enabling user specificed .htaccess files with Shibboleth

Russell J Yount rjy at cmu.edu
Thu Aug 2 08:13:11 EDT 2012

We have an Apache web server that serves user web pages as http://servername/~username and  permits users to use .htaccess files to protect content using Pubcookie.  We are now examining issues of using Shibboleth for authentication rather than Pubcookie.
Has anyone else use Shibboleth for this type of service and can offer suggestion as to configuration?
There seems to be Shibboleth specific issues that need to be considered eg.
With Shibboleth one can place directives such as
ShibRequestSetting entityId https://SOME-IDP-ENTITY-ID
ShibRequestSetting requireSession 1
to specify the IDP to use for authentication. This however only has an effect if the web user is not already authenticated.
Is there a way to force shibboleth to authenticate to the specified IDP if the user is not already authenticated through that IDP?
Is there a way to turn off this capability?
Is there a way to restrict which IDP's a user may specify? (Without removing the other IDPs from the SPs metadata of course.)
Are there any other Shibboleth specific issues that should be considered?
Russell J. Yount
Identity Services, Carnegie Mellon University

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120802/75fe41c4/attachment.html 

More information about the users mailing list