From 646ceb634b1da06109bd60ed5a675f1365b22cd1 Mon Sep 17 00:00:00 2001
From: Keith Hazelton <khazelton@gmail.com>
Date: Fri, 2 Jul 2021 06:37:31 -0500
Subject: [PATCH] Update shibM.adoc

---
 shibM.adoc | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/shibM.adoc b/shibM.adoc
index 7322a02..e7f6807 100644
--- a/shibM.adoc
+++ b/shibM.adoc
@@ -3,7 +3,31 @@
 All that’s needful
 
 * Protect the admin GUI with shib
-** Edit .../midpoint.conf.auth.shibboleth to match this file: https://github.internet2.edu/docker/midPoint_container/blob/master/container_files/httpd/conf/midpoint.conf.auth.shibboleth
+** Edit .../midpoint.conf.auth.shibboleth to match this 
+[source,xml]
+----
+Timeout 2400
+ProxyTimeout 2400
+ProxyBadHeader Ignore
+
+ProxyPass /midpoint ajp://localhost:9090/midpoint secret=s3cr3t timeout=2400 retry=0
+
+<Location /midpoint>
+  AuthType shibboleth
+  ShibRequestSetting requireSession 1
+  ShibRequireSession on
+  ShibUseHeaders On
+  require shibboleth
+</Location>
+
+<Location ~ "/midpoint/(actuator/health|js/*|css/*|img/*|less/*|fonts/*|model/*|ws/*|rest/*|report/*|wro/*|static-web/*|wicket/resource/*)">
+  Satisfy Any
+  Allow from all
+  AuthType None
+  Require all granted
+</Location>
+----
+
 ** Set the user name header to REMOTE_USER: Edit .../SecurityPolicy.xml
 [source,xml]
 ----