Page History
...
ShibUseEnvironment On
ShibUseHeaders On
Also: sets no-cache headers, sets isSsoMode cookie, and sets Access-Control-Allow-Origin, which needs to be populated with the correct hostname:
# no caching
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires 0
# CORS / Access-Control
## ADJUST_FOR_YOUR_SITE:
Header set Access-Control-Allow-Origin [your idP's hostname, e.g. my.idp.edu]
# Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
# isSsoMode cookie
Header set Set-Cookie isSsoMode=true
</LocationMatch>
Overview
Content Tools