# Mod Auth Mellon #### Configuration * Download the Trustelem metadata file. * Install mod_auth_mellon for Apache Linux (for example **apt install libapache2-mod-auth-mellon** for Ubuntu/Debian). This mod may require activation. * Execute [the script to create Mellon's data](https://raw.githubusercontent.com/UNINETT/mod_auth_mellon/master/mellon_create_metadata.sh). It will create 3 files: key/certificate/metadata, required by Mellon. * In the metadata file generated previously (.xml), add after the line : ```exp urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress ``` *NameIDFormat" has to be adapted if you use a different one in Trustelem and Mellon.* * Put the 4 previous files (key/certificate/metadata Mellon + metadata Trustelem) in a folder accessible for the Web Server (for example **/etc/apache2/mellon**). * Complete the settings file of you Web Server (in the Apache folder **sites-available**). *The following example has to be adapted, it was made for a source folder at the root (/) and with the hostname* ***localhost***. ``` exp Require valid-user AuthType "Mellon" MellonEnable "auth" MellonDefaultLoginPath "/" MellonEndpointPath "/endpoint" MellonSPentityId "https://localhost" # Files generated by the script: MellonSPPrivateKeyFile "/etc/apache2/mellon/https_localhost.key" MellonSPCertFile "/etc/apache2/mellon/https_localhost.cert" MellonSPMetadataFile "/etc/apache2/mellon/https_localhost.xml" # Metadata Trustelem: MellonIdPMetadataFile "/etc/apache2/mellon/metadata-125021.xml" ``` * Set up Trustelem with the following parameters: **- EntityID**: put the value of MellonSPentityId defined in the configuration above **- AssertionConsumerService**: put the combination **`https://[hostname]/[MellonEndpointPath]/postResponse`** *With the previous example, the ACS would be: `https://localhost/endpoint/postResponse`* #### Notes * The attributes sent by Trustelem are made available by Mellon under the designation **MELLON_ATTRIBUTE=attribute** (they can be found in PHP under $_SERVER). * The name of the attributes can be changed by adding in the location part, the directive: **MellonSetEnvNoPrefix "NAME_ATTRIBUTE" "attribute"**.