X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=templates%2Finstall%2Fsaml2%2Fsp.conf;fp=templates%2Finstall%2Fsaml2%2Fsp.conf;h=d7872ccfe9e23d893fe12bc273d9159c8c2885f1;hp=73e6417fd90d1ea19a36b28a79d78136555f5812;hb=42700be962e245243f10c30a29c41fcda1f3f712;hpb=e0aa4f23846fa9f6bb0fb9eb021e930b035100eb

diff --git a/templates/install/saml2/sp.conf b/templates/install/saml2/sp.conf
index 73e6417..d7872cc 100644
--- a/templates/install/saml2/sp.conf
+++ b/templates/install/saml2/sp.conf
@@ -8,8 +8,9 @@
     MellonIdPMetadataFile "${saml_idp_meta}"
     MellonEndpointPath ${saml_sp}
     MellonVariable "saml-sesion-cookie"
-    # Comment out the next line if you want to allow logins on bare HTTP
+    # Comment out the next two lines if you want to allow logins on bare HTTP
     MellonsecureCookie ${saml_secure_on}
+    ${ssl_require}SSLRequireSSL
     MellonUser "NAME_ID"
     MellonIdP "IDP"
     MellonSessionLength 3600
@@ -26,3 +27,8 @@ ${sp}<Directory /usr/share/ipsilon/ui/saml2sp>
 ${sp}    SSLRequireSSL
 ${sp}    Require all granted
 ${sp}</Directory>
+
+# Redirect requests to the secure port
+${ssl_rewrite}RewriteEngine on
+${ssl_rewrite}RewriteCond %{SERVER_PORT} !^443$$
+${ssl_rewrite}RewriteRule ^${saml_base}(.*) https://${sp_hostname}${saml_base}$$1 [L,R=301,NC]