mikehale · May 8, 2012 14:19
diff --git a/apache.conf b/apache.conf
  # Remove query string to eliminate openid attributes from query string (after we have the open_id_session_id cookie, and if this is not a call back from the IdP)
  RewriteEngine On
  RewriteCond %{HTTP_COOKIE}  open_id_session_id
  RewriteCond %{QUERY_STRING} openid
  RewriteCond %{QUERY_STRING} !modauthopenid\.nonce
  RewriteRule ^(.*)$ $1? [R]

  <Location />
    AuthName "Secure Location"
    AuthType OpenID
    AuthOpenIDTrusted        ^https://www.google.com/a/<google apps domain>/o8/ud$
    AuthOpenIDSingleIdP      "https://www.google.com/accounts/o8/site-xrds?ns=2&hd=<google apps domain>"
    AuthOpenIDAXRequire      email http://axschema.org/contact/email .+
    AuthOpenIDAXUsername     email
    AuthOpenIDSecureCookie   On
    AuthOpenIDCookieName     open_id_session_id
    AuthOpenIDDBLocation     /var/cache/apache2/mod_auth_openid.db
    AuthOpenIDCookiePath     /
    AuthOpenIDCookieLifespan 21600
    require valid-user
  </Location>
	# Remove query string to eliminate openid attributes from query string (after we have the open_id_session_id cookie, and if this is not a call back from the IdP)
	RewriteEngine On
	RewriteCond %{HTTP_COOKIE} open_id_session_id
	RewriteCond %{QUERY_STRING} openid
	RewriteCond %{QUERY_STRING} !modauthopenid\.nonce
	RewriteRule ^(.*)$ $1? [R]

	<Location />
	AuthName "Secure Location"
	AuthType OpenID
	AuthOpenIDTrusted ^https://www.google.com/a/<google apps domain>/o8/ud$
	AuthOpenIDSingleIdP "https://www.google.com/accounts/o8/site-xrds?ns=2&hd=<google apps domain>"
	AuthOpenIDAXRequire email http://axschema.org/contact/email .+
	AuthOpenIDAXUsername email
	AuthOpenIDSecureCookie On
	AuthOpenIDCookieName open_id_session_id
	AuthOpenIDDBLocation /var/cache/apache2/mod_auth_openid.db
	AuthOpenIDCookiePath /
	AuthOpenIDCookieLifespan 21600
	require valid-user
	</Location>