# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
ServerName idp.example.org:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4:!LOW
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Only needed if doing REMOTE_USER Auth
# block access to RemoteUser authentication - use forms instead
order deny,allow
deny from all
#AuthType Basic
#AuthName "Please Login"
#AuthzLDAPAuthoritative Off
#AuthBasicProvider ldap
#AuthLDAPURL ldap://ldap.example.org/ou=People,dc=example,dc=org?uid
#Require valid-user
ProxyRequests Off
Allow from all
ProxyPass /idp ajp://localhost:8009/idp secret=replaceyoursecret retry=5
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"