Newer
Older
# $access_control_ips: an array of IP addresses that should have
# access to administrative pages (e.g., the status page). These addresses
# should be valid CIDR ranges.
# Example:
#
# shibb_idp3::config:
# - 171.67.218.160/28
# - 172.27.218.160/28
# - 171.64.19.46/32
#
# Note that '127.0.0.1/32' and '::1/128' are automatically added to this
# list.
# Let's make some local copies of variables that will be useful in the
# ERB files.
## tomcat8 configuration
file { '/etc/default/tomcat8':
ensure => present,
source => 'puppet:///modules/shibb_idp3/etc/default/tomcat8',
mode => '0644',
}
# Default file resource attributes
File {
ensure => 'present',
mode => '0644',
owner => 'tomcat8',
group => 'tomcat8',
}
# services.properties
# Controls the dynamic reloading behavior of
# services listed services.xml. Right now, we want relying-party
# resources to use legacy V2 format.
file { '/etc/shibboleth-idp/conf/services.properties':
content => template('shibb_idp3/etc/shibboleth-idp/conf/services.properties.erb'),
require => Package['shibboleth-identity-provider'],
}
### Create the directory where the SP metadata files go.
file { '/etc/shibboleth-idp/metadata':
ensure => directory,
require => Package['shibboleth-identity-provider'],
# 1. web.xml: custom version contains TwoStepRemoteUser definition.
file { '/opt/shibboleth-idp/webapp/WEB-INF/web.xml':
content => template('shibb_idp3/opt/shibboleth-idp/webapp/WEB-INF/web.xml.erb'),
require => Package['shibboleth-identity-provider'],
# # 1. metadata-providers.xml: points to all our SP metadata.
# file { '/etc/shibboleth-idp/conf/metadata-providers.xml':
# content => template('shibb_idp3/etc/shibboleth-idp/conf/metadata-providers.xml.erb'),
# require => Package['shibboleth-identity-provider'],
# }
# 2. access-control.xml: allow access to status page
file { '/etc/shibboleth-idp/conf/access-control.xml':
content => template('shibb_idp3/etc/shibboleth-idp/conf/access-control.xml.erb'),
require => Package['shibboleth-identity-provider'],
# 3. logback.xml: log-level settings
file { '/etc/shibboleth-idp/conf/logback.xml':
content => template('shibb_idp3/etc/shibboleth-idp/conf/logback.xml.erb'),
require => Package['shibboleth-identity-provider'],
# 3. saml-nameid.xml
file { '/etc/shibboleth-idp/conf/saml-nameid.properties':
content => template('shibb_idp3/etc/shibboleth-idp/conf/saml-nameid.properties.erb'),
require => Package['shibboleth-identity-provider'],
# #### Often-changed configuration files.
# file { '/etc/shibboleth-idp/conf/relying-party.xml':
# content => template('shibb_idp3/etc/shibboleth-idp/conf/relying-party.xml.erb'),
# require => Package['shibboleth-identity-provider'],
# }
# file { '/etc/shibboleth-idp/conf/attribute-filter.xml':
# source => 'puppet:///modules/shibb_idp3/etc/shibboleth-idp/conf/attribute-filter.xml',
# require => Package['shibboleth-identity-provider'],
# }
# file { '/etc/shibboleth-idp/conf/attribute-resolver.xml':
# source => 'puppet:///modules/shibb_idp3/etc/shibboleth-idp/conf/attribute-resolver.xml',
# require => Package['shibboleth-identity-provider'],
# }
# ### IdP Metadata file
#
# # This file should be in both
# # /opt/shibboleth-idp/metadata/idp-metadata.xml and /var/www.
# file { '/opt/shibboleth-idp/metadata/idp-metadata.xml':
# content => template("shibb_idp3/opt/shibboleth-idp/metadata/idp-metadata-${shibb_idp3::env}.xml.erb"),
# require => Package['shibboleth-identity-provider'],
# }
#
# file { '/var/www/idp-metadata.xml':
# content => template("shibb_idp3/opt/shibboleth-idp/metadata/idp-metadata-${shibb_idp3::env}.xml.erb"),
# require => Package['shibboleth-identity-provider'],
# }
file { '/etc/shibboleth-idp/conf/authn/general-authn.xml':
content => template('shibb_idp3/etc/shibboleth-idp/conf/authn/general-authn.xml.erb'),
require => Package['shibboleth-identity-provider'],
file { '/etc/shibboleth-idp/conf/authn/twostepremoteuser-authn-config.xml':
source => 'puppet:///modules/shibb_idp3/etc/shibboleth-idp/conf/authn/twostepremoteuser-authn-config.xml',
require => Package['shibboleth-identity-provider'],
file { '/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-beans.xml':
source => 'puppet:///modules/shibb_idp3/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-beans.xml',
require => File['/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/'],
file {
'/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/':
ensure => directory,
require => Package['shibboleth-identity-provider'];
'/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-flow.xml':
source => 'puppet:///modules/shibb_idp3/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-flow.xml',
require => Package['shibboleth-identity-provider'];