# Mod Auth Mellon

#### Configuration

* Download the Trustelem metadata file.

* Install mod_auth_mellon for Apache Linux (for example **apt install libapache2-mod-auth-mellon** for Ubuntu/Debian). This mod may require activation.

* Execute [the script to create Mellon's data](https://raw.githubusercontent.com/UNINETT/mod_auth_mellon/master/mellon_create_metadata.sh). It will create 3 files: key/certificate/metadata, required by Mellon.

* In the metadata file generated previously (.xml), add after the line <AssertionConsumerService...>:  

```exp
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
```

*NameIDFormat" has to be adapted if you use a different one in Trustelem and Mellon.*

* Put the 4 previous files (key/certificate/metadata Mellon + metadata Trustelem) in a folder accessible for the Web Server (for example **/etc/apache2/mellon**).

* Complete the settings file of you Web Server (in the Apache folder **sites-available**).  
*The following example has to be adapted, it was made for a source folder at the root (/) and with the hostname* ***localhost***.  

``` exp
<Location />
        Require valid-user
        AuthType "Mellon"
        MellonEnable "auth"
        MellonDefaultLoginPath "/"
        MellonEndpointPath "/endpoint"
        MellonSPentityId "https&#58;//localhost"
        &#35; Files generated by the script:
        MellonSPPrivateKeyFile "/etc/apache2/mellon/https_localhost.key"
        MellonSPCertFile "/etc/apache2/mellon/https_localhost.cert"
        MellonSPMetadataFile "/etc/apache2/mellon/https_localhost.xml"
        &#35; Metadata Trustelem:
        MellonIdPMetadataFile "/etc/apache2/mellon/metadata-125021.xml"
</Location>
```

* Set up Trustelem with the following parameters:  
**- EntityID**: put the value of MellonSPentityId defined in the configuration above  
**- AssertionConsumerService**: put the combination **`https://[hostname]/[MellonEndpointPath]/postResponse`**  
*With the previous example, the ACS would be: `https://localhost/endpoint/postResponse`*

#### Notes

* The attributes sent by Trustelem are made available by Mellon under the designation **MELLON_ATTRIBUTE=attribute** (they can be found in PHP under $_SERVER).

* The name of the attributes can be changed by adding in the location part, the directive: **MellonSetEnvNoPrefix "NAME_ATTRIBUTE" "attribute"**.