+# https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig
+
# RPM installations on platforms with a conf.d directory will
-# result in this file being copied into that directory for you.
-# For non-RPM installs, you can add this file to your
-# configuration using an Include command in httpd.conf
+# result in this file being copied into that directory for you
+# and preserved across upgrades.
-######
-## SHIB Config
-######
+# For non-RPM installs, you should copy the relevant contents of
+# this file to a configuration location you control.
#
# Load the Shibboleth module.
LoadModule mod_shib @-PKGLIBDIR-@/mod_shib_13.so
#
-# Global Configuration
-# This is the XML file that contains all the global, non-apache-specific
-# configuration. Look at this file for most of your configuration parameters.
-#
-ShibSchemaDir @-XMLTOOLINGXMLDIR-@/catalog.xml:@-OPENSAMLXMLDIR-@/saml20-catalog.xml:@-OPENSAMLXMLDIR-@/saml11-catalog.xml:@-PKGXMLDIR-@/catalog.xml
-ShibConfig @-PKGSYSCONFDIR-@/shibboleth2.xml
-
-#
# An Apache handler needs to be established for the "handler" location.
# This applies the handler to any requests for a resource with a ".sso"
# extension.
<Files *.sso>
SetHandler shib-handler
</Files>
-#
+
# Another way of addressing this is to apply Shibboleth
# globally to the site in "lazy" session mode:
# <Location />
</IfModule>
#
-# Configure the module for content
+# Configure the module for content.
#
-# You can now do most of this in shibboleth.xml using the RequestMap
-# but you MUST enable AuthType shibboleth for the module to process
+# You MUST enable AuthType shibboleth for the module to process
# any requests, and there MUST be a require command as well. To
# enable Shibboleth but not specify any session/access requirements
# use "require shibboleth".
#
<Location /secure>
AuthType shibboleth
- ShibRequireSession On
+ ShibRequestSetting requireSession 1
require valid-user
</Location>