-# ADD THIS TO THE END OF YOUR APACHE'S HTTPD.CONF
+# RPM installations on platforms with a conf.d directory will
+# result in this file being copied into that directory for you.
+# For non-RPM installs, you can add this file to your
+# configuration using an Include command in httpd.conf
######
## SHIB Config
#
# Load the Shibboleth module.
#
-LoadModule shire_module @-LIBEXECDIR-@/mod_shire.so
+LoadModule mod_shib @-PKGLIBDIR-@/mod_shib_13.so
#
-# Global Configuration
-# This is the XML file that contains all the global, non-apache-specific
-# configuration. Look at this file for most of your configuration parameters.
+# An Apache handler needs to be established for the "handler" location.
+# This applies the handler to any requests for a resource with a ".sso"
+# extension.
#
-ShibSchemaDir @-PKGSYSCONFDIR-@
-ShibConfig @-PKGSYSCONFDIR-@/shibboleth.xml
+<Files *.sso>
+SetHandler shib-handler
+</Files>
+#
+# Another way of addressing this is to apply Shibboleth
+# globally to the site in "lazy" session mode:
+# <Location />
+# AuthType shibboleth
+# require shibboleth
+# </Location>
+
+#
+# Used for example logo and style sheet in error templates.
+#
+<IfModule mod_alias.c>
+ Alias /shibboleth-sp/main.css @-PKGDOCDIR-@/main.css
+ Alias /shibboleth-sp/logo.jpg @-PKGDOCDIR-@/logo.jpg
+</IfModule>
#
# Configure the module for content
#
# You can now do most of this in shibboleth.xml using the RequestMap
# but you MUST enable AuthType shibboleth for the module to process
-# any requests, and there MUST be a require command as well.
-# You can turn on require valid-user at the root, and then override
-# as needed. This will not actually force a user session unless
-# you require one. See the deploy guide for details.
+# any requests, and there MUST be a require command as well. To
+# enable Shibboleth but not specify any session/access requirements
+# use "require shibboleth".
#
-<Location />
+<Location /secure>
AuthType shibboleth
+ ShibRequireSession On
require valid-user
</Location>