Add Mellon entries to httpd.conf For Xinet server configuration, you have to add the Mellon module configuration to three sections in the httpd.conf file. Once for each area on the filesystem that Xinet uses. Variables There are several variables where your specific information will be different from the above values. Please use the correct values for the following variables: MellonUser For Google IdP you can map any attribute you want to the user ID. We chose 'uid' to map the the user email which is what is used to log in. MellonSPentityId The string you chose for the Xinet Service Provider Entity ID in the Create Entity ID names section. MellonSPPrivateKeyFile The path where you put the ".key" output file in the Copy the .cert and .key files to the Xinet server section. MellonSPCertFile The path where you put the ".cert" output file in the Copy the .cert and .key files to the Xinet server section. MellonIdPMetadataFile The path to the IdP's Metadata file from the Set up XML exchange between the IdP and SPs section. WebNative cgi directory In the example below, the italic text represents what is removed and bold text what is added. For the WebNative cgi directory section, replace this: # WebNative cgi directory <Directory /usr/etc/webnative> AuthType Basic AuthName WebNative AuthBasicProvider file AuthUserFile /usr/adm/webnative/apache.userfile Require valid-user Options ExecCGI </Directory> with this: # WebNative cgi directory <Directory /usr/etc/webnative> AuthType "Mellon" AuthName WebNative Require valid-user Options ExecCGI MellonEnable "auth" MellonVariable "WNcookie" MellonSecureCookie Off MellonUser "urn:oid:0.9.2342.19200300.100.1.1" MellonSetEnv "e-mail" "mail" MellonSetEnvNoPrefix "DISPLAY_NAME" "displayName" MellonMergeEnvVars On MellonMergeEnvVars On ":" MellonEnvVarsIndexStart 1 MellonEnvVarsSetCount On MellonSessionDump Off MellonSamlResponseDump Off MellonEndpointPath "/webnative/mellon" MellonSessionLength 86400 MellonSPentityId "xinet.bambam.webnative" MellonSPPrivateKeyFile /etc/httpd/xinetsaml/xinet.bambam.webnative.key MellonSPCertFile /etc/httpd/xinetsaml/<CERTFILE>.cert MellonIdPMetadataFile /etc/httpd/xinetsaml/idp-metadata.xml MellonSubjectConfirmationDataAddressCheck Off MellonECPSendIDPList Off MellonRedirectDomains [self] </Directory> WebNative document directory Taking note, again, of the above entries that will need specific information for your set up, for the WebNative document directory section, replace this: # WebNative document directory <Directory /usr/adm/webnative> AuthType Basic AuthName WebNative AuthBasicProvider file AuthUserFile /usr/adm/webnative/apache.userfile Require valid-user Options None </Directory> with this: # WebNative document directory <Directory /usr/adm/webnative> AuthType "Mellon" AuthName WebNative Require valid-user Options None MellonEnable "auth" MellonVariable "WNcookie" MellonSecureCookie Off MellonUser "urn:oid:0.9.2342.19200300.100.1.1" MellonSetEnv "e-mail" "mail" MellonSetEnvNoPrefix "DISPLAY_NAME" "displayName" MellonMergeEnvVars On MellonMergeEnvVars On ":" MellonEnvVarsIndexStart 1 MellonEnvVarsSetCount On MellonSessionDump Off MellonSamlResponseDump Off MellonEndpointPath "/webnative/mellon" MellonSessionLength 86400 MellonSPentityId "xinet.bambam.webnative" MellonSPPrivateKeyFile /etc/httpd/xinetsaml/xinet.bambam.webnative.key MellonSPCertFile /etc/httpd/xinetsaml/xinet.bambam.webnative.cert MellonIdPMetadataFile /etc/httpd/xinetsaml/idp-metadata.xml MellonSubjectConfirmationDataAddressCheck Off MellonECPSendIDPList Off MellonRedirectDomains [self] </Directory> WebNative styles directory Taking note, again, of the above entries that will need specific information for your set up, for the WebNative styles directory section, replace this: # WebNative styles directory <Directory /usr/etc/webnative/styles> Order Deny,Allow AllowOverride None Deny from All <Files ~ "\.(css|js|html)$"> Order Allow,Deny Allow from All AuthType Basic AuthName WebNative require valid-user AuthUserFile /var/adm/webnative/apache.userfile Options None </Files> </Directory> with this: # WebNative styles directory <Directory /usr/etc/webnative/styles> Order Deny,Allow AllowOverride None Deny from All <Files ~ "\.(css|js|html)$"> Order Allow,Deny Allow from All AuthType "Mellon" AuthName WebNative Require valid-user Options None MellonEnable "auth" MellonVariable "WNcookie" MellonSecureCookie Off MellonUser "urn:oid:0.9.2342.19200300.100.1.1" MellonSetEnv "e-mail" "mail" MellonSetEnvNoPrefix "DISPLAY_NAME" "displayName" MellonMergeEnvVars On MellonMergeEnvVars On ":" MellonEnvVarsIndexStart 1 MellonEnvVarsSetCount On MellonSessionDump Off MellonSamlResponseDump Off MellonEndpointPath "/webnative/mellon" MellonSessionLength 86400 MellonSPentityId "xinet.bambam.webnative" MellonSPPrivateKeyFile /etc/httpd/xinetsaml/xinet.bambam.webnative.key MellonSPCertFile /etc/httpd/xinetsaml/xinet.bambam.webnative.cert MellonIdPMetadataFile /etc/httpd/xinetsaml/idp-metadata.xml MellonSubjectConfirmationDataAddressCheck Off MellonECPSendIDPList Off MellonRedirectDomains [self] </Files> </Directory> Test logging into the Xinet server If the redirection is happening, you will be sent to a login screen displayed by the IdP server. The URL should contain a hostname or IP address that is different from your Xinet server.
