Versions Compared

Old Version 5

changes.mady.by.user Xavier Haurie

Saved on

compared with

New Version 6

changes.mady.by.user Xavier Haurie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  ShibUseEnvironment On

  ShibUseHeaders On

Also: sets no-cache headers, sets isSsoMode cookie, and sets Access-Control-Allow-Origin, which needs to be populated with the correct hostname:

  # no caching
  Header set Cache-Control "no-cache, no-store, must-revalidate"
  Header set Pragma "no-cache"
  Header set Expires 0

  # CORS / Access-Control
  ## ADJUST_FOR_YOUR_SITE:
  Header set Access-Control-Allow-Origin [your idP's hostname, e.g. my.idp.edu]
  #  Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"

  # isSsoMode cookie
  Header set Set-Cookie isSsoMode=true

</LocationMatch>