Versions Compared

Old Version 40

changes.mady.by.user Ahmad Abdullah

Saved on

compared with

New Version 41

changes.mady.by.user Ahmad Abdullah

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Requirements

...

Code Block
<VirtualHost _default_:443>
        ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/ssl_access.log vhost_combined
        ServerName powerfolder.organization.net
        ServerAdmin support@organization.net

        DocumentRoot "/var/www/default"
 
        # Set strict transport security:  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
        Header always set Strict-Transport-Security "max-age=31536000;"

        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/powerfolder.organization.net.pem
        SSLCertificateKeyFile /etc/ssl/private/powerfolder.organization.net.key
 
		RewriteEngine On
 
        <Location /login/shibboleth>
                AuthType shibboleth
                ShibRequestSetting requireSession 1
                <RequireAll>
                       Require valid-user
                       Require shib-attr entitlement ~ http://idm.org/entitlement/organization-PowerFolder http://powerfolder.organization.net/entitlement/DFN-Cloud
                </RequireAll>
        </Location>

        <Location /Shibboleth.sso>
            satisfy Any
			Header set Access-Control-Allow-Origin "*"
        </Location>

        <Proxy balancer://pfcluster>
			BalancerMember http://pf01.organization.net:8080 route=nodeID01
			BalancerMember http://pf02.organization.net:8080 route=nodeID02
			BalancerMember http://pf03.organization.net:8080 route=nodeID03
			ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness
        </Proxy>

        ProxyPass               /rpc                    balancer://pfcluster/rpc nocanon
        ProxyPass               /rpc                    !
        ProxyPass               /eds                    !
        ProxyPass               /Shibboleth.sso         !
        ProxyPass               /                       balancer://pfcluster/    nocanon
 
        # Shibboleth-Attribute mapping to HTTP Headers for delivery to PF Server
        # Source: https://wiki.powerfolder.com/display/EDUDE/Shibboleth
        RequestHeader set SAML_ShibSAMLShib-Session-ID %{HTTP_Shib-Session-ID}e env=HTTP_Shib-Session-ID
        RequestHeader set SAML_ShibSAMLShib-Session-ID "" env=!HTTP_Shib-Session-ID
		RequestHeader set SAML_persistentSAMLpersistent-id %{HTTP_persistent-id}e env=HTTP_persistent-id
        RequestHeader set SAML_persistentSAMLpersistent-id "" env=!HTTP_persistent-id
        RequestHeader set SAML_uniqueIDSAMLuniqueID %{HTTP_uniqueID}e env=HTTP_uniqueID
        RequestHeader set SAML_uniqueIDSAMLuniqueID "" env=!HTTP_uniqueID
        RequestHeader set SAML_pairwiseSAMLpairwise-id %{HTTP_pairwise-id}e env=HTTP_pairwise-id
        RequestHeader set SAML_pairwiseSAMLpairwise-id "" env=!HTTP_upairwise-id
        RequestHeader set SAML_eduPersonPrincipalNameSAMLeduPersonPrincipalName %{HTTP_eduPersonPrincipalName}e env=HTTP_eduPersonPrincipalName
        RequestHeader set SAML_eduPersonPrincipalNameSAMLeduPersonPrincipalName "" env=!HTTP_eduPersonPrincipalName
        RequestHeader set SAML_eppnSAMLeppn %{HTTP_eppn}e env=HTTP_eppn
        RequestHeader set SAML_eppnSAMLeppn "" env=!HTTP_eppn
        RequestHeader set SAML_EPPNSAMLEPPN %{HTTP_EPPN}e env=HTTP_EPPN
        RequestHeader set SAML_EPPNSAMLEPPN "" env=!HTTP_EPPN
        RequestHeader set SAML_mailSAMLmail %{HTTP_mail}e env=HTTP_mail
        RequestHeader set SAML_mailSAMLmail "" env=!HTTP_mail
        RequestHeader set SAML_emailSAMLemail %{HTTP_email}e env=HTTP_email
        RequestHeader set SAML_emailSAMLemail "" env=!HTTP_email
        RequestHeader set SAML_givenNameSAMLgivenName %{HTTP_givenName}e env=HTTP_givenName
        RequestHeader set SAML_givenNameSAMLgivenName "" env=!HTTP_givenName
        RequestHeader set SAML_snSAMLsn %{HTTP_sn}e env=HTTP_sn
        RequestHeader set SAML_snSAMLsn "" env=!HTTP_sn
        RequestHeader set SAML_surnameSAMLsurname %{HTTP_surname}e env=HTTP_surname
        RequestHeader set SAML_surnameSAMLsurname "" env=!HTTP_surname
        RequestHeader set SAML_affiliationSAMLaffiliation %{HTTP_affiliation}e env=HTTP_affiliation
        RequestHeader set SAML_affiliationSAMLaffiliation "" env=!HTTP_affiliation
        RequestHeader set SAML_eduPersonScopedAffiliationSAMLeduPersonScopedAffiliation %{HTTP_eduPersonScopedAffiliation}e env=HTTP_eduPersonScopedAffiliation
        RequestHeader set SAML_eduPersonScopedAffiliationSAMLeduPersonScopedAffiliation "" env=!HTTP_eduPersonScopedAffiliation
        RequestHeader set SAML_entitlementSAMLentitlement %{HTTP_entitlement}e env=HTTP_entitlement
        RequestHeader set SAML_entitlementSAMLentitlement "" env=!HTTP_entitlement
        RequestHeader set SAML_eduPersonEntitlementSAMLeduPersonEntitlement %{HTTP_eduPersonEntitlement}e env=HTTP_eduPersonEntitlement
		RequestHeader set SAML_eduPersonEntitlementSAMLeduPersonEntitlement "" env=!HTTP_eduPersonEntitlement
		# Organization attribute. Must match entry 'shibboleth.organizations.attribute' in PowerFolder.config. Default: o
        RequestHeader set SAML_oSAMLo %{HTTP_o}e env=HTTP_o
		RequestHeader set SAML_oSAMLo "" env=!HTTP_o
</VirtualHost>

...