Update shibM.adoc

internet2 · Jul 2, 2021 · 646ceb6 · 646ceb6
1 parent bb0e6e0
commit 646ceb6
Showing 1 changed file with 25 additions and 1 deletion.
diff --git a/shibM.adoc b/shibM.adoc
@@ -3,7 +3,31 @@
 All that’s needful
 
 * Protect the admin GUI with shib
-** Edit .../midpoint.conf.auth.shibboleth to match this file: https://github.internet2.edu/docker/midPoint_container/blob/master/container_files/httpd/conf/midpoint.conf.auth.shibboleth
+** Edit .../midpoint.conf.auth.shibboleth to match this 
+[source,xml]
+----
+Timeout 2400
+ProxyTimeout 2400
+ProxyBadHeader Ignore
+
+ProxyPass /midpoint ajp://localhost:9090/midpoint secret=s3cr3t timeout=2400 retry=0
+
+<Location /midpoint>
+  AuthType shibboleth
+  ShibRequestSetting requireSession 1
+  ShibRequireSession on
+  ShibUseHeaders On
+  require shibboleth
+</Location>
+
+<Location ~ "/midpoint/(actuator/health|js/*|css/*|img/*|less/*|fonts/*|model/*|ws/*|rest/*|report/*|wro/*|static-web/*|wicket/resource/*)">
+  Satisfy Any
+  Allow from all
+  AuthType None
+  Require all granted
+</Location>
+----
+
 ** Set the user name header to REMOTE_USER: Edit .../SecurityPolicy.xml
 [source,xml]
 ----