Skip to content

Instantly share code, notes, and snippets.

@zaccone
Created May 2, 2014 08:36
Show Gist options
  • Save zaccone/b729b85f305996dfa867 to your computer and use it in GitHub Desktop.
Save zaccone/b729b85f305996dfa867 to your computer and use it in GitHub Desktop.
Sample federated-keystone vhost configuration
WSGISocketPrefix /var/run/apache2
<VirtualHost *:443>
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1
WSGIScriptAlias / /var/www/keystone/main
WSGIDaemonProcess keystone-public user=stack group=stack processes=3 threads=10 home=/opt/stack/keystone
WSGIApplicationGroup %{GLOBAL}
WSGIProcessGRoup keystone-public
ErrorLog /var/log/apache2/keystone
LogLevel debug
CustomLog /var/log/apache2/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
Listen 35357
<VirtualHost *:35357>
WSGIScriptAlias / /var/www/keystone/admin
WSGIDaemonProcess keystone-admin user=stack group=stack processes=3 threads=10 home=/opt/stack/keystone
WSGIApplicationGroup %{GLOBAL}
WSGIProcessGRoup keystone-admin
ErrorLog /var/log/apache2/keystone
LogLevel debug
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
<Location /Shibboleth.sso>
SetHandler shib
</Location>
<LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth>
ShibRequestSetting requireSession 1
##########################################################
#SSLRequireSSL # The modules only work using HTTPS
AuthType shibboleth
ShibRequireSession On
ShibRequireAll On
ShibExportAssertion Off
Require valid-user
#Require ADFS_GROUP "Some Users Group" "Some Other Users Group"
##########################################################
</LocationMatch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment