Playbook to configure CFME login with RH-SSO

cfme-rh-sso.yml

---
- hosts: all
  become: yes
  become_user: root
  vars:
    appliance_file_name: "https_{{ appliance_name }}"

  tasks:

  - name: SAML configuration dir
    file:
      path: /etc/httpd/saml2
      state: directory
      mode: 0755

  - name: Copy remote user configuration
    copy:
      src: /opt/rh/cfme-appliance/TEMPLATE/etc/httpd/conf.d/manageiq-remote-user.conf
      dest: /etc/httpd/conf.d
      remote_src: yes

  - name: Copy external auth configuration
    copy:
      src: /opt/rh/cfme-appliance/TEMPLATE/etc/httpd/conf.d/manageiq-external-auth-saml.conf
      dest: /etc/httpd/conf.d
      remote_src: yes

  - name: Create metadata
    command: "/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh https://{{ appliance_name }} https://{{ appliance_name }}/saml2"
    args:
      creates: "{{ appliance_file_name }}.xml"

  - name: Copy SAML Key
    copy:
      src: "{{ appliance_file_name }}.key"
      dest: /etc/httpd/saml2/miqsp-key.key
      remote_src: yes

  - name: Copy SAML certificate
    copy:
      src: "{{ appliance_file_name }}.cert"
      dest: /etc/httpd/saml2/miqsp-cert.cert
      remote_src: yes

  - name: Copy SAML metadata
    copy:
      src: "{{ appliance_file_name }}.xml"
      dest: /etc/httpd/saml2/miqsp-metadata.xml
      remote_src: yes

  - name: Download RH-SSO Descriptor
    get_url:
      url: "https://{{ rh_sso_server }}/auth/realms/{{ cf_realm }}/protocol/saml/descriptor"
      dest: /etc/httpd/saml2/idp-metadata.xml
      validate_certs: no
      notify:
        - restart apache

  handlers:
    - name: restart apache
      service: name=httpd state=restarted

# ansible-playbook -i 'cfme.domain.com,' cfme-rh-sso.yml -e "appliance_name=cfme.domain.com rh_sso_server=sso.domain.com cf_realm=domain" -u root -k -v