use http internally for handler, overwrite shib.conf completely, do not validate metadata

c87648a0 · Lubomir Dolezal · 0a384d51 · c87648a0 · 0a384d51 · c87648a0
Commit c87648a0 authored 4 years ago by Lubomir Dolezal
--- a/shibauth/etc-httpd/conf.d/shib.conf
+++ b/shibauth/etc-httpd/conf.d/shib.conf
+ServerName shib.pdas.prism.eox.at
+LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
+ShibCompatValidUser Off
+UseCanonicalName On
+<Location />
+  SetHandler shib
+</Location>
+
+<Location /secure>
+  AuthType shibboleth
+  ShibRequestSetting requireSession 1
+  require shib-session
+</Location>
--- a/shibauth/etc-httpd/conf.d/sp.conf
+++ b/shibauth/etc-httpd/conf.d/sp.conf
-ServerName shib.pdas.prism.eox.at
-
-<VirtualHost *:80>
-    ServerName https://shib.pdas.prism.eox.at:443
-    UseCanonicalName On
-
-    DocumentRoot "/var/www/html"
-
-    <Location />
-        AuthType shibboleth
-        ShibRequestSetting requireSession 1
-        require shib-session
-    </Location>
-
-    <Location /Shibboleth.sso>
-      Satisfy Any
-      Allow from all
-    </Location>
-</VirtualHost>
\ No newline at end of file
--- a/shibauth/shibboleth-conf/shibboleth2.xml
+++ b/shibauth/shibboleth-conf/shibboleth2.xml
@@ -4,22 +4,22 @@
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"    
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    clockSkew="180">
-    <ApplicationDefaults entityID="https://pass.copernicus.eu"
+    <ApplicationDefaults entityID="https://shib.pdas.prism.eox.at/shibboleth"
                         REMOTE_USER="eppn uid persistent-id targeted-id">
        <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
-                  checkAddress="false" handlerSSL="true" cookieProps="https">
+                  checkAddress="false" handlerSSL="false" cookieProps="http">
            <SSO entityID="https://samltest.id/saml/idp">
-              SAML2 SAML1
+              SAML2
            </SSO>
            <Logout>SAML2 Local</Logout>
            <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
-            <Handler type="Status" Location="/Status" acl="10.0.0.0/24 127.0.0.1 ::1"/>
+            <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
            <Handler type="Session" Location="/Session" showAttributeValues="false"/>
            <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
        </Sessions>
        <Errors supportContact="admin@eox.at"
            helpLocation="/about.html"/>
-        <MetadataProvider type="XML" validate="true" path="idp-metadata.xml"/>
+        <MetadataProvider type="XML" validate="false" path="idp-metadata.xml"/>
        <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
        <AttributeResolver type="Query" subjectMatch="true"/>
        <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>