CODEWITHSUNDEEP
apachesamlmellon
Chintan
Chintan

Reputation: 936

how to override SP metadata Auth_mod_mellon apache moduel for SAML

Our application servers have different applications deployed like app-user-registration app-portal app-module1 etc.

Now we want to protect app-user-registration application with different SP metadata, certificate,key and rest of the applications with same SP metadata. so we have configured below things in mellon.conf

 <location /app-user-registration>
                Require valid-user
                AuthType "Mellon"
                MellonEnable "auth"
                MellonVariable "cookie"
                MellonSamlResponseDump On
                MellonSPMetadataFile /opt/httpd24SAML/conf.d/https_app.foo.com_app-user-registration.xml
                MellonSPPrivateKeyFile /opt/httpd24SAML/conf.d/https_app.foo.com_app-user-registration.key
                MellonSPCertFile /opt/httpd24SAML/conf.d/https_app.foo.com_app-user-registration.cert
                MellonIdPMetadataFile /opt/httpd24SAML/conf.d/idp-metadata.xml
               # MellonMergeEnvVars On
                MellonUser "NAME_ID"
                MellonSetEnv "uid" "uid"

                RequestHeader set uid "%{MELLON_uid}e"
        </location>


 <location />
                Require valid-user
                AuthType "Mellon"
                MellonEnable "auth"
                MellonVariable "cookie"
                MellonSamlResponseDump On
                MellonSPMetadataFile /opt/httpd24SAML/conf.d/https_app.foo.com.xml
                MellonSPPrivateKeyFile /opt/httpd24SAML/conf.d/https_app.foo.com.key
                MellonSPCertFile /opt/httpd24SAML/conf.d/https_app.foo.com.cert
                MellonIdPMetadataFile /opt/httpd24SAML/conf.d/idp-metadata.xml
               # MellonMergeEnvVars On
                MellonUser "NAME_ID"
                MellonSetEnv "uid" "uid"

                RequestHeader set uid "%{MELLON_uid}e"
        </location>

but this configuration doesn't work. whenever user access https://app.foo.com/app-user-registration, it inherits SP metadata, key,certificates from <location/> and not from <location /app-user-registration>.

Due to this IDP is showing Access denied error, because IDP wants below things in SAML request.

<SAML:issuer>https://app.foo.com/app-user-registration</SAML:issuer>

so is there a way in mod_auth_mellon configuration to override default SP metadata, key, certificates for <location /app-user-registration> tag?

Thanks Chintan

Upvotes: 0

Views: 474

Answers (0)

Related Questions