From fc759fd4470ad12d238c9fae0cf2e45fe6e53452 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Wed, 24 Mar 2021 18:31:34 +0100 Subject: [PATCH] Add the ipsilon script to generate the metadata MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- roles/ipsilon/tasks/main.yml | 17 +++++++++++++++++ .../ipsilon/templates/prepare-saml2-metadata.py | 9 +++++++++ 2 files changed, 26 insertions(+) create mode 100644 roles/ipsilon/templates/prepare-saml2-metadata.py diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml index 765439c5bb..8e16297678 100644 --- a/roles/ipsilon/tasks/main.yml +++ b/roles/ipsilon/tasks/main.yml @@ -293,6 +293,23 @@ tags: - ipsilon +- name: copy saml2 metadata script + template: + src: prepare-saml2-metadata.py + dest: /usr/local/bin/prepare-saml2-metadata + owner: root + group: root + mode: 0755 + tags: + - ipsilon + +- name: generate the saml2 metadata + command: + cmd: /usr/local/bin/prepare-saml2-metadata + creates: /etc/ipsilon/root/saml2/metadata.xml + tags: + - ipsilon + - name: set sebooleans so ipsilon can talk to the db seboolean: name: httpd_can_network_connect_db diff --git a/roles/ipsilon/templates/prepare-saml2-metadata.py b/roles/ipsilon/templates/prepare-saml2-metadata.py new file mode 100644 index 0000000000..da75b2d9ef --- /dev/null +++ b/roles/ipsilon/templates/prepare-saml2-metadata.py @@ -0,0 +1,9 @@ +#!/usr/bin/env python3 + +from ipsilon.providers.saml2idp import IdpMetadataGenerator, Certificate +from datetime import timedelta +cert = Certificate() +cert.import_cert('/etc/ipsilon/root/saml2/idp.crt', '/etc/ipsilon/root/saml2/idp.key') +#meta = IdpMetadataGenerator('https://id{{ env_suffix }}.fedoraproject.org', cert, timedelta(3600)) +meta = IdpMetadataGenerator('https://id{{ env_suffix }}.fedoraproject.org', cert) +meta.output('/etc/ipsilon/root/saml2/metadata.xml')