# {{ ansible_managed }} WSGIDaemonProcess barbican-service user={{ barbican_system_user_name }} group={{ barbican_system_group_name }} processes={{ barbican_wsgi_processes }} threads={{ barbican_wsgi_threads }} display-name=%{GROUP} WSGIProcessGroup barbican-service WSGIScriptAlias / /var/www/cgi-bin/barbican/main WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On = 2.4> ErrorLogFormat "%{cu}t %M" LogLevel {{ barbican_apache_log_level }} ErrorLog {{ barbican_log_directory }}/barbican-apache-error.log CustomLog {{ barbican_log_directory }}/ssl_access.log combined Options +FollowSymLinks {% if barbican_ssl | bool and barbican_service_internaluri_proto == "https" -%} SSLEngine on SSLCertificateFile {{ barbican_ssl_cert }} SSLCertificateKeyFile {{ barbican_ssl_key }} {% if barbican_user_ssl_ca_cert is defined -%} SSLCACertificateFile {{ barbican_ssl_ca_cert }} {% endif -%} SSLCompression Off SSLProtocol {{ barbican_ssl_protocol }} SSLHonorCipherOrder On SSLCipherSuite {{ barbican_ssl_cipher_suite }} SSLOptions +StdEnvVars +ExportCertData {% endif %} {% if barbican_sp is defined -%} ShibURLScheme {{ barbican_service_publicuri_proto }} SetHandler shib AuthType shibboleth ShibRequestSetting requireSession 1 ShibRequestSetting exportAssertion 1 ShibRequireSession On ShibExportAssertion On Require valid-user ShibRequestSetting requireSession 1 AuthType shibboleth ShibExportAssertion Off Require valid-user WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/cgi-bin/barbican/main/$1 {% endif %}