-
Clone the repository, replace with the actual name of your institution
git clone https://github.com/ubuntunet/eduID_IdentityProvider.git <institution>-idp cd <institution>-idp
Create the inventory file for your institution, for more information: http://docs.ansible.com/ansible/intro_inventory.html
cp inventories/template inventories/<institution>
Open the inventory file with your favorite editor and change the ansible_host and ansible_user to your server environment. Don't forget to again replace .
Create the variables file for your institution, more information: http://docs.ansible.com/ansible/playbooks_variables.html
cp group_vars/template group_vars/<institution>
Open the variable files in your favorite editor and adapt the values to your setup.
Some values - passwords, credentials - are sensitive and should never be submitted to the Github repository. They are therefore stored in a file called secrets.yml, which is being ignored by Github.
Create the secrets.yml file
cp group_vars/secrets.yml.example group_vars/serets.yml
Open the secrets.yml file and add the sensitive values.
There are many ways to create random passwords/passphrases/salt, I prefer to use openssl for this task. You can replace 12 with a higher number for longer strings.
openssl rand -base64 12
ansible-playbook -i inventories/<institution> identity_provider.yml
If you want to try it out locally, and you have Vagrant/Virtualbox installed, the following command will run the playbook using the development inventory/variabels.
vagrant up --provision
UbuntuNet Alliance is running a resource registry at https://registry.eduid.africa. This registry can be used by all our member NRENs. Please get in contact with us ([email protected]), so we can add you as a user.
If you already have a federation on the Resource Registry:
- Login at https://registry.eduid.africa
- Go to Register > Identity Federation
- SSH into the server
- Copy the content of the IdP metadata file (/opt/shibboleth-idp/metadata/idp-metadata.xml) from your server into the Metadata form field and click "Next".
- Choose the federation you want your IdP to be added from the "Federation" drop down field and review the preset entries in the other fields.
- Submit the registration request by clicking on "Register"
The playbook runs on RHEL6, but when running it on PPC architecture, you'll need to download and install current versions of Java (7 or 8) and Tomcat7 yourself.
Here is a useful guide: http://lifeofageekadmin.com/install-tomcat-7-java-1-7-centos-6-rhel-6
There is an error, replace /app with /opt in the init.d and setenv.sh scripts.