Skip to content

ubuntunet/eduID_IdentityProvider

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

283 Commits

group_vars

group_vars

 
 

inventories

inventories

 
 

roles

roles

 
 

.gitignore

.gitignore

 
 

CHANGELOG.mdown

CHANGELOG.mdown

 
 

README.mdown

README.mdown

 
 

Vagrantfile

Vagrantfile

 
 

ansible.cfg

ansible.cfg

 
 

identity_provider.yml

identity_provider.yml

 
 

Repository files navigation

Ansible Playbook for Shibboleth Identity Provider (IdP)

Installation

  • Clone the repository, replace with the actual name of your institution

      git clone  https://github.com/ubuntunet/eduID_IdentityProvider.git <institution>-idp
  cd <institution>-idp

Inventory File

Create the inventory file for your institution, for more information: http://docs.ansible.com/ansible/intro_inventory.html

    cp inventories/template inventories/<institution>

Open the inventory file with your favorite editor and change the ansible_host and ansible_user to your server environment. Don't forget to again replace .

Variables File

Create the variables file for your institution, more information: http://docs.ansible.com/ansible/playbooks_variables.html

    cp group_vars/template group_vars/<institution>

Open the variable files in your favorite editor and adapt the values to your setup.

Secrets File

Some values - passwords, credentials - are sensitive and should never be submitted to the Github repository. They are therefore stored in a file called secrets.yml, which is being ignored by Github.

Create the secrets.yml file

    cp group_vars/secrets.yml.example group_vars/serets.yml

Open the secrets.yml file and add the sensitive values.

There are many ways to create random passwords/passphrases/salt, I prefer to use openssl for this task. You can replace 12 with a higher number for longer strings.

    openssl rand -base64 12

Run the playbook

    ansible-playbook -i inventories/<institution> identity_provider.yml

If you want to try it out locally, and you have Vagrant/Virtualbox installed, the following command will run the playbook using the development inventory/variabels.

    vagrant up --provision

Register on UbuntuNets Resource Registry

UbuntuNet Alliance is running a resource registry at https://registry.eduid.africa. This registry can be used by all our member NRENs. Please get in contact with us (eduid@ubuntunet.net), so we can add you as a user.

If you already have a federation on the Resource Registry:

  • Login at https://registry.eduid.africa
  • Go to Register > Identity Federation
  • SSH into the server
  • Copy the content of the IdP metadata file (/opt/shibboleth-idp/metadata/idp-metadata.xml) from your server into the Metadata form field and click "Next".
  • Choose the federation you want your IdP to be added from the "Federation" drop down field and review the preset entries in the other fields.
  • Submit the registration request by clicking on "Register"

RedHat 6

The playbook runs on RHEL6, but when running it on PPC architecture, you'll need to download and install current versions of Java (7 or 8) and Tomcat7 yourself.

Here is a useful guide: http://lifeofageekadmin.com/install-tomcat-7-java-1-7-centos-6-rhel-6

There is an error, replace /app with /opt in the init.d and setenv.sh scripts.

About

Ansible Playbook for a Shibboleth Identity Provider (IdP) on Ubuntu

Topics

ansible ansible-playbook shibboleth shibboleth-idp shibboleth-idpv3 shibboleth-identity-provider eduid

Resources

Readme
Activity
Custom properties

Stars

6 stars

Watchers

2 watching

Forks

16 forks
Report repository

Releases

36 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages