Mod Auth Mellon
Download the Trustelem metadata file.
Install mod_auth_mellon for Apache Linux (for example apt install libapache2-mod-auth-mellon for Ubuntu/Debian). This mod may require activation.
Execute the script to create Mellon's data. It will create 3 files: key/certificate/metadata, required by Mellon.
In the metadata file generated previously (.xml), add after the line <AssertionConsumerService...>:
NameIDFormat" has to be adapted if you use a different one in Trustelem and Mellon.
Put the 4 previous files (key/certificate/metadata Mellon + metadata Trustelem) in a folder accessible for the Web Server (for example /etc/apache2/mellon).
Complete the settings file of you Web Server (in the Apache folder sites-available).
The following example has to be adapted, it was made for a source folder at the root (/) and with the hostname localhost.
<Location /> Require valid-user AuthType "Mellon" MellonEnable "auth" MellonDefaultLoginPath "/" MellonEndpointPath "/endpoint" MellonSPentityId "https://localhost" # Files generated by the script: MellonSPPrivateKeyFile "/etc/apache2/mellon/https_localhost.key" MellonSPCertFile "/etc/apache2/mellon/https_localhost.cert" MellonSPMetadataFile "/etc/apache2/mellon/https_localhost.xml" # Metadata Trustelem: MellonIdPMetadataFile "/etc/apache2/mellon/metadata-125021.xml" </Location>
- Set up Trustelem with the following parameters:
- EntityID: put the value of MellonSPentityId defined in the configuration above
- AssertionConsumerService: put the combination
With the previous example, the ACS would be:
The attributes sent by Trustelem are made available by Mellon under the designation MELLON_ATTRIBUTE=attribute (they can be found in PHP under $_SERVER).
The name of the attributes can be changed by adding in the location part, the directive: MellonSetEnvNoPrefix "NAME_ATTRIBUTE" "attribute".