updated sso
diff --git a/defaults/main.yml b/defaults/main.yml
index 2bfbdd4..b6bf3b5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,11 +7,12 @@
verification_private_key: private_key.pem
signing_public_key: public_key.pem
-saml_server_key: server.key
-saml_encryption_type: aes256
-saml_self_key_size: 2048
+saml_private_server_key: server.key
+saml_private_encryption_type: aes256
saml_private_key_size: 1024
+
+saml_self_key_size: 2048
saml_cert_signing_request: server.csr
-saml_self_signed_cert: server.crt
-saml_self_encryption_type: sha256
-saml_self_expiry_days: 365
+saml_cert_self_signed: server.crt
+saml_cert_encryption_type: sha256
+saml_cert_expiry_days: 365
diff --git a/tasks/create-private-key-and-self-signed-cert.yml b/tasks/create-private-key-and-self-signed-cert.yml
index caad168..538bee1 100644
--- a/tasks/create-private-key-and-self-signed-cert.yml
+++ b/tasks/create-private-key-and-self-signed-cert.yml
@@ -11,35 +11,34 @@
owner: "{{ opdk_user_name }}"
group: "{{ opdk_group_name }}"
- #- name: Generate a passphrase
- # become: true
- # command: openssl rand -base64 48 > passphrase.txt
- # args:
- # chdir: "{{ saml_folder }}"
+ - name: Generate a passphrase
+ command: "openssl rand -base64 48 > passphrase.txt"
+ args:
+ chdir: "{{ saml_folder }}"
- name: Generate your private key with a passphrase
- command: "openssl genrsa -{{ saml_encryption_type }} -passout pass:xxxx -out {{ saml_server_key }} {{ saml_private_key_size }}"
+ command: "openssl genrsa -{{ saml_private_encryption_type }} -passout pass:xxxx -out {{ saml_private_server_key }} {{ saml_private_key_size }}"
args:
chdir: "{{ saml_folder }}"
- name: Prep to remove Passphrase from Key
copy:
- dest: "{{ saml_folder }}/remove-passphrase-{{ saml_server_key }}"
- src: "{{ saml_folder }}/{{ saml_server_key }}"
+ dest: "{{ saml_folder }}/remove-passphrase-{{ saml_private_server_key }}"
+ src: "{{ saml_folder }}/{{ saml_private_server_key }}"
remote_src: yes
- name: Remove the passphrase from the key
- shell: "openssl rsa -in remove-passphrase-{{ saml_server_key }} -passin pass:xxxx -out {{ saml_server_key }}"
+ shell: "openssl rsa -in remove-passphrase-{{ saml_private_server_key }} -passin pass:xxxx -out {{ saml_private_server_key }}"
args:
chdir: "{{ saml_folder }}"
- name: Generate certificate signing request for CA
- shell: "openssl req -x509 -sha256 -new -passin file:passphrase.txt -key {{ saml_server_key }} -out {{ saml_cert_signing_request }}"
+ shell: "openssl req -x509 -sha256 -new -passin file:passphrase.txt -key {{ saml_private_server_key }} -out {{ saml_cert_signing_request }}"
args:
chdir: "{{ saml_folder }}"
- name: Generate self-signed certificate with 365 days expiry-time
- shell: "openssl x509 -{{ saml_self_encryption_type }} -days {{ saml_self_expiry_days }} -in {{ saml_cert_signing_request }} -signkey {{ saml_server_key }} -out {{ saml_self_signed_cert }}"
+ shell: "openssl x509 -{{ saml_cert_encryption_type }} -days {{ saml_cert_expiry_days }} -in {{ saml_cert_signing_request }} -signkey {{ saml_private_server_key }} -out {{ saml_cert_self_signed }}"
args:
chdir: "{{ saml_folder }}"
