From c87648a08842d594521d683479306ddca04774fe Mon Sep 17 00:00:00 2001
From: Lubomir Bucek <lubomir.bucek@eox.at>
Date: Wed, 30 Sep 2020 12:19:58 +0200
Subject: [PATCH] use http internally for handler, overwrite shib.conf
completely, do not validate metadata
---
shibauth/etc-httpd/conf.d/shib.conf | 13 +++++++++++++
shibauth/etc-httpd/conf.d/sp.conf | 19 -------------------
shibauth/shibboleth-conf/shibboleth2.xml | 10 +++++-----
3 files changed, 18 insertions(+), 24 deletions(-)
create mode 100644 shibauth/etc-httpd/conf.d/shib.conf
delete mode 100644 shibauth/etc-httpd/conf.d/sp.conf
diff --git a/shibauth/etc-httpd/conf.d/shib.conf b/shibauth/etc-httpd/conf.d/shib.conf
new file mode 100644
index 00000000..758f387c
--- /dev/null
+++ b/shibauth/etc-httpd/conf.d/shib.conf
@@ -0,0 +1,13 @@
+ServerName shib.pdas.prism.eox.at
+LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
+ShibCompatValidUser Off
+UseCanonicalName On
+<Location />
+ SetHandler shib
+</Location>
+
+<Location /secure>
+ AuthType shibboleth
+ ShibRequestSetting requireSession 1
+ require shib-session
+</Location>
diff --git a/shibauth/etc-httpd/conf.d/sp.conf b/shibauth/etc-httpd/conf.d/sp.conf
deleted file mode 100644
index 9de6cc7a..00000000
--- a/shibauth/etc-httpd/conf.d/sp.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-ServerName shib.pdas.prism.eox.at
-
-<VirtualHost *:80>
- ServerName https://shib.pdas.prism.eox.at:443
- UseCanonicalName On
-
- DocumentRoot "/var/www/html"
-
- <Location />
- AuthType shibboleth
- ShibRequestSetting requireSession 1
- require shib-session
- </Location>
-
- <Location /Shibboleth.sso>
- Satisfy Any
- Allow from all
- </Location>
-</VirtualHost>
\ No newline at end of file
diff --git a/shibauth/shibboleth-conf/shibboleth2.xml b/shibauth/shibboleth-conf/shibboleth2.xml
index 8a916cfb..7bd47635 100644
--- a/shibauth/shibboleth-conf/shibboleth2.xml
+++ b/shibauth/shibboleth-conf/shibboleth2.xml
@@ -4,22 +4,22 @@
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
clockSkew="180">
- <ApplicationDefaults entityID="https://pass.copernicus.eu"
+ <ApplicationDefaults entityID="https://shib.pdas.prism.eox.at/shibboleth"
REMOTE_USER="eppn uid persistent-id targeted-id">
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
- checkAddress="false" handlerSSL="true" cookieProps="https">
+ checkAddress="false" handlerSSL="false" cookieProps="http">
<SSO entityID="https://samltest.id/saml/idp">
- SAML2 SAML1
+ SAML2
</SSO>
<Logout>SAML2 Local</Logout>
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
- <Handler type="Status" Location="/Status" acl="10.0.0.0/24 127.0.0.1 ::1"/>
+ <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<Errors supportContact="admin@eox.at"
helpLocation="/about.html"/>
- <MetadataProvider type="XML" validate="true" path="idp-metadata.xml"/>
+ <MetadataProvider type="XML" validate="false" path="idp-metadata.xml"/>
<AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
<AttributeResolver type="Query" subjectMatch="true"/>
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
--
GitLab