Release (23.08.2024)

README.md

@@ -1668,8 +1668,8 @@ Role Variables
 
 - `configure_saml_single_server_external_hostname`(string): The external hostname that is used to talk to the system.
 - `configure_saml_single_server_domain_name`(string): The systems domain name.
-- `configure_saml_single_admin_user_name`(string): The UCS administrator's user name, defaults to "Administrator". This variable only is used when joining a backup server. Changing this will NOT change the UCS admin user name, it will only break the backup join scenario.
-- `configure_saml_single_temp_file`(map): Tempfile object where univention app password is stored.
+- `configure_saml_single_server_admin_user_name`(string): The UCS administrator's user name, defaults to "Administrator". This variable only is used when joining a backup server. Changing this will NOT change the UCS admin user name, it will only break the backup join scenario.
+- `configure_saml_single_server_temp_file`(map): Tempfile object where univention app password is stored.
 - `configure_saml_single_server_type`(string): Which type of UCS server to set up. The possible options are `master`and `backup`. If `backup` is chosen the following variable also has to be set; default: `"master"`.
 - `configure_saml_single_server_basedn`(string): The LDAP base dn.
 - `configure_saml_single_server_remove_default_saml_provider`(bool): When set to `true` all builtin SAML provider will be removed; default: `true`.

roles/configure_saml_single_server/README.md

@@ -14,8 +14,8 @@ Role Variables
 
 - `configure_saml_single_server_external_hostname`(string): The external hostname that is used to talk to the system.
 - `configure_saml_single_server_domain_name`(string): The systems domain name.
-- `configure_saml_single_admin_user_name`(string): The UCS administrator's user name, defaults to "Administrator". This variable only is used when joining a backup server. Changing this will NOT change the UCS admin user name, it will only break the backup join scenario.
-- `configure_saml_single_temp_file`(map): Tempfile object where univention app password is stored.
+- `configure_saml_single_server_admin_user_name`(string): The UCS administrator's user name, defaults to "Administrator". This variable only is used when joining a backup server. Changing this will NOT change the UCS admin user name, it will only break the backup join scenario.
+- `configure_saml_single_server_temp_file`(map): Tempfile object where univention app password is stored.
 - `configure_saml_single_server_type`(string): Which type of UCS server to set up. The possible options are `master`and `backup`. If `backup` is chosen the following variable also has to be set; default: `"master"`.
 - `configure_saml_single_server_basedn`(string): The LDAP base dn.
 - `configure_saml_single_server_remove_default_saml_provider`(bool): When set to `true` all builtin SAML provider will be removed; default: `true`.

roles/configure_saml_single_server/defaults/main.yml

@@ -1,8 +1,8 @@
 ---
 
 configure_saml_single_server_external_hostname: ""
-configure_saml_single_admin_user_name: ""
-configure_saml_single_temp_file: {}
+configure_saml_single_server_admin_user_name: ""
+configure_saml_single_server_temp_file: {}
 configure_saml_single_server_type: "master"
 configure_saml_single_server_basedn: ""
 configure_saml_single_server_remove_default_saml_provider: true

roles/configure_saml_single_server/tasks/main.yml

@@ -22,7 +22,7 @@
     udm computers/ipmanagedclient create \
       --position "cn=computers,{{ configure_saml_single_server_basedn }}" \
       --set dnsEntryZoneForward="zoneName={{ configure_saml_single_server_domain_name }},cn=dns,{{ configure_saml_single_server_basedn }}" \
-      --set name={{ configure_saml_single_server_domain_prefix|default("portal") }} \
+      --set name={{ configure_saml_single_server_domain_prefix | default("portal") }} \
       --set ip={{ configure_saml_single_server_external_loadbalancer_ip }} \
       --set domain={{ configure_saml_single_server_domain_name }} \
       --ignore_exists
@@ -45,12 +45,14 @@
     - "configure_saml_single_server_ipmanagedclients"
 
 - name: "configure_saml_single_server | Run Univention SAML join script"
+  # yamllint disable rule:line-length
   ansible.builtin.command: >
     univention-run-join-scripts --force
     {% if configure_saml_single_server_type == "backup" %}
-    -dcaccount "{{ configure_saml_single_admin_user_name }}" -dcpwd "{{ configure_saml_single_temp_file.path }}"
+    -dcaccount "{{ configure_saml_single_server_admin_user_name }}" -dcpwd "{{ configure_saml_single_server_temp_file.path }}"
     {% endif %}
     --run-scripts 91univention-saml.inst
+  # yamllint enable rule:line-length
   changed_when: false
   tags:
     - "configure_saml_single_server"
@@ -88,18 +90,33 @@
     - "configure_saml_single_server_idp_ucr_variable"
 
 - name: "configure_saml_single_server | Run Univention management console join script"
+  # yamllint disable rule:line-length
   ansible.builtin.command: >
     univention-run-join-scripts --force
     {% if configure_saml_single_server_type == "backup" %}
-    -dcaccount "{{ configure_saml_single_admin_user_name }}" -dcpwd "{{ configure_saml_single_temp_file.path }}"
+    -dcaccount "{{ configure_saml_single_server_admin_user_name }}" -dcpwd "{{ configure_saml_single_server_temp_file.path }}"
     {% endif %}
     --run-scripts 92univention-management-console-web-server.inst
+  # yamllint enable rule:line-length
   changed_when: false
   tags:
     - "configure_saml_single_server"
     - "configure_saml_single_server_management_console_script"
 
-- name: "configure_saml_single_server | Remove default SAML provider"
+- name: "configure_saml_single_server | Dump SAML provider"
+  ansible.builtin.command:
+    argv:
+      - "udm"
+      - "saml/serviceprovider"
+      - "list"
+  register: "configure_saml_single_server_list_saml_provider_result"
+  changed_when: false
+  tags:
+    - "configure_saml_single_server"
+    - "configure_saml_single_server_list_saml_provider"
+    - "configure_saml_single_server_remove_default_saml_provider"
+
+- name: "configure_saml_single_server | Remove default SAML provider if they exists"
   ansible.builtin.command:
     argv:
       - "udm"
@@ -123,9 +140,10 @@
     loop_var: "configure_saml_single_server_item"
   when:
     - "configure_saml_single_server_basedn is defined"
-    - "configure_saml_single_server_basedn|length > 0"
+    - "configure_saml_single_server_basedn | length > 0"
     - "configure_saml_single_server_remove_default_saml_provider is defined"
-    - "configure_saml_single_server_remove_default_saml_provider|bool"
+    - "configure_saml_single_server_remove_default_saml_provider | bool"
+    - "configure_saml_single_server_item in configure_saml_single_server_list_saml_provider_result.stdout"
   tags:
     - "configure_saml_single_server"
     - "configure_saml_single_server_remove_default_saml_provider"