projects
/
cascardo
/
ipsilon.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Require SSL on SP when using --saml-secure-setup
[cascardo/ipsilon.git]
/
templates
/
install
/
saml2
/
sp.conf
diff --git
a/templates/install/saml2/sp.conf
b/templates/install/saml2/sp.conf
index
73e6417
..
d7872cc
100644
(file)
--- a/
templates/install/saml2/sp.conf
+++ b/
templates/install/saml2/sp.conf
@@
-8,8
+8,9
@@
MellonIdPMetadataFile "${saml_idp_meta}"
MellonEndpointPath ${saml_sp}
MellonVariable "saml-sesion-cookie"
MellonIdPMetadataFile "${saml_idp_meta}"
MellonEndpointPath ${saml_sp}
MellonVariable "saml-sesion-cookie"
- # Comment out the next
line
if you want to allow logins on bare HTTP
+ # Comment out the next
two lines
if you want to allow logins on bare HTTP
MellonsecureCookie ${saml_secure_on}
MellonsecureCookie ${saml_secure_on}
+ ${ssl_require}SSLRequireSSL
MellonUser "NAME_ID"
MellonIdP "IDP"
MellonSessionLength 3600
MellonUser "NAME_ID"
MellonIdP "IDP"
MellonSessionLength 3600
@@
-26,3
+27,8
@@
${sp}<Directory /usr/share/ipsilon/ui/saml2sp>
${sp} SSLRequireSSL
${sp} Require all granted
${sp}</Directory>
${sp} SSLRequireSSL
${sp} Require all granted
${sp}</Directory>
+
+# Redirect requests to the secure port
+${ssl_rewrite}RewriteEngine on
+${ssl_rewrite}RewriteCond %{SERVER_PORT} !^443$$
+${ssl_rewrite}RewriteRule ^${saml_base}(.*) https://${sp_hostname}${saml_base}$$1 [L,R=301,NC]