Fix ipsilon config and install script in staging

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

roles/ipsilon/tasks/main.yml

@@ -132,8 +132,17 @@
 
 - name: Install ipsilon
   command:
-    cmd: ipsilon-server-install --admin-user admin --ipa yes --openidc yes --openid yes --saml2 yes --info-sssd yes --form=yes
+    cmd: ipsilon-server-install 
-    creates: /etc/ipsilon/idp/ipsilon.conf
+         --root-instance
+         --admin-user=admin
+         --ipa=yes
+         --openidc=yes
+         --openid=yes
+         --saml2=yes
+         --info-sssd=yes
+         --form=yes
+         --admin-dburi=configfile:///etc/ipsilon/configuration.conf
+    creates: /etc/ipsilon/ipsilon.conf
   tags:
   - ipsilon
 
@@ -145,7 +154,7 @@
 ## - name: copy ipsilon configuration
 ##   template:
 ##     src: "ipsilon.conf"
-##     dest: "/etc/ipsilon/idp/ipsilon.conf"
+##     dest: "/etc/ipsilon/ipsilon.conf"
 ##     owner: ipsilon
 ##     group: ipsilon
 ##     mode: 0600

roles/ipsilon/templates/httpd.conf.staging.j2

@@ -21,8 +21,11 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* /openid/id/$1/ [PT]
 Alias /ui /usr/share/ipsilon/themes/Fedora
 #Alias /ui /usr/share/ipsilon/ui
 WSGIScriptAlias / /usr/libexec/ipsilon
+WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon display-name=ipsilon processes=2 threads=2 maximum-requests=1000
+# This header is required to be passed for OIDC client_secret_basic
 WSGIPassAuthorization On
-WSGIDaemonProcess ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000
+# Without this, getting the private key in jwcrypto/jwk.py, line 430, fails
+# Fix from https://github.com/pyca/cryptography/issues/2299#issuecomment-197075190
 WSGIApplicationGroup %{GLOBAL}
 WSGISocketPrefix run/wsgi
 #WSGIRestrictStdout Off