...
Voici une solution alternative, testée sur moodle. NB : cette solution est coûteuse si l'application ne gère pas sa propre session et protège toutes les urls.
...
Configuration sur le nginx
| Bloc de code |
|---|
set $shib_backend '172.0.0.42';
location /Shibboleth.sso {
proxy_pass http://$shib_backend;
proxy_set_header Host $http_host;
}
location ~ [^/]\.php(/|$) {
set $uri_to_shib $uri;
if ($remote_addr = $shib_backend) {
set $uri_to_shib '';
}
if ($uri_to_shib = "/auth/shibboleth/index.php") {
proxy_pass http://$shib_backend;
}
proxy_set_header Host $http_host; # preserve host when going to shib backend
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
fastcgi_pass unix:/run/php/moodle-fpm.sock;
fastcgi_index index.php;
} |
...
Configuration sur le apache/mod_shib
Configurer normalement shibboleth, et relayer les requêtes vers le nginx :
...