secure-afs-request.conf.erb

<VirtualHost *:80>
  ServerAdmin adamhl@.stanford.edu
  ServerName <%= @vhost %>

  # Redirect _all_ port 80 traffic to the secure side
  Redirect / https://<%= @vhost %>/
</VirtualHost>

<VirtualHost *:443>
  ServerAdmin adamhl@.stanford.edu
  ServerName <%= @vhost %>

  DocumentRoot /usr/share/secure-afs-request/cgi-bin

  TraceEnable off
  AddHandler cgi-script .cgi .pl

  ## SSL
  SSLEngine On
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXP
  SSLCertificateFile    /etc/ssl/certs/<%= @vhost %>.pem
  SSLCertificateKeyFile /etc/ssl/private/<%= @vhost %>.key

  ### Shibboleth (SAML) section
  <Location /Shibboleth.sso>
    SetHandler shib
  </Location>

  <Directory /usr/share/secure-afs-request/cgi-bin>
    SetHandler cgi-script
    Options ExecCGI IncludesNoExec
    SetOutputFilter INCLUDES
    #
    AuthType shibboleth
    ShibRequestSetting requireSession 1
    <RequireAll>
      require shibboleth
    </RequireAll>
  </Directory

</VirtualHost>