Skip to content
Snippets Groups Projects
config.pp 4.87 KiB
Newer Older
Adam Lewenberg's avatar
Adam Lewenberg committed
#
#
# relying-party reload

class shibb_idp3::config (
){
Adam Lewenberg's avatar
Adam Lewenberg committed

Adam Lewenberg's avatar
Adam Lewenberg committed
  # Let's make some local copies of variables that will be useful in the
  # ERB files.
Adam Lewenberg's avatar
Adam Lewenberg committed
  $pool_fqdn = "${shibb_idp3::pool_fqdn}"
Adam Lewenberg's avatar
Adam Lewenberg committed

Adam Lewenberg's avatar
Adam Lewenberg committed
  ## tomcat8 configuration
  file { '/etc/default/tomcat8':
    ensure  => present,
    source  => 'puppet:///modules/shibb_idp3/etc/default/tomcat8',
    mode    => '0644',
  }

Adam Lewenberg's avatar
Adam Lewenberg committed
  # Default file resource attributes
  File {
    ensure => 'present',
    mode   => '0644',
    owner  => 'tomcat8',
    group  => 'tomcat8',
  }


Adam Lewenberg's avatar
Adam Lewenberg committed
  ### PROPERTIES FILES

  # idp.properties
Adam Lewenberg's avatar
Adam Lewenberg committed
  include shibb_idp3::config::idp_properties
Adam Lewenberg's avatar
Adam Lewenberg committed

Adam Lewenberg's avatar
Adam Lewenberg committed
  # services.properties
  # Controls the dynamic reloading behavior of
  # services listed services.xml. Right now, we want relying-party
  # resources to use legacy V2 format.
  file { '/etc/shibboleth-idp/conf/services.properties':
    content => template('shibb_idp3/etc/shibboleth-idp/conf/services.properties.erb'),
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
  }

  ### Create the directory where the SP metadata files go.
  file { '/etc/shibboleth-idp/metadata':
    ensure  => directory,
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }


  ###

Adam Lewenberg's avatar
Adam Lewenberg committed
  # 1. web.xml: custom version contains TwoStepRemoteUser definition.
  file { '/opt/shibboleth-idp/webapp/WEB-INF/web.xml':
    content => template('shibb_idp3/opt/shibboleth-idp/webapp/WEB-INF/web.xml.erb'),
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }
Adam Lewenberg's avatar
Adam Lewenberg committed

Adam Lewenberg's avatar
Adam Lewenberg committed
#  # 1. metadata-providers.xml: points to all our SP metadata.
#  file { '/etc/shibboleth-idp/conf/metadata-providers.xml':
#    content => template('shibb_idp3/etc/shibboleth-idp/conf/metadata-providers.xml.erb'),
#    require => Package['shibboleth-identity-provider'],
#  }
Adam Lewenberg's avatar
Adam Lewenberg committed

  # 2. access-control.xml: allow access to status page
  file { '/etc/shibboleth-idp/conf/access-control.xml':
    content => template('shibb_idp3/etc/shibboleth-idp/conf/access-control.xml.erb'),
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }

Adam Lewenberg's avatar
Adam Lewenberg committed
  # 3. logback.xml: log-level settings
  file { '/etc/shibboleth-idp/conf/logback.xml':
    content => template('shibb_idp3/etc/shibboleth-idp/conf/logback.xml.erb'),
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }

Adam Lewenberg's avatar
Adam Lewenberg committed

  # 3. saml-nameid.xml
  file { '/etc/shibboleth-idp/conf/saml-nameid.properties':
    content => template('shibb_idp3/etc/shibboleth-idp/conf/saml-nameid.properties.erb'),
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }

Adam Lewenberg's avatar
Adam Lewenberg committed
#  #### Often-changed configuration files.
#  file { '/etc/shibboleth-idp/conf/relying-party.xml':
#    content => template('shibb_idp3/etc/shibboleth-idp/conf/relying-party.xml.erb'),
#    require => Package['shibboleth-identity-provider'],
#  }
Adam Lewenberg's avatar
Adam Lewenberg committed

  file { '/etc/shibboleth-idp/conf/attribute-filter.xml':
    source  => 'puppet:///modules/shibb_idp3/etc/shibboleth-idp/conf/attribute-filter.xml',
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }

  file { '/etc/shibboleth-idp/conf/attribute-resolver.xml':
    source  => 'puppet:///modules/shibb_idp3/etc/shibboleth-idp/conf/attribute-resolver.xml',
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }


Adam Lewenberg's avatar
Adam Lewenberg committed
  ### IdP Metadata file
Adam Lewenberg's avatar
Adam Lewenberg committed

  # This file should be in both
  # /opt/shibboleth-idp/metadata/idp-metadata.xml and /var/www.
Adam Lewenberg's avatar
Adam Lewenberg committed
  file { '/opt/shibboleth-idp/metadata/idp-metadata.xml':
Adam Lewenberg's avatar
Adam Lewenberg committed
    content => template("shibb_idp3/opt/shibboleth-idp/metadata/idp-metadata-${shibb_idp3::env}.xml.erb"),
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }

Adam Lewenberg's avatar
Adam Lewenberg committed
  file { '/var/www/idp-metadata.xml':
    content => template("shibb_idp3/opt/shibboleth-idp/metadata/idp-metadata-${shibb_idp3::env}.xml.erb"),
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }

Adam Lewenberg's avatar
Adam Lewenberg committed

Adam Lewenberg's avatar
Adam Lewenberg committed
  #### FLOWS

  # general-authn.xml: some customizations
Adam Lewenberg's avatar
Adam Lewenberg committed
  file { '/etc/shibboleth-idp/conf/authn/general-authn.xml':
    content => template('shibb_idp3/etc/shibboleth-idp/conf/authn/general-authn.xml.erb'),
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }

Adam Lewenberg's avatar
Adam Lewenberg committed
  file { '/etc/shibboleth-idp/conf/authn/twostepremoteuser-authn-config.xml':
Adam Lewenberg's avatar
Adam Lewenberg committed
    source  => 'puppet:///modules/shibb_idp3/etc/shibboleth-idp/conf/authn/twostepremoteuser-authn-config.xml',
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => Package['shibboleth-identity-provider'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }

  #   twostepremoteuser-authn-flow.xml
Adam Lewenberg's avatar
Adam Lewenberg committed
  file { '/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-beans.xml':
    source  => 'puppet:///modules/shibb_idp3/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-beans.xml',
Adam Lewenberg's avatar
Adam Lewenberg committed
    require => File['/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/'],
Adam Lewenberg's avatar
Adam Lewenberg committed
  }

Adam Lewenberg's avatar
Adam Lewenberg committed
  file {
    '/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/':
      ensure => directory,
Adam Lewenberg's avatar
Adam Lewenberg committed
      require => Package['shibboleth-identity-provider'];
Adam Lewenberg's avatar
Adam Lewenberg committed
    '/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-flow.xml':
      source  => 'puppet:///modules/shibb_idp3/opt/shibboleth-idp/flows/authn/TwoStepRemoteUser/twostepremoteuser-authn-flow.xml',
Adam Lewenberg's avatar
Adam Lewenberg committed
      require => Package['shibboleth-identity-provider'];
Adam Lewenberg's avatar
Adam Lewenberg committed
}