In order to configure Apache to provide RiskVision with SAML authenticated single sign-on, the following actions must be performed:
- Copy the SAML configuration files
- Configure the httpd.conf file
- Configure the httpd-ssl.conf file
- Configure the httpd-ssl-saml.conf file
- Configure the hosts file
Once you have performed all of these actions, you should restart Apache in order for the changes to take effect.
In these technical notes, %_AGILIANCE_HOST_NAME_% refers to the required virtual hostname without SAML authentication, and %_SAML_MACHINE_HOSTNAME_% refers to the required virtual hostname with SAML authentication. For example, %_AGILIANCE_HOST_NAME_% could be qa143-vendor.idcagl.com and %_SAML_MACHINE_HOSTNAME_% could be qa143.idcagl.com . |
To copy the SAML configuration files:
Navigate to the %AGILAINCE_Home%\apache2\conf\SAML\extra folder and copy the below files:
httpd-ssl.conf
httpd-ssl-saml.conf
agiliance-saml.conf
Paste the files into %AGILAINCE_Home%\apache2\conf\extra.
To configure the httpd.conf file:
Navigate to the %AGILIANCE_HOME%\apache2\conf folder and open the httpd.conf file using a text editor.
Uncomment the following line:
ServerName Localhost:80
To configure the httpd-ssl.conf file:
Navigate to the %AGILIANCE_HOME%\apache2\conf\extra folder and open the httpd-ssl.conf file using a text editor.
Configure the file to listen to %_AGILIANCE_HOST_NAME_% and %_SAML_MACHINE_HOSTNAME_%:
Add the following lines to the file:
NameVirtualHost %_AGILIANCE_HOST_NAME_%
NameVirtualHost %_SAML_MACHINE_HOSTNAME_%Specify the appropriate RiskVision hostname:
<VirtualHost <%_AGILIANCE_HOST_NAME_%>: 443>
Specify the server name:
<VirtualHost <%_AGILIANCE_HOST_NAME_%>: 443>
# The default character set if UTF-8 AddDefaultCharset UTF-8
ServerName <%_AGILIANCE_HOST_NAME_%>
</VirtualHost>Uncomment the following line:
Include conf/extra/httpd-ssl-saml.conf
To configure the httpd-ssl-saml.conf file:
Navigate to the %AGILIANCE_HOME%\apache2\conf\extra folder and open the httpd-ssl.conf file using a text editor.
Specify the hostname as shown below:
<VirtualHost %_SAML_MACHINE_HOSTNAME_%>: 443>
# The default character set if UTF-8 AddDefaultCharset UTF-8
ServerName <%_SAML_MACHINE_HOSTNAME_%>
..
</VirtualHost>Specify the Shibboleth home directory:
Include <SHIBBOLETH_SP_HOME>/etc/shibboleth/apache24.config
Enable multi-tier architecture by inputting the following:
ProxyPass /spc ajp://localhost:8009/spc
ProxyPassReverse /spc ajp://localhost:8009/spc
To configure the hosts file:
Navigate to the %WinDir%/system32/drivers/etc/ folder and open the hosts file using a text editor.
Map %_SAML_MACHINE_HOSTNAME_% to %MACHINE_HOSTNAME%.