Mod Auth Mellon

Configuration

  • Download the Trustelem metadata file.

  • Install mod_auth_mellon for Apache Linux (for exemple apt install libapache2-mod-auth-mellon for Ubuntu/Debian). This mod may require activation.

  • Execute the script to create Mellon’s data. It will create 3 files: key/certificate/metadata, required by Mellon.

  • In the metadata file generated previously (.xml), add after the line <AssertionConsumerService…>:

NameIDFormat" has to be adapted if you use a different one in Trustelem and Mellon.

  • Put the 4 previous files (key/certificate/metadata Mellon + metadata Trustelem) in a folder accessible for the Web Server (for exemple /etc/apache2/mellon).

  • Complete the settings file of you Web Server (in the Apache folder sites-available). The following exemple has to be adapted, it was made for a source folder at the root (/) and with the hostname localhost.

  • Set up Trustelem with the following parameters: - EntityID: put the value of MellonSPentityId defined in the configuration above - AssertionConsumerService: put the combination https://[hostname]/[MellonEndpointPath]/postResponse With the previous exemple, the ACS would be: https://localhost/endpoint/postResponse

Notes

  • The attributes sent by Trustelem are made available by Mellon under the designation MELLON_ATTRIBUTE=attribute (they can be found in PHP under $_SERVER).

  • The name of the attributes can be changed by adding in the location part, the directive: MellonSetEnvNoPrefix “NAME_ATTRIBUTE” “attribute”.