SAML Integration

Configure Apache

The default Apache installation creates a self-signed certificate which is sufficient for this demonstration. A production-ready deployment requires a CA-issued SSL certificate and a review of the Apache configuration files for suitability. This review should include enabling UseCanonicalName and setting a value for ServerName.

For this demonstration these can be set in Apache’s conf.d/ssl.conf file within the <VirtualHost _default_:443> directive.

To ensure that users are always accessing the server via HTTPS, either disable port 80 or configure a redirect from port 80/HTTP to 443/HTTPS. Adding the following virtual host element to Apache’s conf.d/shib.conf file is a simple means of achieving the redirect, replacing the string with the DNS name of the host. The shib.conf file also contains the default <Location> directive which protects the secure directory with Shibboleth.

<VirtualHost *:80>
    RedirectMatch 301 (.*)$1

Details on the configuration options for Apache are available here:

Details on the configuration options for IIS are available here: