From 05c666384dda8ff3dae8558fe50640db4b41b1ad Mon Sep 17 00:00:00 2001
From: CVL-GitHub <jupiter.hu@monash.edu>
Date: Thu, 13 Aug 2015 16:25:57 +1000
Subject: [PATCH] Fixed configuration

---
 roles/karaage3.1.17/tasks/karaage.yml        | 13 +++++++++++++
 roles/karaage3.1.17/templates/default-ssl.j2 | 10 +++++-----
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/roles/karaage3.1.17/tasks/karaage.yml b/roles/karaage3.1.17/tasks/karaage.yml
index d1003bb0..c9536a3e 100644
--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -96,7 +96,20 @@
 -
  name: "enabling Karaage configuration"
  shell: cp -rvpf /root/karaage3.1.7/conf/karaage3-wsgi.conf /etc/httpd/conf.d/karaage3-wsgi.conf
+ sudo: true
  when: ansible_os_family == "RedHat"
+-
+ name: "Enable shibboleth, should it be in shibboleth-sp role?"
+ lineinfile: insertafter="{{ item.after }}" line="{{ item.line }}" dest=/etc/{% if ansible_os_family == 'RedHat'  %}httpd{% else %}apache2{% endif %}/conf-available/karaage3-wsgi.conf state=present
+ with_items:
+   - { after: 'EOF', line: '<Location /karaage>' } 
+   - { after: '^<Location /karaage>', line: 'AuthType Shibboleth' }
+   - { after: '^AuthType Shibboleth', line: 'ShibRequireSession On' }
+   - { after: '^ShibRequireSession On', line: 'ShibUseHeaders On' }
+   - { after: '^ShibUseHeaders On', line: 'require valid-user' }
+   - { after: '^require valid-user', line: '</Location>' }
+ sudo: true
+
 -
  name: "Installing other packages Debian"
  apt: name={{ item }} update_cache=yes
diff --git a/roles/karaage3.1.17/templates/default-ssl.j2 b/roles/karaage3.1.17/templates/default-ssl.j2
index b4bd3250..6462e0a4 100644
--- a/roles/karaage3.1.17/templates/default-ssl.j2
+++ b/roles/karaage3.1.17/templates/default-ssl.j2
@@ -59,12 +59,12 @@
 	#   Note: Inside SSLCACertificatePath you need hash symlinks
 	#         to point to the certificate files. Use the provided
 	#         Makefile to update the hash symlinks after changes.
-    {% if ldapCaCertFile is defined and ldapCaCertSrc is defined %}
-	SSLCACertificatePath {{ ldapCaCertSrc }} 
-    SSLCACertificateFile {{ ldapCaCertSrc }}/{{ ldapCaCertFile }}
+    {% if ldapCaCertFile is defined and ldapCaCertDir is defined %}
+    SSLCACertificatePath {{ ldapCaCertDir }} 
+    SSLCACertificateFile {{ ldapCaCertDir }}/{{ ldapCaCertFile }}
     {% else %}
-	SSLCACertificatePath /etc/ssl/certs/
-	SSLCACertificateFile {{ x509_cacert_file }}
+    SSLCACertificatePath /etc/ssl/certs/
+    SSLCACertificateFile {{ x509_cacert_file }}
     {% endif %}
 
 	#   Certificate Revocation Lists (CRL):
-- 
GitLab