-# ADD THIS TO THE END OF YOUR APACHE'S HTTPD.CONF
+# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
-######
-## SHIB Config
-######
+# RPM installations on platforms with a conf.d directory will
+# result in this file being copied into that directory for you
+# and preserved across upgrades.
+
+# For non-RPM installs, you should copy the relevant contents of
+# this file to a configuration location you control.
#
# Load the Shibboleth module.
#
-LoadModule mod_shib @-LIBEXECDIR-@/mod_shib_13.so
+LoadModule mod_shib @-PKGLIBDIR-@/mod_shib_13.so
#
-# Global Configuration
-# This is the XML file that contains all the global, non-apache-specific
-# configuration. Look at this file for most of your configuration parameters.
+# An Apache handler needs to be established for the "handler" location.
+# This applies the handler to any requests for a resource with a ".sso"
+# extension.
#
-ShibSchemaDir @-PKGXMLDIR-@
-ShibConfig @-PKGSYSCONFDIR-@/shibboleth.xml
+<Files *.sso>
+ SetHandler shib-handler
+</Files>
#
-# A handler needs to be established for the SHIRE URL
-# This applies the handler to any documents with a "shire" extension
+# Ensures handler will be accessible.
#
-<Files *.shire>
-SetHandler shib-shire-post
-</Files>
-#
-# Another way of addressing this is to apply Shibboleth
-# globally to the site in "lazy" session mode:
-# <Location />
-# AuthType shibboleth
-# require shibboleth
-# </Location>
+<Location /Shibboleth.sso>
+ Satisfy Any
+ Allow from all
+</Location>
#
-# Used for example logo and style sheet in error templates.
+# Used for example style sheet in error templates.
#
<IfModule mod_alias.c>
- Alias /shibtarget/main.css @-PREFIX-@/doc/shibboleth/main.css
- Alias /shibtarget/logo.jpg @-PREFIX-@/doc/shibboleth/logo.jpg
+ Alias /shibboleth-sp/main.css @-PKGWEBDIR-@/main.css
+ <Location /shibboleth-sp>
+ Satisfy Any
+ Allow from all
+ </Location>
</IfModule>
#
-# Configure the module for content
+# Configure the module for content.
#
-# You can now do most of this in shibboleth.xml using the RequestMap
-# but you MUST enable AuthType shibboleth for the module to process
+# You MUST enable AuthType shibboleth for the module to process
# any requests, and there MUST be a require command as well. To
-# enable Shibboleth but not specify any session/access requirement
-# use "require Shibboleth".
+# enable Shibboleth but not specify any session/access requirements
+# use "require shibboleth".
#
<Location /secure>
AuthType shibboleth
- ShibRequireSession On
- require valid-user
+ ShibCompatWith24 On
+ ShibRequestSetting requireSession 1
+ require shib-session
</Location>