...
Code Block |
---|
<VirtualHost _default_:443>
ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log vhost_combined
ServerName powerfolder.organization.net
ServerAdmin support@organization.net
DocumentRoot "/var/www/default"
# Set strict transport security: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Header always set Strict-Transport-Security "max-age=31536000;"
SSLEngine on
SSLCertificateFile /etc/ssl/certs/powerfolder.organization.net.pem
SSLCertificateKeyFile /etc/ssl/private/powerfolder.organization.net.key
RewriteEngine On
<Location /login/shibboleth>
AuthType shibboleth
ShibRequestSetting requireSession 1
<RequireAll>
Require valid-user
Require shib-attr entitlement ~ http://idm.org/entitlement/organization-PowerFolder http://powerfolder.organization.net/entitlement/DFN-Cloud
</RequireAll>
</Location>
<Location /Shibboleth.sso>
satisfy Any
</Location>
<Proxy balancer://pfcluster>
BalancerMember http://pf01.organization.net:8080 route=nodeID01
BalancerMember http://pf02.organization.net:8080 route=nodeID02
BalancerMember http://pf03.organization.net:8080 route=nodeID03
ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness
</Proxy>
ProxyPass /rpc balancer://pfcluster/rpc nocanon
ProxyPass /rpc !
ProxyPass /eds !
ProxyPass /Shibboleth.sso !
ProxyPass / balancer://pfcluster/ nocanon
# Shibboleth-Attribute mapping to HTTP Headers for delivery to PF Server
# Source: https://wiki.powerfolder.com/display/EDUDE/Shibboleth
RequestHeader set HTTP_Shib-Session-ID %{HTTP_Shib-Session-ID}e env=HTTP_Shib-Session-ID
RequestHeader set HTTP_Shib-Session-ID "" env=!HTTP_Shib-Session-ID
RequestHeader set HTTP_persistent-id %{HTTP_persistent-id}e env=HTTP_persistent-id
RequestHeader set HTTP_persistent-id "" env=!HTTP_persistent-id
RequestHeader set HTTP_uniqueID %{HTTP_uniqueID}e env=HTTP_uniqueID
RequestHeader set HTTP_uniqueID "" env=!HTTP_uniqueID
RequestHeader set HTTP_pairwise-id %{HTTP_pairwise-id}e env=HTTP_pairwise-id
RequestHeader set HTTP_pairwise-id "" env=!HTTP_upairwise-id
RequestHeader set HTTP_eduPersonPrincipalName %{HTTP_eduPersonPrincipalName}e env=HTTP_eduPersonPrincipalName
RequestHeader set HTTP_eduPersonPrincipalName "" env=!HTTP_eduPersonPrincipalName
RequestHeader set HTTP_eppn %{HTTP_eppn}e env=HTTP_eppn
RequestHeader set HTTP_eppn "" env=!HTTP_eppn
RequestHeader set HTTP_EPPN %{HTTP_EPPN}e env=HTTP_EPPN
RequestHeader set HTTP_EPPN "" env=!HTTP_EPPN
RequestHeader set HTTP_mail %{HTTP_mail}e env=HTTP_mail
RequestHeader set HTTP_mail "" env=!HTTP_mail
RequestHeader set HTTP_email %{HTTP_email}e env=HTTP_email
RequestHeader set HTTP_email "" env=!HTTP_email
RequestHeader set HTTP_givenName %{HTTP_givenName}e env=HTTP_givenName
RequestHeader set HTTP_givenName "" env=!HTTP_givenName
RequestHeader set HTTP_sn %{HTTP_sn}e env=HTTP_sn
RequestHeader set HTTP_sn "" env=!HTTP_sn
RequestHeader set HTTP_surname %{HTTP_surname}e env=HTTP_surname
RequestHeader set HTTP_surname "" env=!HTTP_surname
RequestHeader set HTTP_affiliation %{HTTP_affiliation}e env=HTTP_affiliation
RequestHeader set HTTP_affiliation "" env=!HTTP_affiliation
RequestHeader set HTTP_eduPersonScopedAffiliation %{HTTP_eduPersonScopedAffiliation}e env=HTTP_eduPersonScopedAffiliation
RequestHeader set HTTP_eduPersonScopedAffiliation "" env=!HTTP_eduPersonScopedAffiliation
RequestHeader set HTTP_entitlement %{HTTP_entitlement}e env=HTTP_entitlement
RequestHeader set HTTP_entitlement "" env=!HTTP_entitlement
RequestHeader set HTTP_eduPersonEntitlement %{HTTP_eduPersonEntitlement}e env=HTTP_eduPersonEntitlement
RequestHeader set HTTP_eduPersonEntitlement "" env=!HTTP_eduPersonEntitlement
# Organization attribute. Must match entry 'shibboleth.organizations.attribute' in PowerFolder.config. Default: o
RequestHeader set HTTP_o %{HTTP_o}e env=HTTP_o
RequestHeader set HTTP_o "" env=!HTTP_o
</VirtualHost>
|
...