Updating sso class to enable custom 401 for apache env as well

global/overlay/etc/puppet/modules/soc/files/sso/apache-errors.conf

@@ -0,0 +1,8 @@
+Alias /.ssoerror /opt/sso/apache
+<Directory /opt/sso/apache>
+  Satisfy any
+  Allow from all
+  AuthType None
+  Require all granted
+</Directory>
+ErrorDocument 401 /.ssoerror/401.html

global/overlay/etc/puppet/modules/soc/manifests/sso.pp

@@ -29,7 +29,6 @@
 # @param entityID
 #   EntityID of the satosa proxy, must not be the same as the proxy hostname.
 #   Default set to value of proxy.
-
 class soc::sso(
   String            $ssotype            = 'docker',
   String            $hostname           = $facts['networking']['fqdn'],
@@ -50,19 +49,22 @@ class soc::sso(
   Optional[String]  $extra_proxy_conf   = undef,
 ) {
 
+  file { '/opt/sso':
+    ensure => directory,
+  }
+  file { '/opt/sso/apache':
+    ensure => directory,
+  }
+  file { '/opt/sso/apache/ssoerror':
+    ensure => directory,
+  }
+
+  file { '/opt/sso/apache/ssoerror/401.html':
+    ensure  => file,
+    content => file('soc/sso/401.html'),
+  }
+
   if $ssotype == 'docker' {
-    file { '/opt/sso':
-      ensure => directory,
-    }
-
-    #
-    # Apache files
-    #
-
-    file { '/opt/sso/apache':
-      ensure => directory,
-    }
-
     file { '/opt/sso/apache/site.conf':
       ensure  => file,
       content => template('soc/sso/apache-site.conf.erb'),
@@ -76,6 +78,9 @@ class soc::sso(
     }
   }
 
+  if $ssotype == 'apache' {
+  }
+
   file { '/opt/sso/apache/401.html':
     ensure  => file,
     content => file('soc/sso/401.html'),
@@ -99,22 +104,32 @@ class soc::sso(
   #
 
   if $ssotype == 'apache' {
+    $shibbase = '/etc/shibboleth'
+    service { 'apache2':
+      ensure  => 'running',
+      enable  => true,
+      require => Package['apache2'],
+    }
     package { ['libapache2-mod-shib', 'shibboleth-sp-utils']:
       ensure => installed,
     }
-
     exec { 'Make sure mod_shib is loaded':
       command => 'a2enmod shib',
       creates => '/etc/apache2/mods-enabled/shib.load',
     }
-
     exec { 'Make sure authz_groupfile is loaded':
       command => 'a2enmod authz_groupfile',
       creates => '/etc/apache2/mods-enabled/authz_groupfile.load',
     }
-
+    file { '/etc/apache2/conf-available/apache-errors.conf':
-    $shibbase = '/etc/shibboleth'
+      ensure  => file,
-
+      content => file('soc/sso/apache-errors.conf'),
+    }
+    exec { 'Enable custom 401 error document':
+      command => 'a2enconf apache-errors',
+      creates => '/etc/apache2/conf-enabled/apache-errors.conf',
+      notify  => Service['apache2'],
+    }
   } elsif $ssotype == 'docker' {
     $shibbase = '/opt/sso/shibboleth'
 

global/overlay/etc/puppet/modules/soc/templates/sso/docker-compose.yml.erb

@@ -23,7 +23,7 @@ services:
 <% end -%>
       - ./shibboleth/sp-cert.pem:/etc/shibboleth/sp-cert.pem
       - ./shibboleth/sp-key.pem:/etc/shibboleth/sp-key.pem
-      - ./apache/401.html:/var/www/ssoerror/401.html:ro
+      - ./apache/ssoerror/401.html:/var/www/ssoerror/401.html:ro
 <% if @extra_proxy_conf -%>
       - <%= @extra_proxy_conf %>:<%= @extra_proxy_conf %>
 <% end -%>