forked from DheerendraRathor/ldap-oauth2
-
Notifications
You must be signed in to change notification settings - Fork 1
/
httpd.conf
71 lines (57 loc) · 2.14 KB
/
httpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# WSGI Root
WSGIPythonPath /var/www/ldap-oauth2
WSGIPythonHome /var/www/venv
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/ldap-oauth2/staticfiles/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/ldap-oauth2>
Require all granted
</Directory>
# Static files
Alias "/profiles/static/" "/var/www/ldap-oauth2/staticfiles/"
Alias "/profiles/media/" "/var/www/ldap-oauth2/media/"
WSGIScriptAlias /sso /var/www/ldap-oauth2/sso/wsgi.py
WSGIScriptAlias /profiles /var/www/ldap-oauth2/sso/wsgi.py
WSGIPassAuthorization On
# ============== OIDC ONLY ==================
# OIDCProviderMetadataURL https://sso-uat.iitb.ac.in/.well-known/openid-configuration
# OIDCScope "openid"
# OIDCClientID gymkhana
# OIDCClientSecret the_middle_layer_secret
# OIDCRedirectURI https://gymkhana.iitb.ac.in/profiles/user/redir
# OIDCCryptoPassphrase openstack
# OIDCSSLValidateServer Off
# OIDCRemoteUserClaim uid
# OIDCCookiePath "/profiles/"
# OIDCSessionMaxDuration 600
# ===========================================
<LocationMatch /profiles/(user|oauth/applications|oauth/authorize|account/logout|admin)(?!/api) >
# ============== LDAP ONLY ==================
AuthType form
AuthName LDAP
ErrorDocument 401 /profiles/account/login/
AuthFormProvider ldap
AuthFormLoginSuccessLocation "%{REQUEST_URI}?%{QUERY_STRING}"
AuthFormLogoutLocation "/profiles/user/"
Session On
SessionCookieName psession path=/profiles/
SessionCryptoPassphrase secret
LDAPReferrals Off
AuthLDAPUrl ldap://ldap.iitb.ac.in/dc=iitb,dc=ac,dc=in?uid,employeeNumber,employeeType,mobile,givenName,sn,mail?sub?(objectClass=*)
# ===========================================
# ============== OIDC ONLY ==================
# AuthType openid-connect
# ===========================================
Require valid-user
</LocationMatch>
# ============== LDAP ONLY ==================
<Location "/profiles/account/logout" >
SetHandler form-logout-handler
SessionMaxAge 1
</Location>
# ===========================================
Options -Indexes
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet