Yeah it's not brilliantly documented, you are left largely to infer what multiple virtual hosts should look like.
Digging back in memory i think these snippets are illustrative of what you need to do (apologies the site we did was IIS so might have some iis-isms)
Setup your hosts in shibboleth.xml
<Host applicationId="site1" name="site1.ncl.ac.uk">
<Path name="secure" authType="shibboleth" requireSession="true" />
</Host>
<Host applicationId="site2" name="site2.ncl.ac.uk">
<Path name="secure" authType="shibboleth" requireSession="true" />
</Host>
Setup application blocks which say which ssl cert config blocks to use
<Application id="site1" providerId="https://site1.ncl.ac.uk/shibboleth/metadata">
<Sessions lifetime="7200" timeout="3600" checkAddress="false" consistentAddress="true" handlerURL="/Shibboleth.sso" handlerSSL="false" idpHistory="true" idpHistoryDays="7" />
<CredentialUse TLS="site1" Signing="site1" />
</Application>
<Application id="site2" providerId="https://site2.ncl.ac.uk/shibboleth/metadata">
<Sessions lifetime="7200" timeout="3600" checkAddress="false" consistentAddress="true" handlerURL="/Shibboleth.sso" handlerSSL="false" idpHistory="true" idpHistoryDays="7" />
<CredentialUse TLS="site2" Signing="site2" />
</Application>
Setup your ssl signing with the ids being those use in CredentialUse bit above
<FileResolver Id="site1">
<Key>
<Path>C:/HOSTED/secure/site1.ncl.ac.uk.key</Path>
</Key>
<Certificate>
<Path>C:/HOSTED/secure/site1.crt</Path>
<CAPath>C:/HOSTED/secure/sureserverEDU.pem</CAPath>
</Certificate>
</FileResolver>
<FileResolver Id="site2">
<Key>
<Path>C:/HOSTED/secure/site2.ncl.ac.uk.key</Path>
</Key>
<Certificate>
<Path>C:/HOSTED/secure/site2.crt</Path>
<CAPath>C:/HOSTED/secure/sureserverEDU.pem</CAPath>
</Certificate>
</FileResolver>
Hope this is informative.
>-----Original Message-----
>From: Discussion list for Shibboleth developments [mailto:JISC-
>[log in to unmask]] On Behalf Of Adrian Barker
>Sent: 11 August 2009 13:51
>To: [log in to unmask]
>Subject: Configuring an SP with virtual servers
>
>We are setting up some applications that run on Apache virtual servers
>and that use Shibboleth. Does anyone know what needs to be changed in
>the SP configuration or in the metadata ? I've not been able to find any
>documentation on this.
>
>
>
>Thanks for any help.
>
>
>
>--
>
>Adrian Barker,
>Internet Technology Section
>Information Systems
>University College London, Gower Street, London WC1E 6BT
>External phone: +44 20 7679 5140, Fax (+44) 20 7388 5406
>Internal phone: x 25140
>Email: [log in to unmask]
|