From 93123912ba59c183ceb5897e1124c0127830f5ca Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 21 Feb 2022 23:58:16 +0100
Subject: [PATCH] add script to generate cert

---
 .gitignore         | 2 ++
 mkcert.sh          | 5 +++++
 pkg/server/root.go | 1 +
 3 files changed, 8 insertions(+)
 create mode 100644 .gitignore
 create mode 100755 mkcert.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b939b37
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+saml-sp.key
+saml-sp.pem
diff --git a/mkcert.sh b/mkcert.sh
new file mode 100755
index 0000000..d35ddbe
--- /dev/null
+++ b/mkcert.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
+  -keyout saml-sp.key -out saml-sp.pem -subj "/CN=localhost"
+export SP_SSL_CERT=./saml-sp.pem
+export SP_SSL_KEY=./saml-sp.key
diff --git a/pkg/server/root.go b/pkg/server/root.go
index c00c632..0a288d8 100644
--- a/pkg/server/root.go
+++ b/pkg/server/root.go
@@ -114,6 +114,7 @@ func RunServer() {
 	server.l.Infof("ACS URL is '%s'", samlSP.ServiceProvider.AcsURL.String())
 
 	if _, set := os.LookupEnv("SP_SSL_CERT"); set {
+		server.l.Info("SSL enabled")
 		// SP_SSL_CERT set, so we run SSL mode
 		err := http.ListenAndServeTLS(listen, os.Getenv("SP_SSL_CERT"), os.Getenv("SP_SSL_KEY"), server.logRequest(server.h))
 		if err != nil {