547
szerkesztés
Módosítások
→Apache beállítás
== Apache beállítás ==
Meg kell adni, hogy az apache figylejen a 443-as és 8443-as portokon. Az alábbiak kerüljenek a <code>/etc/apache2/ports.conf</code> fájlba
Listen 443
Listen 8443
Be kell állítani a virtuális hosztot, amelyhez az IdP-t rendeltük.
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName aai-logon.example.org
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/certs/aai-logon.example.org.crt
SSLCertificateKeyFile /etc/ssl/private/aai-logon.example.org.key
SSLCertificateChainFile /etc/ssl/certs/aai-logon.example.org.crt
#SSLCACertificatePath /etc/ssl/certs
#SSLCACertificateFile /etc/ssl/ca-bundle.crt
#SSLCARevocationPath /etc/ssl/certs
#SSLCARevocationFile /etc/ssl/ca-bundle.crl
#SSLVerifyDepth 10 SSLOptions +StdEnvVars
</VirtualHost>
</IfModule>
<IfModule mod_proxy_ajp.c>
ProxyRequests Off
<Proxy ajp://localhost:8009>
Allow from all
</Proxy>
ProxyPass /idp ajp://localhost:8009/idp retry=5
ProxyPass /cas ajp://localhost:8009/cas retry=5
</IfModule>
Majd a 8443-as portot is beállítjuk
<IfModule mod_ssl.c>
<VirtualHost _default_:8443>
ServerName aai-logon.example.org
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/certs/aai-aa.example.org.crt
SSLCertificateKeyFile /etc/ssl/private/aai-aa.example.org.key
SSLCertificateChainFile /etc/ssl/certs/aai-aa.example.org.crt
#SSLCACertificatePath /etc/ssl/certs
SSLCACertificateFile /etc/ssl/ca-bundle.switchaai.crt
#SSLCARevocationPath /etc/ssl/certs
#SSLCARevocationFile /etc/ssl/ca-bundle.crl
SSLVerifyDepth 10
SSLVerifyClient optional_no_ca
SSLOptions -StdEnvVars +ExportCertData
</VirtualHost> </IfModule> <IfModule mod_proxy_ajp.c> ProxyRequests Off <Proxy ajp://localhost:8009> Allow from all </Proxy> ProxyPass /idp ajp://localhost:8009/idp retry=5 </IfModule>
== Shibboleth 2.0 IdP beállítás ==
