Our application servers have different applications deployed like app-user-registration app-portal app-module1 etc.
Now we want to protect app-user-registration application with different SP metadata, certificate,key and rest of the applications with same SP metadata. so we have configured below things in mellon.conf
<location /app-user-registration>
Require valid-user
AuthType "Mellon"
MellonEnable "auth"
MellonVariable "cookie"
MellonSamlResponseDump On
MellonSPMetadataFile /opt/httpd24SAML/conf.d/https_app.foo.com_app-user-registration.xml
MellonSPPrivateKeyFile /opt/httpd24SAML/conf.d/https_app.foo.com_app-user-registration.key
MellonSPCertFile /opt/httpd24SAML/conf.d/https_app.foo.com_app-user-registration.cert
MellonIdPMetadataFile /opt/httpd24SAML/conf.d/idp-metadata.xml
# MellonMergeEnvVars On
MellonUser "NAME_ID"
MellonSetEnv "uid" "uid"
RequestHeader set uid "%{MELLON_uid}e"
</location>
<location />
Require valid-user
AuthType "Mellon"
MellonEnable "auth"
MellonVariable "cookie"
MellonSamlResponseDump On
MellonSPMetadataFile /opt/httpd24SAML/conf.d/https_app.foo.com.xml
MellonSPPrivateKeyFile /opt/httpd24SAML/conf.d/https_app.foo.com.key
MellonSPCertFile /opt/httpd24SAML/conf.d/https_app.foo.com.cert
MellonIdPMetadataFile /opt/httpd24SAML/conf.d/idp-metadata.xml
# MellonMergeEnvVars On
MellonUser "NAME_ID"
MellonSetEnv "uid" "uid"
RequestHeader set uid "%{MELLON_uid}e"
</location>
but this configuration doesn't work. whenever user access https://app.foo.com/app-user-registration, it inherits SP metadata, key,certificates from <location/> and not from <location /app-user-registration>.
Due to this IDP is showing Access denied error, because IDP wants below things in SAML request.
<SAML:issuer>https://app.foo.com/app-user-registration</SAML:issuer>
so is there a way in mod_auth_mellon configuration to override default SP metadata, key, certificates for <location /app-user-registration> tag?
Thanks Chintan
