On 9/21/11 10:30 AM, "Liam Hoekenga" <liamr at umich.edu> wrote: > >Do all of the login handlers lie behind /idp/AuthnEngine/ or /idp/Authn/ ? The bundled ones do, I can't speak to what you're doing. If you're using the RemoteUser handler, then the only thing to protect is that URL. You don't protect the AuthnEngine. -- Scott