...
Now add this to the configuration of the vhost (note that this is not the entire config - you should have the HTTPS stuff etc already configured):
| Code Block | ||||
|---|---|---|---|---|
| ||||
ServerName example.com
ProxyRequests Off
<Proxy http://ip6-localhost:8090>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /mellon/ !
ProxyPass / http://ip6-localhost:8090/
ProxyPassReverse / http://ip6-localhost:8090/
# Mobile theme does not honour new seraph values for login URL, so we have to redirect that
RewriteEngine on
RewriteCond %{QUERY_STRING} ^originalUrl=(.*)$ [NC]
Rewriterule ^/plugins/servlet/mobile/login /mellon/login?ReturnTo=%1 [R,NE]
# Remove the jsessionid from the URL, to prevent 404 errors when
# unauthenticated visitors try to access a protected resource.
ReWriteRule ^(.*);jsessionid=[A-Za-z0-9]+(.*)$ $1$2 [R,NE]
<Location />
MellonEnable "info"
MellonSecureCookie On
MellonSessionDump Off
MellonSamlResponseDump Off
MellonEndpointPath "/mellon"
MellonSPPrivateKeyFile /etc/apache2/mellon/sp.key
MellonSPCertFile /etc/apache2/mellon/sp.crt
MellonIdPMetadataFile /etc/apache2/mellon/idp.xml
# To avoid security holes, first unset any existing header
RequestHeader unset REMOTE_USER
# Then conditionally set it
RequestHeader set REMOTE_USER "%{MELLON_eduPersonPrincipalName}e" env=MELLON_eduPersonPrincipalName
RequestHeader unset CONF_FULL_NAME
RequestHeader set CONF_FULL_NAME "%{MELLON_displayName}e" env=MELLON_displayName
RequestHeader unset CONF_EMAIL
RequestHeader set CONF_EMAIL "%{MELLON_mail}e" env=MELLON_mail
</Location> |
...