sample ac for emg, save work

933cd4c4 · Lubomir Dolezal · 3c0266a6 · 933cd4c4 · 933cd4c4 · 933cd4c4
Commit 933cd4c4 authored 4 years ago by Lubomir Dolezal
--- a/shibauth/etc-httpd/conf.d/sp.conf
+++ b/shibauth/etc-httpd/conf.d/sp.conf
 <VirtualHost *:80>
-    ServerName https://emg.pdas.prism.eox.at:443
+    ServerName PassEnv APACHE_SERVERNAME
    UseCanonicalName On
    DocumentRoot "/var/www/html"
    <Location /secure>
      AuthType shibboleth
      ShibRequestSetting requireSession 1
-      require shib-session
+      ShibAccessControl /etc/shibboleth/pass-ac.xml
-      RequestHeader set Referer X-Forwarded-Uri env=X-Forwarded-Uri
+      RequestHeader set Referer "%{X-Forwarded-Uri}e"
+      Header set Referer "%{X-Forwarded-Uri}e"
    </Location>
 </VirtualHost>
\ No newline at end of file
--- a/shibauth/shibboleth-conf/attribute-map.xml
+++ b/shibauth/shibboleth-conf/attribute-map.xml
 <Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-    <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid" />
+    <Attribute name="urn:mace:dir:attribute-def:cds-spci-es_oa-signed-tcs" id="spField1" />
-    <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
+    <Attribute name="urn:mace:dir:attribute-def:cds-spci-es_oa-user-category" id="spField2"/>
-    <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
 </Attributes>
--- a/shibauth/shibboleth-conf/pass-ac.xml
+++ b/shibauth/shibboleth-conf/pass-ac.xml
+<AccessControl
+type="edu.internet2.middleware.shibboleth.sp.provider.XMLAccessControl">
+  <AND>
+    <Rule require="spField2">
+      Copernicus_Services Union_Inst Union_Research_Projects_space Union_Research_Projects_non-space Public_Auth
+    </Rule>
+    <RuleRegex require="spField1">.+</RuleRegex>
+  </AND>
+</AccessControl>
\ No newline at end of file