Update to 2022-03-21 17:00

roles/zabbix_server/templates/saml_metadata.xml.j2

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<EntityDescriptor entityID="{{ zabbix_server_public_url }}" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{ zabbix_server_public_url | regex_replace('/$', '') }}/index_sso.php?acs" index="0" />
+    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ zabbix_server_public_url | regex_replace('/$', '') }}/index_sso.php?sls" />
+    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+    <KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>{{ zabbix_server_saml_sp_cert.stdout }}</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </KeyDescriptor>
+  </SPSSODescriptor>
+  <Organization>
+    <OrganizationName xml:lang="en">{{ ansible_domain }}</OrganizationName>
+    <OrganizationDisplayName xml:lang="en">Zabbix {{ ansible_domain }}</OrganizationDisplayName>
+    <OrganizationURL xml:lang="en">{{ zabbix_server_public_url }}</OrganizationURL>
+  </Organization>
+  <ContactPerson contactType="administrative">
+    <GivenName>System Administrator</GivenName>
+    <EmailAddress>{{ system_admin_email | default('admin@' ~ ansible_domain) }}</EmailAddress>
+  </ContactPerson>
+</EntityDescriptor>

roles/zabbix_server/templates/zabbix.conf.php.j2

@@ -12,4 +12,8 @@ $IMAGE_FORMAT_DEFAULT   = IMAGE_FORMAT_PNG;
 {% if zabbix_server_version.stdout is version('5.0', '>=') %}
 $DB['DOUBLE_IEEE754'] = 'true';
 {% endif %}
+$SSO['SP_KEY']          = '/etc/zabbix/ssl/sp.key';
+$SSO['SP_CERT']         = '/etc/zabbix/ssl/sp.crt';
+$SSO['IDP_CERT']        = '/etc/zabbix/ssl/idp.crt';
+
 ?>