LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
ShibCompatValidUser On
UseCanonicalName On
DocumentRoot "/var/www/html"

<Location />
  SetHandler shib
</Location>

<VirtualHost *:80>
  PassEnv APACHE_SERVERNAME
  ServerName "${APACHE_SERVERNAME}"
  <Location /secure/>
    <If "-n req('Authorization')">
      Require valid-user
      AuthType Basic
      AuthBasicProvider file
      AuthName "/secure"
      AuthUserFile /run/secrets/BASIC_AUTH_USERS_AUTH
    </If>
    <Else>
      RewriteEngine On
      RewriteCond %{HTTP:X-Forwarded-Uri} ^(.*)$ [NC]
      RewriteRule ^.*$ %1 [PT]
    </Else>
  </Location>
  <Location ~ "/(admin|ows|opensearch)">
    RewriteEngine On
    AuthType shibboleth
    ShibRequestSetting requireSession 1
    Require shib-plugin /etc/shibboleth/pass-ac.xml
    RewriteCond "%{REQUEST_FILENAME}" "!-f"
    RewriteCond "%{REQUEST_FILENAME}" "!-d"
    RewriteRule ^.*$ - [R=200]
  </Location>
  <Location /secure-cache/>
    <If "-n req('Authorization')">
      Require valid-user
      AuthType Basic
      AuthBasicProvider file
      AuthName "/secure-cache"
      AuthUserFile /run/secrets/BASIC_AUTH_USERS_AUTH
    </If>
    <Else>
      RewriteEngine On
      RewriteCond %{HTTP:X-Forwarded-Uri} ^(.*)$ [NC]
      RewriteRule ^.*$ /cache%1 [PT]
    </Else>
  </Location>
  <Location "/cache">
    RewriteEngine On
    AuthType shibboleth
    ShibRequestSetting requireSession 1
    Require shib-plugin /etc/shibboleth/pass-ac-cache.xml
    RewriteCond "%{REQUEST_FILENAME}" "!-f"
    RewriteCond "%{REQUEST_FILENAME}" "!-d"
    RewriteRule ^.*$ - [R=200]
  </Location>
</VirtualHost>