...
Sketching out how this could work, a list of vhost "identifiers" hostnames in a [vhost] section could point to dedicated sections for each vhost. Those sections could include settings such as:
- canonical hostnameIIS site instance ID
- aliases to permit (on IIS at least)
- scheme(s) and port(s)
- entityID override (perhaps paired with optional "prefix" to allow path-based vhost subsets)
...
| Code Block |
|---|
| title | Simple Apache Example with Logout |
|---|
|
[ApplicationDefaults]
entityID=https://sp.example.org/shibboleth
REMOTE_USER="eppn persistent-id targeted-id"
[Errors]
supportContact=root@localhost
[Credentials]
key=sp-key.pem
certificate=sp-cert.pem
[SSO]
SAML2=1
Shib1=1
DS=https://ds.example.org/DS/WAYF
[Logout]
SAML2=1
Local=1
[CustomHandlers]
Metadata=1
Status=1
Session=1
; identifies named sections for each metadata source
[Metadata]
InCommon
SWITCH
[InCommon]
url=http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
backingFilePath=InCommon-metadata.xml
reloadInterval=28800
maxValidityInterval=604800
certificate=incommon.pem
[SWITCH]
url=http://metadata.aai.switch.ch/metadata.switchaai.xml
backingFilePath=metadata.switchaai.xml
reloadInterval=3600
maxValidityInterval=604800
authority=SWITCHaaiRootCA.crt.pem
verifyDepth=5
|
| Code Block |
|---|
|
; same as Apache Example with additional sections
; enumerates hostnames to install for
[vhosts]
sp.example.org
altsp.example.org
[sp.example.org]
SiteID=1
/secure=protected
; protects everything under /secure
; assigns
[altsp.example.org]
SiteID=634655888908
~/secure/=protected
; protects any path containing secure
; defines a "class" of settings to apply
[protected]
requireSession="1"
|