projects
/
shibboleth
/
cpp-sp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Corrections to SSPCPP-493 change
[shibboleth/cpp-sp.git]
/
configs
/
apache.config.in
diff --git
a/configs/apache.config.in
b/configs/apache.config.in
index
bce4a7e
..
bf7f069
100644
(file)
--- a/
configs/apache.config.in
+++ b/
configs/apache.config.in
@@
-1,11
+1,11
@@
+# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
+
# RPM installations on platforms with a conf.d directory will
# RPM installations on platforms with a conf.d directory will
-# result in this file being copied into that directory for you.
-# For non-RPM installs, you can add this file to your
-# configuration using an Include command in httpd.conf
+# result in this file being copied into that directory for you
+# and preserved across upgrades.
-######
-## SHIB Config
-######
+# For non-RPM installs, you should copy the relevant contents of
+# this file to a configuration location you control.
#
# Load the Shibboleth module.
#
# Load the Shibboleth module.
@@
-18,35
+18,38
@@
LoadModule mod_shib @-PKGLIBDIR-@/mod_shib_13.so
# extension.
#
<Files *.sso>
# extension.
#
<Files *.sso>
-SetHandler shib-handler
+
SetHandler shib-handler
</Files>
</Files>
+
#
#
-#
Another way of addressing this is to apply Shibboleth
-#
globally to the site in "lazy" session mode:
-
# <Location /
>
-# AuthType shibboleth
-# require shibboleth
-
#
</Location>
+#
Ensures handler will be accessible.
+#
+
<Location /Shibboleth.sso
>
+ Allow from all
+ AuthType None
+</Location>
#
#
-# Used for example
logo and
style sheet in error templates.
+# Used for example style sheet in error templates.
#
<IfModule mod_alias.c>
#
<IfModule mod_alias.c>
- Alias /shibboleth-sp/main.css @-PKGDOCDIR-@/main.css
- Alias /shibboleth-sp/logo.jpg @-PKGDOCDIR-@/logo.jpg
+ Alias /shibboleth-sp/main.css @-PKGWEBDIR-@/main.css
+ <Location /shibboleth-sp>
+ Allow from all
+ AuthType None
+ </Location>
</IfModule>
#
</IfModule>
#
-# Configure the module for content
+# Configure the module for content
.
#
#
-# You can now do most of this in shibboleth.xml using the RequestMap
-# but you MUST enable AuthType shibboleth for the module to process
+# You MUST enable AuthType shibboleth for the module to process
# any requests, and there MUST be a require command as well. To
# enable Shibboleth but not specify any session/access requirements
# use "require shibboleth".
#
<Location /secure>
AuthType shibboleth
# any requests, and there MUST be a require command as well. To
# enable Shibboleth but not specify any session/access requirements
# use "require shibboleth".
#
<Location /secure>
AuthType shibboleth
- ShibRequ
ireSession On
+ ShibRequ
estSetting requireSession 1
require valid-user
</Location>
require valid-user
</Location>