updated sso
diff --git a/defaults/main.yml b/defaults/main.yml
index e01fc81..30a1f15 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,3 +4,13 @@
edge_sso_installation_config_filename: edge-sso-installer-config.conf
edge_sso_installation_config_file: "{{ opdk_installer_path }}/{{ edge_sso_installation_config_filename }}"
+verification_private_key: private_key.pem
+signing_public_key: public_key.pem
+
+saml_server_key: server.key
+saml_encryption_type: aes256
+saml_key_size: 1024
+saml_cert_signing_request: server.csr
+saml_self_signed_cert: server.crt
+saml_self_encryption_type: sha256
+saml_expiry_days: 365
diff --git a/tasks/create-private-key-and-self-signed-cert.yml b/tasks/create-private-key-and-self-signed-cert.yml
new file mode 100644
index 0000000..9c3be64
--- /dev/null
+++ b/tasks/create-private-key-and-self-signed-cert.yml
@@ -0,0 +1,48 @@
+---
+- name: Set SAML folder path
+ set_fact:
+ saml_folder: "{{ apigee_home }}/customer/application/apigee-sso/saml/"
+
+- name: Create SAML folder
+ file:
+ path: "{{ saml_folder }}"
+ state: directory
+ owner: "{{ opdk_user_name }}"
+ group: "{{ opdk_group_name }}"
+
+- name: Generate your private key with a passphrase
+ become: true
+ shell: "openssl genrsa -{{ saml_encryption_type }} -out {{ saml_server_key }} {{ saml_key_size }}"
+ args:
+ chdir: "{{ saml_folder }}"
+
+- name: Remove the passphrase from the key
+ become: yes
+ shell: "openssl rsa -in {{ saml_server_key }} -out {{ saml_server_key }}"
+ args:
+ chdir: "{{ saml_folder }}"
+
+- name: Generate certificate signing request for CA
+ become: yes
+ shell: "openssl req -x509 -sha256 -new -key {{ saml_server_key }} -out {{ saml_cert_signing_request }}"
+
+- name: Generate self-signed certificate with 365 days expiry-time
+ become: yes
+ shell: "openssl x509 -{{ saml_self_encryption_type }} -days {{ saml_expiry_days }} -in {{ saml_cert_signing_request }} -signkey {{ saml_server_key }} -out {{ saml_self_signed_cert }}"
+
+- name: Collect certificate files
+ find:
+ paths: "{{ saml_folder }}"
+ patterns: '*.crt,*.key'
+ register: certs
+
+- name: Set ownship of certs
+ file:
+ path: "{{ item.1.path }}"
+ state: touch
+ owner: "{{ opdk_user_name }}"
+ group: "{{ opdk_group_name }}"
+ with_subelements:
+ - "{{ certs.results }}"
+ - files
+
diff --git a/tasks/create-verification-and-signing-key.yml b/tasks/create-verification-and-signing-key.yml
new file mode 100644
index 0000000..6cbbb09
--- /dev/null
+++ b/tasks/create-verification-and-signing-key.yml
@@ -0,0 +1,42 @@
+---
+- name: Set jwt-keys path
+ set_fact:
+ jwt_key_folder: "{{ apigee_home }}/customer/application/apigee-sso/jwt-keys"
+
+- name: Create folder for jwt-keys
+ become: yes
+ file:
+ path: "{{ jwt_key_folder }}"
+ state: directory
+ owner: "{{ opdk_user_name }}"
+ group: "{{ opdk_group_name }}"
+
+- name: Create Signing Key
+ become: yes
+ shell: "openssl genrsa -out {{ signing_private_key }} 2048"
+ args:
+ chdir: "{{ jwt_key_folder }}"
+
+- name: Generate Verification Key
+ become: yes
+ shell: "openssl rsa -pubout -in {{ signing_private_key }} -out {{ verification_public_key }}"
+ args:
+ chdir: "{{ jwt_key_folder }}"
+
+- name: Collect .pem files
+ find:
+ paths: "{{ jwt_key_folder }}"
+ patterns: '*.pem'
+ register: pems
+
+- name: Set ownship of certs
+ file:
+ path: "{{ item.1.path }}"
+ state: touch
+ owner: "{{ opdk_user_name }}"
+ group: "{{ opdk_group_name }}"
+ with_subelements:
+ - "{{ pems.results }}"
+ - files
+
+> sudo chown apigee:apigee *.pem
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index a2c7943..370d3b8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,5 +1,17 @@
---
# tasks file for apigee-opdk-setup-edge-sso
+- name: Install openssh
+ become: yes
+ yum:
+ name: openssh
+ state: present
+
+- name: Create Private key and Self Signed Certificate Request
+ include_tasks: create-private-key-and-self-signed-cert.yml
+
+- name: Create Verification and Signing Key
+ include_tasks: create-verification-and-signing-key.yml
+
- name: Update cache with key and value
cache:
key: "{{ item.key }}"
