--- /dev/null
+# ADD THIS TO THE END OF YOUR APACHE'S HTTPD.CONF
+
+######
+## SHIB Config
+######
+
+#
+# Load the Apache Request module and then the SHIBBOLETH module
+# Note that ORDER MATTERS! Apache runs the modules in the
+# _reverse_ order that modules were loaded. The Shib module
+# depends on the Apreq module, so you need this load-order
+# to make sure they are run properly.
+#
+# If you see log messages about missing apreq symbols then you
+# have messed this up.
+#
+LoadModule apreq_module /opt/shibboleth/libexec/mod_apreq.so
+LoadModule mod_shib /opt/shibboleth/libexec/mod_shib.so
+
+#
+# Global SHIRE Configuration
+# This is the INI file that contains all the global, non-apache-specific
+# configuration. Look at this file for most of your configuration
+# parameters.
+#
+SHIBConfig /opt/shibboleth/etc/shibboleth/shibboleth.ini
+
+#
+# Configure a test directory
+#
+# You need _at least_ a "require" option for Shib to take effect for this
+# directory. You can either set the AuthType to "shibboleth", or you can
+# turn on ShibBasicHijack. For Shib, valid-user is a somewhat vague concept
+# and only means that a trusted origin site has authenticated the user, but
+# doesn't mean that any attributes were received.
+#
+<Location /secure>
+ AuthType shibboleth
+ require affiliation ~ ^member@.+$
+ # require valid-user
+
+ # Per-directory SHIRE Configuration
+ #ShibBasicHijack On
+ #ShibSSLOnly On
+ #ShibAuthLifetime 14400
+ #ShibAuthTimeout 3600
+
+ # RM Configuration
+ #DisableRM On
+ #AuthGroupFile /foo
+ #ShibExportAssertion On
+</Location>