apache-sp/apache-conf/sp.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

ServerName __SP_HOSTNAME__
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder     on

<VirtualHost *:80>
        ServerName __SP_HOSTNAME__
        DocumentRoot /var/www/
</VirtualHost>
<VirtualHost *:443>
  ServerName idp.nordu.dev
  SSLEngine On
  SSLCertificateFile __KEYDIR__/certs/__SP_HOSTNAME__.crt
  SSLCertificateKeyFile __KEYDIR__/private/__SP_HOSTNAME__.key
  ProxyPass / http://shibboleth-docker:8080/
  ProxyPreserveHost On
  RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost *:443>
        ServerName __SP_HOSTNAME__
        SSLEngine On
        SSLCertificateFile __KEYDIR__/certs/__SP_HOSTNAME__.crt
        SSLCertificateKeyFile __KEYDIR__/private/__SP_HOSTNAME__.key
        DocumentRoot /var/www/

        Alias /shibboleth-sp/ /usr/share/shibboleth/
        AddDefaultCharset utf-8

        HostnameLookups Off
        ErrorLog /proc/self/fd/2
        LogLevel warn
        LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
        LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %O" common
        LogFormat "%{Referer}i -> %U" referer
        LogFormat "%{User-agent}i" agent
        CustomLog /proc/self/fd/1 combined
        ServerSignature off

        DirectoryIndex index.html index.shtml


        <Location /secure>
           AuthType shibboleth
           ShibRequireSession On
           require valid-user
           Options +Includes
           Header set X_REMOTE_USER %{eppn}e
           Header set UID %{uid}e
           Header set EPPN %{eppn}e
           Header set MAIL %{mail}e
           Header set GIVENNAME %{givenName}e
           Header set DISPLAYNAME %{displayName}e
           Header set SN %{sn}e
           Header set AFFILIATION %{affiliation}e
           Header set UNSCOPED_AFFILIATION %{unscoped_affiliation}e
           Header set EMPLOYEETYPE %{employeeType}e
           Header set EDU_PERSON_ENTITLEMENT %{entitlement}e
           AddType text/html .shtml
           AddOutputFilter INCLUDES .shtml
        </Location>
</VirtualHost>