diff options
-rwxr-xr-x | ipsilon/install/ipsilon-client-install | 7 | ||||
-rw-r--r-- | templates/install/saml2/sp.conf | 8 |
2 files changed, 14 insertions, 1 deletions
diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install index 484c462..9ed2a6f 100755 --- a/ipsilon/install/ipsilon-client-install +++ b/ipsilon/install/ipsilon-client-install @@ -123,8 +123,12 @@ def saml2(): psp = '' saml_secure = 'Off' + ssl_require = '#' + ssl_rewrite = '#' if args['saml_secure_setup']: saml_secure = 'On' + ssl_require = '' + ssl_rewrite = '' samlopts = {'saml_base': args['saml_base'], 'saml_protect': saml_protect, @@ -135,6 +139,9 @@ def saml2(): 'saml_sp': args['saml_sp'], 'saml_secure_on': saml_secure, 'saml_auth': saml_auth, + 'ssl_require': ssl_require, + 'ssl_rewrite': ssl_rewrite, + 'sp_hostname': args['hostname'], 'sp': psp} files.write_from_template(SAML2_CONFFILE, SAML2_TEMPLATE, samlopts) diff --git a/templates/install/saml2/sp.conf b/templates/install/saml2/sp.conf index 73e6417..d7872cc 100644 --- a/templates/install/saml2/sp.conf +++ b/templates/install/saml2/sp.conf @@ -8,8 +8,9 @@ MellonIdPMetadataFile "${saml_idp_meta}" MellonEndpointPath ${saml_sp} MellonVariable "saml-sesion-cookie" - # Comment out the next line if you want to allow logins on bare HTTP + # Comment out the next two lines if you want to allow logins on bare HTTP MellonsecureCookie ${saml_secure_on} + ${ssl_require}SSLRequireSSL MellonUser "NAME_ID" MellonIdP "IDP" MellonSessionLength 3600 @@ -26,3 +27,8 @@ ${sp}<Directory /usr/share/ipsilon/ui/saml2sp> ${sp} SSLRequireSSL ${sp} Require all granted ${sp}</Directory> + +# Redirect requests to the secure port +${ssl_rewrite}RewriteEngine on +${ssl_rewrite}RewriteCond %{SERVER_PORT} !^443$$ +${ssl_rewrite}RewriteRule ^${saml_base}(.*) https://${sp_hostname}${saml_base}$$1 [L,R=301,NC] |