diff --git a/roles/karaage3.1.17/tasks/karaage.yml b/roles/karaage3.1.17/tasks/karaage.yml
index 1142ced19b1fc72e522758b3d6da17e8517c7d5b..d4a11f1ce9699f0845d231694e19bf519a680e56 100644
--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -98,19 +98,6 @@
shell: cp -rvpf /root/karaage3.1.7/conf/karaage3-wsgi.conf /etc/httpd/conf.d/karaage3-wsgi.conf
sudo: true
when: ansible_os_family == "RedHat"
--
- name: "Enable shibboleth, should it be in shibboleth-sp role?"
- lineinfile: insertafter="{{ item.after }}" line="{{ item.line }}" dest=/etc/{% if ansible_os_family == 'RedHat' %}httpd{% else %}apache2{% endif %}/conf-available/karaage3-wsgi.conf state=present
- with_items:
- - { after: 'EOF', line: '<Location /karaage>' }
- - { after: '^<Location /karaage>', line: 'AuthType Shibboleth' }
- - { after: '^AuthType Shibboleth', line: 'ShibRequireSession On' }
- - { after: '^ShibRequireSession On', line: 'ShibUseHeaders On' }
- - { after: '^ShibUseHeaders On', line: 'require valid-user' }
- - { after: 'EOF', line: '</Location>' }
-# - { after: '^require valid-user', line: '</Location>' }
- sudo: true
-
-
name: "Installing other packages Debian"
apt: name={{ item }} update_cache=yes
@@ -189,3 +176,16 @@
service: name=httpd state=reloaded
sudo: true
when: ansible_os_family == "RedHat"
+
+-
+ name: "Enable shibboleth (ansible-galaxy install yaegashi.blockinfile)"
+ blockinfile:
+ dest: /etc/apache2/conf-available/karaage3-wsgi.conf
+ block: |
+ <Location /karaage>
+ AuthType Shibboleth
+ ShibRequireSession On
+ ShibUseHeaders On
+ require valid-user
+ </Location>
+
diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml
index 582041c82664276f87e22f95ac0ae7552634c122..dab389be020e153c5a393d640246c21bcba62528 100644
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -83,6 +83,16 @@
file: path={{ cacert | dirname }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
sudo: true
+- name: make ldap certs dir
+ file: path={{ ldapCertDir }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
+ sudo: true
+ when: ldapCertDir is defined
+
+- name: make ldap private dir
+ file: path={{ ldapPrivateDir }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
+ sudo: true
+ when: ldapPrivateDir is defined
+
# Change to remove easy-rsa and to use fixed key and certs
- name: copy fixed keys and certs from files directory
template: src=files/{{ item.src }} dest="{{ item.dest }}" mode={{ item.mode }} owner=root group=root
diff --git a/roles/shibboleth-sp/tasks/shibbolethConfig.yml b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
index 14b57c94d7b2280febbe522847cd0542c66b151d..1756ff560e746b80a4177669abe11edf1eb6aff0 100644
--- a/roles/shibboleth-sp/tasks/shibbolethConfig.yml
+++ b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
@@ -101,7 +101,7 @@
file: path=/etc/shibboleth/private, state=directory, mode=700, owner=_shibd
sudo: true
-- name: copy shib key:
+- name: copy shib key
sudo: true
copy: src=files/{{ shib_key }} dest=/etc/shibboleth/private/{{ shib_key }} owner=_shibd, mode=600
@@ -109,7 +109,7 @@
file: path=/etc/shibboleth/certs, state=directory, mode=755, owner=_shibd
sudo: true
-- name: copy shib cert:
+- name: copy shib cert
sudo: true
copy: src=files/{{ shib_cert }} dest=/etc/shibboleth/certs/{{ shib_cert }} owner=_shibd, mode=644
diff --git a/roles/shibboleth-sp/templates/attribute-map.xml.j2 b/roles/shibboleth-sp/templates/attribute-map.xml.j2
index 6b8a8c85270e92ea601908afd94eb399d05d59e8..b25ca20e519c99ba45852d94c5d795bcc7669cab 100644
--- a/roles/shibboleth-sp/templates/attribute-map.xml.j2
+++ b/roles/shibboleth-sp/templates/attribute-map.xml.j2
@@ -149,5 +149,6 @@
<Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
<Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
-->
-
+ <Attribute name="urn:mace:dir:attribute-def:auEduPersonSharedToken" id="auEduPersonSharedToken"/>
+ <Attribute name="urn:oid:1.3.6.1.4.1.27856.1.2.5" id="auEduPersonSharedToken"/>
</Attributes>