...
4. In the apache ssl configuration in /home/www/apache/conf/extra/httpd-ssl.conf, add the following in the <VirtualHost _default_:443> block: (we are only doing touchstone for https. Users can still login as guest via http).
# Touchstone/Shibboleth
Include /home/www/shibboleth/etc/shibboleth/apache22.config
...
also in /home/www/sash-server/servers/thalia/conf/server.xml make sure the AJP connector is defined as follows:
<!-- An AJP Connector - uncomment if needed -->
<Connector port="8901"
request.tomcatAuthentication="false" address="127.0.0.1"
protocol="AJP/1.3" />
...