1 # ADD THIS TO THE END OF YOUR APACHE'S HTTPD.CONF
8 # Load the Resource Manager and SHIRE modules.
9 # Note that ORDER MATTERS! Apache runs the modules in the
10 # _reverse_ order that modules were loaded. The RM module
11 # depends on the Shire module, so you need this load-order
12 # to make sure they are run properly.
14 # If you see log messages about "NOOP" configurations, then you
15 # have messed this up.
17 LoadModule shibrm_module /opt/shibboleth/libexec/mod_shibrm.so
18 LoadModule shire_module /opt/shibboleth/libexec/mod_shire.so
21 # Global SHIRE Configuration
22 # This is the INI file that contains all the global, non-apache-specific
23 # configuration. Look at this file for most of your configuration
26 SHIREConfig /opt/shibboleth/etc/shibboleth/shibboleth.ini
29 # The SHIRE POST processor URL
30 # Most of the time, this should be a path only, so that the schema,
31 # host, and port will determined dynamically in each virtual host. If
32 # for some reason the dynamically derived URL is not appropriate, a
33 # complete URL can be used, and may be set per-vhost explicitly:
34 # SHIREURL https://<server-name>/SHIRE
36 # The SHIREURL and subsequent "Location" handler must match.
40 SetHandler shib-shire-post
44 # Configure a test directory
46 # You need _at least_ a "require" option for Shib to take effect for this
47 # directory. You can either set the AuthType to "shibboleth", or you can
48 # turn on ShibBasicHijack. For Shib, valid-user is a somewhat vague concept
49 # and only means that a trusted origin site has authenticated the user, but
50 # doesn't mean that any attributes were received.
54 require affiliation ~ ^member@.+$
57 # Per-directory SHIRE Configuration
60 #ShibAuthLifetime 14400
65 #ShibExportAssertion On