From 47ce8bf05c85e25253f571f808ac758c8354e398 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 13 Feb 2020 14:14:04 +0100 Subject: [PATCH] simplesaml: fix a problem in the main configuration. It's now possible to enable/disable debug and error output. --- library/roles/simplesaml/defaults/main.yml | 5 +++++ library/roles/simplesaml/tasks/main.yml | 8 +++---- .../{authsources.php => authsources.php.j2} | 0 .../templates/{config.php => config.php.j2} | 21 ++++++++++--------- ...x-virthost.conf => nginx-virthost.conf.j2} | 0 ...dp-hosted.php => saml20-idp-hosted.php.j2} | 0 ...-sp-remote.php => saml20-sp-remote.php.j2} | 0 7 files changed, 20 insertions(+), 14 deletions(-) rename library/roles/simplesaml/templates/{authsources.php => authsources.php.j2} (100%) rename library/roles/simplesaml/templates/{config.php => config.php.j2} (98%) rename library/roles/simplesaml/templates/{nginx-virthost.conf => nginx-virthost.conf.j2} (100%) rename library/roles/simplesaml/templates/{saml20-idp-hosted.php => saml20-idp-hosted.php.j2} (100%) rename library/roles/simplesaml/templates/{saml20-sp-remote.php => saml20-sp-remote.php.j2} (100%) diff --git a/library/roles/simplesaml/defaults/main.yml b/library/roles/simplesaml/defaults/main.yml index 3567977..c50d1a0 100644 --- a/library/roles/simplesaml/defaults/main.yml +++ b/library/roles/simplesaml/defaults/main.yml @@ -24,6 +24,11 @@ simplesaml_protectindexpage: 'true' simplesaml_protectmetadata: 'false' # ERR, WARNING, NOTICE, INFO, DEBUG simplesaml_loglevel: NOTICE +simplesaml_debug_saml: 'false' +simplesaml_debug_backtraces: 'true' +simplesaml_debug_validatexml: 'false' +simplesaml_php_show_errors: 'false' +simplesaml_error_reporting: 'false' # Change this one when we are setting up a cluster of simplesaml servers simplesaml_create_self_signed_cert_host: '{{ ansible_fqdn }}' diff --git a/library/roles/simplesaml/tasks/main.yml b/library/roles/simplesaml/tasks/main.yml index 09555a2..d3294a0 100644 --- a/library/roles/simplesaml/tasks/main.yml +++ b/library/roles/simplesaml/tasks/main.yml @@ -63,19 +63,19 @@ tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ] - name: Install the simplesaml config files - template: src={{ item }}.php dest={{ simplesaml_install_dir }}/config/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640 + template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/config/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640 with_items: - config - authsources tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ] - name: Install some metadata files - template: src={{ item }}.php dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640 + template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640 with_items: - saml20-idp-hosted - name: Install some metadata files - template: src={{ item }}.php dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640 + template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640 with_items: - saml20-sp-remote when: simplesaml_global_sp_remote_template @@ -109,7 +109,7 @@ - block: - name: Install the nginx virtualhosts - template: src=nginx-virthost.conf dest=/etc/nginx/sites-available/{{ item.virthost }} owner=root group=root mode=0444 + template: src=nginx-virthost.conf.j2 dest=/etc/nginx/sites-available/{{ item.virthost }} owner=root group=root mode=0444 with_items: '{{ phpfpm_pools }}' notify: Reload nginx diff --git a/library/roles/simplesaml/templates/authsources.php b/library/roles/simplesaml/templates/authsources.php.j2 similarity index 100% rename from library/roles/simplesaml/templates/authsources.php rename to library/roles/simplesaml/templates/authsources.php.j2 diff --git a/library/roles/simplesaml/templates/config.php b/library/roles/simplesaml/templates/config.php.j2 similarity index 98% rename from library/roles/simplesaml/templates/config.php rename to library/roles/simplesaml/templates/config.php.j2 index 0ea3c26..439c120 100644 --- a/library/roles/simplesaml/templates/config.php +++ b/library/roles/simplesaml/templates/config.php.j2 @@ -66,7 +66,7 @@ $config = [ * root directory. */ {% endraw %} - 'certdir' => '{{ simplesaml_cert_dir }}', + 'certdir' => '{{ simplesaml_cert_dir }}', 'loggingdir' => '{{ simplesaml_log_dir }}', 'datadir' => '{{ simplesaml_data_dir }}', 'tempdir' => '{{ simplesaml_tmp_dir }}', @@ -96,8 +96,6 @@ $config = [ */ 'timezone' => null, - - /********************************** | SECURITY CONFIGURATION OPTIONS | **********************************/ @@ -231,10 +229,11 @@ $config = [ * If you want to disable debugging completely, unset this option or set it to an * empty array. */ +{% endraw %} 'debug' => [ - 'saml' => false, - 'backtraces' => true, - 'validatexml' => false, + 'saml' => {{ simplesaml_debug_saml}}, + 'backtraces' => {{ simplesaml_debug_backtraces }}, + 'validatexml' => {{ simplesaml_debug_validatexml }}, ], /* @@ -244,9 +243,9 @@ $config = [ * When 'errorreporting' is enabled, a form will be presented for the user to report * the error to 'technicalcontact_email'. */ - 'showerrors' => true, - 'errorreporting' => true, - + 'showerrors' => {{ simplesaml_php_show_errors }}, + 'errorreporting' => {{ simplesaml_error_reporting }}, +{% raw %} /* * Custom error show function called from SimpleSAML\Error\Error::show. * See docs/simplesamlphp-errorhandling.txt for function code example. @@ -730,7 +729,9 @@ $config = [ 'et', 'he', 'id', 'sr', 'lv', 'ro', 'eu', 'el', 'af', 'zu', 'xh', ], 'language.rtl' => ['ar', 'dv', 'fa', 'ur', 'he'], +{% endraw %} 'language.default' => '{{ simplesaml_language_default }}', +{% raw %} /* * Options to override the default settings for the language parameter @@ -1112,7 +1113,7 @@ $config = [ * The hostname and port of the Redis datastore instance. */ {% endraw %} - 'store.redis.host' => '{{ simplesaml_redis_host }}', + 'store.redis.host' => '{{ simplesaml_redis_host }}', 'store.redis.port' => 6379, {% raw %} diff --git a/library/roles/simplesaml/templates/nginx-virthost.conf b/library/roles/simplesaml/templates/nginx-virthost.conf.j2 similarity index 100% rename from library/roles/simplesaml/templates/nginx-virthost.conf rename to library/roles/simplesaml/templates/nginx-virthost.conf.j2 diff --git a/library/roles/simplesaml/templates/saml20-idp-hosted.php b/library/roles/simplesaml/templates/saml20-idp-hosted.php.j2 similarity index 100% rename from library/roles/simplesaml/templates/saml20-idp-hosted.php rename to library/roles/simplesaml/templates/saml20-idp-hosted.php.j2 diff --git a/library/roles/simplesaml/templates/saml20-sp-remote.php b/library/roles/simplesaml/templates/saml20-sp-remote.php.j2 similarity index 100% rename from library/roles/simplesaml/templates/saml20-sp-remote.php rename to library/roles/simplesaml/templates/saml20-sp-remote.php.j2