projects / cascardo / ipsilon.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Only initialize the SAML IDP when actually enabled
[cascardo/ipsilon.git] / examples / apache.conf
diff --git a/examples/apache.conf b/examples/apache.conf
index 35693f5..cacbf70 100644 (file)
--- a/examples/apache.conf
+++ b/examples/apache.conf
@@ -1,25 +1,21 @@
 Alias /idp/ui /usr/share/ipsilon/ui
-WSGIScriptAlias /idp /usr/sbin/ipsilon.py
+WSGIScriptAlias /idp /usr/libexec/ipsilon.py
 WSGIDaemonProcess idp maximum-requests=2 user=ipsilon group=ipsilon
 WSGIProcessGroup idp
 
-<Location /idp/login/krb/negotiate>
-  AuthType Kerberos
-  AuthName "Kerberos Login"
-  KrbMethodNegotiate on
-  KrbMethodK5Passwd off
-  KrbServiceName HTTP
-  KrbAuthRealms IPA.DEV.LAN
-  Krb5KeyTab /etc/httpd/conf/http.keytab
-  KrbSaveCredentials off
-  KrbConstrainedDelegation off
-  KrbLocalUserMapping On
+<Location /idp/login/gssapi/negotiate>
+  AuthType GSSAPI
+  AuthName "GSSAPI Single Sign On Login"
+  GssapiCredStore /etc/httpd/conf/http.keytab
+  GssapiSSLonly On
+  GssapiLocalName on
   Require valid-user
 
-  ErrorDocument 401 /idp/login/krb/unauthorized
+  ErrorDocument 401 /idp/login/gssapi/unauthorized
+  ErrorDocument 500 /idp/login/gssapi/failed
 </Location>
 
-<Directory /usr/sbin>
+<Directory /usr/libexec>
     Order allow,deny
     Allow from all
     Require all granted
Unnamed repository; edit this file 'description' to name the repository.