Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel warn
JkMount /idp/* ajp13
<VirtualHost _default_:80>
ServerName idp.stanford.edu
ServerAlias idp
Redirect / https://idp.stanford.edu/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www
SSLEngine On
# #
# # Change these paths to point to the correct key & certificate
# #
# SSLCertificateFile /etc/ssl/certs/server.pem
# SSLCertificateKeyFile /etc/ssl/private/server.key
# SSLCACertificatePath /etc/ssl/certs
ServerName idp-google.stanford.edu
#
# Pass IdP requests on to Tomcat
#
ProxyPass /idp ajp://localhost:8009/idp retry=5
<Proxy ajp://localhost:8009/idp>
Order deny,allow
Allow from all
</Proxy>
ErrorLog /var/log/apache2/shibboleth-idp-sso.error_log
CustomLog /var/log/apache2/shibboleth-idp-sso.access_log combined
# #
# # Replace this with the appropriate settings
# # for your web authentication system
# #
# <Location /idp/Authn/RemoteUser>
# AuthName "Stanford SSO Service"
# AuthType WebAuth
# require valid-user
# </Location>
#
# <Location /idp/Authn/TwoStepRemoteUser>
# AuthName "Stanford 2-Step SSO Service"
# AuthType WebAuth
# WebAuthRequireInitialFactor m
# require valid-user
# </Location>
#
# <Location /idp/profile/SAML2/SOAP/ECP>
# Krb5Keytab /etc/http-krb5.keytab
# AuthName "SAML2 ECP"
# AuthType kerberos
# require valid-user
# </Location>
#
# SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
</VirtualHost>