enabling user specificed .htaccess files with Shibboleth
Cantor, Scott
cantor.2 at osu.edu
Thu Aug 2 11:00:57 EDT 2012
On 8/2/12 10:56 AM, "Peter Schober" <peter.schober at univie.ac.at> wrote:
>
>Yeah but resource owners can change the app via .htaccess so that
>wouldn't accomplish what the OP intented, IMO.
Well, it would circumvent, but I'm assuming that the goal is more to
prevent unexpected behavior then block the option to federate.
>The only thing I can imagine the SP could do is implement something
>like httpd's AllowOverride, so that one could centrally limit what
>shib-specific stuff could be added to .htaccess
>But, again, not that I can see/understand this being necessary.
The application override thing has been noted as a concern, but I just
haven't had a chance to try and implement that. I probably can, because
the htaccess support for those settings is something I had to build pretty
elaborately anyway.
-- Scott
More information about the users
mailing list