From dcb1c2be7ba616e7614174589c4e12c46ac89b7b Mon Sep 17 00:00:00 2001 From: Shayna Atkinson Date: Tue, 29 Mar 2022 17:16:15 +0000 Subject: [PATCH] Make changes for spring 2022. Change class password, AMIs for VMs and docker version in group_vars/all.yml. Upgrade to shib-idp 4.1.x and upgrade slapd on idp node Add new directory named views and associated directory structure and files to comply with upgrade to shib-idp 4.1.x Add changes to idp playbook to copy the views directory and assocated directory structure/files to proper places on VMs Change compose file forr idp node to mount the new view directory Change idp.properties to work with shib-idp 4.1.x upgrade versions of mariadb, comanage_registry, comanage_registry_cron and slapd on training nodes Add a new crontab to run specific and queued jobs for COs 2-5 (in case students create multiple COs while experimenting Change to new csv format for the hr.scsv and registrar.csv org identity source files change main playbook to copy crontab to the right place --- group_vars/all.yml | 22 +-- roles/idp/files/shibboleth-idp-stack.yml | 5 +- roles/idp/files/views/admin/hello.vm | 73 ++++++++ .../client-storage/client-storage-read.vm | 53 ++++++ .../client-storage/client-storage-write.vm | 53 ++++++ roles/idp/files/views/error.vm | 75 ++++++++ .../views/intercept/attribute-release.vm | 160 ++++++++++++++++++ .../idp/files/views/intercept/terms-of-use.vm | 69 ++++++++ roles/idp/files/views/login-error.vm | 26 +++ roles/idp/files/views/login.vm | 144 ++++++++++++++++ roles/idp/files/views/logout-complete.vm | 67 ++++++++ roles/idp/files/views/logout-propagate.vm | 58 +++++++ roles/idp/files/views/logout.vm | 131 ++++++++++++++ roles/idp/files/views/user-prefs.js | 45 +++++ roles/idp/files/views/user-prefs.vm | 60 +++++++ roles/idp/tasks/main.yml | 12 ++ roles/idp/templates/idp.properties | 108 +++++++----- .../files/comanage-registry-stack.yml | 8 +- roles/training/files/crontab | 62 +++++++ roles/training/files/hr.csv | 91 +++++----- roles/training/files/registrar.csv | 91 +++++----- roles/training/tasks/main.yml | 11 ++ 22 files changed, 1272 insertions(+), 152 deletions(-) create mode 100644 roles/idp/files/views/admin/hello.vm create mode 100644 roles/idp/files/views/client-storage/client-storage-read.vm create mode 100644 roles/idp/files/views/client-storage/client-storage-write.vm create mode 100644 roles/idp/files/views/error.vm create mode 100644 roles/idp/files/views/intercept/attribute-release.vm create mode 100644 roles/idp/files/views/intercept/terms-of-use.vm create mode 100644 roles/idp/files/views/login-error.vm create mode 100644 roles/idp/files/views/login.vm create mode 100644 roles/idp/files/views/logout-complete.vm create mode 100644 roles/idp/files/views/logout-propagate.vm create mode 100644 roles/idp/files/views/logout.vm create mode 100644 roles/idp/files/views/user-prefs.js create mode 100644 roles/idp/files/views/user-prefs.vm create mode 100644 roles/training/files/crontab diff --git a/group_vars/all.yml b/group_vars/all.yml index 357f05b..b88ae74 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -5,11 +5,11 @@ # ansible-vault encrypt_string 'THE_PASSWORD' --name 'comanage_training_password' comanage_training_password: !vault | $ANSIBLE_VAULT;1.1;AES256 - 32313732343132636531663538353439663964333130616633663761313336636663323938396566 - 6539353462616330626235646530626662333630613635340a323230333133326232326630396263 - 64383336316234656364666630396362313563346364383735303131323266326465623531373637 - 3138373937323761360a323138383436353439633031306438373766303763643630643263356530 - 3638 + 32633234306463303963343034356533353265666533623339646461613233366265303632343131 + 3234303062643464383363656335383966343932303631330a383231626666326366613236633338 + 30396135396232653961653266393862656332633630616233386633396262626461613237306163 + 6537633933333430640a303736336438363439336634626562633732643032653862653130373764 + 3966 # It should not be necessary to change the password salt. comanage_training_password_salt: !vault | @@ -50,7 +50,7 @@ vpc_availability_zone: ssh_bastion_instance_type: t2.nano # Most current Debian AMD x86_64, see https://wiki.debian.org/Cloud/AmazonEC2Image/ -ssh_bastion_ami_id: ami-07fd151b9eb3b7264 +ssh_bastion_ami_id: ami-0d0d8694ba492c02b ssh_bastion_user: admin ssh_bastion_device_name: /dev/xvda ssh_bastion_volume_type: gp2 @@ -58,7 +58,7 @@ ssh_bastion_volume_size: 10 idp_node_instance_type: t2.small # Most current Debian AMD x86_64, see https://wiki.debian.org/Cloud/AmazonEC2Image/ -idp_node_ami_id: ami-07fd151b9eb3b7264 +idp_node_ami_id: ami-0d0d8694ba492c02b idp_node_user: admin idp_node_device_name: /dev/xvda idp_node_volume_type: gp2 @@ -68,15 +68,15 @@ training_node_count: 2 training_node_instance_type: t2.small # Most current Debian AMD x86_64, see https://wiki.debian.org/Cloud/AmazonEC2Image/ -training_node_ami_id: ami-07fd151b9eb3b7264 +training_node_ami_id: ami-0d0d8694ba492c02b training_node_user: admin training_node_device_name: /dev/xvda training_node_volume_type: gp2 training_node_volume_size: 20 # Docker version -docker_ce_package_version: "5:20.10.9~3-0~debian-bullseye" -docker_ce_cli_package_version: "5:20.10.9~3-0~debian-bullseye" -containerd_io_package_version: "1.4.11-1" +docker_ce_package_version: "5:20.10.12~3-0~debian-bullseye" +docker_ce_cli_package_version: "5:20.10.12~3-0~debian-bullseye" +containerd_io_package_version: "1.4.12-1" diff --git a/roles/idp/files/shibboleth-idp-stack.yml b/roles/idp/files/shibboleth-idp-stack.yml index 8298656..86f85cf 100644 --- a/roles/idp/files/shibboleth-idp-stack.yml +++ b/roles/idp/files/shibboleth-idp-stack.yml @@ -2,7 +2,7 @@ version: '3.7' services: shibboleth-idp: - image: i2incommon/shib-idp:4.0.1_20210302 + image: i2incommon/shib-idp:4.1.5_20220119 volumes: - /srv/docker/usr/local/tomcat/conf/server.xml:/usr/local/tomcat/conf/server.xml - /srv/docker/opt/shibboleth-idp/conf/idp.properties:/opt/shibboleth-idp/conf/idp.properties @@ -18,6 +18,7 @@ services: - /srv/docker/opt/shibboleth-idp/credentials/sealer.jks:/opt/shibboleth-idp/credentials/sealer.jks - /srv/docker/opt/shibboleth-idp/credentials/secrets.properties:/opt/shibboleth-idp/credentials/secrets.properties - /srv/docker/opt/shibboleth-idp/metadata/registry-metadata.xml:/opt/shibboleth-idp/metadata/registry-metadata.xml + - /srv/docker/opt/shibboleth-idp/views:/opt/shibboleth-idp/views # Sleep for 10 seconds to give time for LDAP to come up and then start the IdP. entrypoint: - "/usr/bin/bash" @@ -35,7 +36,7 @@ services: tag: "shibboleth-idp_{{.Name}}" ldap: - image: sphericalcowgroup/comanage-registry-slapd:4 + image: sphericalcowgroup/comanage-registry-slapd:8 command: ["slapd", "-d", "256", "-h", "ldapi:/// ldap:///", "-u", "openldap", "-g", "openldap"] volumes: - /srv/docker/var/lib/ldap:/var/lib/ldap diff --git a/roles/idp/files/views/admin/hello.vm b/roles/idp/files/views/admin/hello.vm new file mode 100644 index 0000000..33a0528 --- /dev/null +++ b/roles/idp/files/views/admin/hello.vm @@ -0,0 +1,73 @@ +## +## Velocity Template for Hello World page. +## +## Velocity context will contain the following properties +## flowRequestContext - the Spring Web Flow RequestContext +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## profileRequestContext - root of context tree +## subjectContext - ProfileRequestContext -> SubjectContext +## attributeContext - ProfileRequestContext -> AttributeContext +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## + + + + + + #springMessageText("idp.title", "Web Login Service") - #springMessageText("hello-world.title", "Hello World") + + + + +
+
+
+ #springMessageText( +

#springMessageText("idp.title", "Web Login Service")

+
+ +
+

#springMessageText("hello-world.greeting", "Greetings"), $encoder.encodeForHTML($subjectContext.getPrincipalName())

+
+

Authenticated By

+ #foreach ($result in $subjectContext.getAuthenticationResults().entrySet()) +
$encoder.encodeForHTML($result.getKey())
+ #end +
+

Java Principals in Subjects

+ #foreach ($s in $subjectContext.getSubjects()) + #foreach ($p in $s.getPrincipals()) +
$encoder.encodeForHTML($p)
+ #end + #end + #if ($attributeContext && !$attributeContext.getUnfilteredIdPAttributes().isEmpty()) +
+

Attributes:

+ #foreach ($a in $attributeContext.getUnfilteredIdPAttributes()) + #if (!$a.getValues().isEmpty()) +
+
$encoder.encodeForHTML($a.getId())
+ #foreach ($v in $a.getValues()) +
$encoder.encodeForHTML($v.getDisplayValue())
+ #end + #end + #end + #end +
+ +
+

#springMessageText("hello-world.reload", "Reload the Page")

+
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + diff --git a/roles/idp/files/views/client-storage/client-storage-read.vm b/roles/idp/files/views/client-storage/client-storage-read.vm new file mode 100644 index 0000000..1993c14 --- /dev/null +++ b/roles/idp/files/views/client-storage/client-storage-read.vm @@ -0,0 +1,53 @@ +## +## Velocity template to read from local storage. +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## loadContext - context with details about the storage keys to load +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) +#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-read.suffix", "Loading Session Information")) +## + + + + + + $title - $titleSuffix + + + + +
+
+
+

$title - $titleSuffix

+
+
+ $springMacroRequestContext.getMessage("idp.client-storage-read.text", "Loading login session information from the browser...") +
+ + #parse( "client-storage/read.vm" ) +
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + diff --git a/roles/idp/files/views/client-storage/client-storage-write.vm b/roles/idp/files/views/client-storage/client-storage-write.vm new file mode 100644 index 0000000..4b92d6b --- /dev/null +++ b/roles/idp/files/views/client-storage/client-storage-write.vm @@ -0,0 +1,53 @@ +## +## Velocity template to write to local storage. +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## saveContext - context with details about the storage data to save +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) +#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-write.suffix", "Saving Session Information...")) +## + + + + + + $title - $titleSuffix + + + + +
+
+
+

$title - $titleSuffix

+
+
+ $springMacroRequestContext.getMessage("idp.client-storage-write.text", "Saving login session information to the browser...") +
+ + #parse( "client-storage/write.vm" ) +
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + \ No newline at end of file diff --git a/roles/idp/files/views/error.vm b/roles/idp/files/views/error.vm new file mode 100644 index 0000000..a44bd6f --- /dev/null +++ b/roles/idp/files/views/error.vm @@ -0,0 +1,75 @@ +## +## Velocity Template for error end-state +## +## Velocity context will contain the following properties +## flowRequestContext - the Spring Web Flow RequestContext +## profileRequestContext - root of context tree +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) +#set ($defaultTitleSuffix = $springMacroRequestContext.getMessage("idp.title.suffix", "Error")) +## +#if ($flowRequestContext) + ## This handles flow events, the most common case. + #set ($eventId = $flowRequestContext.getCurrentEvent().getId()) + #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error")) + #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix")) + #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId")) + #if ($eventId == "AccessDenied" or $eventId == "ContextCheckDenied") + $response.setStatus(403) + #elseif ($eventId == "AttributeReleaseRejected" || $eventId == "TermsRejected") + $response.setStatus(200) + #elseif ($eventKey == "unexpected" || $eventKey == "runtime-error" || $eventKey == "error") + $response.setStatus(500) + #else + $response.setStatus(400) + #end +#elseif ($exception) + ## This handles exceptions that reach the Spring-MVC exception handler. + #set ($eventId = $exception.getClass().getSimpleName()) + #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error")) + #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix")) + #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId")) + $response.setStatus(500) +#else + ## This is a catch-all that theoretically shouldn't happen? + #set ($titleSuffix = $defaultTitleSuffix) + #set ($message = $springMacroRequestContext.getMessage("idp.message", "An unidentified error occurred.")) + $response.setStatus(500) +#end +## + + + + + + $title - $titleSuffix + + + + +
+
+
+ #springMessageText( +

$title - $titleSuffix

+
+ +
+ #evaluate($message) +
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+ +
+ + \ No newline at end of file diff --git a/roles/idp/files/views/intercept/attribute-release.vm b/roles/idp/files/views/intercept/attribute-release.vm new file mode 100644 index 0000000..c170b69 --- /dev/null +++ b/roles/idp/files/views/intercept/attribute-release.vm @@ -0,0 +1,160 @@ +## +## Velocity Template for DisplayAttributeReleasePage view-state +## +## Velocity context will contain the following properties : +## +## attributeReleaseContext - context holding consentable attributes +## attributeReleaseFlowDescriptor - attribute consent flow descriptor +## attributeDisplayNameFunction - function to display attribute name +## attributeDisplayDescriptionFunction - function to display attribute description +## consentContext - context representing the state of a consent flow +## encoder - HTMLEncoder class +## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) +## flowExecutionUrl - form action location +## flowRequestContext - Spring Web Flow RequestContext +## profileRequestContext - OpenSAML profile request context +## request - HttpServletRequest +## response - HttpServletResponse +## rpUIContext - context with SP UI information from the metadata +## environment - Spring Environment object for property resolution +#set ($serviceName = $rpUIContext.serviceName) +#set ($serviceDescription = $rpUIContext.serviceDescription) +#set ($informationURL = $rpUIContext.informationURL) +#set ($privacyStatementURL = $rpUIContext.privacyStatementURL) +#set ($rpOrganizationLogo = $rpUIContext.getLogo()) +#set ($rpOrganizationName = $rpUIContext.organizationDisplayName) +#set ($replaceDollarWithNewline = true) +## + + + + + + + #springMessageText("idp.attribute-release.title", "Information Release") + + +
+ #parse("csrf/csrf.vm") +
+
+ + #if ($rpOrganizationLogo) + + #end +
+ #if ($serviceName) +

+ #springMessageText("idp.attribute-release.serviceNameLabel", "You are about to access the service:")
+ $serviceName + #if ($rpOrganizationName) + #springMessageText("idp.attribute-release.of", "of") $encoder.encodeForHTML($rpOrganizationName) + #end +

+ #end + #if ($serviceDescription) +

+ #springMessageText("idp.attribute-release.serviceDescriptionLabel", "Description as provided by this service:")
+ $encoder.encodeForHTML($serviceDescription) +
+

+ #end + #if ($informationURL) +

+ #springMessageText("idp.attribute-release.informationURLLabel", "Additional information about the service") +

+ #end +
+ + + + + + + + #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) + + + + + + #end + +
+ #springMessageText("idp.attribute-release.attributesHeader", "Information to be Provided to Service") +
$encoder.encodeForHTML($attributeDisplayNameFunction.apply($attribute)) + #foreach ($value in $attribute.values) + #if ($replaceDollarWithNewline) + #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML('$'),"
")) + #else + #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) + #end + #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) + + #else + $encodedValue + #end +
+ #end + 		+ #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) + #set ($inputType = "checkbox") + #else + #set ($inputType = "hidden") + #end + +
+
+ #if ($privacyStatementURL) +

+ #springMessageText("idp.attribute-release.privacyStatementURLLabel", "Data privacy information of the service") +

+ #end +
+

+ #springMessageText("idp.attribute-release.confirmationQuestion", "The information above would be shared with the service if you proceed. Do you agree to release this information to the service every time you access it?") +

+ #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) +
+ #springMessageText("idp.attribute-release.consentMethod", "Select an information release consent duration:") + #end + #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed) +

+ + +

    +
  • #springMessageText("idp.attribute-release.doNotRememberConsentItem", "I agree to send my information this time.")
    • +
+

+ #end + #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) +

+ + +

    +
  • #springMessageText("idp.attribute-release.rememberConsentItem", "I agree that the same information will be sent automatically to this service in the future.")
    • +
+

+ #end + #if ($attributeReleaseFlowDescriptor.globalConsentAllowed) +

+ + +

    +
  • #springMessageText("idp.attribute-release.globalConsentItem", "I agree that all of my information will be released to any service.")
    • +
+

+ #end + #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) + #springMessageText("idp.attribute-release.consentMethodRevoke", "This setting can be revoked at any time with the checkbox on the login page.") +
+ #end +

+ + +

+
+
+
+ + diff --git a/roles/idp/files/views/intercept/terms-of-use.vm b/roles/idp/files/views/intercept/terms-of-use.vm new file mode 100644 index 0000000..67b2c15 --- /dev/null +++ b/roles/idp/files/views/intercept/terms-of-use.vm @@ -0,0 +1,69 @@ +## +## Velocity Template for DisplayTermsOfUsePage view-state +## +## Velocity context will contain the following properties : +## +## encoder - HTMLEncoder class +## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) +## flowExecutionUrl - form action location +## flowRequestContext - Spring Web Flow RequestContext +## request - HttpServletRequest +## response - HttpServletResponse +## rpUIContext - context with SP UI information from the metadata +## termsOfUseId - terms of use ID to lookup message strings +## environment - Spring Environment object for property resolution +#set ($serviceName = $rpUIContext.serviceName) +#set ($rpOrganizationLogo = $rpUIContext.getLogo()) +## + + + + + + + #springMessageText("${termsOfUseId}.title", "Terms of Use") + + +
+
+ + #if ($rpOrganizationLogo) + + #end +
+ #if ($rpOrganizationLogo) +
+

#springMessageText("${termsOfUseId}.title", "Terms of Use")

+
+ #end +
+ #springMessageText("${termsOfUseId}.text", "Terms of Use Text...") +
+
+
+
+ #parse("csrf/csrf.vm") + +
+
+
+
+ #parse("csrf/csrf.vm") + + + #if ($requireCheckbox) +

#springMessageText("idp.terms-of-use.required", "Please check this box if you want to proceed.")

+ #end + +
+
+
+
+
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + diff --git a/roles/idp/files/views/login-error.vm b/roles/idp/files/views/login-error.vm new file mode 100644 index 0000000..224976b --- /dev/null +++ b/roles/idp/files/views/login-error.vm @@ -0,0 +1,26 @@ +## Velocity Template for login error message production, included by login.vm +## +## authenticationErrorContext - context containing error data, if available +## +#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0) + ## This handles errors that are classified by the message maps in the authentication config. + #set ($eventId = $authenticationErrorContext.getClassifiedErrors().iterator().next()) + #if ($eventId != "ReselectFlow") + #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "login")) + #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "Login Failure: $eventId")) + #end +#elseif ($authenticationErrorContext && $authenticationErrorContext.getExceptions().size() > 0) + ## This handles login exceptions that are left unclassified. + #set ($loginException = $authenticationErrorContext.getExceptions().get(0)) + #if ($loginException.getMessage()) + #set ($message = "Login Failure: $loginException.getMessage()") + #else + #set ($message = $loginException.toString()) + #end +#end + +#if ($message) +
+

$encoder.encodeForHTML($message)

+
+#end diff --git a/roles/idp/files/views/login.vm b/roles/idp/files/views/login.vm new file mode 100644 index 0000000..c7b15c9 --- /dev/null +++ b/roles/idp/files/views/login.vm @@ -0,0 +1,144 @@ +## +## Velocity Template for DisplayUsernamePasswordPage view-state +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## authenticationContext - context with authentication request information +## authenticationErrorContext - context with login error state +## authenticationWarningContext - context with login warning state +## ldapResponseContext - context with LDAP state (if using native LDAP) +## rpUIContext - the context with SP UI information from the metadata +## extendedAuthenticationFlows - collection of "extended" AuthenticationFlowDescriptor objects +## passwordPrincipals - contents of the shibboleth.authn.Password.PrincipalOverride bean +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.idp.profile.context.RelyingPartyContext')) +#set ($username = $authenticationContext.getSubcontext('net.shibboleth.idp.authn.context.UsernamePasswordContext', true).getUsername()) +#set ($passwordEnabled = false) +#if (!$passwordPrincipals or $passwordPrincipals.isEmpty() or $authenticationContext.isAcceptable($passwordPrincipals)) + #set ($passwordEnabled = true) +#end +## + + + + + + #springMessageText("idp.title", "Web Login Service") + + + +
+
+
+ #springMessageText( +
+ +
+
+ #parse("login-error.vm") + +
+ #parse("csrf/csrf.vm") + #set ($serviceName = $rpUIContext.serviceName) + #if ($serviceName && !$rpContext.getRelyingPartyId().contains($serviceName)) + + #springMessageText("idp.login.loginTo", "Login to") $encoder.encodeForHTML($serviceName) + + #end + + #if ($passwordEnabled) +
+ + +
+ +
+ + +
+ + ## You may need to modify this to taste, such as changing the flow name its checking for to authn/MFA. + #if (!$authenticationContext.getActiveResults().containsKey('authn/Password')) +
+ + +
+ #end + + #end + +
+ + +
+ + #if ($passwordEnabled) +
+ +
+ #end + + #foreach ($extFlow in $extendedAuthenticationFlows) + #if ($authenticationContext.isAcceptable($extFlow) and $extFlow.test(profileRequestContext)) +
+ +
+ #end + #end +
+ + #* + // + // SP Description & Logo (optional) + // These idpui lines will display added information (if available + // in the metadata) about the Service Provider (SP) that requested + // authentication. These idpui lines are "active" in this example + // (not commented out) - this extra SP info will be displayed. + // Remove or comment out these lines to stop the display of the + // added SP information. + // + *# + #set ($logo = $rpUIContext.getLogo()) + #if ($logo) + $encoder.encodeForHTMLAttribute($serviceName) + #end + #set ($desc = $rpUIContext.getServiceDescription()) + #if ($desc) + $encoder.encodeForHTML($desc) + #end + +
+
+ +
+
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + + \ No newline at end of file diff --git a/roles/idp/files/views/logout-complete.vm b/roles/idp/files/views/logout-complete.vm new file mode 100644 index 0000000..7341e69 --- /dev/null +++ b/roles/idp/files/views/logout-complete.vm @@ -0,0 +1,67 @@ +## +## Velocity Template for logout flow's concluding view-state (no propagation) +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## logoutContext - context with SPSession details for logout operation +## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($activeIdPSessions = $logoutContext and !$logoutContext.getIdPSessions().isEmpty()) +#set ($activeSPSessions = $logoutContext and !$logoutContext.getSessionMap().isEmpty()) + + + + + + #springMessageText("idp.title", "Web Login Service") + + + + +
+
+
+ #springMessageText( +
+ +
+
+ #if ($activeIdPSessions) +

#springMessageText("idp.logout.cancelled", "Logout has been cancelled.")

+ #elseif ($activeSPSessions) +

#springMessageText("idp.logout.local", "You elected not to log out of all the applications accessed during your session.")

+ #else +

#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")

+ #end +
+
+ +
+
+
+ + + #if ( $profileRequestContext.getProfileId().contains("saml2/logout") ) + + #end + +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + + \ No newline at end of file diff --git a/roles/idp/files/views/logout-propagate.vm b/roles/idp/files/views/logout-propagate.vm new file mode 100644 index 0000000..470eff5 --- /dev/null +++ b/roles/idp/files/views/logout-propagate.vm @@ -0,0 +1,58 @@ +## +## Velocity Template for logout flow's concluding view-state (with propagation) +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## logoutContext - context with SPSession details for logout operation +## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata +## htmlEncoder - HTMLEncoder class +## urlEncoder - urlEncoder class +## codecUtil - CodecUtil class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## + + + + + + #springMessageText("idp.title", "Web Login Service") + + + + + +
+
+
+ #springMessageText( +
+ +
+
+

#springMessageText("idp.logout.attempt", "Attempting to log out of the following services:")

+ #parse("logout/propagate.vm") +
+
+ +
+
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + + \ No newline at end of file diff --git a/roles/idp/files/views/logout.vm b/roles/idp/files/views/logout.vm new file mode 100644 index 0000000..3d8d50b --- /dev/null +++ b/roles/idp/files/views/logout.vm @@ -0,0 +1,131 @@ +## +## Velocity Template for logout flow's starting view-state +## +## Velocity context will contain the following properties +## flowExecutionUrl - the form action location +## flowRequestContext - the Spring Web Flow RequestContext +## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) +## profileRequestContext - root of context tree +## logoutContext - context with SPSession details for logout operation +## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata +## encoder - HTMLEncoder class +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## +#set ($rpContext = $profileRequestContext.getSubcontext("net.shibboleth.idp.profile.context.RelyingPartyContext")) +#if ($rpContext) +#set ($rpUIContext = $rpContext.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext")) +#end +#set ($promptForIdP = $logoutContext and !$logoutContext.getIdPSessions().isEmpty()) +#set ($promptForSP = $logoutContext and !$logoutContext.getSessionMap().isEmpty()) + + + + + + #if ($promptForSP) + + #elseif ($promptForIdP) + + #end + #springMessageText("idp.title", "Web Login Service") + + + + +
+
+
+ #springMessageText( +
+ +
+
+

This page is displayed when a logout operation at the Identity Provider completes. This page is an example + and should be customized. It is not fully internationalized because the presentation will be a highly localized + decision, and we don't have a good suggestion for a default.

+
+ + #if ($rpContext) +

#springMessageText("idp.logout.sp-initiated", "You have been logged out of the following service:")

+
+ #if ($rpUIContext) + $encoder.encodeForHTML($rpUIContext.getServiceName()) + #else + $encoder.encodeForHTML($rpContext.getRelyingPartyId()) + #end +
+
+ #end + + #if ($promptForIdP or $promptForSP) +

#springMessageText("idp.logout.prompt", "Choose one of the following, or wait a few seconds for the default.")

+
+ +
+ +
+ +

#springMessageText("idp.logout.idponly.caption", "End your SSO session.")

+
+ #end + + #if ($promptForSP) +
+ +

#springMessageText("idp.logout.global.caption", "End your SSO session and attempt logout of services accessed during session.")

+
+

#springMessageText("idp.logout.contactServices", "If instructed, the system will attempt to contact the following services:")

+
    + #foreach ($sp in $logoutContext.getSessionMap().keySet()) + #set ($rpCtx = $multiRPContext.getRelyingPartyContextById($sp)) + #if ($rpCtx) + #set ($rpUIContext = $rpCtx.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext")) + #end + #if ($rpUIContext and $rpUIContext.getServiceName()) +
  1. $encoder.encodeForHTML($rpUIContext.getServiceName())
    2. + #else +
  2. $encoder.encodeForHTML($sp)
    3. + #end + #end +
+
+
+ #end + + #if ($promptForIdP) +
+ +

#springMessageText("idp.logout.cancel.caption", "Cancel logout and retain your SSO session.")

+
+ #end + + #if ($promptForIdP or $promptForSP) +
+ #else +

#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")

+ + + #end + +
+
+ +
+
+
+ +
+
+

#springMessageText("idp.footer", "Insert your footer text here.")

+
+
+
+ + + \ No newline at end of file diff --git a/roles/idp/files/views/user-prefs.js b/roles/idp/files/views/user-prefs.js new file mode 100644 index 0000000..ab994f9 --- /dev/null +++ b/roles/idp/files/views/user-prefs.js @@ -0,0 +1,45 @@ +"use strict"; + +function createCookie(name, value, seconds) { + var date = new Date(); + date.setTime(date.getTime() + (seconds * 1000)); + var expires = "; expires=" + date.toGMTString(); + + var path = '$environment.getProperty("idp.cookie.path", $request.getContextPath())'; + if (path.length > 0) + path = "; path=" + path; + document.cookie = name + "=" + value + expires + path; +} + +function eraseCookie(name) { + createCookie(name, "", -31536000); +} + +function readCookie(name) { + var nameEQ = name + "="; + var ca = document.cookie.split(';'); + for (var i = 0; i < ca.length; i++) { + var c = ca[i]; + while (c.charAt(0) == ' ') + c = c.substring(1, c.length); + if (c.indexOf(nameEQ) == 0) + return c.substring(nameEQ.length, c.length); + } + return null; +} + +function load(id) { + var checkbox = document.getElementById(id); + if (checkbox != null) { + var spnego = readCookie(checkbox.name); + checkbox.checked = (spnego == "1"); + } +} + +function check(checkbox) { + if (checkbox.checked) { + createCookie(checkbox.name, checkbox.value, $environment.getProperty("idp.cookie.maxAge","31536000")); + } else { + eraseCookie(checkbox.name); + } +} diff --git a/roles/idp/files/views/user-prefs.vm b/roles/idp/files/views/user-prefs.vm new file mode 100644 index 0000000..8de0503 --- /dev/null +++ b/roles/idp/files/views/user-prefs.vm @@ -0,0 +1,60 @@ +## +## Velocity Template for user preferences view +## +## Velocity context will contain the following properties +## request - HttpServletRequest +## response - HttpServletResponse +## environment - Spring Environment object for property resolution +## custom - arbitrary object injected by deployer +## + + + + + + #springMessageText("idp.userprefs.title", "Web Login Service") - #springMessageText("idp.userprefs.title.suffix", "Login Preferences") + + + + +
+
+
+ #springMessageText( +

#springMessageText("idp.title", "Web Login Service") - #springMessageText("idp.userprefs.title.suffix", "Login Preferences")

+

+ #springMessage("idp.userprefs.info") +

+
+ + + + +
+ + +
+ + + diff --git a/roles/idp/tasks/main.yml b/roles/idp/tasks/main.yml index e7c4b77..099ccc2 100644 --- a/roles/idp/tasks/main.yml +++ b/roles/idp/tasks/main.yml @@ -20,6 +20,10 @@ - /srv/docker/opt/shibboleth-idp/conf - /srv/docker/opt/shibboleth-idp/credentials - /srv/docker/opt/shibboleth-idp/metadata + - /srv/docker/opt/shibboleth-idp/views + - /srv/docker/opt/shibboleth-idp/views/admin + - /srv/docker/opt/shibboleth-idp/views/client-storage + - /srv/docker/opt/shibboleth-idp/views/intercept - name: Copy Tomcat server.xml file copy: @@ -198,3 +202,11 @@ owner: root group: root mode: '0644' + + - name: Copy views files + copy: + src: views + dest: /srv/docker/opt/shibboleth-idp + owner: root + group: root + mode: '0644' diff --git a/roles/idp/templates/idp.properties b/roles/idp/templates/idp.properties index 51a7953..b26f2a0 100644 --- a/roles/idp/templates/idp.properties +++ b/roles/idp/templates/idp.properties @@ -1,11 +1,15 @@ -# Load any additional property resources from a comma-delimited list -idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties, /credentials/secrets.properties +# Auto-load all files matching conf/**/*.properties +# Disable if you want to manually maintain a list of sources. +idp.searchForProperties=true + +# Load any "outside-tree" property sources from a comma-delimited list +idp.additionalProperties=/credentials/secrets.properties # In most cases (and unless noted in the surrounding comments) the -# commented settings in the distributed files are the default -# behavior for V3. -# +# commented settings in the distributed files document default behavior. # Uncomment them and change the value to change functionality. +# +# Uncommented properties are either required or ship non-defaulted. # Set the entityID of the IdP idp.entityID=https://login.comanage.incommon.training/idp/shibboleth @@ -18,12 +22,19 @@ idp.entityID=https://login.comanage.incommon.training/idp/shibboleth idp.scope=comanage.incommon.training # General cookie properties (maxAge only applies to persistent cookies) -# Note the default for idp.cookie.secure, you will usually want it set. -#idp.cookie.secure = false +#idp.cookie.secure = true #idp.cookie.httpOnly = true #idp.cookie.domain = #idp.cookie.path = #idp.cookie.maxAge = 31536000 +# These control operation of the SameSite filter, which is off by default. +#idp.cookie.sameSite = None +#idp.cookie.sameSiteCondition = shibboleth.Conditions.FALSE + +# Enable cross-site request forgery mitigation for views. +idp.csrf.enabled=true +# Name of the HTTP parameter that stores the CSRF token. +#idp.csrf.token.parameter = csrf_token # HSTS/CSP response headers #idp.hsts = max-age=0 @@ -39,6 +50,7 @@ idp.scope=comanage.incommon.training #idp.views = %{idp.home}/views # Settings for internal AES encryption key +#idp.sealer.keyStrategy = shibboleth.DataSealerKeyStrategy #idp.sealer.storeType = JCEKS #idp.sealer.updateInterval = PT15M #idp.sealer.aliasBase = secret @@ -64,14 +76,18 @@ idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt # The new install default for encryption is now AES-GCM. idp.encryption.config=shibboleth.EncryptionConfiguration.GCM +# Sets the default strategy for key agreement key wrap usage for credentials from metadata, +# if not otherwise configured on the security configuration +#idp.encryption.keyagreement.metadata.defaultUseKeyWrap = Default + # Configures trust evaluation of keys used by services at runtime -# Defaults to supporting both explicit key and PKIX using SAML metadata. -#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine -# To pick only one set to one of: -# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine -#idp.trust.certificates = shibboleth.ChainingX509TrustEngine -# To pick only one set to one of: -# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine +# Internal default is Chaining, overriden for new installs +idp.trust.signatures=shibboleth.ExplicitKeySignatureTrustEngine +# Other options: +# shibboleth.ChainingSignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine +idp.trust.certificates=shibboleth.ExplicitKeyX509TrustEngine +# Other options: +# shibboleth.ChainingX509TrustEngine, shibboleth.PKIXX509TrustEngine # If true, encryption will happen whenever a key to use can be located, but # failure to encrypt won't result in request failure. @@ -79,7 +95,7 @@ idp.encryption.config=shibboleth.EncryptionConfiguration.GCM # Configuration of client- and server-side storage plugins #idp.storage.cleanupInterval = PT10M -idp.storage.htmlLocalStorage = true +idp.storage.htmlLocalStorage=true # Set to true to expose more detailed errors in responses to SPs #idp.errors.detailed = false @@ -109,34 +125,19 @@ idp.storage.htmlLocalStorage = true # Tolerate storage-related errors #idp.session.maskStorageFailure = false # Track information about SPs logged into -#idp.session.trackSPSessions = false +#idp.session.trackSPSessions=true # Support lookup by SP for SAML logout -#idp.session.secondaryServiceIndex = false +#idp.session.secondaryServiceIndex=true # Length of time to track SP sessions #idp.session.defaultSPlifetime = PT2H -# Regular expression matching login flows to enable, e.g. IPAddress|Password -idp.authn.flows=Password - -# Default lifetime and timeout of various authentication methods -#idp.authn.defaultLifetime = PT60M -#idp.authn.defaultTimeout = PT30M - -# Whether to populate relying party user interface information for display -# during authentication, consent, terms-of-use. -#idp.authn.rpui = true - -# Whether to prioritize "active" results when an SP requests more than -# one possible matching login method (V2 behavior was to favor them) -#idp.authn.favorSSO = false - -# Whether to fail requests when a user identity after authentication -# doesn't match the identity in a pre-existing session. -#idp.authn.identitySwitchIsError = false - # Set to "shibboleth.StorageService" or custom bean for alternate storage of consent #idp.consent.StorageService = shibboleth.ClientPersistentStorageService +# Default consent auditing formats +#idp.consent.terms-of-use.auditFormat = %T|%SP|%e|%u|%CCI|%CCV|%CCA +#idp.consent.attribute-release.auditFormat = %T|%SP|%e|%u|%CCI|%CCV|%CCA + # Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute # to key user consent storage records (and set the attribute name) #idp.consent.attribute-release.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey @@ -161,7 +162,18 @@ idp.authn.flows=Password #idp.consent.expandedMaxStoredRecords = 0 # Time in milliseconds to expire consent storage records. -#idp.consent.storageRecordLifetime = P1Y +# Leave commented out for the default of infinite +#idp.consent.storageRecordLifetime = + +# Path to use with External interceptor flow +#idp.intercept.External.externalPath = contextRelative:intercept.jsp + +# Policies to use with Impersonate interceptor flow +#idp.impersonate.generalPolicy = GeneralImpersonationPolicy +#idp.impersonate.specificPolicy = SpecificImpersonationPolicy + +# Picks outbound bindings more sensibly than based on metadata order +idp.bindings.inMetadataOrder=false # Whether to lookup metadata, etc. for every SP involved in a logout # for use by user interface logic; adds overhead so off by default. @@ -170,6 +182,9 @@ idp.authn.flows=Password # Whether to require logout requests/responses be signed/authenticated. #idp.logout.authenticated = true +# Bean to determine whether user should be allowed to cancel logout +#idp.logout.promptUser=shibboleth.Conditions.FALSE + # Message freshness and replay cache tuning #idp.policy.messageLifetime = PT3M #idp.policy.clockSkew = PT3M @@ -191,22 +206,25 @@ idp.authn.flows=Password # browser-supported languages, defaults to an empty list. idp.ui.fallbackLanguages=en,fr,de -# Storage service used by CAS protocol +# Storage service used by CAS protocol for chained proxy-granting tickets +# and when using server-managed "simple" TicketService. # Defaults to shibboleth.StorageService (in-memory) # MUST be server-side storage (e.g. in-memory, memcached, database) -# NOTE that idp.session.StorageService requires server-side storage -# when CAS protocol is enabled #idp.cas.StorageService=shibboleth.StorageService # CAS service registry implementation class #idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry +# If true, CAS services provisioned with SAML metadata are identified via entityID +#idp.cas.relyingPartyIdFromMetadata=false + # F-TICKS auditing - set a salt to include hashed username -#idp.fticks.federation=MyFederation -#idp.fticks.algorithm=SHA-256 -#idp.fticks.salt=somethingsecret -#idp.fticks.loghost=localhost -#idp.fticks.logport=514 +#idp.fticks.federation = MyFederation +#idp.fticks.condition = MyFTICKSCondition +#idp.fticks.algorithm = SHA-256 +#idp.fticks.salt = somethingsecret +#idp.fticks.loghost = localhost +#idp.fticks.logport = 514 # Set false if you want SAML bindings "spelled out" in audit log idp.audit.shortenBindings=true diff --git a/roles/training/files/comanage-registry-stack.yml b/roles/training/files/comanage-registry-stack.yml index 1b4d5f0..6848732 100644 --- a/roles/training/files/comanage-registry-stack.yml +++ b/roles/training/files/comanage-registry-stack.yml @@ -2,7 +2,7 @@ version: '3.7' services: database: - image: mariadb:10.4.18 + image: mariadb:10.4.22 volumes: - /srv/docker/var/lib/mysql:/var/lib/mysql environment: @@ -21,7 +21,7 @@ services: tag: "mariadb-{{.Name}}" registry: - image: i2incommon/comanage-registry:3.3.4-20210712 + image: i2incommon/comanage-registry:4.0.1-20211223 volumes: - /srv/docker/srv/comanage-registry/local:/srv/comanage-registry/local - /srv/docker/etc/shibboleth/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml @@ -66,7 +66,7 @@ services: tag: "registry_{{.Name}}" cron: - image: i2incommon/comanage-registry-cron:3.3.4-20210712 + image: i2incommon/comanage-registry-cron:4.0.1-20211223 volumes: - /srv/docker/srv/comanage-registry/local:/srv/comanage-registry/local environment: @@ -80,7 +80,7 @@ services: tag: "cron_{{.Name}}" ldap: - image: sphericalcowgroup/comanage-registry-slapd:5 + image: sphericalcowgroup/comanage-registry-slapd:8 command: ["slapd", "-d", "256", "-h", "ldapi:/// ldap:///", "-u", "openldap", "-g", "openldap"] volumes: - /srv/docker/var/lib/ldap:/var/lib/ldap diff --git a/roles/training/files/crontab b/roles/training/files/crontab new file mode 100644 index 0000000..1f5b20a --- /dev/null +++ b/roles/training/files/crontab @@ -0,0 +1,62 @@ +SHELL=/bin/bash +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +MAILTO="" +# Run Expiration Policies for CO 1 once a day at 1:00 AM +0 1 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.Expire -s --coid 1 + +# Run Synchronize Org Identity Sources for CO 1 once a day at 1:00 AM +0 1 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.Sync -s --coid 1 + +# Run Validate Group Member for CO 1 once a day at 1:00 AM +0 1 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.ValidateGroupMember -s --coid 1 + +# Run queued jobs for CO 1 every 5 minutes +0-59/5 * * * * cd /srv/comanage-registry/app && ./Console/cake job -q -r -c 1 + +# Run Expiration Policies for CO 2 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.Expire -s --coid 2 + +# Run Synchronize Org Identity Sources for CO 2 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.Sync -s --coid 2 + +# Run Validate Group Member for CO 2 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.ValidateGroupMember -s --coid 2 + +# Run queued jobs for CO 2 every 5 minutes +0-59/5 * * * * cd /srv/comanage-registry/app && ./Console/cake job -q -r -c 2 + +# Run Expiration Policies for CO 3 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.Expire -s --coid 3 + +# Run Synchronize Org Identity Sources for CO 3 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.Sync -s --coid 3 + +# Run Validate Group Member for CO 3 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.ValidateGroupMember -s --coid 3 + +# Run queued jobs for CO 3 every 5 minutes +0-59/5 * * * * cd /srv/comanage-registry/app && ./Console/cake job -q -r -c 3 + +# Run Expiration Policies for CO 4 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.Expire -s --coid 4 + +# Run Synchronize Org Identity Sources for CO 4 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.Sync -s --coid 4 + +# Run Validate Group Member for CO 4 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.ValidateGroupMember -s --coid 4 + +# Run queued jobs for CO 4 every 5 minutes +0-59/5 * * * * cd /srv/comanage-registry/app && ./Console/cake job -q -r -c 4 + +# Run Expiration Policies for CO 5 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.Expire -s --coid 5 + +# Run Synchronize Org Identity Sources for CO 5 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.Sync -s --coid 5 + +# Run Validate Group Member for CO 5 once a day at 6:00 AM +0 6 * * * cd /srv/comanage-registry/app && ./Console/cake job CoreJob.ValidateGroupMember -s --coid 5 + +# Run queued jobs for CO 5 every 5 minutes +0-59/5 * * * * cd /srv/comanage-registry/app && ./Console/cake job -q -r -c 5 diff --git a/roles/training/files/hr.csv b/roles/training/files/hr.csv index ef6b718..a50abaa 100644 --- a/roles/training/files/hr.csv +++ b/roles/training/files/hr.csv @@ -1,45 +1,46 @@ -f6735933-81cf-4b71-b335-cb659c09eb4a,,,Fred,,Bair,,,,,,,,,,,,,,,,,,,, -045c03e1-c76c-4638-9151-52c26e23bda5,,,Thelma,,Murphy,,,,,,,,,,,,,,,,,,,, -88f9f30f-82ae-4f99-a295-4f5b86281bcd,,,Elmo,,Sabo,,,,,,,,,,,,,,,,,,,, -85e2ba0e-d992-4010-ad33-a7e12e2bfaf9,,,Shaun,,Plouffe,,,,,,,,,,,,,,,,,,,, -bd42b68b-7f0b-47a0-ab32-1a1b1dd3d656,,,Vera,,Avalos,,,,,,,,,,,,,,,,,,,, -0c84562c-8f37-4ac0-91bf-55ecebe74f13,,,Gerald,,Obrien,,,,,,,,,,,,,,,,,,,, -37e61d08-284d-4258-b2be-3930a8f6436c,,,Randolph,,White,,,,,,,,,,,,,,,,,,,, -23d55341-4a7e-4a0c-9f85-37adeec9e9ce,,,Jeanett,,Porter,,,,,,,,,,,,,,,,,,,, -55cbbd96-8c01-4a6c-9041-d42357d04294,,,Mary,,Aiello,,,,,,,,,,,,,,,,,,,, -e9e1b02a-9324-4fcf-b650-817a51da05f0,,,Elizabeth,,Howe,,,,,,,,,,,,,,,,,,,, -5ac5716d-8a01-4f32-87a5-96da2e31726f,,,Pamela,,Palm,,,,,,,,,,,,,,,,,,,, -6df4ac9d-334f-40a8-be92-f57a58d9e594,,,Edward,,Marzano,,,,,,,,,,,,,,,,,,,, -e0345c78-d8fa-47d6-a96c-cfeda6dfb0ad,,,Ermelinda,,Decoteau,,,,,,,,,,,,,,,,,,,, -b695521b-66de-433a-ab5d-5b4ee8b6bb10,,,Barbara,,Wallace,,,,,,,,,,,,,,,,,,,, -c250b201-6f97-48e5-a7fd-72b9f389dfbf,,,Judith,,Hughes,,,,,,,,,,,,,,,,,,,, -a42e8b0f-2a41-45c7-bf80-93f1dff1406b,,,David,,Reilly,,,,,,,,,,,,,,,,,,,, -c26e9d77-cff8-4fda-8d6a-a1f941d8c50e,,,Catherine,,Johnson,,,,,,,,,,,,,,,,,,,, -ecabb768-111a-4877-9649-c3627ef15ee2,,,Patrick,,Moore,,,,,,,,,,,,,,,,,,,, -9fa83531-d937-4117-893c-9e7e43519f4d,,,Jina,,Delfino,,,,,,,,,,,,,,,,,,,, -323c0cd4-5dc2-4ef5-9152-6bd9fce8d513,,,Carol,,Burgos,,,,,,,,,,,,,,,,,,,, -d57f3d58-4536-4720-913e-bec864fb3817,,,Mary,,Cornett,,,,,,,,,,,,,,,,,,,, -e182408e-cb0c-4a8b-b4ce-fba491e643bd,,,Joshua,,Velez,,,,,,,,,,,,,,,,,,,, -3a02326b-1294-46bf-93a3-4de6943ab37e,,,Chance,,Clark,,,,,,,,,,,,,,,,,,,, -72b413ad-6e77-4231-af91-aff3d0211711,,,James,,Williams,,,,,,,,,,,,,,,,,,,, -e7661152-2872-4d05-a317-d503618314af,,,Anthony,,Dean,,,,,,,,,,,,,,,,,,,, -9ff4449f-43f4-4eae-b840-315b75413b74,,,Matha,,Hiett,,,,,,,,,,,,,,,,,,,, -b7e279c1-4dfc-4aa8-b56e-001cbd5135eb,,,Inez,,Farley,,,,,,,,,,,,,,,,,,,, -d215453f-5e0a-4963-8f7a-89185d3076ac,,,Christopher,,Bond,,,,,,,,,,,,,,,,,,,, -2118c2ae-27eb-4868-b09a-032f81f03b7b,,,Carolyn,,Walters,,,,,,,,,,,,,,,,,,,, -6743287d-8f92-47e6-8cf4-b363b771b372,,,Alicia,,Vargas,,,,,,,,,,,,,,,,,,,, -6d55e9fc-614f-476e-853a-b70ac492e0e1,,,William,,Cintron,,,,,,,,,,,,,,,,,,,, -5f558871-f25c-414b-b687-5290e039360e,,,Issac,,Jones,,,,,,,,,,,,,,,,,,,, -f6b100a3-3f41-412e-a650-2f7ffebd180e,,,Jessica,,Kerns,,,,,,,,,,,,,,,,,,,, -91efc416-f258-411e-a00b-37b756a381c4,,,Cynthia,,Eddy,,,,,,,,,,,,,,,,,,,, -437a4cc1-bf58-4b1d-9661-8a2e8b5882c3,,,Rachel,,Martinez,,,,,,,,,,,,,,,,,,,, -db4e519c-7eea-43e6-b31d-297692882830,,,Brittany,,Garner,,,,,,,,,,,,,,,,,,,, -7629b8e8-cae8-456a-a0c3-c36c8d2d60d3,,,Jesse,,Garvin,,,,,,,,,,,,,,,,,,,, -c7191c7a-dbd0-4051-846d-48ec2453a036,,,Linh,,Finch,,,,,,,,,,,,,,,,,,,, -17505dce-97a7-4b0b-82e0-af5d2ebbae7a,,,Susanne,,Smith,,,,,,,,,,,,,,,,,,,, -e7c76c0e-bef8-487f-8334-b27b65b055e4,,,Susan,,Martin,,,,,,,,,,,,,,,,,,,, -a8139a8f-e4fa-4358-9237-2b2458ef5968,,,Kathy,,Smith,,,,,,,,,,,,,,,,,,,, -6dd8d616-4b7e-444a-8faf-f529b5ffff76,,,Michelle,,Huffman,,,,,,,,,,,,,,,,,,,, -a7f1083c-989b-415a-9164-769eeda3a8a3,,,Michael,,Saulsbury,,,,,,,,,,,,,,,,,,,, -b661f543-0218-4920-8ac1-962eca154f28,,,Lupe,,Brown,,,,,,,,,,,,,,,,,,,, -1c59825f-8693-4387-af3c-d9014e3cb1ba,,,Clay,,Howard,,,,,,,,,,,,,,,,,,,, +SORID,Name.given.official,Name.family.official +f6735933-81cf-4b71-b335-cb659c09eb4a,Fred,Bair, +045c03e1-c76c-4638-9151-52c26e23bda5,Thelma,Murphy, +88f9f30f-82ae-4f99-a295-4f5b86281bcd,Elmo,Sabo, +85e2ba0e-d992-4010-ad33-a7e12e2bfaf9,Shaun,Plouffe, +bd42b68b-7f0b-47a0-ab32-1a1b1dd3d656,Vera,Avalos, +0c84562c-8f37-4ac0-91bf-55ecebe74f13,Gerald,Obrien, +37e61d08-284d-4258-b2be-3930a8f6436c,Randolph,White, +23d55341-4a7e-4a0c-9f85-37adeec9e9ce,Jeanett,Porter, +55cbbd96-8c01-4a6c-9041-d42357d04294,Mary,Aiello, +e9e1b02a-9324-4fcf-b650-817a51da05f0,Elizabeth,Howe, +5ac5716d-8a01-4f32-87a5-96da2e31726f,Pamela,Palm, +6df4ac9d-334f-40a8-be92-f57a58d9e594,Edward,Marzano, +e0345c78-d8fa-47d6-a96c-cfeda6dfb0ad,Ermelinda,Decoteau, +b695521b-66de-433a-ab5d-5b4ee8b6bb10,Barbara,Wallace, +c250b201-6f97-48e5-a7fd-72b9f389dfbf,Judith,Hughes, +a42e8b0f-2a41-45c7-bf80-93f1dff1406b,David,Reilly, +c26e9d77-cff8-4fda-8d6a-a1f941d8c50e,Catherine,Johnson, +ecabb768-111a-4877-9649-c3627ef15ee2,Patrick,Moore, +9fa83531-d937-4117-893c-9e7e43519f4d,Jina,Delfino, +323c0cd4-5dc2-4ef5-9152-6bd9fce8d513,Carol,Burgos, +d57f3d58-4536-4720-913e-bec864fb3817,Mary,Cornett, +e182408e-cb0c-4a8b-b4ce-fba491e643bd,Joshua,Velez, +3a02326b-1294-46bf-93a3-4de6943ab37e,Chance,Clark, +72b413ad-6e77-4231-af91-aff3d0211711,James,Williams, +e7661152-2872-4d05-a317-d503618314af,Anthony,Dean, +9ff4449f-43f4-4eae-b840-315b75413b74,Matha,Hiett, +b7e279c1-4dfc-4aa8-b56e-001cbd5135eb,Inez,Farley, +d215453f-5e0a-4963-8f7a-89185d3076ac,Christopher,Bond, +2118c2ae-27eb-4868-b09a-032f81f03b7b,Carolyn,Walters, +6743287d-8f92-47e6-8cf4-b363b771b372,Alicia,Vargas, +6d55e9fc-614f-476e-853a-b70ac492e0e1,William,Cintron, +5f558871-f25c-414b-b687-5290e039360e,Issac,Jones, +f6b100a3-3f41-412e-a650-2f7ffebd180e,Jessica,Kerns, +91efc416-f258-411e-a00b-37b756a381c4,Cynthia,Eddy, +437a4cc1-bf58-4b1d-9661-8a2e8b5882c3,Rachel,Martinez, +db4e519c-7eea-43e6-b31d-297692882830,Brittany,Garner, +7629b8e8-cae8-456a-a0c3-c36c8d2d60d3,Jesse,Garvin, +c7191c7a-dbd0-4051-846d-48ec2453a036,Linh,Finch, +17505dce-97a7-4b0b-82e0-af5d2ebbae7a,Susanne,Smith, +e7c76c0e-bef8-487f-8334-b27b65b055e4,Susan,Martin, +a8139a8f-e4fa-4358-9237-2b2458ef5968,Kathy,Smith, +6dd8d616-4b7e-444a-8faf-f529b5ffff76,Michelle,Huffman, +a7f1083c-989b-415a-9164-769eeda3a8a3,Michael,Saulsbury, +b661f543-0218-4920-8ac1-962eca154f28,Lupe,Brown, +1c59825f-8693-4387-af3c-d9014e3cb1ba,Clay,Howard, diff --git a/roles/training/files/registrar.csv b/roles/training/files/registrar.csv index 90da587..97c7581 100644 --- a/roles/training/files/registrar.csv +++ b/roles/training/files/registrar.csv @@ -1,45 +1,46 @@ -132748071534397754920022673843444928951,,,Austin,,Savage,,,,,,,,,,,,,,,,,,eppn+login:austin.savage@comanage.incommon.training,, -186954416995897054245760122734502925236,,,Raeann,,Chu,,,,,,,,,,,,,,,,,,eppn+login:raeann.chu@comanage.incommon.training,, -234811137165975059720067018874500792158,,,Celia,,Childress,,,,,,,,,,,,,,,,,,eppn+login:celia.childress@comanage.incommon.training,, -107827452807702761791203103427377814913,,,Emma,,Lister,,,,,,,,,,,,,,,,,,eppn+login:emma.lister@comanage.incommon.training,, -129825814482306832783119517900920270831,,,Paul,,Nitta,,,,,,,,,,,,,,,,,,eppn+login:paul.nitta@comanage.incommon.training,, -82615027870469326568361260356426998603,,,Ruby,,Collier,,,,,,,,,,,,,,,,,,eppn+login:ruby.collier@comanage.incommon.training,, -98190938217164110872407778232584025179,,,Andrew,,Williams,,,,,,,,,,,,,,,,,,eppn+login:andrew.williams@comanage.incommon.training,, -328815086932524017392210158682971856891,,,Colleen,,McCaffrey,,,,,,,,,,,,,,,,,,eppn+login:colleen.mccaffrey@comanage.incommon.training,, -220479725798527189234083099895701559458,,,Cynthia,,Herman,,,,,,,,,,,,,,,,,,eppn+login:cynthia.herman@comanage.incommon.training,, -279151494256898456434459311435686499082,,,Jessica,,Martinez,,,,,,,,,,,,,,,,,,eppn+login:jessica.martinez@comanage.incommon.training,, -214763209246588698462551464796355370255,,,Dianne,,Dysart,,,,,,,,,,,,,,,,,,eppn+login:dianne.dysart@comanage.incommon.training,, -184262837325966988975946551084772413394,,,Sharron,,Ebling,,,,,,,,,,,,,,,,,,eppn+login:sharron.ebling@comanage.incommon.training,, -254727994034585319667716071169511523650,,,Alice,,Schalk,,,,,,,,,,,,,,,,,,eppn+login:alice.schalk@comanage.incommon.training,, -298568081115438296944973855678013237541,,,Philip,,Nestor,,,,,,,,,,,,,,,,,,eppn+login:philip.nestor@comanage.incommon.training,, -207267966862832313153389032705933064023,,,Carla,,Branch,,,,,,,,,,,,,,,,,,eppn+login:carla.branch@comanage.incommon.training,, -149333902873783161192481342169882303973,,,Patrick,,Cole,,,,,,,,,,,,,,,,,,eppn+login:patrick.cole@comanage.incommon.training,, -165215344132691795688185192043357730584,,,Janice,,Gee,,,,,,,,,,,,,,,,,,eppn+login:janice.gee@comanage.incommon.training,, -311356921930659706867427375585999813314,,,Jesse,,Goff,,,,,,,,,,,,,,,,,,eppn+login:jesse.goff@comanage.incommon.training,, -269973704579715580565909994224723165505,,,Clifford,,Brice,,,,,,,,,,,,,,,,,,eppn+login:clifford.brice@comanage.incommon.training,, -176587524970886847172468511596342683229,,,Patricia,,Holmes,,,,,,,,,,,,,,,,,,eppn+login:patricia.holmes@comanage.incommon.training,, -244471078826759302097759899138164866150,,,Corrine,,Martin,,,,,,,,,,,,,,,,,,eppn+login:corrine.martin@comanage.incommon.training,, -300528073953625153560186976874073834025,,,Gladys,,Bryant,,,,,,,,,,,,,,,,,,eppn+login:gladys.bryant@comanage.incommon.training,, -286730770008577281607593506132923981795,,,Johnny,,Willis,,,,,,,,,,,,,,,,,,eppn+login:johnny.willis@comanage.incommon.training,, -323160483591231223314722503812078417195,,,Jeremy,,Fisher,,,,,,,,,,,,,,,,,,eppn+login:jeremy.fisher@comanage.incommon.training,, -146014419312879501433659141966731736543,,,Betty,,White,,,,,,,,,,,,,,,,,,eppn+login:betty.white@comanage.incommon.training,, -331920966485375959736499860242485672757,,,Thomas,,Stubbs,,,,,,,,,,,,,,,,,,eppn+login:thomas.stubbs@comanage.incommon.training,, -138977541110944060198763623559670291847,,,Steven,,Porter,,,,,,,,,,,,,,,,,,eppn+login:steven.porter@comanage.incommon.training,, -109441174844666586004491027608330101033,,,Gwen,,Mendoza,,,,,,,,,,,,,,,,,,eppn+login:gwen.mendoza@comanage.incommon.training,, -337922420952113480667295635761612195756,,,Randy,,Long,,,,,,,,,,,,,,,,,,eppn+login:randy.long@comanage.incommon.training,, -241907150243421029646289162621165832150,,,Brock,,Lemaire,,,,,,,,,,,,,,,,,,eppn+login:brock.lemaire@comanage.incommon.training,, -54383004410079136251494994575391380104,,,Jack,,McLeod,,,,,,,,,,,,,,,,,,eppn+login:jack.mcleod@comanage.incommon.training,, -93694260717283089221516980233153584509,,,Paul,,Guitierrez,,,,,,,,,,,,,,,,,,eppn+login:paul.guitierrez@comanage.incommon.training,, -58127414624285465420294427343761192630,,,Ella,,Stevenson,,,,,,,,,,,,,,,,,,eppn+login:ella.stevenson@comanage.incommon.training,, -84069047373847003501652080921242663451,,,Mary,,Gilbert,,,,,,,,,,,,,,,,,,eppn+login:mary.gilbert@comanage.incommon.training,, -273280318300578977120991937790468760308,,,Salvador,,Villa,,,,,,,,,,,,,,,,,,eppn+login:salvador.villa@comanage.incommon.training,, -66586353721959828609998174823626800135,,,Brian,,Wolford,,,,,,,,,,,,,,,,,,eppn+login:brian.wolford@comanage.incommon.training,, -333660162838557880384557977904197193183,,,Robert,,Brannen,,,,,,,,,,,,,,,,,,eppn+login:robert.brannen@comanage.incommon.training,, -233132799040715876525290039221594249900,,,Mary,,Lee,,,,,,,,,,,,,,,,,,eppn+login:mary.lee@comanage.incommon.training,, -302535670179963912483751457726258337561,,,Susan,,McCray,,,,,,,,,,,,,,,,,,eppn+login:susan.mccray@comanage.incommon.training,, -24767658709010092766545926960549559212,,,Amanda,,Alcala,,,,,,,,,,,,,,,,,,eppn+login:amanda.alcala@comanage.incommon.training,, -84565368334075897350570372081317094732,,,Gloria,,Chipman,,,,,,,,,,,,,,,,,,eppn+login:gloria.chipman@comanage.incommon.training,, -298408199220202798049484999192380228673,,,Jamika,,French,,,,,,,,,,,,,,,,,,eppn+login:jamika.french@comanage.incommon.training,, -13649583839353414205537292908924253500,,,Linda,,Goodman,,,,,,,,,,,,,,,,,,eppn+login:linda.goodman@comanage.incommon.training,, -294869772329081278110037321403866253962,,,Lilly,,Wasser,,,,,,,,,,,,,,,,,,eppn+login:lilly.wasser@comanage.incommon.training,, -282793442442850315227168896135336994027,,,Gregory,,Carlisle,,,,,,,,,,,,,,,,,,eppn+login:gregory.carlisle@comanage.incommon.training,, +SORID,Name.given.official,Name.family.official,Identifier.identifier.eppn+login +132748071534397754920022673843444928951,Austin,Savage,austin.savage@comanage.incommon.training, +186954416995897054245760122734502925236,Raeann,Chu,raeann.chu@comanage.incommon.training, +234811137165975059720067018874500792158,Celia,Childress,celia.childress@comanage.incommon.training, +107827452807702761791203103427377814913,Emma,Lister,emma.lister@comanage.incommon.training, +129825814482306832783119517900920270831,Paul,Nitta,paul.nitta@comanage.incommon.training, +82615027870469326568361260356426998603,Ruby,Collier,ruby.collier@comanage.incommon.training, +98190938217164110872407778232584025179,Andrew,Williams,andrew.williams@comanage.incommon.training, +328815086932524017392210158682971856891,Colleen,McCaffrey,colleen.mccaffrey@comanage.incommon.training, +220479725798527189234083099895701559458,Cynthia,Herman,cynthia.herman@comanage.incommon.training, +279151494256898456434459311435686499082,Jessica,Martinez,jessica.martinez@comanage.incommon.training, +214763209246588698462551464796355370255,Dianne,Dysart,dianne.dysart@comanage.incommon.training, +184262837325966988975946551084772413394,Sharron,Ebling,sharron.ebling@comanage.incommon.training, +254727994034585319667716071169511523650,Alice,Schalk,alice.schalk@comanage.incommon.training, +298568081115438296944973855678013237541,Philip,Nestor,philip.nestor@comanage.incommon.training, +207267966862832313153389032705933064023,Carla,Branch,carla.branch@comanage.incommon.training, +149333902873783161192481342169882303973,Patrick,Cole,patrick.cole@comanage.incommon.training, +165215344132691795688185192043357730584,Janice,Gee,janice.gee@comanage.incommon.training, +311356921930659706867427375585999813314,Jesse,Goff,jesse.goff@comanage.incommon.training, +269973704579715580565909994224723165505,Clifford,Brice,clifford.brice@comanage.incommon.training, +176587524970886847172468511596342683229,Patricia,Holmes,patricia.holmes@comanage.incommon.training, +244471078826759302097759899138164866150,Corrine,Martin,corrine.martin@comanage.incommon.training, +300528073953625153560186976874073834025,Gladys,Bryant,gladys.bryant@comanage.incommon.training, +286730770008577281607593506132923981795,Johnny,Willis,johnny.willis@comanage.incommon.training, +323160483591231223314722503812078417195,Jeremy,Fisher,jeremy.fisher@comanage.incommon.training, +146014419312879501433659141966731736543,Betty,White,betty.white@comanage.incommon.training, +331920966485375959736499860242485672757,Thomas,Stubbs,thomas.stubbs@comanage.incommon.training, +138977541110944060198763623559670291847,Steven,Porter,steven.porter@comanage.incommon.training, +109441174844666586004491027608330101033,Gwen,Mendoza,gwen.mendoza@comanage.incommon.training, +337922420952113480667295635761612195756,Randy,Long,randy.long@comanage.incommon.training, +241907150243421029646289162621165832150,Brock,Lemaire,brock.lemaire@comanage.incommon.training, +54383004410079136251494994575391380104,Jack,McLeod,jack.mcleod@comanage.incommon.training, +93694260717283089221516980233153584509,Paul,Guitierrez,paul.guitierrez@comanage.incommon.training, +58127414624285465420294427343761192630,Ella,Stevenson,ella.stevenson@comanage.incommon.training, +84069047373847003501652080921242663451,Mary,Gilbert,mary.gilbert@comanage.incommon.training, +273280318300578977120991937790468760308,Salvador,Villa,salvador.villa@comanage.incommon.training, +66586353721959828609998174823626800135,Brian,Wolford,brian.wolford@comanage.incommon.training, +333660162838557880384557977904197193183,Robert,Brannen,robert.brannen@comanage.incommon.training, +233132799040715876525290039221594249900,Mary,Lee,mary.lee@comanage.incommon.training, +302535670179963912483751457726258337561,Susan,McCray,susan.mccray@comanage.incommon.training, +24767658709010092766545926960549559212,Amanda,Alcala,amanda.alcala@comanage.incommon.training, +84565368334075897350570372081317094732,Gloria,Chipman,gloria.chipman@comanage.incommon.training, +298408199220202798049484999192380228673,Jamika,French,jamika.french@comanage.incommon.training, +13649583839353414205537292908924253500,Linda,Goodman,linda.goodman@comanage.incommon.training, +294869772329081278110037321403866253962,Lilly,Wasser,lilly.wasser@comanage.incommon.training, +282793442442850315227168896135336994027,Gregory,Carlisle,gregory.carlisle@comanage.incommon.training, diff --git a/roles/training/tasks/main.yml b/roles/training/tasks/main.yml index 9248c0e..f960d8b 100644 --- a/roles/training/tasks/main.yml +++ b/roles/training/tasks/main.yml @@ -173,3 +173,14 @@ mode: '0644' tags: - update_csv + + - name: Copy crontab file + copy: + src: crontab + dest: /srv/docker/srv/comanage-registry/local/crontab + owner: root + group: root + mode: '0644' + tags: + - update_crontab +