infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

Add the ipsilon script to generate the metadata

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2021-03-24 18:31:34 +01:00
parent 802abfa3e3
commit fc759fd447
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
2 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
roles/ipsilon/tasks/main.yml
View file

@ -293,6 +293,23 @@
tags:
- ipsilon
- name: copy saml2 metadata script
template:
src: prepare-saml2-metadata.py
dest: /usr/local/bin/prepare-saml2-metadata
owner: root
group: root
mode: 0755
tags:
- ipsilon
- name: generate the saml2 metadata
command:
cmd: /usr/local/bin/prepare-saml2-metadata
creates: /etc/ipsilon/root/saml2/metadata.xml
tags:
- ipsilon
- name: set sebooleans so ipsilon can talk to the db
seboolean:
name: httpd_can_network_connect_db

9
roles/ipsilon/templates/prepare-saml2-metadata.py Normal file
View file

@ -0,0 +1,9 @@
#!/usr/bin/env python3
from ipsilon.providers.saml2idp import IdpMetadataGenerator, Certificate
from datetime import timedelta
cert = Certificate()
cert.import_cert('/etc/ipsilon/root/saml2/idp.crt', '/etc/ipsilon/root/saml2/idp.key')
#meta = IdpMetadataGenerator('https://id{{ env_suffix }}.fedoraproject.org', cert, timedelta(3600))
meta = IdpMetadataGenerator('https://id{{ env_suffix }}.fedoraproject.org', cert)
meta.output('/etc/ipsilon/root/saml2/metadata.xml')