# RAP directory configuration
<Directory /var/www/html/rap-ia2>

    # Allow .htaccess override
    AllowOverride All

    # Set cookies to HTTP Only for better security
    php_flag session.cookie_httponly on

    # Protect config file
    <Files "config.yaml">
        Order allow,deny
        Deny from all
    </Files>
</Directory>

# X.509 client certificate authentication (needs SSL enabled)

<IfModule mod_ssl.c>
    <Directory /var/www/html/rap-ia2/auth/x509/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        allow from all
        SSLVerifyClient require
        SSLVerifyDepth 10
        SSLOptions +ExportCertData
    </Directory>
</IfModule>

# Shibboleth authentication (needs Shibboleth module installed and enabled)

<IfModule mod_shib.c>
    <Location /rap-ia2/auth/eduGAIN/>
        AuthType shibboleth
        ShibRequestSetting requireSession 1
        ShibUseEnvironment On
        Require valid-user
    </Location>
</IfModule>