templates/install/saml2/sp.conf

   1 # This is a server-wide configuration that will add information from the Mellon
   2 # session to all requests under this path.
   3 <Location ${saml_base}>
   4     MellonEnable "${saml_protect}"
   5     MellonSPPrivateKeyFile "${saml_sp_key}"
   6     MellonSPCertFile "${saml_sp_cert}"
   7     MellonSPMetadataFile "${saml_sp_meta}"
   8     MellonIdPMetadataFile "${saml_idp_meta}"
   9     MellonEndpointPath ${saml_sp}
  10     MellonVariable "saml-sesion-cookie"
  11     # Comment out the next two lines if you want to allow logins on bare HTTP
  12     MellonsecureCookie ${saml_secure_on}
  13     ${ssl_require}SSLRequireSSL
  14     MellonUser "NAME_ID"
  15     MellonIdP "IDP"
  16     MellonSessionLength 3600
  17     # MellonNoCookieErrorPage "https://idp.example.com/no-cookie-error.html"
  18     # MellonPostDirectory "/var/lib/ipsilon/post_cache"
  19     # MellonPostReplay On
  20 </Location>
  21
  22 ${saml_auth}
  23
  24 ${sp}Alias /saml2protected /usr/share/ipsilon/ui/saml2sp
  25 ${sp}
  26 ${sp}<Directory /usr/share/ipsilon/ui/saml2sp>
  27 ${sp}    SSLRequireSSL
  28 ${sp}    Require all granted
  29 ${sp}</Directory>
  30
  31 # Redirect requests to the secure port
  32 ${ssl_rewrite}RewriteEngine on
  33 ${ssl_rewrite}RewriteCond %{SERVER_PORT} !^${ssl_port}$$
  34 ${ssl_rewrite}RewriteRule ^${saml_base}(.*) https://${sp_hostname}${sp_port}${saml_base}$$1 [L,R=301,NC]