Sample federated-keystone vhost configuration

federated-keystone-vhost

WSGISocketPrefix /var/run/apache2
<VirtualHost *:443>
    WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1
    WSGIScriptAlias / /var/www/keystone/main
    WSGIDaemonProcess keystone-public user=stack group=stack processes=3 threads=10 home=/opt/stack/keystone
    WSGIApplicationGroup %{GLOBAL}
    WSGIProcessGRoup keystone-public
    ErrorLog /var/log/apache2/keystone
    LogLevel debug
    CustomLog /var/log/apache2/access.log combined
    SSLEngine on
    SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>

Listen 35357
<VirtualHost *:35357>

    WSGIScriptAlias / /var/www/keystone/admin
    WSGIDaemonProcess keystone-admin user=stack group=stack processes=3 threads=10 home=/opt/stack/keystone
    WSGIApplicationGroup %{GLOBAL}
    WSGIProcessGRoup keystone-admin

    ErrorLog /var/log/apache2/keystone
    LogLevel debug
    CustomLog /var/log/apache2/access.log combined
</VirtualHost>

<Location /Shibboleth.sso>
	SetHandler shib
</Location>

<LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth>
ShibRequestSetting requireSession 1
##########################################################
#SSLRequireSSL   # The modules only work using HTTPS
AuthType shibboleth
ShibRequireSession On
ShibRequireAll On
ShibExportAssertion Off

Require valid-user
#Require ADFS_GROUP "Some Users Group" "Some Other Users Group"
##########################################################

</LocationMatch>