An Apache command that determines the value of the SERVER_NAME CGI variable, and internally, the result of the ap_get_server_name API function call.

Shibboleth uses this API function to determine the hostname that is in effect for the RequestMap process and when generating redirects. In almost all cases, you MUST add this command to your Apache configuration:

UseCanonicalName On

This defaults to Off in versions of Apache other than 1.3, so you must manually add it if your distribution doesn't include it for you.

Not using this option is a potential security risk because the RequestMap process is often used to decide whether to require a session for a resource. If so, the client can circumvent the rule by supplying a hostname in its HTTP request that is not listed in the RequestMap.