X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=configs%2Fapache.config.in;h=bf7f069bdee6fe47fef901ce9c164b0a4629b269;hb=0f24dfc6f5642609ec000b647044c6fda4805721;hp=a1b6ec29cce4107b086ca46fecee7f551bd1cdf9;hpb=efc1b1b06e6b76ab888623753366782903638213;p=shibboleth%2Fcpp-sp.git
diff --git a/configs/apache.config.in b/configs/apache.config.in
index a1b6ec2..bf7f069 100644
--- a/configs/apache.config.in
+++ b/configs/apache.config.in
@@ -1,66 +1,55 @@
-# ADD THIS TO THE END OF YOUR APACHE'S HTTPD.CONF
+# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
-######
-## SHIB Config
-######
+# RPM installations on platforms with a conf.d directory will
+# result in this file being copied into that directory for you
+# and preserved across upgrades.
+
+# For non-RPM installs, you should copy the relevant contents of
+# this file to a configuration location you control.
#
-# Load the Resource Manager and SHIRE modules.
-# Note that ORDER MATTERS! Apache runs the modules in the
-# _reverse_ order that modules were loaded. The RM module
-# depends on the Shire module, so you need this load-order
-# to make sure they are run properly.
-#
-# If you see log messages about "NOOP" configurations, then you
-# have messed this up.
+# Load the Shibboleth module.
#
-LoadModule shibrm_module /opt/shibboleth/libexec/mod_shibrm.so
-LoadModule shire_module /opt/shibboleth/libexec/mod_shire.so
+LoadModule mod_shib @-PKGLIBDIR-@/mod_shib_13.so
#
-# Global SHIRE Configuration
-# This is the INI file that contains all the global, non-apache-specific
-# configuration. Look at this file for most of your configuration
-# parameters.
+# An Apache handler needs to be established for the "handler" location.
+# This applies the handler to any requests for a resource with a ".sso"
+# extension.
#
-SHIREConfig /opt/shibboleth/etc/shibboleth/shibboleth.ini
+
+ SetHandler shib-handler
+
#
-# The SHIRE POST processor URL
-# Most of the time, this should be a path only, so that the schema,
-# host, and port will determined dynamically in each virtual host. If
-# for some reason the dynamically derived URL is not appropriate, a
-# complete URL can be used, and may be set per-vhost explicitly:
-# SHIREURL https:///SHIRE
+# Ensures handler will be accessible.
#
-# The SHIREURL and subsequent "Location" handler must match.
-#
-SHIREURL /SHIRE
-
- SetHandler shib-shire-post
+
+ Allow from all
+ AuthType None
#
-# Configure a test directory
+# Used for example style sheet in error templates.
+#
+
+ Alias /shibboleth-sp/main.css @-PKGWEBDIR-@/main.css
+
+ Allow from all
+ AuthType None
+
+
+
+#
+# Configure the module for content.
#
-# You need _at least_ a "require" option for Shib to take effect for this
-# directory. You can either set the AuthType to "shibboleth", or you can
-# turn on ShibBasicHijack. For Shib, valid-user is a somewhat vague concept
-# and only means that a trusted origin site has authenticated the user, but
-# doesn't mean that any attributes were received.
+# You MUST enable AuthType shibboleth for the module to process
+# any requests, and there MUST be a require command as well. To
+# enable Shibboleth but not specify any session/access requirements
+# use "require shibboleth".
#
AuthType shibboleth
- require affiliation ~ ^member@.+$
- # require valid-user
-
- # Per-directory SHIRE Configuration
- #ShibBasicHijack On
- #ShibSSLOnly On
- #ShibAuthLifetime 14400
- #ShibAuthTimeout 3600
-
- # RM Configuration
- #AuthGroupFile /foo
- #ShibExportAssertion On
+ ShibRequestSetting requireSession 1
+ require valid-user