Skip to main content

Mod Auth Mellon

Configuration

  • Download the Trustelem metadata file.

  • Install mod_auth_mellon for Apache Linux (for example apt install libapache2-mod-auth-mellon for Ubuntu/Debian). This mod may require activation.

  • Execute the script to create Mellon's data. It will create 3 files: key/certificate/metadata, required by Mellon.

  • In the metadata file generated previously (.xml), add after the line <AssertionConsumerService...>:

<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

NameIDFormat" has to be adapted if you use a different one in Trustelem and Mellon.

  • Put the 4 previous files (key/certificate/metadata Mellon + metadata Trustelem) in a folder accessible for the Web Server (for example /etc/apache2/mellon).

  • Complete the settings file of you Web Server (in the Apache folder sites-available).
    The following example has to be adapted, it was made for a source folder at the root (/) and with the hostname localhost.

<Location />
        Require valid-user
        AuthType "Mellon"
        MellonEnable "auth"
        MellonDefaultLoginPath "/"
        MellonEndpointPath "/endpoint"
        MellonSPentityId "https&#58;//localhost"
        &#35; Files generated by the script:
        MellonSPPrivateKeyFile "/etc/apache2/mellon/https_localhost.key"
        MellonSPCertFile "/etc/apache2/mellon/https_localhost.cert"
        MellonSPMetadataFile "/etc/apache2/mellon/https_localhost.xml"
        &#35; Metadata Trustelem:
        MellonIdPMetadataFile "/etc/apache2/mellon/metadata-125021.xml"
</Location>
  • Set up Trustelem with the following parameters:
    - EntityID: put the value of MellonSPentityId defined in the configuration above
    - AssertionConsumerService: put the combination https://[hostname]/[MellonEndpointPath]/postResponse
    With the previous example, the ACS would be: https://localhost/endpoint/postResponse

Notes

  • The attributes sent by Trustelem are made available by Mellon under the designation MELLON_ATTRIBUTE=attribute (they can be found in PHP under $_SERVER).

  • The name of the attributes can be changed by adding in the location part, the directive: MellonSetEnvNoPrefix "NAME_ATTRIBUTE" "attribute".

Back to top