We have a RHEL 5.5 server in production with a few NameBasedVirtual hosts listening on port 80.
We have also have two (possibly mis-configured) SSL virtual hosts which use different Sockets as required by the Apache & the SSL protocol:
I am attempting to shibbolize only https://redcap-test.xyz.org.
After installing shibboleth 2.0 and configuring for a test identity provider, Shibboleth appears to be working on https://redcap.xyz.org.
Unfortunately, when i hit https://jira.xyz.org it also attempts to use shibboleth and throws an error.
Please note that jira.xyz.org and redcap-test.xyz.org worked fine using this configuration until I installed shibboleth.
Is there some obvious place to enable or disable shibboleth on a per vhost basis?
Does anyone see any glaring mistakes in my virtual hosts, available here:
Or my shibboleth configuration:
EDIT 1: I'm thinking maybe I can specify whether to use Shibboleth or not using the AuthType derivative…still looking for documentation on this.
Best Answer
From the apache configuration you've posted, it appears that you've ended up with shibboleth enabled globally rather than within the virtual host you want it to work in. I say "appears", since neither AuthType nor Require appear in the file you've posted, which implies to me that the authorization is set up globally under mods-enabled/shib.conf (or something similar). You'll need to move the authorization bits from that file to the
<VirtualHost>directive you want Shibboleth enabled on (or a<Location>or<Directory>directive within that vhost).