# this is just an extract of an Apache 1.3.x httpd.conf file with
# the special things required for SWITCHaai integration.

LoadModule shibrm_module /usr/local/libexec/mod_shibrm.so
LoadModule shire_module /usr/local/libexec/mod_shire.so

SHIREConfig /usr/local/etc/shibboleth/shibboleth.ini
SHIREURL /shibboleth/SHIRE

<Location /shibboleth/SHIRE>
  SetHandler shib-shire-post
</Location>

# Be aware - the URIs of the standard attribute mappings starting with
#	urn:mace:dir:attribute-def
# might change there was no final agreement yet within Internet2 MACE for it.
#
ShibMapAttribute urn:mace:dir:attribute-def:sn Shib-LDAP-Surname surname
ShibMapAttribute urn:mace:dir:attribute-def:telephoneNumber Shib-LDAP-telephoneNumber telephoneNumber
ShibMapAttribute urn:mace:dir:attribute-def:facsimileTelephoneNumber Shib-LDAP-facsimileTelephoneNumber facsimileTelephoneNumber
ShibMapAttribute urn:mace:dir:attribute-def:postalAddress Shib-LDAP-postalAddress postalAddress
ShibMapAttribute urn:mace:dir:attribute-def:givenName Shib-LDAP-givenName givenName
ShibMapAttribute urn:mace:dir:attribute-def:homePhone Shib-LDAP-homePhone homePhone
ShibMapAttribute urn:mace:dir:attribute-def:homePostalAddress Shib-LDAP-homePostalAddress homePostalAddress
ShibMapAttribute urn:mace:dir:attribute-def:mail Shib-LDAP-mail mail
ShibMapAttribute urn:mace:dir:attribute-def:mobile Shib-LDAP-mobile mobile
ShibMapAttribute urn:mace:dir:attribute-def:preferredLanguage Shib-LDAP-preferredLanguage preferredLanguage
#
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonPrincipalName Shib-EP-PrincipalName eppn
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonAffiliation Shib-EP-Affiliation affiliation
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonScopedAffiliation Shib-EP-ScopedAffiliation scopedAffiliation
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonEntitlement Shib-EP-Entitlement entitlement
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonOrgDN Shib-EP-OrgDN orgDN
ShibMapAttribute urn:mace:dir:attribute-def:eduPersonOrgUnitDN Shib-EP-OrgUnitDN orgUnitDN
#
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonUniqueID Shib-SwissEP-UniqueID uniqueID
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonDateOfBirth Shib-SwissEP-DateOfBirth dateOfBirth
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonGender Shib-SwissEP-Gender gender
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonHomeOrganization Shib-SwissEP-HomeOrganization homeOrganization
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonHomeOrganizationType Shib-SwissEP-HomeOrganizationType homeOrganizationType
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch1 Shib-SwissEP-StudyBranch1 studyBranch1
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch2 Shib-SwissEP-StudyBranch2 studyBranch2
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyBranch3 Shib-SwissEP-StudyBranch3 studyBranch3
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStudyLevel Shib-SwissEP-StudyLevel studyLevel
ShibMapAttribute urn:mace:switch.ch:attribute-def:swissEduPersonStaffCategory Shib-SwissEP-StaffCategory staffCategory

# some sample auhorization restrictions derived from the SWITCHaai demo server
#
<Location /restricted>
  AuthType shibboleth
  ShibExportAssertion On
  require uniqueID 3141592@domain.ch
</Location>

<Location /secure>
  AuthType shibboleth
  ShibExportAssertion On
  require valid-user
</Location>

<Location /staff>
  AuthType shibboleth
  ShibExportAssertion On
  require affiliation ~ ^staff$
</Location>

<Location /student>
  AuthType shibboleth
  ShibExportAssertion On
  require affiliation ~ ^student$
</Location>