forked from bsudy/saml-proxy
-
Notifications
You must be signed in to change notification settings - Fork 2
/
proxy.conf
59 lines (47 loc) · 2.11 KB
/
proxy.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
ServerName $SCHEMA://$HOST
<Location />
# Add mod_auth_mellon info to all contexts
MellonEnable "info"
# Auth redirects will be located under /$MELLON_PATH
MellonEndpointPath /$MELLON_PATH
# service provider metadata, cert, and key
MellonSPPrivateKeyFile /etc/httpd/conf.d/saml_sp.key
MellonSPCertFile /etc/httpd/conf.d/saml_sp.cert
MellonSPMetadataFile /etc/httpd/conf.d/saml_sp.xml
# Custom config
${CUSTOM_CONFIG}
# idp metadata
MellonIdPMetadataFile /etc/httpd/conf.d/saml_idp.xml
</Location>
<LocationMatch "^\/(?!$MELLON_PATH)">
# Protect with auth
MellonEnable "auth"
# Proxy to backend once authenticated
ProxyPass $BACKEND
<If "-z env('REMOTE_USER_SAML_ATTRIBUTE')">
# Set the Remote-User header to the value of the authenticated username
RequestHeader set Remote-User %{MELLON_NAME_ID}e env=MELLON_NAME_ID
</If>
<Else>
# Use a custom attribute as the remote username by setting $REMOTE_USER_SAML_ATTRIBUTE to a custom attribute name
# Require a value in the attribute we're going to use:
MellonCond ${REMOTE_USER_SAML_ATTRIBUTE} .+ [REG]
# Map the long attribute name to a nice short one
MellonSetEnv user ${REMOTE_USER_SAML_ATTRIBUTE}
# Set the Remote-User header to the value of the mapped envvar:
RequestHeader set Remote-User %{MELLON_user}e env=MELLON_user
</Else>
<If "-n env('REMOTE_USER_NAME_SAML_ATTRIBUTE')">
MellonSetEnv name ${REMOTE_USER_NAME_SAML_ATTRIBUTE}
RequestHeader set Remote-User-Name %{MELLON_name}e env=MELLON_name
</If>
<If "-n env('REMOTE_USER_EMAIL_SAML_ATTRIBUTE')">
MellonSetEnv email ${REMOTE_USER_EMAIL_SAML_ATTRIBUTE}
RequestHeader set Remote-User-Email %{MELLON_email}e env=MELLON_email
</If>
<If "-n env('REMOTE_USER_PREFERRED_USERNAME_SAML_ATTRIBUTE')">
MellonSetEnv preferred_username ${REMOTE_USER_PREFERRED_USERNAME_SAML_ATTRIBUTE}
RequestHeader set Remote-User-Preferred-Username %{MELLON_preferred_username}e env=MELLON_preferred_username
</If>
${REQUEST_HEADERS}
</LocationMatch>