---
#-
# name: "Copying the shibboleth files"
# template: src=files/{{ item.src }} dest="{{ item.dest }}" mode=0644
# with_items: shibboleth_file
# sudo: true

- 
  name: "Setting shibboleth2.xml sp.example.org"
  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
   regexp: sp.example.org 
   replace: "{{ ansible_hostname }}.{{ domain }}"
   backup: yes
   
-
 name: "Remove SSO entityID"
 lineinfile: 
 args:
   dest: /etc/shibboleth/shibboleth2.xml
   regexp: '^(\s*)<SSO entityID="https://idp.example.org/idp/shibboleth"'
   line: '\1<SSO'
   backrefs: true
 sudo: true

- 
  name: "Setting shibboleth2.xml handlerSSL"
  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
   regexp: 'handlerSSL="false"' 
   replace: 'handlerSSL="true"   handlerURL="https://{{ ansible_hostname }}.{{ domain }}/Shibboleth.sso"' 
   

- 
  name: "Setting shibboleth2.xml supportContact"
  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
   regexp: 'supportContact="root@localhost"' 
   replace: 'supportContact="{{ admin_email }}"'
   

- 
  name: "Enabling MetadataProvider"
  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
   regexp: '<!-- Example of remotely supplied batch of signed metadata. -->\s+<!--\s+<MetadataProvider' 
   replace: '<!-- Example of remotely supplied batch of signed metadata. -->\n\t<MetadataProvider'
   
- 
  name: "Enabling MetadataProvider"
  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
   regexp: '</MetadataProvider>\s+-->' 
   replace: '</MetadataProvider>'
- 
  name: "Setting shibboleth2.xml Federation URI"
  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
   regexp: 'uri="http://federation.org/federation-metadata.xml"' 
   replace: 'uri="{{ aaf_federation_url }}/metadata.aaf.signed.complete.xml"'
   
- 
  name: "Setting shibboleth2.xml backingFilePath"
  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
   regexp: 'backingFilePath="federation-metadata.xml"' 
   replace: 'backingFilePath="metadata.aaf.xml"'
   
- name: copy AAF metadata cert
  copy: src=files/{{ shib_metadata_cert }} dest=/etc/shibboleth/aaf-metadata-cert.pem mode=644
  sudo: true


- name: "Setting shibboleth2.xml aaf Certificate"
  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
   regexp: 'type="Signature" certificate="fedsigner.pem"' 
   replace: 'type="Signature" certificate="aaf-metadata-cert.pem"'
   
- 
  name: "Setting shibboleth2.xml AAF Discovery URL"
  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
   regexp: 'discoveryURL=".*"' 
   replace: 'discoveryURL="{{ aaf_discovery_url }}"'
   
- name: make shib private directory
  file: path=/etc/shibboleth/private state=directory mode=700 owner="_shibd"
  sudo: true

- name: copy shib key
  sudo: true
  copy: src=files/{{ shib_key }} dest=/etc/shibboleth/private/{{ shib_key }} owner="_shibd" mode=600

- name: make shib certs directory
  file: path=/etc/shibboleth/certs state=directory mode=755 owner="_shibd"
  sudo: true

- name: copy shib cert
  sudo: true
  copy: src=files/{{ shib_cert }} dest=/etc/shibboleth/certs/{{ shib_cert }} owner="_shibd" mode=644

- 
  name: "Setting shibboleth2.xml Credential Resolver"
  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
   regexp: '<CredentialResolver type="File" key=".*" certificate=".*"/>' 
   replace: '<CredentialResolver type="File" key="/etc/shibboleth/private/{{ shib_key }}" certificate="/etc/shibboleth/certs/{{ shib_cert }}"/>'

-
 name: "Templating attribute-map.xml"
 sudo: true
 template:
 args:
   src: attribute-map.xml.j2
   dest: /etc/shibboleth/attribute-map.xml
 notify:
   - Restarting Apache
   - Restarting shibboleth
-
 name: "Starting shibboleth"
 sudo: true
 service: name=shibd state=started enabled=yes