<Location> and .htaccess

Aaron Roots aaron.roots at deakin.edu.au
Thu Nov 3 04:01:23 GMT 2011

Hi all,

So I have this config as indicated in the wiki:
<Location />
AuthType shibboleth
ShibRequestSetting requireSession 1
Require shibboleth

I then try to further restrict the access in a .htaccess file within the
file system
Require user notaaron

However I am still allowed access. Even if I add "ShibRequireAll On" to
the mix - the further requires in the .htaccess file are still ignored.

I'm not actually trying to do this exact setup - in my Location I am
actually trying to restrict to an attribute that identifies Student/Staff
and only allow staff. The further down I am trying to limit to a specific
set of staff identified by username. But it lets all staff access the
further restricted page.

I see on 
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess that
Location block will take precedence - but I couldn't take this config out
of the Locations as mod_rewrite is also being used within the application.
Which will only set the Environment Variables as expected when using in a
Location block. 

I am thinking this is going to be rock and hard place kind of issue

Cheers Aaron

More information about the users mailing list