This define installs and configures the Shibboleth IdP on the Puppet agent machine. At first it installs the prerequisites needed to the IdP to be installed. Then downloads and installs the IdP Package from Internet2 Shibboleth repositories.
Parameters:
| configure_admin: | This param permits to specify if the Tomcat administration interface has to be installed on the Tomcat instance or not. If set to true the administration interface is installed and will be accessible on the port 8080 of the Puppet agent machine. |
| tomcat_admin_password: | If the Tomcat administration interface is going to be installed this parameter permits to specify the password for the ‘admin’ user used by tomcat to access the administration interface. |
| tomcat_manager_password: | If the Tomcat administration interface is going to be installed this parameter permits to specify the password for the ‘manager’ user used by tomcat to access the administration interface. |
| shibbolethversion: | This parameter permits to specify the version of Shibboleth IdP to be downloaded from the Internet2 repositories. By default the 2.3.3 version will be downloaded. |
| install_uapprove: | This parameter permits to specify if uApprove has to be installed on this IdP |
| idpfqdn: | This parameters must contain the fully qualified domain name of the IdP. This name must be the exact name used by client users to access the machine over the Internet. This FQDN, in fact, will be used to determine the CN of the certificate used for HTTPS. If the name is not identical with the server name specified by the client, the client‘s browser will raise a security exception. |
| keystorepassword: | This parameter permits to specify the keystore password used to protect the keystore file on the IdP server. |
| mailto: | The email address to be notified when the certificate used for HTTPS is about to expire. if no email address is specified, no mail warning will be sent. |
| install_ldap: | This parameter permits to specify if an OpenLDAP server must be installed on the IdP machine or not. |
| domain_name: | This parameter permits to specify the domain name for the LDAP user database. |
| basedn: | This parameters must contain the base DN of the LDAP server. |
| rootdn: | This parameters must contain the CN for the user with root access to the LDAP server. |
| rootpw: | This parameters must contain the password of the user with root access to the LDAP server. |
| ldap_host: | This parameter must contain the LDAP host the IdP will connect to (may be left undef if install_ldap is set to true). |
| ldap_use_ssl: | This parameter must contain true of the LDAP connection must use SSL (may be left undef if install_ldap is set to true). |
| ldap_use_tls: | This parameter must contain true of the LDAP connection must use TLS (may be left undef if install_ldap is set to true). |
Actions:
Requires:
Sample Usage: To install Shibboleth IdP on a node the following example configuration should be put into the site.pp file on the Puppet Master:
include shib2idp
node agenthostname {
class { 'shib2idp::iptables':
iptables_enable_network => '192.168.56.0/24',
}
shib2idp::instance { '${hostname}-idp':
configure_admin => true,
tomcat_admin_password => 'adminpassword',
tomcat_manager_password => 'managerpassword',
shibbolethversion => '2.3.3',
install_uapprove => true,
idpfqdn => 'idp.example.org',
keystorepassword => 'puppetpassword',
mailto => 'support@garr.it',
install_ldap => true,
domain_name => 'example.com',
basedn => 'dc=example,dc=com',
rootdn => 'cn=admin',
rootpw => 'ldappassword',
ldap_host => undef,
ldap_use_ssl => undef,
ldap_use_tls => undef,
}
}