We have a RHEL 5.5 server in production with a few NameBasedVirtual hosts listening on port 80.
We have also have two (possibly mis-configured) SSL virtual hosts which use different Sockets as required by the Apache & the SSL protocol:
I am attempting to shibbolize only https://redcap-test.xyz.org.
After installing shibboleth 2.0 and configuring for a test identity provider, Shibboleth appears to be working on https://redcap.xyz.org.
Unfortunately, when i hit https://jira.xyz.org it also attempts to use shibboleth and throws an error.
Please note that jira.xyz.org and redcap-test.xyz.org worked fine using this configuration until I installed shibboleth.
Is there some obvious place to enable or disable shibboleth on a per vhost basis?
Does anyone see any glaring mistakes in my virtual hosts, available here:
Or my shibboleth configuration:
EDIT 1: I'm thinking maybe I can specify whether to use Shibboleth or not using the AuthType derivative...still looking for documentation on this.
You need to use a certificate that is issued for both domains using
subjectAltName. See also: http://wiki.cacert.org/VhostTaskForceFrom the apache configuration you've posted, it appears that you've ended up with shibboleth enabled globally rather than within the virtual host you want it to work in. I say "appears", since neither AuthType nor Require appear in the file you've posted, which implies to me that the authorization is set up globally under mods-enabled/shib.conf (or something similar). You'll need to move the authorization bits from that file to the
<VirtualHost>directive you want Shibboleth enabled on (or a<Location>or<Directory>directive within that vhost).