commit b0fe83d43527a2e8299d246235eab7726046d356
author Carlos Frias <friasc@google.com> Wed Apr 11 10:17:52 2018 -0400
committer Carlos Frias <friasc@google.com> Wed Apr 11 10:17:52 2018 -0400
tree e2701edc1c9751e947c4495ef4a42662c7cde2e2
parent aa58d1a51db6d31386b38e7bd2a472b27f41ac09

updated sso

defaults/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 11002e4..ae8558c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -16,5 +16,4 @@
 saml_cert_self_signed: server.crt
 saml_cert_encryption_type: sha256
 saml_cert_expiry_days: 365
-
-saml_cert_subject: "/C=US/O=google/OU=apigee/CN=apigee.com"
\ No newline at end of file
+saml_cert_subject: "/C=US/O=google/OU=apigee/CN=apigee.com"

tasks/create-private-key-and-self-signed-cert.yml

diff --git a/tasks/create-private-key-and-self-signed-cert.yml b/tasks/create-private-key-and-self-signed-cert.yml
index 0f65a2c..2d95dd7 100644
--- a/tasks/create-private-key-and-self-signed-cert.yml
+++ b/tasks/create-private-key-and-self-signed-cert.yml
@@ -12,12 +12,13 @@
       group: "{{ opdk_group_name }}"
 
   - name: Generate a passphrase
-    shell: "openssl rand -base64 48 > passphrase.txt"
+    command: "openssl rand -base64 48"
     args:
       chdir: "{{ saml_folder }}"
+    register: passphrase
 
   - name: Generate your private key with a passphrase
-    command: "openssl genrsa -{{ saml_private_encryption_type }} -passout pass:xxxx -out {{ saml_private_server_key }} {{ saml_private_key_size }}"
+    command: "openssl genrsa -{{ saml_private_encryption_type }} -passout pass:{{ passphrase }} -out {{ saml_private_server_key }} {{ saml_private_key_size }}"
     args:
       chdir: "{{ saml_folder }}"
 
@@ -28,12 +29,12 @@
       remote_src: yes
 
   - name: Remove the passphrase from the key
-    shell: "openssl rsa -in remove-passphrase-{{ saml_private_server_key }} -passin pass:xxxx -out {{ saml_private_server_key }}"
+    shell: "openssl rsa -in remove-passphrase-{{ saml_private_server_key }} -passin pass:{{ passphrase }} -out {{ saml_private_server_key }}"
     args:
       chdir: "{{ saml_folder }}"
 
   - name: Generate certificate signing request for CA
-    shell: "openssl req -x509 -sha256 -new -passin file:passphrase.txt -key {{ saml_private_server_key }} -out {{ saml_cert_signing_request }} -subj {{ saml_cert_subject }}"
+    shell: "openssl req -x509 -sha256 -new -passin pass:{{ passphrase }}  -key {{ saml_private_server_key }} -out {{ saml_cert_signing_request }} -subj {{ saml_cert_subject }}"
     args:
       chdir: "{{ saml_folder }}"