Created
December 5, 2013 23:22
-
-
Save tdonohue/7815940 to your computer and use it in GitHub Desktop.
My Apache mod_shib sample setup for DSpaceDirect (using mod_proxy to redirect to Tomcat via port 8009).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## WARNING THIS IS NOT YET IN PRODUCTION. IT SEEMS TO WORK IN TESTING THOUGH | |
<VirtualHost *:80> | |
ServerName test.dspacedirect.org | |
## Logging Settings ## | |
ErrorLog ${APACHE_LOG_DIR}/test.dspacedirect.org-error.log | |
CustomLog ${APACHE_LOG_DIR}/test.dspacedirect.org-access.log combined | |
# Possible values include: debug, info, notice, warn, error, crit, | |
# alert, emerg. | |
LogLevel warn | |
# As long as Shibboleth module is installed, enable all Shibboleth related settings | |
<IfModule mod_shib> | |
# Turn on Shibboleth "Lazy Session" | |
# This ensures that users can access DSpace content without authenticating | |
# via Shib. It also ensures that once they have authenticated with Shib | |
# (by accessing /Shibboleth.sso/Login path), then their session is kept alive | |
<Location /> | |
AuthType shibboleth | |
ShibRequireSession Off | |
require shibboleth | |
</Location> | |
# If the user attempts to access the DSpace shibboleth login page, force | |
# them to authenticate via Shibboleth | |
<Location "/shibboleth-login"> | |
AuthType shibboleth | |
ShibRequireSession On | |
ShibUseHeaders On | |
require valid-user | |
</Location> | |
# Ensure /Shibboleth.sso path can be accessed (by default is it inaccessible due to our tight security) | |
<Location "/Shibboleth.sso"> | |
Order deny,allow | |
Allow from all | |
# Ensure shibboleth responds to this path | |
SetHandler shib | |
</Location> | |
# Finally, do not redirect requests to Shibboleth (these should be handled by mod_shib instead) | |
ProxyPass /Shibboleth.sso ! | |
</IfModule> | |
## Proxy / Forwarding Settings ## | |
<Proxy *> | |
AddDefaultCharset Off | |
Order deny,allow | |
Allow from all | |
</Proxy> | |
# Pass all requests to Tomcat's AJP Connector | |
ProxyPass / ajp://localhost:8200/ | |
</VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment