Configure the RiskVision Apache Web Server

In order to configure Apache to provide RiskVision with SAML authenticated single sign-on, the following actions must be performed:

  • Copy the SAML configuration files
  • Configure the httpd.conf file
  • Configure the httpd-ssl.conf file
  • Configure the httpd-ssl-saml.conf file
  • Configure the hosts file

Once you have performed all of these actions, you should restart Apache in order for the changes to take effect.

In these technical notes, %_AGILIANCE_HOST_NAME_% refers to the required virtual hostname without SAML authentication, and %_SAML_MACHINE_HOSTNAME_% refers to the required virtual hostname with SAML authentication. For example, %_AGILIANCE_HOST_NAME_% could be qa143-vendor.idcagl.com and %_SAML_MACHINE_HOSTNAME_% could be qa143.idcagl.com.

To copy the SAML configuration files:

  1. Navigate to the %AGILAINCE_Home%\apache2\conf\SAML\extra folder and copy the below files: 

    • httpd-ssl.conf

    • httpd-ssl-saml.conf

    • agiliance-saml.conf

  2. Paste the files into %AGILAINCE_Home%\apache2\conf\extra.

To configure the httpd.conf file:

  1. Navigate to the %AGILIANCE_HOME%\apache2\conf folder and open the httpd.conf file using a text editor.

  2. Uncomment the following line:

    ServerName Localhost:80

To configure the httpd-ssl.conf file:

  1. Navigate to the %AGILIANCE_HOME%\apache2\conf\extra folder and open the httpd-ssl.conf file using a text editor. 

  2. Configure the file to listen to %_AGILIANCE_HOST_NAME_% and %_SAML_MACHINE_HOSTNAME_%:

    1. Add the following lines to the file: 

      NameVirtualHost %_AGILIANCE_HOST_NAME_%
       NameVirtualHost %_SAML_MACHINE_HOSTNAME_%

    2. Specify the appropriate RiskVision hostname:

      <VirtualHost <%_AGILIANCE_HOST_NAME_%>: 443>

    3. Specify the server name:

      <VirtualHost <%_AGILIANCE_HOST_NAME_%>: 443>
      # The default character set if UTF-8 AddDefaultCharset UTF-8
      ServerName <%_AGILIANCE_HOST_NAME_%>
      </VirtualHost>

    4. Uncomment the following line:

      Include conf/extra/httpd-ssl-saml.conf

To configure the httpd-ssl-saml.conf file:

  1. Navigate to the %AGILIANCE_HOME%\apache2\conf\extra folder and open the httpd-ssl.conf file using a text editor.

  2. Specify the hostname as shown below:

    <VirtualHost %_SAML_MACHINE_HOSTNAME_%>: 443>
    # The default character set if UTF-8 AddDefaultCharset UTF-8
    ServerName <%_SAML_MACHINE_HOSTNAME_%>
    ..
    </VirtualHost>

  3. Specify the Shibboleth home directory:

    Include <SHIBBOLETH_SP_HOME>/etc/shibboleth/apache24.config

  4. Enable multi-tier architecture by inputting the following:

    ProxyPass /spc ajp://localhost:8009/spc
     ProxyPassReverse /spc ajp://localhost:8009/spc

To configure the hosts file:

  1. Navigate to the %WinDir%/system32/drivers/etc/ folder and open the hosts file using a text editor.

  2. Map %_SAML_MACHINE_HOSTNAME_% to %MACHINE_HOSTNAME%.