# General setup for the virtual host, inherited from global configuration #DocumentRoot "/var/www/html" ServerName idp.example.org:443 # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf. ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4:!LOW SSLHonorCipherOrder on SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt # Only needed if doing REMOTE_USER Auth # block access to RemoteUser authentication - use forms instead order deny,allow deny from all #AuthType Basic #AuthName "Please Login" #AuthzLDAPAuthoritative Off #AuthBasicProvider ldap #AuthLDAPURL ldap://ldap.example.org/ou=People,dc=example,dc=org?uid #Require valid-user ProxyRequests Off Allow from all ProxyPass /idp ajp://localhost:8009/idp secret=replaceyoursecret retry=5 SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"