apache vhost that serves both mainsitewp and sub-blog farm's blogs, as of blog1.mainsitewp.domain.fr :
<VirtualHost 192.168.12.12:443>
ServerName mainsitewp.domain.fr
ServerAlias *.mainsitewp.domain.fr
DocumentRoot /var/www/wp
ErrorLog logs/wp-error_log
CustomLog logs/ssl_wp-access_log common
LogLevel warn
SSLEngine on
Include conf.d/ssl/star_mainsitewp.domain.fr.conf
#RewriteEngine On
#RewriteCond %{HTTP_HOST} ^mainsitewp\.domain\.fr$ [NC]
#RewriteRule .? https://mainsitewp.domain2.fr%{REQUEST_URI} [R=301,L]
<Location />
ShibRequestSetting applicationId wordpress
</Location>
</VirtualHost>
at the DocumentRoot of wordpress vhost, the .htaccess does the job to exclude ^/Shibboleth.sso location in order for shibds to take care of those queries .
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/Shibboleth.sso($|/) [OR]
#RewriteCond %{REQUEST_URI} ^/Shibboleth.sso/SAML2/POST [OR]
RewriteCond %{REQUEST_URI} ^/shib(.+)
RewriteRule . - [L]
RewriteRule ^index\.php$ - [L]
RewriteRule ^Shibboleth.sso(.+) - [END]
RewriteRule ^Shibboleth.sso/Login$ - [L]
RewriteRule ^Shibboleth.sso/Loginimt$ - [L]
RewriteRule ^Shibboleth.sso/SAML2/POST$ - [L]
RewriteRule ^shib(.+) - [L]
# BEGIN Shibboleth
AuthType shibboleth
Require shibboleth
# END Shibboleth
for multisite wordpress, we need to allow shib session cookies to be allowed withing sub-domains blogs (cf cookieProps= ) .
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="true" cookieProps="; path=/; secure; HttpOnly; domain=.mainsitewp.domain.fr"
redirectLimit="exact+allow" handlerURL="https://mainsitewp.domain.fr/Shibboleth.sso">
with redirectLimit=“exact+allow” also ste to none in debug mode