projects / cascardo / ipsilon.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allow SP installation to be on non-standard ports
[cascardo/ipsilon.git] / templates / install / saml2 / sp.conf
diff --git a/templates/install/saml2/sp.conf b/templates/install/saml2/sp.conf
index 73e6417..a7adaf9 100644 (file)
--- a/templates/install/saml2/sp.conf
+++ b/templates/install/saml2/sp.conf
@@ -8,8 +8,9 @@
     MellonIdPMetadataFile "${saml_idp_meta}"
     MellonEndpointPath ${saml_sp}
     MellonVariable "saml-sesion-cookie"
-    # Comment out the next line if you want to allow logins on bare HTTP
+    # Comment out the next two lines if you want to allow logins on bare HTTP
     MellonsecureCookie ${saml_secure_on}
+    ${ssl_require}SSLRequireSSL
     MellonUser "NAME_ID"
     MellonIdP "IDP"
     MellonSessionLength 3600
@@ -26,3 +27,8 @@ ${sp}<Directory /usr/share/ipsilon/ui/saml2sp>
 ${sp}    SSLRequireSSL
 ${sp}    Require all granted
 ${sp}</Directory>
+
+# Redirect requests to the secure port
+${ssl_rewrite}RewriteEngine on
+${ssl_rewrite}RewriteCond %{SERVER_PORT} !^${ssl_port}$$
+${ssl_rewrite}RewriteRule ^${saml_base}(.*) https://${sp_hostname}${sp_port}${saml_base}$$1 [L,R=301,NC]
Unnamed repository; edit this file 'description' to name the repository.