shibboleth-idp.erb

JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel warn

JkMount /idp/* ajp13

<VirtualHost _default_:80>
  ServerName idp.stanford.edu
  ServerAlias idp
  Redirect / https://idp.stanford.edu/
</VirtualHost>

<VirtualHost *:443>
  DocumentRoot /var/www

  SSLEngine On

  #
  # Change these paths to point to the correct key & certificate
  #
  SSLCertificateFile /etc/ssl/certs/server.pem
  SSLCertificateKeyFile /etc/ssl/private/server.key
  SSLCACertificatePath /etc/ssl/certs

  ServerName idp-google.stanford.edu

  #
  # Pass IdP requests on to Tomcat
  #
  ProxyPass /idp ajp://localhost:8009/idp retry=5

  <Proxy ajp://localhost:8009/idp>
    Order deny,allow
    Allow from all
  </Proxy>

  ErrorLog  /var/log/apache2/shibboleth-idp-sso.error_log
  CustomLog /var/log/apache2/shibboleth-idp-sso.access_log combined

#  #
#  # Replace this with the appropriate settings
#  # for your web authentication system
#  #
#  <Location /idp/Authn/RemoteUser>
#    AuthName "Stanford SSO Service"
#    AuthType WebAuth
#    require valid-user
#  </Location>
#
#  <Location /idp/Authn/TwoStepRemoteUser>
#    AuthName "Stanford 2-Step SSO Service"
#    AuthType WebAuth
#    WebAuthRequireInitialFactor m
#    require valid-user
#  </Location>
#
#  <Location /idp/profile/SAML2/SOAP/ECP>
#    Krb5Keytab /etc/http-krb5.keytab
#    AuthName "SAML2 ECP"
#    AuthType kerberos
#    require valid-user
#  </Location>
#
#  SetEnvIf User-Agent ".*MSIE.*" \
#           nokeepalive ssl-unclean-shutdown \
#           downgrade-1.0 force-response-1.0

</VirtualHost>