#
# Load the SHIBBOLETH module
#
-LoadModule mod_shib @-LIBEXECDIR-@/mod_shib.so
+LoadModule mod_shib @-PKGLIBDIR-@/mod_shib_20.so
#
# Global Configuration
# This is the XML file that contains all the global, non-apache-specific
# configuration. Look at this file for most of your configuration parameters.
#
-ShibSchemaDir @-PKGSYSCONFDIR-@
-ShibConfig @-PKGSYSCONFDIR-@/shibboleth.xml
+ShibSchemaDir @-XMLDIR-@/xmltooling/catalog.xml:@-XMLDIR-@/opensaml/saml20-catalog.xml:@-XMLDIR-@/opensaml/saml11-catalog.xml:@-XMLDIR-@/shibboleth/catalog.xml
+ShibConfig @-PKGSYSCONFDIR-@/shibboleth2.xml
+
+#
+# Used for example logo and style sheet in error templates.
+#
+<IfModule mod_alias.c>
+ <Location /shibboleth-sp>
+ Allow from all
+ </Location>
+ Alias /shibboleth-sp/main.css @-PKGDOCDIR-@/main.css
+ Alias /shibboleth-sp/logo.jpg @-PKGDOCDIR-@/logo.jpg
+</IfModule>
#
# Configure the module for content
#
# You can now do most of this in shibboleth.xml using the RequestMap
# but you MUST enable AuthType shibboleth for the module to process
-# any requests, and there MUST be a require command as well.
-# You can even turn on require valid-user at the root, and then override
-# as needed. This will not actually force a user session unless
-# you tell it to require one. See the documentation for details.
+# any requests, and there MUST be a require command as well. To
+# enable Shibboleth but not specify any session/access requirements
+# use "require shibboleth".
#
<Location /secure>
AuthType shibboleth
+ ShibRequireSession On
require valid-user
</Location>