Giter Site home page Giter Site logo

peppelinux / ansible-shibboleth-idp-sp-debian Goto Github PK

View Code? Open in Web Editor NEW
10.0 5.0 9.0 35.72 MB

A fully automated setup of Shibboleth Idp and SP with many options and features

HTML 9.92% PHP 17.47% Shell 44.84% JavaScript 27.76%
shibboleth-idpv3 shibboleth-sp idp ansible-playbook ansible tomcat8 jetty shibboleth mariadb saml2

ansible-shibboleth-idp-sp-debian's People

Contributors

francesco-filicetti avatar malavolti avatar peppelinux avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

stefanofurgiuele francesco-filicetti carminero universitadellacalabria nsxsoft mrz-unitn malavolti nunzionapolitano

ansible-shibboleth-idp-sp-debian's Issues

Warnings

2019-10-16 10:31:04,168 - - WARN [DEPRECATED:122] - XML Element 'null:StartTLSTrustCredential', (file [/opt/shibboleth-idp/conf/attribute-resolver.xml]): This will be removed in the next major version of this software
2019-10-16 10:31:04,207 - - WARN [DEPRECATED:118] - XML Attribute 'sourceAttributeID', (file [/opt/shibboleth-idp/conf/attribute-resolver.xml]): This will be removed in the next major version of this software; replacement is InputAttributeDefinition or InputDataConnector
2019-10-16 10:32:01,885 - - WARN [DEPRECATED:122] - XML Element 'null:StartTLSTrustCredential', (file [/opt/shibboleth-idp/conf/attribute-resolver.xml]): This will be removed in the next major version of this software
2019-10-16 10:32:01,924 - - WARN [DEPRECATED:118] - XML Attribute 'sourceAttributeID', (file [/opt/shibboleth-idp/conf/attribute-resolver.xml]): This will be removed in the next major version of this software; replacement is InputAttributeDefinition or InputDataConnector

Excellent work!

Hi Giuseppe,

excellent work! There are a number of changes for VirtualBox to work but I got there.

020-07-22 00:08:18,267 - 10.0.2.2 - INFO [org.ldaptive.auth.Authenticator:291] - Authentication succeeded for dn: uid=gino,ou=people,dc=testunical,dc=it

idpIT01

After this, getting opensaml::FatalProfileException at (https://sp.testunical.it:4443/Shibboleth.sso/SAML2/POST)

Unable to establish security of incoming assertion.

Can we not sign the assertion or something? I'm not familiar with Apache Shib module.

Any ideas?

Here is the metadata:

debian:/home/jampy# grep --color -R "https://idp.testunical.it:444" /etc/shibboleth/*
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml:<EntityDescriptor  xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:req-attr="urn:oasis:names:tc:SAML:protocol:ext:req-attr"  entityID="https://idp.testunical.it:4443/idp/shibboleth">
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml:                <mdui:Logo height="80" width="80">https://idp.testunical.it:4443/Path/To/Logo.png</mdui:Logo>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml:        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.testunical.it:4443/idp/profile/SAML2/POST/SLO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml:        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.testunical.it:4443/idp/profile/SAML2/POST-SimpleSign/SLO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml:        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.testunical.it:4443/idp/profile/SAML2/Redirect/SLO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml:        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.testunical.it:4443/idp/profile/SAML2/SOAP/SLO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml: <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" req-attr:supportsRequestedAttributes="true" Location="https://idp.testunical.it:4443/idp/profile/SAML2/POST-SimpleSign/SSO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml:        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" req-attr:supportsRequestedAttributes="true" Location="https://idp.testunical.it:4443/idp/profile/SAML2/Redirect/SSO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml:        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" req-attr:supportsRequestedAttributes="true" Location="https://idp.testunical.it:4443/idp/profile/SAML2/POST/SSO"/>
/etc/shibboleth/metadata/idp.testunical.it-metadata.xml:        <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.testunical.it:4443/idp/profile/SAML2/SOAP/AttributeQuery"/>
/etc/shibboleth/shibboleth2.xml:                              entityID="https://idp.testunical.it:4443/idp/shibboleth">

And the log:

2020-07-21 23:47:13 WARN Shibboleth.SessionInitiator.SAML2 [8] [default]: unable to locate metadata for provider (https://idp.testunical.it:4443/idp/shibboleth)
2020-07-22 00:11:00 WARN OpenSAML.MessageDecoder.SAML2 [11] [default]: no metadata found, can't establish identity of issuer (https://idp.testunical.it/idp/shibboleth)
2020-07-22 00:11:00 WARN Shibboleth.SSO.SAML2 [11] [default]: no metadata found, can't establish identity of issuer (https://idp.testunical.it/idp/shibboleth)
2020-07-22 00:11:00 WARN Shibboleth.SSO.SAML2 [11] [default]: detected a problem with assertion: Unable to establish security of incoming assertion.

Not sure why is using https://idp.testunical.it/idp/shibboleth for identity when accessed by https://idp.testunical.it:4443/idp/shibboleth

Thanks
Cheers

missing ldif

Hi,
I think this line:
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=admin,dc=testunical,dc=it" -w slapdsecret -f ldap/idp_user.ldif

is missing idp_user.ldif

Thoughts?

Also, why would we need LXC? On VirtualBox this would fail on bridge, the reboot is needed.

The line:

lxc-attach $CONTAINER_NAME -- bash -c "cd /root/ansible-slapd-eduperson2016 && \
>                               bash make_CA.production.sh && \
>                               ansible-playbook -i "localhost," -c local playbook.production.yml"

would fail with:

TASK [Gathering Facts] ************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"setup": {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3.7"}, "failed": true, "module_stderr": "/bin/sh: 1: sudo: not found\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 127, "warnings": ["Platform linux on host localhost is using the discovered Python interpreter at /usr/bin/python3.7, but future installation of another Python interpreter could change this. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information."]}}, "msg": "The following modules failed to execute: setup\n"}

PLAY RECAP ************************************************************************************************************************************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Cheers

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.