X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=configs%2Fapache.config.in;h=7c4839776e12349dc2ca76b206cf20438fe2a936;hb=9bdf5cfc3d2104cabea5b151bef3e9cd3bc5bd95;hp=380683da72935ddec946ba5f3824ee444cf44600;hpb=f154bda27c853a228fbd2ec7e80bb9d87429c16b;p=shibboleth%2Fcpp-sp.git
diff --git a/configs/apache.config.in b/configs/apache.config.in
index 380683d..7c48397 100644
--- a/configs/apache.config.in
+++ b/configs/apache.config.in
@@ -1,33 +1,56 @@
-# ADD THIS TO THE END OF YOUR APACHE'S HTTPD.CONF
+# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
-######
-## SHIB Config
-######
+# RPM installations on platforms with a conf.d directory will
+# result in this file being copied into that directory for you
+# and preserved across upgrades.
+
+# For non-RPM installs, you should copy the relevant contents of
+# this file to a configuration location you control.
#
# Load the Shibboleth module.
#
-LoadModule shire_module @-LIBEXECDIR-@/mod_shire.so
+LoadModule mod_shib @-PKGLIBDIR-@/mod_shib_13.so
+
+#
+# An Apache handler needs to be established for the "handler" location.
+# This applies the handler to any requests for a resource with a ".sso"
+# extension.
+#
+
+ SetHandler shib-handler
+
+
+#
+# Ensures handler will be accessible.
+#
+
+ Satisfy Any
+ Allow from all
+
#
-# Global Configuration
-# This is the XML file that contains all the global, non-apache-specific
-# configuration. Look at this file for most of your configuration parameters.
+# Used for example style sheet in error templates.
#
-ShibSchemaDir @-PKGSYSCONFDIR-@
-ShibConfig @-PKGSYSCONFDIR-@/shibboleth.xml
+
+ Alias /shibboleth-sp/main.css @-PKGWEBDIR-@/main.css
+
+ Satisfy Any
+ Allow from all
+
+
#
-# Configure the module for content
+# Configure the module for content.
#
-# You can now do most of this in shibboleth.xml using the RequestMap
-# but you MUST enable AuthType shibboleth for the module to process
-# any requests, and there MUST be a require command as well.
-# You can even turn on require valid-user at the root, and then override
-# as needed. This will not actually force a user session unless
-# you tell it to require one. See the documentation for details.
+# You MUST enable AuthType shibboleth for the module to process
+# any requests, and there MUST be a require command as well. To
+# enable Shibboleth but not specify any session/access requirements
+# use "require shibboleth".
#
AuthType shibboleth
- require valid-user
+ ShibCompatWith24 On
+ ShibRequestSetting requireSession 1
+ require shib-session