Skip to main content

Shibboleth Apache Multiple Virtual Host configuration for Moodle

About

Below are steps to configure a shibboleth SP to work with multiple Apache virtual hosts using a single entityID and an Assertion Consumer Service (ACS) and shibboleth’s NativeSPApplicationOverride. More information can be found here regarding NativeSPApplicationOverride

You will need to do this if you are running more than one virtual named host and each virtual host is running it’s own Moodle instance.

Note: You will need shibboleth installed and 2 instances of Moodle installed. You will also have needed to request attribute releases for the entityID and the ACS.

In this example, we will use the server names http://www.moodle1.ucla.edu and http://www.moodle2.ucla.edu with an entityID of http://www.moodle1.ucla.edu.

shibboleth2.xml file configuration

Modifying the host name for the 2 virtual host web servers
<RequestMapper type="Native">
<RequestMap applicationId="default">

<Host name="shibboleth2.xmlwww.moodle1.ucla.edu"\>
<Path name="default" authType="shibboleth" requireSession="true"/>
</Host>

<Host name="www.moodle2.ucla.edu" applicationId="moodle2" authType="shibboleth" requireSession="true"/>

</RequestMap>
</RequestMapper>

Entering entityID

<ApplicationDefaults id="default" policyId="default"
entityID="http://www.moodle1.ucla.edu"
REMOTE_USER="Shib-eduPersonPrincipalName"
signing="false" encryption="false"
>

Apache Virtual Host Configuration

Note: The Moodle root for www.moodle1.ucla.edu is at /var/www/html/moodle1 and the Moodle root for www.moodle2.ucla.edu is at /var/www/html/moodle2.

At the bottom of the httpd.conf file there should be a Virtual Hosts section. You will need to uncomment and add the following lines in your httpd.conf file.

pre.# Use name-based virtual hosting.
| #
| pre.NameVirtualHost *:80

|<VirtualHost :80>

| ServerAdmin webmaster@humnet.ucla.edu|
DocumentRoot /var/www/html/moodle1|moodle1
ServerName www.moodle1.ucla.edu|
*This section allows for the use of .htaccess files to enable Shibboleth on directories*||directories
<Directory “/var/www/html/moodle1”>
Options All|All
AllowOverride All|All
Order allow,deny|deny
Allow from all||all

*
  • This section is required by Moodle to use Shibboleth authentication along*|
    • *
  • with local authentication by only restricting the index.php file to shib auth.*||
    <Directory /var/www/html/moodle1/auth/shibboleth/index.php>
    AuthType shibboleth|shibboleth
    ShibRequireSession On|On
    require valid-user||user

    @

<VirtualHost :80>
ServerAdmin webmaster@humnet.ucla.edu
DocumentRoot /var/www/html/moodle2
ServerName www.moodle2.ucla.edu
*This section allows for the use of .htaccess files to enable Shibboleth on directories
<Directory “/var/www/html/moodle2”>
Options All
AllowOverride All
Order allow,deny
Allow from all

  • This section is required by Moodle to use Shibboleth authentication along*
  • with local authentication by only restricting the index.php file to shib auth.*
    <Directory /var/www/html/moodle2/auth/shibboleth/index.php>
    AuthType shibboleth
    ShibRequireSession On
    require valid-user

Save and close the file and check the apache configuration: httpd -t Then restart apache. sudo /sbin/service httpd restart

CCLE UCLAlogin.php page

If you are going to use CCLE UCLAlogin.php page you will need to edit the htpswwwroot variable and hard code the server name.

Example for www.moodle1.ucla.edu
//Comment this line.
//$CFG→httpswwwroot = str_replace(“http://”, “https://”, $CFG-httpswwwroot);
$CFG→httpswwwroot =“http://www.moodle1.ucla.edu”;

Back to top