template: ## src: "ipsilon.conf" -## dest: "/etc/ipsilon/idp/ipsilon.conf" +## dest: "/etc/ipsilon/ipsilon.conf" ## owner: ipsilon ## group: ipsilon ## mode: 0600 diff --git a/roles/ipsilon/templates/httpd.conf.staging.j2 b/roles/ipsilon/templates/httpd.conf.staging.j2 index abfee41315..4531300b76 100644 --- a/roles/ipsilon/templates/httpd.conf.staging.j2 +++ b/roles/ipsilon/templates/httpd.conf.staging.j2 @@ -21,8 +21,11 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* /openid/id/$1/ [PT] Alias /ui /usr/share/ipsilon/themes/Fedora #Alias /ui /usr/share/ipsilon/ui WSGIScriptAlias / /usr/libexec/ipsilon +WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon display-name=ipsilon processes=2 threads=2 maximum-requests=1000 +# This header is required to be passed for OIDC client_secret_basic WSGIPassAuthorization On -WSGIDaemonProcess ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000 +# Without this, getting the private key in jwcrypto/jwk.py, line 430, fails +# Fix from https://github.com/pyca/cryptography/issues/2299#issuecomment-197075190 WSGIApplicationGroup %{GLOBAL} WSGISocketPrefix run/wsgi #WSGIRestrictStdout Off