Google Git
Sign in
edge/private-cloud-ansible-playbooks/apigee-opdk-setup-edge-sso-config/ba3d29ddb7263c6db9898b0fdd321a7d4e6a437a^!/.
commit
ba3d29ddb7263c6db9898b0fdd321a7d4e6a437a
[log]
author
Carlos Frias <friasc@google.com>
Thu Apr 12 18:43:10 2018 -0400
committer
Carlos Frias <friasc@google.com>
Thu Apr 12 18:43:10 2018 -0400
tree
7000cede6343a589ed8e2a8baeb1b2d263815ec1
parent
093fb02f54ae6a9ba256edbefd98470235ff3a40 [diff]
updated sso

diff --git a/defaults/main.yml b/defaults/main.yml
index 8cf0e4f..a5bde60 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml

@@ -15,7 +15,8 @@
 sso_saml_service_provider_key: "{{ saml_folder }}/{{ sso_saml_service_provider_key_filename}}"
 saml_private_encryption_type: aes256
 saml_private_key_size: 1024
-saml_cert_signing_request: server.csr
+saml_cert_signing_request_file_name: server.csr
+saml_cert_signing_request: "{{ saml_folder }}/{{ saml_cert_signing_request_file_name }}"
 sso_saml_service_provider_certificate_filename: server.crt
 sso_saml_service_provider_certificate: "{{ saml_folder }}/{{ sso_saml_service_provider_certificate_filename }}"
 saml_cert_encryption_type: sha256

diff --git a/tasks/create-jwt-keys.yml b/tasks/create-jwt-keys.yml
index 428db36..4195611 100644
--- a/tasks/create-jwt-keys.yml
+++ b/tasks/create-jwt-keys.yml

@@ -13,7 +13,7 @@
       chdir: "{{ jwt_key_folder }}"
     register: passphrase
 
-  - name: Create Signing Key
+  - name: Generate your private key with a passphrase
     shell: "openssl genrsa -passout pass:{{ passphrase.stdout }} -out {{ jwt_private_key }} {{ jwt_key_size }}"
     args:
       chdir: "{{ jwt_key_folder }}"

diff --git a/tasks/create-saml-keys-cert.yml b/tasks/create-saml-keys-cert.yml
index bc7f0a6..570eb2e 100644
--- a/tasks/create-saml-keys-cert.yml
+++ b/tasks/create-saml-keys-cert.yml

@@ -7,42 +7,56 @@
       owner: "{{ opdk_user_name }}"
       group: "{{ opdk_group_name }}"
 
-  - name: Generate a passphrase
-    command: "openssl rand -base64 48"
-    args:
-      chdir: "{{ saml_folder }}"
-    register: passphrase
+#  - name: Generate a passphrase
+#    command: "openssl rand -base64 48"
+#    args:
+#      chdir: "{{ saml_folder }}"
+#    register: passphrase
+#
+#  - name: Generate your private key with a passphrase
+#    command: "openssl genrsa -{{ saml_private_encryption_type }} -passout pass:{{ passphrase.stdout }} -out {{ sso_saml_service_provider_key_filename}} {{ saml_private_key_size }}"
+#    args:
+#      chdir: "{{ saml_folder }}"
+
+  - name: Calculate 365 days
+    command: date -d '+365 days' +%y%m%d%H%M
+    register: expiry
 
   - name: Generate your private key with a passphrase
-    command: "openssl genrsa -{{ saml_private_encryption_type }} -passout pass:{{ passphrase.stdout }} -out {{ sso_saml_service_provider_key_filename}} {{ saml_private_key_size }}"
-    args:
-      chdir: "{{ saml_folder }}"
+    openssl_certificate:
+      path: "{{ sso_saml_service_provider_certificate_filename }}"
+      privatekey_path: "{{ sso_saml_service_provider_key_filename }}"
+      csr_path: "{{ saml_cert_signing_request_file_name }}"
+      provider: selfsigned
+      subject: "{{ saml_cert_subject }}"
+      state: present
+      not_after: "{{ expiry.stdout }}"
 
-  - name: Prep to remove passphrase from Key
-    copy:
-      dest: "{{ saml_folder }}/remove-passphrase-{{ sso_saml_service_provider_key_filename}}"
-      src: "{{ saml_folder }}/{{ sso_saml_service_provider_key_filename}}"
-      remote_src: yes
+#  - name: Prep to remove passphrase from Key
+#    copy:
+#      dest: "{{ saml_folder }}/remove-passphrase-{{ sso_saml_service_provider_key_filename}}"
+#      src: "{{ saml_folder }}/{{ sso_saml_service_provider_key_filename}}"
+#      remote_src: yes
+#
+#  - name: Remove the passphrase from the key
+#    shell: "openssl rsa -in remove-passphrase-{{ sso_saml_service_provider_key_filename}} -passin pass:{{ passphrase.stdout }} -out {{ sso_saml_service_provider_key_filename}}"
+#    args:
+#      chdir: "{{ saml_folder }}"
+#
+#  - name: Clean up passphrase removal file
+#    file:
+#      path: "{{ saml_folder }}/remove-passphrase-{{ sso_saml_service_provider_key_filename}}"
+#      state: absent
+#
+#  - name: Generate certificate signing request for CA
+#    shell: "openssl req -x509 -sha256 -new -passin pass:{{ passphrase.stdout }}  -key {{ sso_saml_service_provider_key_filename}} -out {{ saml_cert_signing_request_file_name }} -subj {{ saml_cert_subject }}"
+#    args:
+#      chdir: "{{ saml_folder }}"
 
-  - name: Remove the passphrase from the key
-    shell: "openssl rsa -in remove-passphrase-{{ sso_saml_service_provider_key_filename}} -passin pass:{{ passphrase.stdout }} -out {{ sso_saml_service_provider_key_filename}}"
-    args:
-      chdir: "{{ saml_folder }}"
-
-  - name: Clean up passphrase removal file
-    file:
-      path: "{{ saml_folder }}/remove-passphrase-{{ sso_saml_service_provider_key_filename}}"
-      state: absent
-
-  - name: Generate certificate signing request for CA
-    shell: "openssl req -x509 -sha256 -new -passin pass:{{ passphrase.stdout }}  -key {{ sso_saml_service_provider_key_filename}} -out {{ saml_cert_signing_request }} -subj {{ saml_cert_subject }}"
-    args:
-      chdir: "{{ saml_folder }}"
-
-  - name: Generate self-signed certificate with 365 days expiry-time
-    shell: "openssl x509 -{{ saml_cert_encryption_type }} -days {{ saml_cert_expiry_days }} -in {{ saml_cert_signing_request }} -signkey {{ sso_saml_service_provider_key_filename}} -out {{ sso_saml_service_provider_certificate_filename }}"
-    args:
-      chdir: "{{ saml_folder }}"
+#  - name: Generate self-signed certificate with 365 days expiry-time
+#    shell: "openssl x509 -{{ saml_cert_encryption_type }} -days {{ saml_cert_expiry_days }} -in {{ saml_cert_signing_request_file_name }} -signkey {{ sso_saml_service_provider_key_filename}} -out {{ sso_saml_service_provider_certificate_filename }}"
+#    args:
+#      chdir: "{{ saml_folder }}"
 
   become: yes