59 lines
2.0 KiB
Django/Jinja
59 lines
2.0 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
<VirtualHost *:{{ barbican_service_port }}>
|
|
WSGIDaemonProcess barbican-service user={{ barbican_system_user_name }} group={{ barbican_system_group_name }} processes={{ barbican_wsgi_processes }} threads={{ barbican_wsgi_threads }} display-name=%{GROUP}
|
|
WSGIProcessGroup barbican-service
|
|
WSGIScriptAlias / /var/www/cgi-bin/barbican/main
|
|
WSGIApplicationGroup %{GLOBAL}
|
|
WSGIPassAuthorization On
|
|
|
|
<IfVersion >= 2.4>
|
|
ErrorLogFormat "%{cu}t %M"
|
|
</IfVersion>
|
|
|
|
LogLevel {{ barbican_apache_log_level }}
|
|
ErrorLog {{ barbican_log_directory }}/barbican-apache-error.log
|
|
CustomLog {{ barbican_log_directory }}/ssl_access.log combined
|
|
Options +FollowSymLinks
|
|
|
|
{% if barbican_ssl | bool and barbican_service_internaluri_proto == "https" -%}
|
|
SSLEngine on
|
|
SSLCertificateFile {{ barbican_ssl_cert }}
|
|
SSLCertificateKeyFile {{ barbican_ssl_key }}
|
|
{% if barbican_user_ssl_ca_cert is defined -%}
|
|
SSLCACertificateFile {{ barbican_ssl_ca_cert }}
|
|
{% endif -%}
|
|
SSLCompression Off
|
|
SSLProtocol {{ barbican_ssl_protocol }}
|
|
SSLHonorCipherOrder On
|
|
SSLCipherSuite {{ barbican_ssl_cipher_suite }}
|
|
SSLOptions +StdEnvVars +ExportCertData
|
|
{% endif %}
|
|
|
|
{% if barbican_sp is defined -%}
|
|
ShibURLScheme {{ barbican_service_publicuri_proto }}
|
|
|
|
<Location /Shibboleth.sso>
|
|
SetHandler shib
|
|
</Location>
|
|
|
|
<Location /v3/auth/OS-FEDERATION/websso/saml2>
|
|
AuthType shibboleth
|
|
ShibRequestSetting requireSession 1
|
|
ShibRequestSetting exportAssertion 1
|
|
ShibRequireSession On
|
|
ShibExportAssertion On
|
|
Require valid-user
|
|
</Location>
|
|
|
|
<LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/saml2/auth>
|
|
ShibRequestSetting requireSession 1
|
|
AuthType shibboleth
|
|
ShibExportAssertion Off
|
|
Require valid-user
|
|
</LocationMatch>
|
|
|
|
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/cgi-bin/barbican/main/$1
|
|
{% endif %}
|
|
</VirtualHost>
|